Exemplo n.º 1
0
function blocks_ephem_block($row)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $currentlang = pnUserGetLang();
    if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    if (pnConfigGetVar('multilingual') == 1) {
        $column =& $pntable['ephem_column'];
        $querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')";
    } else {
        $querylang = "";
    }
    $today = getdate();
    $eday = $today['mday'];
    $emonth = $today['mon'];
    $column =& $pntable['ephem_column'];
    $result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n                              FROM {$pntable['ephem']}\n                              WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}");
    $boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />';
    while (list($yid, $content) = $result->fields) {
        $result->MoveNext();
        $boxstuff .= '<br /><br />';
        $boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . '';
    }
    if (empty($row['title'])) {
        $row['title'] = _EPHEMERIDS;
    }
    $row['content'] = $boxstuff;
    return themesideblock($row);
}
Exemplo n.º 2
0
function blocks_related_block($row)
{
    global $sid, $story;
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    if ($story['topic']) {
        $row['content'] = '<font class="pn-normal">';
        $column =& $pntable['stories_column'];
        $sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC";
        $result = $dbconn->SelectLimit($sql, 1);
        $mrow = $result->GetRowAssoc(false);
        $result->MoveNext();
        $column =& $pntable['related_column'];
        $result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . "");
        while (!$result->EOF) {
            $lrow = $result->GetRowAssoc(false);
            $result->MoveNext();
            $row['content'] .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n";
        }
        $row['content'] .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>&middot;</big></strong>&nbsp;<a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;overview=1&amp;active_stories=1&amp;stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a>&nbsp;&nbsp;" . "<a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Recommend_Us&amp;file=index&amp;req=FriendSend&amp;sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>';
        return themesideblock($row);
    }
}
/** 
* Smarty plugin 
* ------------------------------------------------------------- 
* Type:     resource 
* Name:     userdb 
* Purpose:  read user maintained source as a template 
*           $tpl_name is parsed as a uri type of string where 
*          the path to the template field is encoded as: 
* 
* table/source_field?field=condtional&field=conditional... 
* 
* results in: 
*    SELECT source_field FROM table WHERE conditions... 
* ------------------------------------------------------------- 
*/
function smarty_resource_userdb_fetch($tpl_name, &$tpl_source, &$smarty, $default = false)
{
    $_url = parse_url($tpl_name);
    // (required) expected syntax: table/source_field
    $_path_items = explode('/', $_url['path']);
    $table = $_path_items[0];
    $source = $_path_items[1];
    // Theme Configuration
    $skinid = pnModAPIFunc('Xanthia', 'user', 'getSkinID', array('skin' => $table));
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    $table = $pntable['theme_tplsource'];
    $column =& $pntable['theme_tplsource_column'];
    $query = "SELECT {$column['tpl_source']}\n\t\t\t\t\tFROM {$table}\n\t\t\t\t\tWHERE {$column['tpl_file_name']}='{$source}'\n\t\t\t\t\tAND {$column['tpl_skin_id']}= '{$skinid}' LIMIT 1";
    $result =& $dbconn->Execute($query);
    if ($result->EOF) {
    } else {
        list($tpl_source) = $result->fields;
    }
    $result->MoveNext();
    $result->Close();
    if ($tpl_source) {
        return true;
    } else {
        return $default;
    }
}
Exemplo n.º 4
0
function updateUserPass($username, $md5pass)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $column =& $pntable['users_column'];
    $result = $dbconn->Execute("UPDATE {$pntable['users']}\n                              SET {$column['pass']} = '" . pnVarPrepForStore($md5pass) . "'\n                              WHERE {$column['uname']}='" . pnVarPrepForStore($username) . "'");
}
Exemplo n.º 5
0
/**
 * Function to display banners in all pages
 */
function pnBannerDisplay($type = 0)
{
    // test on config settings
    if (pnConfigGetVar('banners') != 1) {
        return '&nbsp;';
    }
    // added check for numeric type - markwest
    if (!is_numeric($type)) {
        return '&nbsp;';
