/**
* Get a netlink block / direct to a netlink site.
*
* @param URLPATH The URL we grab our netlink from. If this is not blank, instead of getting a netlink block, we direct to a netlink site.
* @return tempcode The netlink block
*/
function do_netlink($redir_url = '')
{
header('Content-type: text/plain; charset=' . get_charset());
// If we are redirecting
if ($redir_url != '') {
if (strpos($redir_url, chr(10)) !== false || strpos($redir_url, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $redir_url);
exit;
}
// Ok we're displaying a netlink, which will be dumped right into the body of the reading site
// - this isn't actually a weburl that is actually displayed, its loaded by ocPortal and embedded-inline
// For all the names in our network
require_code('textfiles');
$lines = explode(chr(10), read_text_file('netlink', NULL, true));
if (count($lines) == 0) {
return new ocp_tempcode();
}
$content = new ocp_tempcode();
foreach ($lines as $line) {
$parts = explode('=', $line, 2);
if (count($parts) != 2) {
continue;
}
$name = rtrim($parts[0]);
$url = trim($parts[1]);
// Are we looking at the source site in the network?
$selected = strtolower($url) == strtolower(get_param('source', ''));
$content->attach(form_input_list_entry(base64_encode($url), $selected, $name));
}
return do_template('NETLINK', array('_GUID' => '180321222dc5dc99a231597c803f0726', 'CONTENT' => $content));
}
/**
* Check the specified URL for potentially malicious JavaScript/etc. If any is found, the hack attack is logged if in an active post request by the submitting member otherwise filtered out.
*
* @param MEMBER The member who submitted the URL
* @param URLPATH The URL to check
* @param boolean Whether to check as arbitrary admin
* @return URLPATH Filtered input URL.
*/
function check_naughty_javascript_url($source_member, $url, $as_admin)
{
global $POTENTIAL_JS_NAUGHTY_ARRAY;
if (!$as_admin && !has_specific_permission($source_member, 'use_very_dangerous_comcode')) {
$url2 = strtolower($url);
$matches = array();
$bad = preg_match_all('#&\\#(\\d+)#', preg_replace('#\\s#', '', $url), $matches) != 0;
if ($bad) {
for ($i = 0; $i < count($matches[0]); $i++) {
$matched_entity = intval($matches[1][$i]);
if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
if (count($_POST) != 0 && get_member() == $source_member) {
log_hack_attack_and_exit('ASCII_ENTITY_URL_HACK', $url);
}
return '';
}
}
}
$bad = preg_match_all('#&\\#x([\\dA-Za-z][\\dA-Za-z]+)#', preg_replace('#\\s#', '', $url), $matches) != 0;
if ($bad) {
for ($i = 0; $i < count($matches[0]); $i++) {
$matched_entity = intval(base_convert($matches[1][$i], 16, 10));
if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) {
if (count($_POST) != 0 && get_member() == $source_member) {
log_hack_attack_and_exit('ASCII_ENTITY_URL_HACK', $url);
}
return '';
}
}
}
$bad = strpos($url2, 'script:') !== false || strpos($url2, 'data:') !== false;
if ($bad) {
if (count($_POST) != 0 && get_member() == $source_member) {
log_hack_attack_and_exit('SCRIPT_URL_HACK', $url2);
}
return '';
}
}
return $url;
}
/**
* The main user interface for moderating a chat room.
*
* @return tempcode The UI.
*/
function moderate_chat_room()
{
$title = get_page_title('CHAT_MOD_PANEL');
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('CHOOSE'))));
$room_id = get_param_integer('id');
check_chatroom_access($room_id);
$room_details = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('*'), array('id' => $room_id), '', 1);
if (!array_key_exists(0, $room_details)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$row = $room_details[0];
$has_mod_access = has_specific_permission(get_member(), 'edit_lowrange_content', 'cms_chat', array('chat', $room_id)) || $row['room_owner'] == get_member() && has_specific_permission(get_member(), 'moderate_my_private_rooms');
if (!$has_mod_access) {
access_denied('SPECIFIC_PERMISSION', 'edit_lowrange_content');
}
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'user_id' => do_lang_tempcode('MEMBER'));
$test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$max_rows = $GLOBALS['SITE_DB']->query_value('chat_messages', 'COUNT(*)', array('room_id' => $room_id));
$rows = $GLOBALS['SITE_DB']->query_select('chat_messages', array('*'), array('room_id' => $room_id), 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
$fields = new ocp_tempcode();
require_code('templates_results_table');
$array = array(do_lang_tempcode('MEMBER'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('MESSAGE'));
if (has_js()) {
$array[] = do_lang_tempcode('DELETE');
}
$fields_title = results_field_title($array, $sortables, 'sort', $sortable . ' ' . $sort_order);
foreach ($rows as $myrow) {
$url = build_url(array('page' => '_SELF', 'type' => 'ed', 'room_id' => $room_id, 'id' => $myrow['id']), '_SELF');
$username = $GLOBALS['FORUM_DRIVER']->get_username($myrow['user_id']);
if (is_null($username)) {
$username = '';
}
//do_lang('UNKNOWN');
$message = get_translated_tempcode($myrow['the_message']);
$link_time = hyperlink($url, escape_html(get_timezoned_date($myrow['date_and_time'])));
$_row = array($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($GLOBALS['FORUM_DRIVER']->get_member_from_username($username), false, $username), escape_html($link_time), $message);
if (has_js()) {
$deletion_tick = do_template('RESULTS_TABLE_TICK', array('ID' => strval($myrow['id'])));
$_row[] = $deletion_tick;
}
$fields->attach(results_entry($_row));
}
if ($fields->is_empty()) {
if ($start != 0) {
$_GET['start'] = strval(max(0, $start - $max));
return $this->moderate_chat_room();
}
inform_exit(do_lang_tempcode('NO_ENTRIES'));
}
$content = results_table(do_lang_tempcode('MESSAGES'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
$mod_link = hyperlink(build_url(array('page' => '_SELF', 'type' => 'delete', 'stage' => 0, 'id' => $room_id), '_SELF'), do_lang_tempcode('DELETE_ALL_MESSAGES'));
$view_link = hyperlink(build_url(array('page' => 'chat', 'type' => 'room', 'id' => $room_id), get_module_zone('chat')), do_lang_tempcode('VIEW'));
$logs_link = hyperlink(build_url(array('page' => 'chat', 'type' => 'download_logs', 'id' => $room_id), get_module_zone('chat')), do_lang_tempcode('CHAT_DOWNLOAD_LOGS'));
$links = array($mod_link, $view_link, $logs_link);
$delete_url = build_url(array('page' => '_SELF', 'type' => 'mass_delete', 'room_id' => $room_id, 'start' => $start, 'max' => $max), '_SELF');
return do_template('CHAT_MODERATE_SCREEN', array('_GUID' => '940de7e8c9a0ac3c575892887c7ef3c0', 'URL' => $delete_url, 'TITLE' => $title, 'INTRODUCTION' => '', 'CONTENT' => $content, 'LINKS' => $links));
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return ?array A quartet: The choose table, Whether re-ordering is supported from this screen, Search URL, Archive URL (NULL: nothing to select).
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'date_and_time DESC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('title' => do_lang_tempcode('TITLE'), 'date_and_time' => do_lang_tempcode('_ADDED'), 'news_views' => do_lang_tempcode('_VIEWS'));
if (addon_installed('unvalidated')) {
$sortables['validated'] = do_lang_tempcode('VALIDATED');
}
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$fh = array();
$fh[] = do_lang_tempcode('TITLE');
$fh[] = do_lang_tempcode('_ADDED');
$fh[] = do_lang_tempcode('_VIEWS');
if (addon_installed('unvalidated')) {
$fh[] = do_lang_tempcode('VALIDATED');
}
$fh[] = do_lang_tempcode('ACTIONS');
$header_row = results_field_title($fh, $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
$only_owned = has_specific_permission(get_member(), 'edit_midrange_content', 'cms_news') ? NULL : get_member();
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering, is_null($only_owned) ? NULL : array('submitter' => $only_owned), false, ' JOIN ' . get_table_prefix() . 'news_categories c ON c.id=r.news_category AND nc_owner IS NOT NULL');
if (count($rows) == 0) {
return NULL;
}
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$fr = array();
$fr[] = protect_from_escaping(hyperlink(build_url(array('page' => 'news', 'type' => 'view', 'id' => $row['id']), get_module_zone('news')), get_translated_text($row['title']), false, true));
$fr[] = get_timezoned_date($row['date_and_time']);
$fr[] = integer_format($row['news_views']);
if (addon_installed('unvalidated')) {
$fr[] = $row['validated'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
}
$fr[] = protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])));
$fields->attach(results_entry($fr, true));
}
$search_url = build_url(array('page' => 'search', 'id' => 'news'), get_module_zone('search'));
$archive_url = build_url(array('page' => 'news'), get_module_zone('news'));
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false, $search_url, $archive_url);
}
/**
* Standard modular run function.
*
* @param array A map of parameters.
* @return tempcode The result of execution.
*/
function run($map)
{
unset($map);
require_all_lang();
require_css('adminzone');
require_code('actionlog');
$start = get_param_integer('sa_start', 0);
$max = get_param_integer('sa_max', 10);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'the_type' => do_lang_tempcode('ACTION'));
$test = explode(' ', get_param('sa_sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sa_sort';
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('ACTION'), do_lang_tempcode('PARAMETER_A'), do_lang_tempcode('PARAMETER_B')), $sortables, 'sa_sort', $sortable . ' ' . $sort_order);
$max_rows = $max;
//Don't want to encourage pagination (there's a better module they can go to) $GLOBALS['SITE_DB']->query_value('adminlogs','COUNT(*)');
$rows = $GLOBALS['SITE_DB']->query_select('adminlogs', array('the_type', 'param_a', 'param_b', 'the_user', 'ip', 'date_and_time'), NULL, 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
$fields = new ocp_tempcode();
foreach ($rows as $myrow) {
$username = $GLOBALS['FORUM_DRIVER']->get_username($myrow['the_user']);
if (is_null($username)) {
$username = do_lang('UNKNOWN');
}
$date = get_timezoned_date($myrow['date_and_time']);
if (!is_null($myrow['param_a'])) {
$a = $myrow['param_a'];
} else {
$a = '';
}
if (!is_null($myrow['param_b'])) {
$b = $myrow['param_b'];
} else {
$b = '';
}
require_code('templates_interfaces');
$_a = tpl_crop_text_mouse_over($a, 8);
$_b = tpl_crop_text_mouse_over($b, 15);
$type_str = do_lang($myrow['the_type'], $_a, $_b, NULL, NULL, false);
if (is_null($type_str)) {
$type_str = $myrow['the_type'];
}
$test = actionlog_linkage($myrow['the_type'], $a, $b, $_a, $_b);
if (!is_null($test)) {
list($_a, $_b) = $test;
}
$ip = tpl_crop_text_mouse_over($myrow['ip'], 12);
$fields->attach(results_entry(array(escape_html($username), escape_html($date), $type_str, $_a, $_b)));
}
return results_table(do_lang_tempcode('ACTIONS'), $start, 'sa_start', $max, 'sa_max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sa_sort', new ocp_tempcode(), NULL, NULL, 5);
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'w_name ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('w_name' => do_lang_tempcode('NAME'), 'w_subject' => do_lang_tempcode('SUBJECT'), 'w_send_time' => do_lang_tempcode('SEND_TIME'));
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('NAME'), do_lang_tempcode('SUBJECT'), do_lang_tempcode('SEND_TIME'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$fields->attach(results_entry(array($row['w_name'], get_translated_text($row['w_subject']), do_lang_tempcode('HOURS', escape_html(strval($row['w_send_time']))), protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
/**
* Check a posted field isn't 'evil'.
*
* @param string The name of the parameter
* @param string The value retrieved
* @return string The filtered value
*/
function check_posted_field($name, &$val)
{
if (strtolower(ocp_srv('REQUEST_METHOD')) == 'post') {
$true_referer = substr(ocp_srv('HTTP_REFERER'), 0, 7) == 'http://' || substr(ocp_srv('HTTP_REFERER'), 0, 8) == 'https://';
$canonical_referer = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', ocp_srv('HTTP_REFERER')))));
$canonical_baseurl = preg_replace('#^(\\w+://[^/]+/).*$#', '${1}', str_replace(':80', '', str_replace('https://', 'http://', str_replace('www.', '', get_base_url()))));
if ($true_referer && substr(strtolower($canonical_referer), 0, strlen($canonical_baseurl)) != strtolower($canonical_baseurl) && !is_guest()) {
if (!in_array($name, array('login_username', 'password', 'remember', 'login_invisible'))) {
$allowed_partners = explode(chr(10), get_option('allowed_post_submitters'));
$allowed_partners[] = 'paypal.com';
$allowed_partners[] = 'www.paypal.com';
$found = false;
foreach ($allowed_partners as $partner) {
if (trim($partner) == '') {
continue;
}
if (strpos(ocp_srv('HTTP_REFERER'), trim($partner)) !== false) {
$found = true;
break;
}
}
if (!$found) {
$_POST = array();
// To stop loops
log_hack_attack_and_exit('EVIL_POSTED_FORM_HACK', ocp_srv('HTTP_REFERER'));
}
}
}
}
// Custom fields.xml filter system
$val = filter_form_field_default($name, $val);
}
/**
* Read in the sort order currently active, and a suffix to the select statement to allow it to work. Apply security.
*
* @return array A quarter: The sort order, The sort order (for backwards sorting), SQL suffix for select statement for images, SQL suffix for select statement for videos
*/
function get_sort_order()
{
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$NON_CANONICAL_PARAMS[] = 'select';
$NON_CANONICAL_PARAMS[] = 'video_select';
$sort = get_param('sort', 'add_date DESC');
if ($sort == 'random ASC') {
$sort = 'add_date ASC';
}
if ($sort != 'fixed_random ASC' && $sort != 'compound_rating DESC' && $sort != 'compound_rating ASC' && $sort != 'add_date DESC' && $sort != 'add_date ASC' && $sort != 'url DESC' && $sort != 'url ASC' && $sort != 'title DESC' && $sort != 'title ASC') {
log_hack_attack_and_exit('ORDERBY_HACK');
}
list($_sort, $_dir) = explode(' ', $sort, 2);
$sort_backwards = $_sort . ' ' . ($_dir == 'ASC' ? 'DESC' : 'ASC');
if ($sort == 'compound_rating ASC' || $sort == 'compound_rating DESC') {
$suffix_images = ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'images') . ' AND rating_for_id=e.id) AS compound_rating';
$suffix_videos = ',(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'videos') . ' AND rating_for_id=e.id) AS compound_rating';
} elseif ($sort == 'fixed_random ASC') {
$suffix_images = ',(MOD(id,3.142)) AS fixed_random';
$suffix_videos = ',(MOD(id,3.142)) AS fixed_random';
} else {
$suffix_images = '';
$suffix_videos = '';
}
return array($sort, $sort_backwards, $suffix_images, $suffix_videos);
}
/**
* View survey results.
*
* @return tempcode The result of execution.
*/
function _survey_results()
{
$title = get_page_title('SURVEY_RESULTS');
breadcrumb_set_parents(array(array('_SELF:_SELF', do_lang_tempcode('MANAGE_QUIZZES'))));
$GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/survey_results';
$id = get_param_integer('id');
// quiz ID
$fields = new ocp_tempcode();
require_code('templates_results_table');
require_code('templates_view_space');
// Show summary
$question_rows = $GLOBALS['SITE_DB']->query_select('quiz_questions', array('*'), array('q_quiz' => $id), 'ORDER BY id');
foreach ($question_rows as $q) {
$question = get_translated_text($q['q_question_text']);
$answers = new ocp_tempcode();
$answer_rows = $GLOBALS['SITE_DB']->query_select('quiz_question_answers', array('*'), array('q_question' => $q['id']), 'ORDER BY id');
$all_answers = array();
foreach ($answer_rows as $i => $a) {
$answer = get_translated_text($a['q_answer_text']);
$count = $GLOBALS['SITE_DB']->query_value('quiz_entry_answer', 'COUNT(*)', array('q_answer' => strval($a['id'])));
$all_answers[serialize(array($answer, $i))] = $count;
}
arsort($all_answers);
foreach ($all_answers as $bits => $count) {
list($answer, $i) = unserialize($bits);
$answers->attach(paragraph(do_lang_tempcode('SURVEY_ANSWER_RESULT', escape_html($answer), integer_format($count), integer_format($i + 1))));
}
if ($answers->is_empty()) {
$answers = do_lang_tempcode('FREE_ENTRY_ANSWER');
}
$fields->attach(view_space_field($question, $answers, true));
}
$summary = do_template('VIEW_SPACE', array('_GUID' => '2b0c2ba0070ba810c5e4b5b4aedcb15f', 'WIDTH' => '300', 'FIELDS' => $fields));
// Show results table
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('q_time' => do_lang_tempcode('DATE'));
$test = explode(' ', get_param('sort', 'q_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$max_rows = $GLOBALS['SITE_DB']->query_value('quiz_entries', 'COUNT(*)', array('q_quiz' => $id));
$rows = $GLOBALS['SITE_DB']->query_select('quiz_entries', array('id', 'q_time', 'q_member'), array('q_quiz' => $id), 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
if (count($rows) == 0) {
return inform_screen($title, do_lang_tempcode('NO_ENTRIES'));
}
$fields = new ocp_tempcode();
$fields_title = results_field_title(array(do_lang_tempcode('DATE'), do_lang_tempcode('USERNAME')), $sortables, 'sort', $sortable . ' ' . $sort_order);
foreach ($rows as $myrow) {
$date_link = hyperlink(build_url(array('page' => '_SELF', 'type' => '__survey_results', 'id' => $myrow['id']), '_SELF'), escape_html(get_timezoned_date($myrow['q_time'])));
$member_link = $GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($myrow['q_member']);
$fields->attach(results_entry(array($date_link, $member_link), false));
}
if ($fields->is_empty()) {
warn_exit(do_lang_tempcode('NO_ENTRIES'));
}
$results = results_table(do_lang_tempcode('SURVEY_RESULTS'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
return do_template('SURVEY_RESULTS_SCREEN', array('_GUID' => '3f38ac1b94fb4de8219b8f7108c7b0a3', 'TITLE' => $title, 'SUMMARY' => $summary, 'RESULTS' => $results));
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'id ASC', true);
list($sortable, $sort_order) = array(substr($current_ordering, 0, strrpos($current_ordering, ' ')), substr($current_ordering, strrpos($current_ordering, ' ') + 1));
$sortables = array('id' => do_lang_tempcode('CODENAME'), 't_is_textual' => do_lang_tempcode('BANNER_IS_TEXTUAL'), 't_image_width' => do_lang_tempcode('WIDTH'), 't_image_height' => do_lang_tempcode('HEIGHT'), 't_max_file_size' => do_lang_tempcode('_FILE_SIZE'), 't_comcode_inline' => do_lang_tempcode('COMCODE_INLINE'));
if (db_has_subqueries($GLOBALS['SITE_DB']->connection_read)) {
$sortables['(SELECT COUNT(*) FROM ' . get_table_prefix() . 'banners WHERE b_type=r.id)'] = do_lang_tempcode('COUNT_TOTAL');
}
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('CODENAME'), do_lang_tempcode('BANNER_IS_TEXTUAL'), do_lang_tempcode('WIDTH'), do_lang_tempcode('HEIGHT'), do_lang_tempcode('_FILE_SIZE'), do_lang_tempcode('COMCODE_INLINE'), do_lang_tempcode('COUNT_TOTAL'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$total = integer_format($GLOBALS['SITE_DB']->query_value('banners', 'COUNT(*)', array('b_type' => $row['id'])));
$fields->attach(results_entry(array($row['id'] == '' ? do_lang('GENERAL') : $row['id'], $row['t_is_textual'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), integer_format($row['t_image_width']), integer_format($row['t_image_height']), clean_file_size($row['t_max_file_size'] * 1024), $row['t_comcode_inline'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), $total, protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . $row['id']))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', get_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
/**
* The UI to view security logs.
*
* @return tempcode The UI
*/
function security_interface()
{
$title = get_page_title('SECURITY_LOGGING');
// Failed logins
$start = get_param_integer('failed_start', 0);
$max = get_param_integer('failed_max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'ip' => do_lang_tempcode('IP_ADDRESS'));
$test = explode(' ', get_param('failed_sort', 'date_and_time DESC'));
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($_sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($_sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'failed_sort';
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('IP_ADDRESS')), $sortables, 'failed_sort', $_sortable . ' ' . $sort_order);
$member_id = post_param_integer('member_id', NULL);
$map = !is_null($member_id) ? array('failed_account' => $GLOBALS['FORUM_DRIVER']->get_username($member_id)) : NULL;
$max_rows = $GLOBALS['SITE_DB']->query_value('failedlogins', 'COUNT(*)', $map);
$rows = $GLOBALS['SITE_DB']->query_select('failedlogins', array('*'), $map, 'ORDER BY ' . $_sortable . ' ' . $sort_order, $max, $start);
$fields = new ocp_tempcode();
foreach ($rows as $row) {
$time = get_timezoned_date($row['date_and_time']);
$lookup_url = build_url(array('page' => 'admin_lookup', 'param' => $row['ip']), '_SELF');
$fields->attach(results_entry(array(escape_html($row['failed_account']), escape_html($time), hyperlink($lookup_url, escape_html($row['ip'])))));
}
$failed_logins = results_table(do_lang_tempcode('FAILED_LOGINS'), $start, 'failed_start', $max, 'failed_max', $max_rows, $fields_title, $fields, $sortables, $_sortable, $sort_order, 'failed_sort', new ocp_tempcode());
$member_id = post_param_integer('member_id', NULL);
$map = !is_null($member_id) ? array('the_user' => $member_id) : NULL;
$alerts = find_security_alerts($map);
$post_url = build_url(array('page' => '_SELF', 'type' => 'clean', 'start' => $start, 'max' => $max), '_SELF');
return do_template('SECURITY_SCREEN', array('_GUID' => 'e0b5e6557686b2320a8ce8166df07328', 'TITLE' => $title, 'FAILED_LOGINS' => $failed_logins, 'ALERTS' => $alerts, 'URL' => $post_url));
}
/**
* Standard modular run function.
*
* @return tempcode The result of execution.
*/
function run()
{
$GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/errorlog';
$GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_disaster';
require_lang('errorlog');
$title = get_page_title('ERROR_LOG');
require_code('templates_internalise_screen');
$test_tpl = internalise_own_screen($title);
if (is_object($test_tpl)) {
return $test_tpl;
}
// Read in errors
if (is_readable(get_custom_file_base() . '/data_custom/errorlog.php')) {
if (filesize(get_custom_file_base() . '/data_custom/errorlog.php') > 1024 * 1024) {
$myfile = fopen(get_custom_file_base() . '/data_custom/errorlog.php', 'rt');
fseek($myfile, -1024 * 500, SEEK_END);
$lines = explode(chr(10), fread($myfile, 1024 * 500));
fclose($myfile);
unset($lines[0]);
$lines[] = '...';
} else {
$lines = file(get_custom_file_base() . '/data_custom/errorlog.php');
}
} else {
$lines = array();
}
$stuff = array();
foreach ($lines as $line) {
$_line = trim($line);
if ($_line != '' && strpos($_line, '<?php') === false) {
$matches = array();
if (preg_match('#\\[(.+?) (.+?)\\] (.+?): ?(.*)#', $_line, $matches) != 0) {
$stuff[] = $matches;
}
}
}
// Put errors into table
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'));
$test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
if ($sort_order == 'DESC') {
$stuff = array_reverse($stuff);
}
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('DATE_TIME'), do_lang_tempcode('TYPE'), do_lang_tempcode('MESSAGE')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
for ($i = $start; $i < $start + $max; $i++) {
if (!array_key_exists($i, $stuff)) {
break;
}
$message = str_replace(get_file_base(), '', $stuff[$i][4]);
$fields->attach(results_entry(array(escape_html($stuff[$i][1] . ' ' . $stuff[$i][2]), escape_html($stuff[$i][3]), escape_html($message))));
}
$error = results_table(do_lang_tempcode('ERROR_LOG'), $start, 'start', $max, 'max', $i, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort', new ocp_tempcode());
// Read in end of permissions file
require_all_lang();
if (is_readable(get_custom_file_base() . '/data_custom/permissioncheckslog.php')) {
$myfile = @fopen(get_custom_file_base() . '/data_custom/permissioncheckslog.php', 'rt');
if ($myfile !== false) {
fseek($myfile, -40000, SEEK_END);
$data = '';
while (!feof($myfile)) {
$data .= fread($myfile, 8192);
}
fclose($myfile);
$lines = explode(chr(10), $data);
if (count($lines) != 0) {
if (strpos($lines[0], '<' . '?php') !== false) {
array_shift($lines);
} else {
if (strlen($data) == 40000) {
$lines[0] = '...';
}
}
}
foreach ($lines as $i => $line) {
$matches = array();
if (preg_match('#^\\s+has\\_specific\\_permission: (\\w+)#', $line, $matches) != 0) {
$looked_up = do_lang('PT_' . $matches[1], NULL, NULL, NULL, NULL, false);
if (!is_null($looked_up)) {
$line = str_replace($matches[1], $looked_up, $line);
$lines[$i] = $line;
}
}
}
}
}
// Put permssions into table
$permission = implode(chr(10), $lines);
return do_template('ERRORLOG_SCREEN', array('_GUID' => '9186c7beb6b722a52f39e2cbe16aded6', 'TITLE' => $title, 'ERROR' => $error, 'PERMISSION' => $permission));
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'the_message ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('the_message' => do_lang_tempcode('MESSAGE'), 'days' => do_lang_tempcode('NUMBER_DAYS'), 'order_time' => do_lang_tempcode('ORDER_DATE'), 'user_id' => do_lang_tempcode('OWNER'));
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('MESSAGE'), do_lang_tempcode('NUMBER_DAYS'), do_lang_tempcode('ORDER_DATE'), do_lang_tempcode('_UP_FOR'), do_lang_tempcode('OWNER'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$username = protect_from_escaping($GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($row['user_id']));
$activation_time = $row['activation_time'];
$days = is_null($activation_time) ? '' : float_format(round((time() - $activation_time) / 60 / 60 / 24, 3));
$fields->attach(results_entry(array(protect_from_escaping(get_translated_tempcode($row['the_message'])), integer_format($row['days']), get_timezoned_date($row['order_time']), $row['active_now'] == 1 ? $days : do_lang_tempcode('NA_EM'), $username, protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
/**
* The UI to show a results table of moderation actions for a moderator.