    }
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    $column =& $pntable['banner_column'];
    $bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'");
    list($numrows) = $bresult->fields;
    // we no longer need this, free the resources
    $bresult->Close();
    /* Get a random banner if exist any. */
    /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
    if ($numrows > 1) {
        $numrows = $numrows - 1;
        mt_srand((double) microtime() * 1000000);
        $bannum = mt_rand(0, $numrows);
    } else {
        $bannum = 0;
    }
    $column =& $pntable['banner_column'];
    //$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum);
    $query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'";
    $bresult2 =& $dbconn->SelectLimit($query, 1, $bannum);
    list($bid, $imageurl, $clickurl) = $bresult2->fields;
    // we no longer need this, free the resources
    $bresult2->Close();
    $myIP = pnConfigGetVar('myIP');
    $myhost = pnServerGetVar("REMOTE_ADDR");
    if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) {
        // itevo, MNA:  added temporary variable to check when inserting a finished banner (insert only when variable is not set)
        $ignore_bannerfinish = 1;
    } else {
        $dbconn->Execute("UPDATE {$pntable['banner']}\n                        SET {$column['impmade']}={$column['impmade']}+1\n                        WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
    }
    if ($numrows > 0) {
        $aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n                                          {$column['impmade']}, {$column['clicks']},\n                                          {$column['date']}\n                                   FROM {$pntable['banner']}\n                                   WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
        list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
        $aborrar->Close();
        /* Check if this impression is the last one and print the banner */
        if ($imptotal == $impmade && !isset($ignore_bannerfinish)) {
            $column =& $pntable['bannerfinish_column'];
            $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n                            ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n                            VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
            $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
        }
        list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl);
        if ($type == 1 or $type == 2 or $type == 0) {
            echo "<a href=\"banners.php?op=click&amp;bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
        } else {
            $content = "<a href=\"banners.php?op=click&amp;bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
            return $content;
        }
    }
}
Exemplo n.º 6
0
function Lenses_adminapi_delete($args)
{
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
        pnSessionSetVar('errormsg', _MODULENOAUTH);
        return false;
    }
    // Extract arguments.
    extract($args);
    // Ensure valid values were passed in.
    if (empty($tid) || !is_numeric($tid) || empty($item_type) || !is_string($item_type)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Call API function to verify bifocal type exists.
    $item_exists = pnModAPIFunc('Lenses', 'user', 'get', array('tid' => $tid, 'item_type' => $item_type));
    // Verify sphere exists.
    if (!$item_exists) {
        pnSessionSetVar('errormsg', _NOSUCHITEM);
        return false;
    }
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    switch ($item_type) {
        case 'lens':
            $table =& $pntable['lenses'];
            $field =& $pntable['lenses_column'];
            break;
        case 'company':
            $table =& $pntable['lenses_companies'];
            $field =& $pntable['lenses_companies_column'];
            break;
        case 'polymer':
            $table =& $pntable['lenses_polymers'];
            $field =& $pntable['lenses_polymers_column'];
            break;
        default:
            break;
    }
    // Create an sql query to delete the sphere.
    $sql = "DELETE FROM {$table} WHERE {$field['tid']} = '" . (int) $tid . "'";
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _DELETEFAILED);
        return false;
    }
    // Start a new output object.
    // This function isn't an output function, but needs an output
    // object started before the cache can be cleared.
    $pnRender =& new pnRender('Lenses');
    // Clear the cache.
    $pnRender->clear_cache();
    // Return success.