*
* @return tempcode The UI
*/
function choose_action()
{
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('VIEW_ACTION_LOGS'))));
breadcrumb_set_self(do_lang_tempcode('RESULTS'));
$title = get_page_title('VIEW_ACTION_LOGS');
require_code('templates_internalise_screen');
$test_tpl = internalise_own_screen($title);
if (is_object($test_tpl)) {
return $test_tpl;
}
$id = get_param_integer('id', -1);
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 50);
$sortables = array('date_and_time' => do_lang_tempcode('DATE_TIME'), 'the_type' => do_lang_tempcode('ACTION'));
$test = explode(' ', get_param('sort', 'date_and_time DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
require_code('templates_results_table');
$field_titles = array(do_lang_tempcode('USERNAME'), do_lang_tempcode('DATE_TIME'), do_lang_tempcode('ACTION'), do_lang_tempcode('PARAMETER_A'), do_lang_tempcode('PARAMETER_B'));
if (addon_installed('securitylogging')) {
$field_titles[] = do_lang_tempcode('_BANNED');
}
$fields_title = results_field_title($field_titles, $sortables, 'sort', $sortable . ' ' . $sort_order);
$filter_to_type = get_param('to_type', '');
$filter_param_a = get_param('param_a', '');
$filter_param_b = get_param('param_b', '');
$max_rows = 0;
// Pull up our rows: forum
if (get_forum_type() == 'ocf') {
// Possible filter (called up by URL)
$where = '1=1';
if ($filter_to_type != '') {
$where .= ' AND ' . db_string_equal_to('l_the_type', $filter_to_type);
}
if ($filter_param_a != '') {
$where .= ' AND l_param_a LIKE \'' . db_encode_like('%' . $filter_param_a . '%') . '\'';
}
if ($filter_param_b != '') {
$where .= ' AND l_param_b LIKE \'' . db_encode_like('%' . $filter_param_b . '%') . '\'';
}
if ($id != -1) {
$where .= ' AND l_by=' . strval($id);
}
// Fetch
$rows1 = $GLOBALS['FORUM_DB']->query('SELECT l_reason,id,l_by AS the_user,l_date_and_time AS date_and_time,l_the_type AS the_type,l_param_a AS param_a,l_param_b AS param_b FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_moderator_logs WHERE ' . $where . ' ORDER BY ' . $sortable . ' ' . $sort_order, $max + $start);
$max_rows += $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_moderator_logs WHERE ' . $where);
} else {
$rows1 = array();
}
// Possible filter (called up by URL)
$where = '1=1';
if ($filter_to_type != '') {
$where .= ' AND ' . db_string_equal_to('the_type', $filter_to_type);
}
if ($filter_param_a != '') {
$where .= ' AND param_a LIKE \'' . db_encode_like('%' . $filter_param_a . '%') . '\'';
}
if ($filter_param_b != '') {
$where .= ' AND param_b LIKE \'' . db_encode_like('%' . $filter_param_b . '%') . '\'';
}
if ($id != -1) {
$where .= ' AND the_user='******'SITE_DB']->query('SELECT id,the_user,date_and_time,the_type,param_a,param_b,ip FROM ' . get_table_prefix() . 'adminlogs WHERE ' . $where . ' ORDER BY ' . $sortable . ' ' . $sort_order, $max + $start);
$max_rows += $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'adminlogs WHERE ' . $where);
$rows = array_merge($rows1, $rows2);
require_code('actionlog');
$fields = new ocp_tempcode();
$pos = 0;
while (count($rows) != 0 && $pos - $start < $max) {
$best = 0;
// Initialise type to integer
$_best = 0;
// Initialise type to integer
$best = NULL;
$_best = NULL;
foreach ($rows as $x => $row) {
if (is_null($best) || $row['date_and_time'] < $_best && $sortable == 'date_and_time' && $sort_order == 'ASC' || $row['date_and_time'] > $_best && $sortable == 'date_and_time' && $sort_order == 'DESC' || intval($row['the_type']) < $_best && $sortable == 'the_type' && $sort_order == 'ASC' || intval($row['the_type']) > $_best && $sortable == 'the_type' && $sort_order == 'DESC') {
$best = $x;
if ($sortable == 'date_and_time') {
$_best = $row['date_and_time'];
}
if ($sortable == 'the_type') {
$_best = $row['the_type'];
}
}
}
if ($pos >= $start) {
$myrow = $rows[$best];
$username = $GLOBALS['FORUM_DRIVER']->member_profile_hyperlink($myrow['the_user']);
$mode = array_key_exists('l_reason', $myrow) ? 'ocf' : 'ocp';
$url = build_url(array('page' => '_SELF', 'type' => 'view', 'id' => $myrow['id'], 'mode' => $mode), '_SELF');
$mode_nice = $mode == 'ocp' ? 'ocPortal' : 'OCF';
$date = hyperlink($url, get_timezoned_date($myrow['date_and_time']), false, true, $mode_nice . '/' . $row['the_type'] . '/' . strval($myrow['id']), NULL, NULL, NULL, '_top');
if (!is_null($myrow['param_a'])) {
$a = $myrow['param_a'];
} else {
$a = '';
}
if (!is_null($myrow['param_b'])) {
$b = $myrow['param_b'];
} else {
$b = '';
}
require_code('templates_interfaces');
$_a = tpl_crop_text_mouse_over($a, 8);
$_b = tpl_crop_text_mouse_over($b, 15);
$type_str = do_lang($myrow['the_type'], $_a, $_b, NULL, NULL, false);
if (is_null($type_str)) {
$type_str = $myrow['the_type'];
}
$test = actionlog_linkage($myrow['the_type'], $a, $b, $_a, $_b);
if (!is_null($test)) {
list($_a, $_b) = $test;
}
$result_entry = array($username, $date, $type_str, $_a, $_b);
if (addon_installed('securitylogging')) {
$banned_test_1 = array_key_exists('ip', $myrow) ? $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_ip', 'ip', array('ip' => $myrow['ip'])) : NULL;
$banned_test_2 = $GLOBALS['SITE_DB']->query_value_null_ok('usersubmitban_member', 'the_member', array('the_member' => $myrow['the_user']));
$banned_test_3 = $GLOBALS['FORUM_DRIVER']->is_banned($myrow['the_user']);
$banned = is_null($banned_test_1) && is_null($banned_test_2) && !$banned_test_3 ? do_lang_tempcode('NO') : do_lang_tempcode('YES');
$result_entry[] = $banned;
}
$fields->attach(results_entry($result_entry, true));
}
unset($rows[$best]);
$pos++;
}
$table = results_table(do_lang_tempcode('ACTIONS'), $start, 'start', $max, 'max', $max_rows, $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort');
return do_template('ACTION_LOGS_SCREEN', array('_GUID' => 'd75c813e372c3ca8d1204609e54c9d65', 'TABLE' => $table, 'TITLE' => $title));
}
/**
* Checks the ticket ID is valid, and there is access for the current member to view it. Bombs out if there's a problem.
*
* @param string The ticket ID to check
*/
function check_id($id)
{
// Check we are allowed
$_temp = explode('_', $id);
if (array_key_exists(2, $_temp)) {
log_hack_attack_and_exit('TICKET_SYSTEM_WEIRD');
}
if (!has_specific_permission(get_member(), 'view_others_tickets') && intval($_temp[0]) != get_member()) {
if (is_guest()) {
access_denied('NOT_AS_GUEST');
}
if (is_guest(intval($_temp[0]))) {
access_denied(do_lang('TICKET_OTHERS_HACK'));
}
log_hack_attack_and_exit('TICKET_OTHERS_HACK');
}
}
/**
* The UI to show download statistics.
*
* @param object The stats module object
* @param string The screen type
* @return tempcode The UI
*/
function downloads($ob, $type)
{
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('SITE_STATISTICS'))));
require_lang('downloads');
//This will show a plain bar chart with all the downloads listed
$title = get_page_title('SECTION_DOWNLOADS');
// Handle time range
if (get_param_integer('dated', 0) == 0) {
$title = get_page_title('SECTION_DOWNLOADS');
return $ob->get_between($title, false, NULL, do_lang_tempcode('DOWNLOAD_STATS_RANGE'));
}
$time_start = get_input_date('time_start', true);
$time_end = get_input_date('time_end', true);
if (!is_null($time_end)) {
$time_end += 60 * 60 * 24 - 1;
}
// So it is end of day not start
if (is_null($time_start) && is_null($time_end)) {
$rows = $GLOBALS['SITE_DB']->query_select('download_downloads', array('id', 'num_downloads', 'name'));
} else {
if (is_null($time_start)) {
$time_start = 0;
}
if (is_null($time_end)) {
$time_end = time();
}
$title = get_page_title('SECTION_DOWNLOADS_RANGE', true, array(escape_html(get_timezoned_date($time_start, false)), escape_html(get_timezoned_date($time_end, false))));
$rows = $GLOBALS['SITE_DB']->query('SELECT id,num_downloads,name FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'download_downloads WHERE add_date>' . strval($time_start) . ' AND add_date<' . strval($time_end));
}
//$rows=array(array('id'=>1,'num_downloads'=>10,'name'=>3),array('id'=>2,'num_downloads'=>20,'name'=>4));
if (count($rows) < 1) {
return warn_screen($title, do_lang_tempcode('NO_DATA'));
}
$downloads = array();
foreach ($rows as $i => $row) {
if (!array_key_exists('num_downloads', $row)) {
$row['num_downloads'] = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'download_logging WHERE id=' . strval($row['id']));
$rows[$i] = $row;
}
$downloads[get_translated_text($row['name']) . ' (#' . strval($row['id']) . ')'] = $row['num_downloads'];
}
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 30);
$csv = get_param_integer('csv', 0) == 1;
if ($csv) {
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
$start = 0;
$max = 10000;
}
$sortables = array('num_downloads' => do_lang_tempcode('COUNT_DOWNLOADS'));
$test = explode(' ', get_param('sort', 'num_downloads DESC'), 2);
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
if ($sort_order == 'ASC') {
asort($downloads);
} else {
arsort($downloads);
}
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('TITLE'), do_lang_tempcode('COUNT_DOWNLOADS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
$real_data = array();
$i = 0;
foreach ($downloads as $download_name => $value) {
if ($i < $start) {
$i++;
continue;
} elseif ($i >= $start + $max) {
break;
}
$fields->attach(results_entry(array(escape_html($download_name), escape_html(integer_format($value)))));
$real_data[] = array('Download name' => $download_name, 'Tally' => $value);
$i++;
}
$list = results_table(do_lang_tempcode('SECTION_DOWNLOADS'), $start, 'start', $max, 'max', count($downloads), $fields_title, $fields, $sortables, $sortable, $sort_order, 'sort', new ocp_tempcode());
if ($csv) {
make_csv($real_data, 'download_stats.csv');
}
$output = create_bar_chart(array_slice($downloads, $start, $max), do_lang('TITLE'), do_lang('COUNT_DOWNLOADS'), '', '');
$ob->save_graph('Global-Downloads', $output);
$graph = do_template('STATS_GRAPH', array('GRAPH' => get_custom_base_url() . '/data_custom/modules/admin_stats/Global-Downloads.xml', 'TITLE' => do_lang_tempcode('SECTION_DOWNLOADS'), 'TEXT' => do_lang_tempcode('DESCRIPTION_DOWNLOADS_STATISTICS')));
return do_template('STATS_SCREEN', array('_GUID' => '4b8e0478231473d690e947ffc4580840', 'TITLE' => $title, 'GRAPH' => $graph, 'STATS' => $list));
}
/**
* Farm out the files for downloads.
*/
function dload_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
global $SITE_INFO;
if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') {
if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') {
warn_exit(do_lang_tempcode('LEECH_BLOCK'));
}
}
require_lang('downloads');
$id = get_param_integer('id', 0);
// Lookup
$rows = $GLOBALS['SITE_DB']->query_select('download_downloads', array('*'), array('id' => $id), '', 1);
if (!array_key_exists(0, $rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
// Permission
if (!has_category_access(get_member(), 'downloads', strval($myrow['category_id']))) {
access_denied('CATEGORY_ACCESS');
}
// Cost?