    return true;
}
Exemplo n.º 7
0
function db_delete($sql)
{
    list($dbconn) = pnDBGetConn();
    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        die($dbconn->ErrorNo() . " : " . $dbconn->ErrorMsg() . "<br>{$sql}");
    }
    return $dbconn->Affected_Rows();
}
Exemplo n.º 8
0
/**
 * Function to display banners in all pages
 */
function pnBannerDisplay($type = 0)
{
    // test on config settings
    if (pnConfigGetVar('banners') != 1) {
        return '&nbsp;';
    }
    // added check for numeric type - markwest
    if (!is_numeric($type)) {
        return '&nbsp;';
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $column =& $pntable['banner_column'];
    $bresult = $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = {$type}");
    list($numrows) = $bresult->fields;
    // we no longer need this, free the resources
    $bresult->Close();
    /* Get a random banner if exist any. */
    /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
    if ($numrows > 1) {
        $numrows = $numrows - 1;
        mt_srand((double) microtime() * 1000000);
        $bannum = mt_rand(0, $numrows);
    } else {
        $bannum = 0;
    }
    $column =& $pntable['banner_column'];
    $query = buildSimpleQuery('banner', array('bid', 'imageurl', 'clickurl'), "{$column['type']} = {$type}", '', 1, $bannum);
    $bresult2 = $dbconn->Execute($query);
    list($bid, $imageurl, $clickurl) = $bresult2->fields;
    // we no longer need this, free the resources
    $bresult2->Close();
    $myIP = pnConfigGetVar('myIP');
    $myhost = getenv("REMOTE_ADDR");
    if ($myIP == $myhost) {
        // do nothing
    } else {
        $dbconn->Execute("UPDATE {$pntable['banner']}\n                        SET {$column['impmade']}={$column['impmade']}+1\n                        WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
    }
    if ($numrows > 0) {
        $aborrar = $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n                                          {$column['impmade']}, {$column['clicks']},\n                                          {$column['date']}\n                                   FROM {$pntable['banner']}\n                                   WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
        list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
        $aborrar->Close();
        /* Check if this impression is the last one and print the banner */
        if ($imptotal == $impmade) {
            $column =& $pntable['bannerfinish_column'];
            $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n                            ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n                            VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
            $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
        }
        if ($type == 1 or $type == 2 or $type == 0) {
            echo "<a href=\"banners.php?op=click&amp;bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>";
        } else {
            $content = "<a href=\"banners.php?op=click&amp;bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>";
            return $content;
        }
    }
}
Exemplo n.º 9
0
function blocks_topic_block($row)
{
    //global $topic, $catid;
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $currentlang = pnUserGetLang();
    if (!pnSecAuthAction(0, 'Topicblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    $language = pnConfigGetVar('language');
    $topic = "";
    $catid = "";
    if (pnConfigGetVar('multilingual') == 1) {
        $column =& $pntable['stories_column'];
        $querylang = "AND ({$column['alanguage']}='{$currentlang}' OR {$column['alanguage']}='')";
        /* the OR is needed to display stories who are posted to ALL languages */
    } else {
        $querylang = '';
    }
    $column =& $pntable['topics_column'];
    $result = $dbconn->Execute("SELECT {$column['topicid']} AS topicid, {$column['topicname']} as topicname FROM {$pntable['topics']} ORDER BY topicname");
    if ($result->EOF) {
        return;
    } else {
        $boxstuff = '<span class="pn-normal">';
        if ($topic == "") {
            $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<b><a href=\"modules.php?op=modload&amp;name=Topics&amp;file=index\">" . _ALL_TOPICS . "</a></b><br>";
        } else {
            $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"modules.php?op=modload&amp;name=News&amp;file=index&amp;catid={$catid}\">" . _ALL_TOPICS . "</a><br>";
        }
        while (!$result->EOF) {
            $srow = $result->GetRowAssoc(false);
            $result->MoveNext();
            if (pnSecAuthAction(0, 'Topics::Topic', "{$srow['topicname']}::{$srow['topicid']}", ACCESS_READ)) {
                $column =& $pntable['stories_column'];
                $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime FROM {$pntable['stories']} WHERE {$column['topic']}={$srow['topicid']} {$querylang} ORDER BY {$column['time']} DESC");