$got_before = $GLOBALS['SITE_DB']->query_value_null_ok('download_logging', 'the_user', array('the_user' => get_member(), 'id' => $id));
if (addon_installed('points')) {
if ($myrow['download_cost'] > 0) {
require_code('points2');
$member = get_member();
if (is_guest($member)) {
access_denied('NOT_AS_GUEST');
}
// Check they haven't downloaded this before (they only get charged once - maybe they are resuming)
if (is_null($got_before)) {
$cost = $myrow['download_cost'];
$member = get_member();
if (is_guest($member)) {
access_denied('NOT_AS_GUEST');
}
$dif = $cost - available_points($member);
if ($dif > 0 && !has_specific_permission(get_member(), 'have_negative_gift_points')) {
warn_exit(do_lang_tempcode('LACKING_POINTS', integer_format($dif)));
}
require_code('points2');
charge_member($member, $cost, do_lang('DOWNLOADED_THIS', get_translated_text($myrow['name'])));
if ($myrow['download_submitter_gets_points'] == 1) {
system_gift_transfer(do_lang('THEY_DOWNLOADED_THIS', get_translated_text($myrow['name'])), $cost, $myrow['submitter']);
}
}
}
}
// Filename
$full = $myrow['url'];
$breakdown = @pathinfo($full) or warn_exit(do_lang_tempcode('HTTP_DOWNLOAD_NO_SERVER', $full));
// $filename=$breakdown['basename'];
if (!array_key_exists('extension', $breakdown)) {
$extension = '';
} else {
$extension = strtolower($breakdown['extension']);
}
if (url_is_local($full)) {
$_full = get_custom_file_base() . '/' . rawurldecode($full);
} else {
$_full = rawurldecode($full);
}
// Is it non-local? If so, redirect
if (!url_is_local($full) || !file_exists(get_file_base() . '/' . rawurldecode(filter_naughty($full)))) {
if (url_is_local($full)) {
$full = get_custom_base_url() . '/' . $full;
}
if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $full);
log_download($id, 0, !is_null($got_before));
// Bandwidth used is 0 for an external download
return;
}
// Some basic security: don't fopen php files
if ($extension == 'php') {
log_hack_attack_and_exit('PHP_DOWNLOAD_INNOCENT', integer_format($id));
}
// Size, bandwidth, logging
$size = filesize($_full);
if (is_null($got_before)) {
$bandwidth = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT SUM(file_size) AS answer FROM ' . get_table_prefix() . 'download_logging l LEFT JOIN ' . get_table_prefix() . 'download_downloads d ON l.id=d.id WHERE date_and_time>' . strval(time() - 24 * 60 * 60 * 32));
if ($bandwidth + floatval($size) > floatval(get_option('maximum_download')) * 1024 * 1024 * 1024 && !has_specific_permission(get_member(), 'bypass_bandwidth_restriction')) {
warn_exit(do_lang_tempcode('TOO_MUCH_DOWNLOAD'));
}
require_code('files2');
check_shared_bandwidth_usage($size);
}
log_download($id, $size, !is_null($got_before));
// Send header
if (strpos($myrow['original_filename'], chr(10)) !== false || strpos($myrow['original_filename'], chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (get_option('immediate_downloads') == '1') {
require_code('mime_types');
header('Content-Type: ' . get_mime_type(get_file_extension($myrow['original_filename'])) . '; authoritative=true;');
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
} else {
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
} else {
header('Content-Disposition: attachment; filename="' . str_replace(chr(13), '', str_replace(chr(10), '', addslashes($myrow['original_filename']))) . '"');
}
}
header('Accept-Ranges: bytes');
// Caching
header("Pragma: private");
header("Cache-Control: private");
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT');
$time = is_null($myrow['edit_date']) ? $myrow['add_date'] : $myrow['edit_date'];
$time = max($time, filemtime($_full));
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $time) . ' GMT');
// Default to no resume
$from = 0;
$new_length = $size;
@ini_set('zlib.output_compression', 'Off');
// They're trying to resume (so update our range)
$httprange = ocp_srv('HTTP_RANGE');
if (strlen($httprange) > 0) {
$_range = explode('=', ocp_srv('HTTP_RANGE'));
if (count($_range) == 2) {
if (strpos($_range[0], '-') === false) {
$_range = array_reverse($_range);
}
$range = $_range[0];
if (substr($range, 0, 1) == '-') {
$range = strval($size - intval(substr($range, 1)) - 1) . $range;
}
if (substr($range, -1, 1) == '-') {
$range .= strval($size - 1);
}
$bits = explode('-', $range);
if (count($bits) == 2) {
list($from, $to) = array_map('intval', $bits);
if ($to - $from != 0 || $from == 0) {
$new_length = $to - $from + 1;
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range . '/' . strval($size));
} else {
$from = 0;
}
}
}
}
header('Content-Length: ' . strval($new_length));
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
error_reporting(0);
// Send actual data
$myfile = fopen($_full, 'rb');
fseek($myfile, $from);
$i = 0;
flush();
// Works around weird PHP bug that sends data before headers, on some PHP versions
while ($i < $new_length) {
$content = fread($myfile, min($new_length - $i, 1048576));
echo $content;
$len = strlen($content);
if ($len == 0) {
break;
}
$i += $len;
}
fclose($myfile);
/*
Security note... at the download adding/editing stage, we ensured that
only files accessible to the web server (in raw form) could end up in
our database.
Therefore we did not check here that our file was accessible in raw
form.
*/
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'tag_tag ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('tag_tag' => do_lang_tempcode('COMCODE_TAG'), 'tag_title' => do_lang_tempcode('TITLE'), 'tag_dangerous_tag' => do_lang_tempcode('DANGEROUS_TAG'), 'tag_block_tag' => do_lang_tempcode('BLOCK_TAG'), 'tag_textual_tag' => do_lang_tempcode('TEXTUAL_TAG'), 'tag_enabled' => do_lang_tempcode('ENABLED'));
$header_row = results_field_title(array(do_lang_tempcode('COMCODE_TAG'), do_lang_tempcode('TITLE'), do_lang_tempcode('DANGEROUS_TAG'), do_lang_tempcode('BLOCK_TAG'), do_lang_tempcode('TEXTUAL_TAG'), do_lang_tempcode('ENABLED'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['tag_tag']), '_SELF');
$fields->attach(results_entry(array($row['tag_tag'], get_translated_text($row['tag_title']), $row['tag_dangerous_tag'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), $row['tag_block_tag'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), $row['tag_textual_tag'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), $row['tag_enabled'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . $row['tag_tag']))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
/**
* Add comments to the specified resource.
*
* @param boolean Whether this resource allows comments (if not, this function does nothing - but it's nice to move out this common logic into the shared function)
* @param ID_TEXT The type (download, etc) that this commenting is for
* @param ID_TEXT The ID of the type that this commenting is for
* @param mixed The URL to where the commenting will pass back to (to put into the comment topic header) (URLPATH or Tempcode)
* @param ?string The title to where the commenting will pass back to (to put into the comment topic header) (NULL: don't know, but not first post so not important)
* @param ?string The name of the forum to use (NULL: default comment forum)
* @param boolean Whether to not require a captcha
* @param ?BINARY Whether the post is validated (NULL: unknown, find whether it needs to be marked unvalidated initially). This only works with the OCF driver (hence is the last parameter).
* @param boolean Whether to force allowance
* @param boolean Whether to skip a success message
* @param boolean Whether posts made should not be shared
* @return boolean Whether a hidden post has been made
*/
function actualise_post_comment($allow_comments, $content_type, $content_id, $content_url, $content_title, $forum = NULL, $avoid_captcha = false, $validated = NULL, $explicit_allow = false, $no_success_message = false, $private = false)
{
if (!$explicit_allow) {
if (get_option('is_on_comments') == '0' || !$allow_comments) {
return false;
}
if (!has_specific_permission(get_member(), 'comment', get_page_name())) {
return false;
}
}
if (running_script('preview')) {
return false;
}
$forum_tie = get_option('is_on_strong_forum_tie') == '1';
if (addon_installed('captcha')) {
if (array_key_exists('post', $_POST) && $_POST['post'] != '' && !$avoid_captcha) {
require_code('captcha');
enforce_captcha();
}
}
$post_title = post_param('title', NULL);
if (is_null($post_title) && !$forum_tie) {
return false;
}
$post = post_param('post', NULL);
if ($post == do_lang('POST_WARNING')) {
$post = '';
}
if ($post == do_lang('THREADED_REPLY_NOTICE', do_lang('POST_WARNING'))) {
$post = '';
}
if ($post == '' && $post_title !== '') {
$post = $post_title;
$post_title = '';
}
if ($post === '') {
warn_exit(do_lang_tempcode('NO_PARAMETER_SENT', 'post'));
}
if (is_null($post)) {
$post = '';
}
$email = trim(post_param('email', ''));
if ($email != '') {
$body = '> ' . str_replace(chr(10), chr(10) . '> ', $post);
if (substr($body, -2) == '> ') {
$body = substr($body, 0, strlen($body) - 2);
}
if (get_page_name() != 'tickets') {
$post .= '[staff_note]';
}
$post .= "\n\n" . '[email subject="Re: ' . comcode_escape($post_title) . ' [' . get_site_name() . ']" body="' . comcode_escape($body) . '"]' . $email . '[/email]' . "\n\n";
if (get_page_name() != 'tickets') {
$post .= '[/staff_note]';
}
}
$content_title = strip_comcode($content_title);
if (is_null($forum)) {
$forum = get_option('comments_forum_name');
}
$content_url_flat = is_object($content_url) ? $content_url->evaluate() : $content_url;
$_parent_id = post_param('parent_id', '');
$parent_id = $_parent_id == '' ? NULL : intval($_parent_id);
$poster_name_if_guest = post_param('poster_name_if_guest', '');
list($topic_id, $is_hidden) = $GLOBALS['FORUM_DRIVER']->make_post_forum_topic($forum, $content_type . '_' . $content_id, get_member(), $post_title, $post, $content_title, do_lang('COMMENT'), $content_url_flat, NULL, NULL, $validated, $explicit_allow ? 1 : NULL, $explicit_allow, $poster_name_if_guest, $parent_id, false, !$private && $post != '' ? 'comment_posted' : NULL, !$private && $post != '' ? $content_type . '_' . $content_id : NULL);
if (!is_null($topic_id)) {
if (!is_integer($forum)) {
$forum_id = $GLOBALS['FORUM_DRIVER']->forum_id_from_name($forum);
} else {
$forum_id = (int) $forum;
}
if (get_forum_type() == 'ocf' && !is_null($GLOBALS['LAST_POST_ID'])) {
$extra_review_ratings = array();
global $REVIEWS_STRUCTURE;
if (array_key_exists($content_type, $REVIEWS_STRUCTURE)) {
$reviews_rating_criteria = $REVIEWS_STRUCTURE[$content_type];
} else {
$reviews_rating_criteria[] = '';
}
foreach ($reviews_rating_criteria as $rating_type) {
// Has there actually been any rating?
$rating = post_param_integer('review_rating__' . fix_id($rating_type), NULL);
if (!is_null($rating)) {
if ($rating > 10 || $rating < 1) {
log_hack_attack_and_exit('VOTE_CHEAT');
}
$GLOBALS['SITE_DB']->query_insert('review_supplement', array('r_topic_id' => $GLOBALS['LAST_TOPIC_ID'], 'r_post_id' => $GLOBALS['LAST_POST_ID'], 'r_rating_type' => $rating_type, 'r_rating_for_type' => $content_type, 'r_rating_for_id' => $content_id, 'r_rating' => $rating));
}
}
}
}
if (!$private && $post != '') {
list(, $submitter, , $safe_content_url, $cma_info) = get_details_behind_feedback_code($content_type, $content_id);
$content_type_title = $content_type;
if (!is_null($cma_info) && isset($cma_info['content_type_label'])) {
$content_type_title = do_lang($cma_info['content_type_label']);
}
// Notification
require_code('notifications');
$username = $GLOBALS['FORUM_DRIVER']->get_username(get_member());
$subject = do_lang('NEW_COMMENT_SUBJECT', get_site_name(), $content_title == '' ? ocp_mb_strtolower($content_type_title) : $content_title, array($post_title, $username), get_site_default_lang());
$username = $GLOBALS['FORUM_DRIVER']->get_username(get_member());
$message_raw = do_lang('NEW_COMMENT_BODY', comcode_escape(get_site_name()), comcode_escape($content_title == '' ? ocp_mb_strtolower($content_type_title) : $content_title), array($post_title == '' ? do_lang('NO_SUBJECT') : $post_title, post_param('post'), comcode_escape($content_url_flat), comcode_escape($username)), get_site_default_lang());
dispatch_notification('comment_posted', $content_type . '_' . $content_id, $subject, $message_raw);
// Is the user gonna automatically enable notifications for this?
if (get_forum_type() == 'ocf') {
$auto_monitor_contrib_content = $GLOBALS['OCF_DRIVER']->get_member_row_field(get_member(), 'm_auto_monitor_contrib_content');
if ($auto_monitor_contrib_content == 1) {
enable_notifications('comment_posted', $content_type . '_' . $content_id);
}
}
// Activity
$real_content_type = convert_ocportal_type_codes('feedback_type_code', $content_type, 'cma_hook');
if (may_view_content_behind_feedback_code($GLOBALS['FORUM_DRIVER']->get_guest_id(), $real_content_type, $content_id)) {
if (is_null($submitter)) {
$submitter = $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
$activity_type = is_null($submitter) || is_guest($submitter) ? '_ADDED_COMMENT_ON' : 'ADDED_COMMENT_ON';
if ($content_title == '') {
syndicate_described_activity($activity_type . '_UNTITLED', ocp_mb_strtolower($content_type_title), $content_type_title, '', url_to_pagelink(is_object($safe_content_url) ? $safe_content_url->evaluate() : $safe_content_url), '', '', convert_ocportal_type_codes('feedback_type_code', $content_type, 'addon_name'), 1, NULL, false, $submitter);
} else {
syndicate_described_activity($activity_type, $content_title, ocp_mb_strtolower($content_type_title), $content_type_title, url_to_pagelink(is_object($safe_content_url) ? $safe_content_url->evaluate() : $safe_content_url), '', '', convert_ocportal_type_codes('feedback_type_code', $content_type, 'addon_name'), 1, NULL, false, $submitter);
}
}
}
if ($post != '' && $forum_tie && !$no_success_message) {
require_code('site2');
assign_refresh($GLOBALS['FORUM_DRIVER']->topic_url($GLOBALS['FORUM_DRIVER']->find_topic_id_for_topic_identifier($forum, $content_type . '_' . $content_id), $forum), 0.0);
}
if ($post != '' && !$no_success_message) {
attach_message(do_lang_tempcode('SUCCESS'));
}
return $is_hidden;
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'cf_order ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('cf_name' => do_lang_tempcode('NAME'), 'cf_owner_view' => do_lang_tempcode('OWNER_VIEW'), 'cf_owner_set' => do_lang_tempcode('OWNER_SET'), 'cf_public_view' => do_lang_tempcode('PUBLIC_VIEW'), 'cf_required' => do_lang_tempcode('REQUIRED'), 'cf_order' => do_lang_tempcode('ORDER'));
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$fh = array(do_lang_tempcode('NAME'), do_lang_tempcode('OWNER_VIEW'), do_lang_tempcode('OWNER_SET'), do_lang_tempcode('PUBLIC_VIEW'), do_lang_tempcode('REQUIRED'));
$fh[] = do_lang_tempcode('SHOW_ON_JOIN_FORM');
//$fh[]=do_lang_tempcode('SHOW_IN_POSTS');
//$fh[]=do_lang_tempcode('SHOW_IN_POST_PREVIEWS');
$fh[] = do_lang_tempcode('ORDER');
$fh[] = do_lang_tempcode('ACTIONS');
$header_row = results_field_title($fh, $sortables, 'sort', $sortable . ' ' . $sort_order);
// Load up filters
$hooks = find_all_hooks('systems', 'ocf_cpf_filter');
$to_keep = array();
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/ocf_cpf_filter/' . $hook);
$_hook = object_factory('Hook_ocf_cpf_filter_' . $hook, true);
if (is_null($_hook)) {
continue;
}
$to_keep += $_hook->to_enable();
}
$fields = new ocp_tempcode();
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering, NULL);
$changed = false;
foreach ($rows as $row) {
$order = post_param_integer('order_' . strval($row['id']), NULL);
if (!is_null($order)) {
$GLOBALS['FORUM_DB']->query_update('f_custom_fields', array('cf_order' => $order), array('id' => $row['id']), '', 1);
$changed = true;
}
}
if ($changed) {
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
}
require_code('form_templates');
foreach ($rows as $row) {
$trans = get_translated_text($row['cf_name'], $GLOBALS['FORUM_DB']);
$used = true;
if (substr($trans, 0, 4) == 'ocp_') {
// See if it gets filtered
if (!array_key_exists(substr($trans, 4), $to_keep)) {
$used = false;
}
$test = do_lang('SPECIAL_CPF__' . $trans, NULL, NULL, NULL, NULL, false);
if (!is_null($test)) {
$trans = $test;
}
}
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$orderlist = new ocp_tempcode();
$num_cpfs = $GLOBALS['FORUM_DB']->query_value('f_custom_fields', 'COUNT(*)');
$selected_one = false;
$order = $row['cf_order'];
for ($i = 0; $i < max($num_cpfs, $order); $i++) {
$selected = $i === $order;
if ($selected) {
$selected_one = true;
}
$orderlist->attach(form_input_list_entry(strval($i), $selected, integer_format($i + 1)));
}
if (!$selected_one) {
$orderlist->attach(form_input_list_entry(strval($order), true, integer_format($order + 1)));
}
$orderer = do_template('TABLE_TABLE_ROW_CELL_SELECT', array('LABEL' => do_lang_tempcode('ORDER'), 'NAME' => 'order_' . strval($row['id']), 'LIST' => $orderlist));
$fr = array();
$fr[] = $trans;
$fr[] = $row['cf_owner_view'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
$fr[] = $row['cf_owner_set'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
$fr[] = $row['cf_public_view'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
$fr[] = $row['cf_required'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
$fr[] = $row['cf_show_on_join_form'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO');
//$fr[]=($row['cf_show_in_posts']==1)?do_lang_tempcode('YES'):do_lang_tempcode('NO');
//$fr[]=($row['cf_show_in_post_previews']==1)?do_lang_tempcode('YES'):do_lang_tempcode('NO');
$fr[] = protect_from_escaping($orderer);
if ($used) {
$edit_link = hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id']));
} else {
$edit_link = do_lang_tempcode('UNUSED_CPF');
}
$fr[] = protect_from_escaping($edit_link);
$fields->attach(results_entry($fr, true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order, 'sort', NULL, NULL, NULL, 8, 'gdfg43tfdgdfgdrfgd', true), true);
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'title ASC', true);
list($sortable, $sort_order) = array(substr($current_ordering, 0, strrpos($current_ordering, ' ')), substr($current_ordering, strrpos($current_ordering, ' ') + 1));
$sortables = array('title' => do_lang_tempcode('TITLE'));
if (db_has_subqueries($GLOBALS['SITE_DB']->connection_read)) {
$sortables['(SELECT COUNT(*) FROM ' . get_table_prefix() . 'newsletter n JOIN ' . get_table_prefix() . 'newsletter_subscribe s ON n.id=s.newsletter_id WHERE code_confirm=0)'] = do_lang_tempcode('COUNT_MEMBERS');
}
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('TITLE'), do_lang_tempcode('COUNT_MEMBERS'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$num_readers = $GLOBALS['SITE_DB']->query_value('newsletter n JOIN ' . get_table_prefix() . 'newsletter_subscribe s ON n.id=s.newsletter_id', 'COUNT(*)', array('code_confirm' => 0));
$fields->attach(results_entry(array(get_translated_text($row['title']), integer_format($num_readers), protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
/**
* Script handler for downloading a gallery, as specified by GET parameters.
*/
function download_gallery_script()
{
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
require_code('galleries');
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
require_lang('galleries');
require_code('zip');
$cat = get_param('cat');
if (!has_category_access(get_member(), 'galleries', $cat)) {
access_denied('CATEGORY_ACCESS');
}
check_specific_permission('may_download_gallery', array('galleries', $cat));
if (strpos($cat, chr(10)) !== false || strpos($cat, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
$gallery_rows = $GLOBALS['SITE_DB']->query_select('galleries', array('*'), array('name' => $cat), '', 1);
if (!array_key_exists(0, $gallery_rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$gallery_row = $gallery_rows[0];
// Send header
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="gallery-' . $cat . '.zip"');
} else {
header('Content-Disposition: attachment; filename="gallery-' . $cat . '.zip"');
}
disable_php_memory_limit();
$rows = array_merge($GLOBALS['SITE_DB']->query_select('videos', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)), $GLOBALS['SITE_DB']->query_select('images', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)));
$array = array();
foreach ($rows as $row) {
$full_path = NULL;
$data = NULL;
if (url_is_local($row['url']) && file_exists(get_file_base() . '/' . urldecode($row['url']))) {
$path = urldecode($row['url']);
$full_path = get_file_base() . '/' . $path;
if (file_exists($full_path)) {
$time = filemtime($full_path);
$name = $path;
} else {
continue;
}
} else {
continue;
// Actually we won't include them, if they are not local it implies it is not reasonable for them to lead to server load, and they may not even be native files
$time = $row['add_date'];
$name = basename(urldecode($row['url']));
$data = http_download_file($row['url']);
}
$array[] = array('name' => preg_replace('#^uploads/galleries/#', '', $name), 'time' => $time, 'data' => $data, 'full_path' => $full_path);
}
if ($gallery_row['rep_image'] != '') {
if (url_is_local($gallery_row['rep_image']) && file_exists(get_file_base() . '/' . urldecode($gallery_row['rep_image']))) {
$path = urldecode($gallery_row['rep_image']);
$full_path = get_file_base() . '/' . $path;
if (file_exists($full_path)) {
$time = filemtime($full_path);
$name = $path;
$data = file_get_contents($full_path);
}
} else {
$time = $gallery_row['add_date'];
$name = basename(urldecode($gallery_row['rep_image']));
$data = http_download_file($gallery_row['rep_image']);
}
$array[] = array('name' => preg_replace('#^uploads/(galleries|grepimages)/#', '', $name), 'time' => $time, 'data' => $data);
}
@ini_set('zlib.output_compression', 'Off');
//$zip_file=create_zip_file($array);
//header('Content-Length: '.strval(strlen($zip_file)));
//echo $zip_file;
create_zip_file($array, true);
}
/**
* Show the image of an attachment/thumbnail.
*/
function attachments_script()
{
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
$id = get_param_integer('id', 0);
$connection = $GLOBALS[get_param_integer('forum_db', 0) == 1 ? 'FORUM_DB' : 'SITE_DB'];
$has_no_restricts = !is_null($connection->query_value_null_ok('attachment_refs', 'id', array('r_referer_type' => 'null', 'a_id' => $id)));
if (!$has_no_restricts) {
global $SITE_INFO;
if (!is_guest() || !isset($SITE_INFO['any_guest_cached_too']) || $SITE_INFO['any_guest_cached_too'] == '0') {
if (get_param('for_session', '-1') != md5(strval(get_session_id())) && get_option('anti_leech') == '1' && ocp_srv('HTTP_REFERER') != '') {
warn_exit(do_lang_tempcode('LEECH_BLOCK'));
}
}
}
require_lang('comcode');
// Lookup
$rows = $connection->query_select('attachments', array('*'), array('id' => $id), 'ORDER BY a_add_time DESC');
if (!array_key_exists(0, $rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$myrow = $rows[0];
header('Last-Modified: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', $myrow['a_add_time']));
if ($myrow['a_url'] == '') {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
if (!$has_no_restricts) {
// Permission
if (substr($myrow['a_url'], 0, 20) == 'uploads/attachments/') {
if (!has_attachment_access(get_member(), $id, $connection)) {
access_denied('ATTACHMENT_ACCESS');
}
}
}
$thumb = get_param_integer('thumb', 0);
if ($thumb == 1) {
$full = $myrow['a_thumb_url'];
require_code('images');
$myrow['a_thumb_url'] = ensure_thumbnail($myrow['a_url'], $myrow['a_thumb_url'], 'attachments', 'attachments', intval($myrow['id']), 'a_thumb_url');
} else {
$full = $myrow['a_url'];
if (get_param_integer('no_count', 0) == 0) {
// Update download count
if (ocp_srv('HTTP_RANGE') == '') {
$connection->query_update('attachments', array('a_num_downloads' => $myrow['a_num_downloads'] + 1, 'a_last_downloaded_time' => time()), array('id' => $id), '', 1, NULL, false, true);
}
}
}
// Is it non-local? If so, redirect
if (!url_is_local($full)) {
if (strpos($full, chr(10)) !== false || strpos($full, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Location: ' . $full);
return;
}
// $breakdown=pathinfo($full);
// $filename=$breakdown['basename'];
$_full = get_custom_file_base() . '/' . rawurldecode($full);
if (!file_exists($_full)) {
warn_exit(do_lang_tempcode('_MISSING_RESOURCE', 'url:' . escape_html($full)));
}
// File is missing, we can't do anything
$size = filesize($_full);
$original_filename = $myrow['a_original_filename'];
$extension = get_file_extension($original_filename);
require_code('files2');
check_shared_bandwidth_usage($size);
require_code('mime_types');
$mime_type = get_mime_type($extension);
/*$myfile2=fopen('test','wb');
fwrite($myfile2,var_export($_SERVER,true));
fwrite($myfile2,var_export($_ENV,true));
fclose($myfile2);*/
// Send header
if (strpos($original_filename, chr(10)) !== false || strpos($original_filename, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
header('Content-Type: ' . $mime_type . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="' . $original_filename . '"');
} else {
header('Content-Disposition: inline; filename="' . $original_filename . '"');
}
header('Accept-Ranges: bytes');
// Caching
header("Pragma: private");
header("Cache-Control: private");
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 365) . ' GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $myrow['a_add_time']) . ' GMT');
// Default to no resume
$from = 0;
$new_length = $size;
@ini_set('zlib.output_compression', 'Off');
// They're trying to resume (so update our range)
$httprange = ocp_srv('HTTP_RANGE');
if (strlen($httprange) > 0) {
$_range = explode('=', ocp_srv('HTTP_RANGE'));
if (count($_range) == 2) {
if (strpos($_range[0], '-') === false) {
$_range = array_reverse($_range);
}
$range = $_range[0];
if (substr($range, 0, 1) == '-') {
$range = strval($size - intval(substr($range, 1)) - 1) . $range;
}
if (substr($range, -1, 1) == '-') {
$range .= strval($size - 1);
}
$bits = explode('-', $range);
if (count($bits) == 2) {
list($from, $to) = array_map('intval', $bits);
if ($to - $from != 0 || $from == 0) {
$new_length = $to - $from + 1;
header('HTTP/1.1 206 Partial Content');
header('Content-Range: bytes ' . $range . '/' . strval($size));
} else {
$from = 0;
}
}
}
}
header('Content-Length: ' . strval($new_length));
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
error_reporting(0);
if ($from == 0) {
$GLOBALS['SITE_DB']->query('UPDATE ' . get_table_prefix() . 'values SET the_value=(the_value+' . strval((int) $size) . ') WHERE the_name=\'download_bandwidth\'', 1);
}
@ini_set('ocproducts.xss_detect', '0');
// Send actual data
$myfile = fopen($_full, 'rb');
fseek($myfile, $from);
$i = 0;
flush();
// Works around weird PHP bug that sends data before headers, on some PHP versions
while ($i < $new_length) {
$content = fread($myfile, min($new_length - $i, 1048576));
echo $content;
$len = strlen($content);
if ($len == 0) {
break;
}
$i += $len;
}
fclose($myfile);
}
/**
* Force a page refresh due to maximum execution timeout.