                if (!$result2->EOF) {
                    $story = $result2->GetRowAssoc(false);
                    $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
                    $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
                    if ($topic == $srow['topicid']) {
                        $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<span class=\"pn-title\"><b>{$srow['topicname']}</b></span> <span class=\"pn-sub\">({$sdate})</span><br>";
                    } else {
                        $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=News&amp;file=index&amp;catid={$catid}&amp;topic={$srow['topicid']}\">{$srow['topicname']}</a> <span class=\"pn-sub\">({$sdate})</span><br>";
                    }
                }
            }
        }
    }
    $boxstuff .= '</span>';
    if (empty($row['title'])) {
        $row['title'] = _TOPICS;
    }
    $row['content'] = $boxstuff;
    return themesideblock($row);
}
Exemplo n.º 10
0
function blocks_category_block($row)
{
    global $topic, $catid;
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    if (pnConfigGetVar('multilingual') == 1) {
        $column =& $pntable['stories_column'];
        $querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')";
        /* the OR is needed to display stories who are posted to ALL languages */
    } else {
        $querylang = '';
    }
    $column =& $pntable['stories_cat_column'];
    $result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}");
    if ($result->EOF) {
        return;
    } else {
        $boxstuff = '<span class="pn-normal">';
        if ($catid == "") {
            // $boxstuff .= '<strong><big>&middot;</big></strong>&nbsp;<b>'._ALL_CATEGORIES.'</b><br />';
            $boxstuff .= "";
        } else {
            $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"modules.php?op=modload&amp;name=News&amp;file=index&amp;topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />";
        }
        for (; !$result->EOF; $result->MoveNext()) {
            $srow = $result->GetRowAssoc(false);
            if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) {
                $column =& $pntable['stories_column'];
                $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n                                           FROM {$pntable['stories']}\n                                           WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n                                           ORDER BY {$column['time']} DESC");
                if (!$result2->EOF) {
                    $story = $result2->GetRowAssoc(false);
                    $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
                    $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
                    if ($catid == $srow['catid']) {
                        $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
                    } else {
                        $boxstuff .= "<strong><big>&middot;</big></strong>&nbsp;<a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=News&amp;file=index&amp;catid={$srow['catid']}&amp;topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
                    }
                }
            }
        }
    }
    $boxstuff .= '</span>';
    if (empty($row['title'])) {
        $row['title'] = _CATEGORIES;
    }
    $row['content'] = $boxstuff;
    return themesideblock($row);
}
Exemplo n.º 11
0
function blocks_weblinks_display($row)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    $url = explode('|', $row['url']);
    if (!$url[0]) {
        $row['content'] = 'You forgot to set the module name!';
        return themesideblock($row);
    }
    if (!$url[1]) {
        $url[1] = 10;
    }
    $links_col =& $pntable['links_links_column'];
    $linksok = 0;
    $linkcount = 0;
    $result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC");
    while (list($cid, $title) = $result->fields) {
        $result->MoveNext();
        $linkcount++;
        if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) {
            $linksok++;
        }
        if ($linksok == $url[1]) {
            break;
        }
    }
    $oldurl = $url[1];
    $url[1] = $linkcount;
    $row['content'] = '<span class="pn-normal">';
    $links_col =& $pntable['links_links_column'];
    $cats_col =& $pntable['links_categories_column'];
    $sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n               FROM {$pntable['links_links']}\n               LEFT JOIN {$pntable['links_categories']}\n               ON {$cats_col['cat_id']}={$links_col['cat_id']}\n               ORDER BY {$links_col['date']} DESC";
    $result = $dbconn->SelectLimit($sql, $url[1]);
    while (!$result->EOF) {
        $lrow = $result->GetRowAssoc(false);
        if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) {
            $lrow['title'] = pnVarPrepForDisplay($lrow['title']);
            $lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']);