*/
function i_force_refresh()
{
if (array_key_exists('I_REFRESH_URL', $GLOBALS)) {
if (strpos($GLOBALS['I_REFRESH_URL'], chr(10)) !== false || strpos($GLOBALS['I_REFRESH_URL'], chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
if (!headers_sent()) {
header('Location: ' . $GLOBALS['I_REFRESH_URL']);
} else {
echo '<meta http-equiv="Refresh" content="0; URL=' . escape_html($GLOBALS['I_REFRESH_URL']) . '" />';
flush();
}
/*$f=fopen(get_file_base().'/test.txt','at');
fwrite($f,'R');
fclose($f);*/
exit;
}
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A quartet: The choose table, Whether re-ordering is supported from this screen, Search URL, Archive URL.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$current_ordering = get_param('sort', 'c_title ASC', true);
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('c_title' => do_lang_tempcode('TITLE'));
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title(array(do_lang_tempcode('TITLE'), do_lang_tempcode('EXPANDED_BY_DEFAULT'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$fields->attach(results_entry(array($row['c_title'], $row['c_expanded_by_default'] == 1 ? do_lang_tempcode('YES') : do_lang_tempcode('NO'), protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])))), true));
}
$search_url = NULL;
$archive_url = NULL;
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false, $search_url, $archive_url);
}
/**
* Get an ordered array of all the entries in the specified catalogue.
*
* @param ?AUTO_LINK The ID of the category for which the entries are being collected (NULL: entries are [and must be] passed instead)
* @param ID_TEXT The name of the catalogue
* @param ?array A database row of the catalogue we are working with (NULL: read it in)
* @param ID_TEXT The view type we're doing
* @set PAGE SEARCH CATEGORY
* @param ID_TEXT The template set we are rendering this category using
* @param ?integer The maximum number of entries to show on a single page of this this category (NULL: all)
* @param ?integer The entry number to start at (NULL: all)
* @param ?mixed The entries to show, may be from other categories. Can either be SQL fragment, or array (NULL: use $start and $max)
* @param ?AUTO_LINK The virtual root for display of this category (NULL: default)
* @param ?SHORT_INTEGER The display type to use (NULL: lookup from $catalogue)
* @param boolean Whether to perform sorting
* @param ?array A list of entry rows (NULL: select them normally)
* @param string Search filter (blank: no filter)
* @param ?ID_TEXT Orderer (NULL: read from environment)
* @return array An array containing our built up entries (renderable tempcode), our sorting interface, and our entries (entry records from database, with an additional 'map' field), and the max rows
*/
function get_catalogue_category_entry_buildup($category_id, $catalogue_name, $catalogue, $view_type, $tpl_set, $max, $start, $select, $root, $display_type = NULL, $do_sorting = true, $entries = NULL, $search = '', $_order_by = NULL)
{
if (addon_installed('ecommerce')) {
require_code('ecommerce');
}
$is_ecomm = is_ecommerce_catalogue($catalogue_name);
if (is_null($catalogue)) {
$_catalogues = $GLOBALS['SITE_DB']->query_select('catalogues', array('*'), array('c_name' => $catalogue_name), '', 1);
$catalogue = $_catalogues[0];
}
$or_list = mixed();
if (is_null($entries) && !is_null($select)) {
if (is_array($select) && count($select) == 0 || is_string($select) && $select == '') {
$entries = array();
} else {
if (!is_array($select)) {
$or_list = $select;
} else {
$or_list = '';
foreach ($select as $s) {
if ($or_list != '') {
$or_list .= ' OR ';
}
$or_list .= 'e.id=' . strval($s);
}
}
}
}
if (is_null($display_type)) {
$display_type = get_param_integer('keep_cat_display_type', $catalogue['c_display_type']);
}
// Find order field
global $CAT_FIELDS_CACHE;
if (isset($CAT_FIELDS_CACHE[$catalogue_name])) {
$fields = $CAT_FIELDS_CACHE[$catalogue_name];
} else {
$fields = $GLOBALS['SITE_DB']->query_select('catalogue_fields', array('*'), array('c_name' => $catalogue_name), 'ORDER BY cf_order');
}
$CAT_FIELDS_CACHE[$catalogue_name] = $fields;
if ($do_sorting) {
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'order';
if (is_null($_order_by)) {
$_order_by = get_param('order', '');
}
if ($_order_by == '' || strpos($_order_by, ' ') === false) {
$order_by = '0';
$direction = 'ASC';
foreach ($fields as $i => $field) {
if ($field['cf_defines_order'] != 0) {
$order_by = strval($i);
$direction = $field['cf_defines_order'] == 1 ? 'ASC' : 'DESC';
$_order_by = strval($field['id']) . ' ' . $direction;
break;
}
}
} else {
list($order_by, $direction) = explode(' ', $_order_by);
if ($direction != 'ASC' && $direction != 'DESC') {
log_hack_attack_and_exit('ORDERBY_HACK');
}
if ($order_by != 'rating' && $order_by != 'add_date') {
$found = false;
foreach ($fields as $i => $field) {
if ($order_by == strval($field['id'])) {
$order_by = strval($i);
$found = true;
break;
}
}
if (!$found) {
$order_by = '0';
}
// Could not find
}
}
} else {
$order_by = mixed();
$direction = 'ASC';
}
// Get entries in this category
$map = '1=1';
if (!is_null($category_id)) {
$map .= ' AND cc_id=' . strval($category_id);
}
if (!has_specific_permission(get_member(), 'see_unvalidated')) {
$map .= ' AND ce_validated=1';
}
if (!is_null($or_list)) {
$map .= ' AND (' . $or_list . ')';
}
$in_db_sorting = !is_null($order_by) && $do_sorting;
require_code('fields');
if (is_null($entries)) {
if ($in_db_sorting) {
$num_entries = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'catalogue_entries e WHERE ' . $map);
if ($order_by == 'add_date') {
$entries = $max == 0 ? array() : $GLOBALS['SITE_DB']->query('SELECT e.* FROM ' . get_table_prefix() . 'catalogue_entries e WHERE ' . $map . ' ORDER BY ce_add_date ' . $direction, $max, $start);
} elseif ($order_by == 'rating') {
$select_rating = '(SELECT AVG(rating) FROM ' . get_table_prefix() . 'rating WHERE ' . db_string_equal_to('rating_for_type', 'catalogues') . ' AND rating_for_id=e.id) AS compound_rating';
$entries = $max == 0 ? array() : $GLOBALS['SITE_DB']->query('SELECT e.*,' . $select_rating . ' FROM ' . get_table_prefix() . 'catalogue_entries e WHERE ' . $map . ' ORDER BY compound_rating ' . $direction, $max, $start);
} else {
$ob = get_fields_hook($fields[intval($order_by)]['cf_type']);
list(, , $table) = $ob->get_field_value_row_bits($fields[$order_by]);
if (strpos($table, '_trans') !== false) {
$join = get_table_prefix() . 'catalogue_entries e LEFT JOIN ' . get_table_prefix() . 'catalogue_efv_' . $table . ' f ON f.ce_id=e.id AND f.cf_id=' . strval($fields[$order_by]['id']) . ' LEFT JOIN ' . get_table_prefix() . 'translate t ON f.cv_value=t.id';
$entries = $max == 0 ? array() : $GLOBALS['SITE_DB']->query('SELECT e.* FROM ' . $join . ' WHERE ' . $map . ' ' . ($num_entries > 300 ? '' : 'ORDER BY t.text_original ' . $direction), $max, $start);
} else {
$join = get_table_prefix() . 'catalogue_entries e LEFT JOIN ' . get_table_prefix() . 'catalogue_efv_' . $table . ' f ON f.ce_id=e.id AND f.cf_id=' . strval($fields[$order_by]['id']);
$entries = $max == 0 ? array() : $GLOBALS['SITE_DB']->query('SELECT e.* FROM ' . $join . ' WHERE ' . $map . ' ORDER BY f.cv_value ' . $direction, $max, $start);
}
}
$start = 0;
// To stop it skipping itself
} else {
if ((is_null($order_by) || !$do_sorting) && !is_null($max)) {
$entries = $max == 0 ? array() : $GLOBALS['SITE_DB']->query('SELECT e.* FROM ' . get_table_prefix() . 'catalogue_entries e WHERE ' . $map, $max, $start);
$num_entries = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'catalogue_entries e WHERE ' . $map);
$start = 0;
// To stop it skipping itself
} else {
$entries = $max == 0 ? array() : $GLOBALS['SITE_DB']->query('SELECT e.* FROM ' . get_table_prefix() . 'catalogue_entries e WHERE ' . $map);
$num_entries = count($entries);
}
}
} else {
$num_entries = count($entries);
}
if ($num_entries > 300 && !$in_db_sorting) {
$in_db_sorting = true;
}
// Needed to stop huge slow down
foreach ($entries as $i => $entry) {
$entries[$i]['map'] = get_catalogue_entry_map($entry, $catalogue, $view_type, $tpl_set, $root, $fields, $display_type == 1 && !$is_ecomm && !is_null($order_by) ? array(0, intval($order_by)) : NULL, false, false, intval($order_by));
}
// Implement search filter
if ($search != '') {
$new_entries = array();
for ($i = 0; $i < $num_entries; $i++) {
$two_d_list = $entries[$i]['map']['FIELDS_2D'];
$all_output = '';
foreach ($two_d_list as $index => $l) {
$all_output .= (is_object($l['VALUE']) ? $l['VALUE']->evaluate() : $l['VALUE']) . ' ';
}
if (strpos(strtolower($all_output), strtolower($search)) !== false) {
$new_entries[] = $entries[$i];
}
}
$entries = $new_entries;
}
disable_php_memory_limit();
if ($do_sorting) {
// Sort entries
$selectors = new ocp_tempcode();
foreach ($fields as $i => $field) {
if ($field['cf_searchable'] == 1) {
$potential_sorter_name = get_translated_text($field['cf_name']);
foreach (array('ASC' => '_ASCENDING', 'DESC' => '_DESCENDING') as $dir_code => $dir_lang) {
$sort_sel = $order_by == strval($i) && $direction == $dir_code;
$_potential_sorter_name = new ocp_tempcode();
$_potential_sorter_name->attach(escape_html($potential_sorter_name));
$_potential_sorter_name->attach(do_lang_tempcode($dir_lang));
$selectors->attach(do_template('RESULTS_BROWSER_SORTER', array('_GUID' => 'dfdsfdsusd0fsd0dsf', 'SELECTED' => $sort_sel, 'NAME' => protect_from_escaping($_potential_sorter_name), 'VALUE' => strval($field['id']) . ' ' . $dir_code)));
}
}
}
$extra_sorts = array();
$extra_sorts['add_date'] = '_ADDED';
if (get_option('is_on_rating') == '0') {
$has_ratings = false;
} else {
if (is_null($entries)) {
$has_ratings = false;
foreach ($entries as $entry) {
if ($entry['allow_rating'] == 1) {
$has_ratings = true;
}
}
if ($has_ratings) {
$extra_sorts['rating'] = 'RATING';
}
} else {
$has_ratings = true;
}
}
foreach ($extra_sorts as $extra_sort_code => $extra_sort_lang) {
foreach (array('ASC' => '_ASCENDING', 'DESC' => '_DESCENDING') as $dir_code => $dir_lang) {
$sort_sel = $order_by == $extra_sort_code && $direction == $dir_code;
$_potential_sorter_name = new ocp_tempcode();
$_potential_sorter_name->attach(do_lang_tempcode($extra_sort_lang));
$_potential_sorter_name->attach(do_lang_tempcode($dir_lang));
$selectors->attach(do_template('RESULTS_BROWSER_SORTER', array('_GUID' => 'xfdsfdsusd0fsd0dsf', 'SELECTED' => $sort_sel, 'NAME' => protect_from_escaping($_potential_sorter_name), 'VALUE' => $extra_sort_code . ' ' . $dir_code)));
}
}
$sort_url = get_self_url(false, false, array('order' => NULL), false, true);
$sorting = do_template('RESULTS_BROWSER_SORT', array('_GUID' => '9fgjfdklgjdfgkjlfdjgd90', 'SORT' => 'order', 'RAND' => uniqid(''), 'URL' => $sort_url, 'SELECTORS' => $selectors));
if (!$in_db_sorting) {
for ($i = 0; $i < $num_entries; $i++) {
if (!array_key_exists($i, $entries)) {
continue;
}
for ($j = $i + 1; $j < $num_entries; $j++) {
if (!array_key_exists($j, $entries)) {
continue;
}
$a = @$entries[$j]['map']['FIELD_' . $order_by];
if (array_key_exists('FIELD_' . $order_by . '_PLAIN', @$entries[$j]['map'])) {
$a = @$entries[$j]['map']['FIELD_' . $order_by . '_PLAIN'];
}
$b = @$entries[$i]['map']['FIELD_' . $order_by];
if (array_key_exists('FIELD_' . $order_by . '_PLAIN', @$entries[$i]['map'])) {
$b = @$entries[$i]['map']['FIELD_' . $order_by . '_PLAIN'];
}
if (is_object($a)) {
$a = $a->evaluate();
}
if (is_object($b)) {
$b = $b->evaluate();
}
if ($fields[$order_by]['cf_type'] == 'date') {
$bits = explode(' ', $a, 2);
$date_bits = explode(strpos($bits[0], '-') !== false ? '-' : '/', $bits[0], 3);
if (!array_key_exists(1, $date_bits)) {
$date_bits[1] = date('m');
}
if (!array_key_exists(2, $date_bits)) {
$date_bits[2] = date('Y');
}
$time_bits = explode(':', $bits[1], 3);
if (!array_key_exists(1, $time_bits)) {
$time_bits[1] = '00';
}
if (!array_key_exists(2, $time_bits)) {
$time_bits[2] = '00';
}
$time_a = mktime(intval($time_bits[0]), intval($time_bits[1]), intval($time_bits[2]), intval($date_bits[1]), intval($date_bits[2]), intval($date_bits[0]));
$bits = explode(' ', $b, 2);
$date_bits = explode(strpos($bits[0], '-') !== false ? '-' : '/', $bits[0], 3);
if (!array_key_exists(1, $date_bits)) {
$date_bits[1] = date('m');
}
if (!array_key_exists(2, $date_bits)) {
$date_bits[2] = date('Y');
}
$time_bits = explode(':', $bits[1], 3);
if (!array_key_exists(1, $time_bits)) {
$time_bits[1] = '00';
}
if (!array_key_exists(2, $time_bits)) {
$time_bits[2] = '00';
}
$time_b = mktime(intval($time_bits[0]), intval($time_bits[1]), intval($time_bits[2]), intval($date_bits[1]), intval($date_bits[2]), intval($date_bits[0]));
$r = $time_a < $time_b ? -1 : ($time_a == $time_b ? 0 : 1);
} else {
$r = strnatcmp(strtolower($a), strtolower($b));
}
if ($r < 0 && $direction == 'ASC' || $r > 0 && $direction == 'DESC') {
$temp = $entries[$i];
$entries[$i] = $entries[$j];
$entries[$j] = $temp;
}
}
}
}
} else {
$sorting = new ocp_tempcode();
}
// Build up entries
$entry_buildup = new ocp_tempcode();
$extra_map = array();
if ($is_ecomm) {
require_lang('shopping');
$i = 0;
for ($i = 0; $i < $num_entries; $i++) {
if (!array_key_exists($i, $entries)) {
break;
}
$entry = $entries[$i];
$extra_map[$i]['ADD_TO_CART'] = build_url(array('page' => 'shopping', 'type' => 'add_item', 'product_id' => $entry['id'], 'hook' => 'catalogue_items'), get_module_zone('shopping'));
}
}
if ($display_type == 2) {
for ($i = 0; $i < $num_entries; $i++) {
if (!array_key_exists($i, $entries)) {
break;
}
$entry = $entries[$i];
if (is_null($start) || $in_db_sorting || $i >= $start && $i < $start + $max) {
$tab_entry_map = $entry['map'] + (array_key_exists($i, $extra_map) ? $extra_map[$i] : array());
if (get_option('is_on_comments') == '1' && $entry['allow_comments'] >= 1 || get_option('is_on_rating') == '1' && $entry['allow_rating'] == 1 || get_option('is_on_trackbacks') == '1' && $entry['allow_trackbacks'] == 1) {
$tab_entry_map['VIEW_URL'] = build_url(array('page' => 'catalogues', 'type' => 'entry', 'id' => $entry['id'], 'root' => $root == -1 ? NULL : $root), get_module_zone('catalogues'));
} else {
$tab_entry_map['VIEW_URL'] = '';
}
$entry_buildup->attach(static_evaluate_tempcode(do_template('CATALOGUE_' . $tpl_set . '_TAB_ENTRY', $tab_entry_map, NULL, false, 'CATALOGUE_DEFAULT_TAB_ENTRY')));
}
if (!is_null($start) && $i >= $start + $max) {
break;
}
}
if (!$entry_buildup->is_empty()) {
$head = new ocp_tempcode();
$field_count = 0;
foreach ($fields as $i => $field) {
if (($field['cf_put_in_category'] == 1 && $view_type == 'CATEGORY' || $field['cf_put_in_search'] == 1 && $view_type == 'SEARCH') && $field['cf_visible'] == 1) {
if ($field['cf_searchable'] == 1) {
$sort_url_asc = get_self_url(false, false, array('order' => strval($field['id']) . ' ASC'), true);
$sort_url_desc = get_self_url(false, false, array('order' => strval($field['id']) . ' DESC'), true);
$sort_asc_selected = $order_by == strval($field['id']) && $direction == 'ASC';
$sort_desc_selected = $order_by == strval($field['id']) && $direction == 'DESC';
} else {
$sort_url_asc = '';
$sort_url_desc = '';
$sort_asc_selected = false;
$sort_desc_selected = false;
}
$head->attach(do_template('CATALOGUE_' . $tpl_set . '_TAB_FIELD_HEAD', array('SORT_ASC_SELECTED' => $sort_asc_selected, 'SORT_DESC_SELECTED' => $sort_desc_selected, 'SORT_URL_ASC' => $sort_url_asc, 'SORT_URL_DESC' => $sort_url_desc, 'CATALOGUE' => $catalogue_name, 'FIELDID' => strval($i), '_FIELDID' => strval($field['id']), 'FIELD' => get_translated_text($field['cf_name']), 'FIELDTYPE' => $field['cf_type']), NULL, false, 'CATALOGUE_DEFAULT_TAB_FIELD_HEAD'));
$field_count++;
}
}
$entry_buildup = do_template('CATALOGUE_' . $tpl_set . '_TAB_WRAP', array('CATALOGUE' => $catalogue_name, 'HEAD' => $head, 'CONTENT' => $entry_buildup, 'FIELD_COUNT' => strval($field_count)), NULL, false, 'CATALOGUE_DEFAULT_TAB_WRAP');
}
} elseif ($display_type == 0) {
for ($i = 0; $i < $num_entries; $i++) {
if (!array_key_exists($i, $entries)) {
break;
}
$entry = $entries[$i];
if (is_null($max) || $in_db_sorting || (is_null($start) || $i >= $start && $i < $start + $max)) {
$entry_buildup->attach(do_template('CATALOGUE_' . $tpl_set . '_ENTRY_EMBED', $entry['map'] + (array_key_exists($i, $extra_map) ? $extra_map[$i] : array()), NULL, false, 'CATALOGUE_DEFAULT_ENTRY_EMBED'));
}
}
} else {
for ($i = 0; $i < $num_entries; $i++) {
if (!array_key_exists($i, $entries)) {
break;
}
$entry = $entries[$i];
if (is_null($start) || $in_db_sorting || $i >= $start && $i < $start + $max) {
$entry_buildup->attach(do_template('CATALOGUE_' . $tpl_set . '_LINE', $entry['map'] + (array_key_exists($i, $extra_map) ? $extra_map[$i] : array()), NULL, false, 'CATALOGUE_DEFAULT_LINE'));
}
}
if (!$entry_buildup->is_empty()) {
$entry_buildup = do_template('CATALOGUE_' . $tpl_set . '_LINE_WRAP', $entry['map'] + array('CATALOGUE' => $catalogue_name, 'CONTENT' => $entry_buildup), NULL, false, 'CATALOGUE_DEFAULT_LINE_WRAP');
}
}
return array($entry_buildup, $sorting, $entries, $num_entries);
}
/**
* UI to show all orders
*
* @return tempcode The interface.
*/
function show_orders()
{
require_code('shopping');
$title = get_page_title('ORDER_LIST');
$filter = get_param('filter', NULL);
$search = get_param('search', '', true);
$cond = "WHERE 1=1";
if ($filter == 'undispatched') {
$cond .= " AND t1.order_status='ORDER_STATUS_payment_received'";
$title = get_page_title('UNDISPATCHED_ORDER_LIST');
}
$extra_join = '';
if (!is_null($search) && $search != '') {
$GLOBALS['NO_DB_SCOPE_CHECK'] = true;
$cond .= " AND (t1.id LIKE '" . db_encode_like(str_replace('#', '', $search) . '%') . "' OR t2.m_username LIKE '" . db_encode_like(str_replace('#', '', $search) . '%') . "')";
$extra_join = ' JOIN ' . get_table_prefix() . 'f_members t2 ON t2.id=t1.c_member';
}
breadcrumb_set_parents(array(array('_SEARCH:admin_ecommerce:ecom_usage', do_lang_tempcode('ECOMMERCE')), array('_SELF:_SELF:misc', do_lang_tempcode('ORDERS'))));
$orders = array();
//pagination
$start = get_param_integer('start', 0);
$max = get_param_integer('max', 10);
require_code('templates_results_browser');
require_code('templates_results_table');
$sortables = array('t1.id' => do_lang_tempcode('ECOM_ORDER'), 't1.add_date' => do_lang_tempcode('ORDERED_DATE'), 't1.c_member' => do_lang_tempcode('ORDERED_BY'), 't1.tot_price' => do_lang_tempcode('ORDER_PRICE_AMT'), 't3.included_tax' => do_lang_tempcode('TAX_PAID'), 't1.order_status' => do_lang_tempcode('STATUS'), 't1.transaction_id' => do_lang_tempcode('TRANSACTION_ID'));
$query_sort = explode(' ', get_param('sort', 't1.add_date ASC'), 2);
if (count($query_sort) == 1) {
$query_sort[] = 'ASC';
}
list($sortable, $sort_order) = $query_sort;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$fields_title = results_field_title(array(do_lang_tempcode('ECOM_ORDER'), do_lang_tempcode('THE_PRICE'), do_lang_tempcode('TAX_PAID'), do_lang_tempcode('ORDERED_DATE'), do_lang_tempcode('ORDERED_BY'), do_lang_tempcode('TRANSACTION_ID'), do_lang_tempcode('STATUS'), do_lang_tempcode('ACTIONS')), $sortables, 'sort', $sortable . ' ' . $sort_order);
global $NO_DB_SCOPE_CHECK;
$NO_DB_SCOPE_CHECK = true;
$max_rows = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'shopping_order t1' . $extra_join . ' LEFT JOIN ' . get_table_prefix() . 'shopping_order_details t3 ON t1.id=t3.order_id ' . $cond);
$results_browser = results_browser(do_lang_tempcode('ORDERS'), NULL, $start, 'start', $max, 'max', $max_rows, NULL, 'show_orders', true, true);
$rows = $GLOBALS['SITE_DB']->query('SELECT t1.*,(t3.p_quantity*t3.included_tax) as tax FROM ' . get_table_prefix() . 'shopping_order t1' . $extra_join . ' LEFT JOIN ' . get_table_prefix() . 'shopping_order_details t3 ON t1.id=t3.order_id ' . $cond . ' GROUP BY t1.id ORDER BY ' . db_string_equal_to('t1.order_status', 'ORDER_STATUS_cancelled') . ',' . $sortable . ' ' . $sort_order, $max, $start);
$order_entries = new ocp_tempcode();
foreach ($rows as $row) {
if ($row['purchase_through'] == 'cart') {
$order_det_url = build_url(array('page' => '_SELF', 'type' => 'order_det', 'id' => $row['id']), '_SELF');
$order_title = do_lang('CART_ORDER', strval($row['id']));
} else {
$res = $GLOBALS['SITE_DB']->query_select('shopping_order_details', array('p_id', 'p_name'), array('order_id' => $row['id']));
if (!array_key_exists(0, $res)) {
continue;
}
// DB corruption
$product_det = $res[0];
$order_title = do_lang('PURCHASE_ORDER', strval($row['id']));
$order_det_url = build_url(array('page' => 'catalogues', 'type' => 'entry', 'id' => $product_det['p_id']), get_module_zone('catalogues'));
}
$submitted_by = $GLOBALS['FORUM_DRIVER']->get_username($row['c_member']);
$order_status = do_lang($row['order_status']);
$ordr_act_submit = build_url(array('page' => '_SELF', 'type' => 'order_act', 'id' => $row['id']), '_SELF');
$actions = do_template('ADMIN_ORDER_ACTIONS', array('ORDER_TITLE' => $order_title, 'ORDR_ACT_URL' => $ordr_act_submit, 'ORDER_STATUS' => $order_status));
$url = build_url(array('page' => 'members', 'type' => 'view', 'id' => $row['c_member']), get_module_zone('members'));
$member = hyperlink($url, $submitted_by, false, true, do_lang('CUSTOMER'));
$view_url = build_url(array('page' => '_SELF', 'type' => 'order_det', 'id' => $row['id']), '_SELF');
$order_date = hyperlink($view_url, get_timezoned_date($row['add_date'], true, false, true, true));
$transaction_details_link = build_url(array('page' => '_SELF', 'type' => 'order_det', 'id' => $row['id']), '_SELF');
if ($row['transaction_id'] != '') {
$transaction_details_link = build_url(array('page' => 'admin_ecommerce', 'type' => 'logs', 'product' => $order_title, 'id' => $row['id']), get_module_zone('admin_ecommerce'));
$transaction_id = hyperlink($transaction_details_link, strval($row['transaction_id']));
} else {
$transaction_id = do_lang_tempcode('INCOMPLETED_TRANCACTION');
}
$order_entries->attach(results_entry(array(escape_html($order_title), ecommerce_get_currency_symbol() . escape_html(float_format($row['tot_price'], 2)), escape_html(float_format($row['tax'], 2)), $order_date, $member, $transaction_id, $order_status, $actions), false, NULL));
}
$width = array('110', '70', '80', '200', '120', '180', '180', '200');
$results_table = results_table(do_lang_tempcode('ORDERS'), 0, 'start', $max_rows, 'max', $max_rows, $fields_title, $order_entries, $sortables, $sortable, $sort_order, 'sort', NULL, $width, 'cart');
if (is_null($order_entries)) {
inform_exit(do_lang_tempcode('NO_ENTRIES'));
}
$hidden = build_keep_form_fields('_SELF', true, array('filter'));
$search_url = get_self_url(true);
return do_template('ECOM_ADMIN_ORDERS_SCREEN', array('TITLE' => $title, 'CURRENCY' => get_option('currency'), 'ORDERS' => $orders, 'RESULTS_BROWSER' => $results_browser, 'RESULT_TABLE' => $results_table, 'SEARCH_URL' => $search_url, 'HIDDEN' => $hidden, 'SEARCH_VAL' => $search));
}
/**
* Standard aed_module table function.
*
* @param array Details to go to build_url for link to the next screen.
* @return array A pair: The choose table, Whether re-ordering is supported from this screen.
*/
function nice_get_choose_table($url_map)
{
require_code('templates_results_table');
$hr = array();
$hr[] = do_lang_tempcode('TITLE');
if (addon_installed('points')) {
$hr[] = do_lang_tempcode('POINTS');
}
$hr[] = do_lang_tempcode('CONTENT_TYPE');
$hr[] = do_lang_tempcode('USED_PREVIOUSLY');
$hr[] = do_lang_tempcode('ACTIONS');
$current_ordering = get_param('sort', 'a_title ASC');
if (strpos($current_ordering, ' ') === false) {
warn_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
list($sortable, $sort_order) = explode(' ', $current_ordering, 2);
$sortables = array('a_title' => do_lang_tempcode('TITLE'), 'a_content_type' => do_lang_tempcode('CONTENT_TYPE'));
if (addon_installed('points')) {
$sortables['a_points'] = do_lang_tempcode('POINTS');
}
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'sort';
$header_row = results_field_title($hr, $sortables, 'sort', $sortable . ' ' . $sort_order);
$fields = new ocp_tempcode();
require_code('form_templates');
list($rows, $max_rows) = $this->get_entry_rows(false, $current_ordering);
foreach ($rows as $row) {
$edit_link = build_url($url_map + array('id' => $row['id']), '_SELF');
$fr = array();
$fr[] = protect_from_escaping(hyperlink(build_url(array('page' => 'awards', 'type' => 'award', 'id' => $row['id']), get_module_zone('awards')), get_translated_text($row['a_title']), false, true));
if (addon_installed('points')) {
$fr[] = integer_format($row['a_points']);
}
$hooks = find_all_hooks('systems', 'awards');
$hook_title = do_lang('UNKNOWN');
foreach (array_keys($hooks) as $hook) {
if ($hook == $row['a_content_type']) {
require_code('hooks/systems/awards/' . $hook);
$hook_object = object_factory('Hook_awards_' . $hook, true);
if (is_null($hook_object)) {
continue;
}
$hook_info = $hook_object->info();
if (!is_null($hook_info)) {
$hook_title = $hook_info['title']->evaluate();
}
}
}
$fr[] = $hook_title;
$fr[] = integer_format($GLOBALS['SITE_DB']->query_value('award_archive', 'COUNT(*)', array('a_type_id' => $row['id'])));
$fr[] = protect_from_escaping(hyperlink($edit_link, do_lang_tempcode('EDIT'), false, true, '#' . strval($row['id'])));
$fields->attach(results_entry($fr, true));
}
return array(results_table(do_lang($this->menu_label), get_param_integer('start', 0), 'start', either_param_integer('max', 20), 'max', $max_rows, $header_row, $fields, $sortables, $sortable, $sort_order), false);
}
/**
* Show the point transactions a member has had.
*
* @param ID_TEXT The type of transactions we are looking for
* @set from to
* @param MEMBER Who we are looking at transactions for
* @param MEMBER Who we are looking at transactions using the account of
* @return tempcode The UI
*/
function points_get_transactions($type, $member_id_of, $member_id_viewing)
{
$where = array('gift_' . $type => $member_id_of);
if ($type == 'from') {
$where['anonymous'] = 0;
}
$start = get_param_integer('gift_start_' . $type, 0);
$max = get_param_integer('gift_max_' . $type, 10);
$sortables = array('date_and_time' => do_lang_tempcode('DATE'), 'amount' => do_lang_tempcode('AMOUNT'));
$test = explode(' ', get_param('gift_sort_' . $type, 'date_and_time DESC'));
if (count($test) == 1) {
$test[1] = 'DESC';
}
list($sortable, $sort_order) = $test;
if (strtoupper($sort_order) != 'ASC' && strtoupper($sort_order) != 'DESC' || !array_key_exists($sortable, $sortables)) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'gift_sort_' . $type;
$NON_CANONICAL_PARAMS[] = 'gift_start_' . $type;
$max_rows = $GLOBALS['SITE_DB']->query_value('gifts', 'COUNT(*)', $where);
$rows = $GLOBALS['SITE_DB']->query_select('gifts g LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'translate t ON ' . db_string_equal_to('language', user_lang()) . ' AND t.id=g.reason', array('*'), $where, 'ORDER BY ' . $sortable . ' ' . $sort_order, $max, $start);
$out = new ocp_tempcode();
$viewing_name = $GLOBALS['FORUM_DRIVER']->get_username($member_id_of);
if (is_null($viewing_name)) {
$viewing_name = do_lang('UNKNOWN');
}
require_code('templates_results_table');
$fields_title = results_field_title(array(do_lang_tempcode('DATE'), do_lang_tempcode('AMOUNT'), do_lang_tempcode('FROM'), do_lang_tempcode('TO'), do_lang_tempcode('REASON')), $sortables, 'gift_sort_' . $type, $sortable . ' ' . $sort_order);
foreach ($rows as $myrow) {
if ($myrow['anonymous'] == 1 && $type == 'from') {
continue;
}
// Their name
$fromname = is_guest($myrow['gift_from']) ? get_site_name() : $GLOBALS['FORUM_DRIVER']->get_username($myrow['gift_from']);
$toname = $GLOBALS['FORUM_DRIVER']->get_username($myrow['gift_to']);
if (is_null($fromname)) {
$fromname = do_lang('UNKNOWN');
}
if ($myrow['anonymous'] == 1 && !is_guest($myrow['gift_from'])) {
if (!has_specific_permission($member_id_viewing, 'trace_anonymous_gifts')) {
$_fromname = do_lang_tempcode('ANON');
} else {
$_fromname = hyperlink(build_url(array('page' => 'points', 'type' => 'member', 'id' => $myrow['gift_from']), get_module_zone('points')), do_lang_tempcode('ANON'), false, false, escape_html($fromname));
}
} else {
$_fromname = is_guest($myrow['gift_from']) ? make_string_tempcode(escape_html($fromname)) : hyperlink(build_url(array('page' => 'points', 'type' => 'member', 'id' => $myrow['gift_from']), get_module_zone('points')), escape_html($fromname), false, false, do_lang_tempcode('VIEW_POINTS'));
}
$_toname = hyperlink(build_url(array('page' => 'points', 'type' => 'member', 'id' => $myrow['gift_to']), get_module_zone('points')), escape_html($toname), false, false, do_lang_tempcode('VIEW_POINTS'));
$date = get_timezoned_date($myrow['date_and_time']);
$amount = $myrow['amount'];
if (get_page_name() != 'search' && array_key_exists('text_parsed', $myrow) && !is_null($myrow['text_parsed']) && $myrow['text_parsed'] != '' && $myrow['reason'] != 0) {
$reason = new ocp_tempcode();
if (!$reason->from_assembly($myrow['text_parsed'], true)) {
$reason = get_translated_tempcode($myrow['reason']);
}
} else {
$reason = get_translated_tempcode($myrow['reason']);
}
$out->attach(results_entry(array(escape_html($date), escape_html(integer_format($amount)), $_fromname, $_toname, $reason)));
}
$out = results_table(do_lang_tempcode('_POINTS', escape_html($viewing_name)), $start, 'gift_start_' . $type, $max, 'gift_max_' . $type, $max_rows, $fields_title, $out, $sortables, $sortable, $sort_order, 'gift_sort_' . $type, NULL, NULL, NULL, 8, 'gfhfghtrhhjghgfhfgf', false, 'tab__points');
if ($type == 'to') {
$title = do_lang_tempcode('POINTS_TO');
} else {
$title = do_lang_tempcode('POINTS_FROM');
}
return do_template('POINTS_TRANSACTIONS_WRAP', array('_GUID' => 'f19e3eedeb0b8bf398251b24e8389723', 'CONTENT' => $out, 'TITLE' => $title));
}
/**
* Get tempcode to view the downloads in a download category.
*
* @param AUTO_LINK The download category ID
* @param AUTO_LINK The virtual root
* @param ?string Force an order (NULL: don't)
* @return tempcode The UI
*/
function get_category_downloads($category_id, $root, $order = NULL)
{
$max = get_param_integer('max', 30);
$start = get_param_integer('start', 0);
// How many might there have been? (So we know how to browse pages nicely)
$map = array('category_id' => $category_id);
if (!has_specific_permission(get_member(), 'see_unvalidated')) {
$map['validated'] = 1;
}
$max_rows = $GLOBALS['SITE_DB']->query_value('download_downloads', 'COUNT(*)', $map);
// Quick security check
if (is_null($order)) {
$order = get_param('order', NULL);
if (is_null($order)) {
if ($max_rows < 1000) {
$order = 't.text_original ASC';
} else {
$order = 'num_downloads DESC';
}
}
}
if (strtoupper($order) != strtoupper('t.text_original ASC') && strtoupper($order) != strtoupper('t.text_original DESC') && strtoupper($order) != strtoupper('file_size ASC') && strtoupper($order) != strtoupper('file_size DESC') && strtoupper($order) != strtoupper('num_downloads DESC') && strtoupper($order) != strtoupper('add_date ASC') && strtoupper($order) != strtoupper('add_date DESC')) {
log_hack_attack_and_exit('ORDERBY_HACK');
}
global $NON_CANONICAL_PARAMS;
$NON_CANONICAL_PARAMS[] = 'order';
// Fetch
$rows = $GLOBALS['SITE_DB']->query_select('download_downloads d LEFT JOIN ' . get_table_prefix() . 'translate t ON ' . db_string_equal_to('language', user_lang()) . ' AND d.name=t.id', array('d.*', 'text_original'), $map, 'ORDER BY ' . $order, $max, $start);
$out = new ocp_tempcode();
foreach ($rows as $myrow) {
if ($GLOBALS['RECORD_LANG_STRINGS_CONTENT'] || is_null($myrow['text_original'])) {
$myrow['text_original'] = get_translated_text($myrow['description']);
}
$out->attach(get_download_html($myrow, true, false));
$out->attach(do_template('BLOCK_SEPARATOR', array('_GUID' => 'ea7sddsdsfds5bsddsdsdsc586e6e6536')));
}
if ($out->is_empty()) {
return $out;
}
require_code('templates_results_browser');
$out->attach(results_browser(do_lang_tempcode('SECTION_DOWNLOADS'), $category_id, $start, 'start', $max, 'max', $max_rows, $root, 'misc'));
return $out;
}