            $lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']);
            $row['content'] .= "<strong><big>&middot;</big></strong>&nbsp;<a href=\"modules.php?op=modload&amp;name={$url['0']}&amp;file=index&amp;req=visit&amp;lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n";
            $result->MoveNext();
        }
    }
    //$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>";
    $row['content'] .= '</span>';
    return themesideblock($row);
}
Exemplo n.º 12
0
function dplink_user_main()
{
    $url = trim(pnModGetVar('dplink', 'url'));
    $window = pnModGetVar('dplink', 'use_window');
    $wrap = pnModGetVar('dplink', 'use_postwrap');
    $user_data = array();
    $home = pnGetBaseURL();
    $home .= 'user.php?op=loginscreen&module=NS-User';
    if (!pnUserLoggedIn()) {
        pnRedirect($home);
    }
    // We need to get the user password string from the database
    $uid = pnUserGetVar('uid');
    list($dbconn) = pnDBGetConn();
    $pntables = pnDBGetTables();
    $usertable = $pntables['users'];
    $usercol =& $pntables['users_column'];
    $sql = "SELECT {$usercol['uname']}, {$usercol['pass']}, {$usercol['name']}, {$usercol['email']} " . "FROM {$usertable} WHERE {$usercol['uid']} = {$uid}";
    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        die('Could not get user details');
    }
    if ($result->EOF) {
        die('Could not get user detail');
    }
    list($uname, $password, $user_name, $user_email) = $result->fields;
    $result->Close();
    $user_data['login'] = $uname;
    $user_data['passwd'] = $password;
    $user_data['name'] = $user_name;
    $user_data['email'] = $user_email;
    $parm = serialize($user_data);
    $check = md5($parm);
    $cparm = gzcompress($parm);
    $bparm = urlencode(base64_encode($cparm));
    if ($window) {
        $url .= '/index.php?login=pn&userdata=' . $bparm . '&check=' . $check;
        header('Location: ' . $url);
    } else {
        $url .= '/index.php?login=pn%26userdata=' . $bparm . '%26check=' . $check;
        if ($wrap) {
            header('Location: modules.php?op=modload&name=PostWrap&file=index&page=' . $url);
        } else {
            header('Location: modules.php?op=modload&name=dplink&file=index&url=' . $url);
        }
    }
    exit;
}
Exemplo n.º 13
0
function blocks_banner_block($row)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnSecAuthAction(0, "Bannersblock::", "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    $url = explode('|', $row['url']);
    // to have some start variables
    if (!$url[0]) {
        $url[0] = "3";
    }
    // get the banner through the new banner api and assign type
    $row['content'] = "<br><center>" . pnBannerDisplay($url[0]) . "</center>";
    return themesideblock($row);
}
Exemplo n.º 14
0
/**
 * display block
 */
function template_firstblock_display($blockinfo)
{
    // Security check
    if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) {
        return;
    }
    // Get variables from content block
    $vars = pnBlockVarsFromContent($blockinfo['content']);
    // Defaults
    if (empty($vars['numitems'])) {
        $vars['numitems'] = 5;
    }
    // Database information
    pnModDBInfoLoad('Template');
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $templatetable = $pntable['template'];
    $templatecolumn =& $pntable['template_column'];
    // Query
    $sql = "SELECT {$templatecolumn['tid']},\n                   {$templatecolumn['name']}\n            FROM {$templatetable}\n            ORDER by {$templatecolumn['name']}";
    $result = $dbconn->SelectLimit($sql, $vars['numitems']);
    if ($dbconn->ErrorNo() != 0) {
        return;
    }
    if ($result->EOF) {
        return;
    }
    // Create output object
    $output = new pnHTML();
    // Display each item, permissions permitting
    for (; !$result->EOF; $result->MoveNext()) {
        list($tid, $name) = $result->fields;
        if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) {
            if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
                $output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name);
            } else {
                $output->Text($name);
            }
            $output->Linebreak();
        }
    }
    // Populate block info and pass to theme
    $blockinfo['content'] = $output->GetOutput();
    return themesideblock($blockinfo);
}
Exemplo n.º 15
0
function blocks_user_block($row)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) {
        $column =& $pntable['users_column'];
        $uid = pnUserGetVar('uid');
        $getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . "");
        list($ublock) = $getblock->fields;
        $username = pnUserGetVar('name');
        $row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . "";
        $row['content'] = $ublock;
        return themesideblock($row);
    }
}
Exemplo n.º 16
0
function getusrinfo($user)
{
    global $userinfo;
    if (empty($user)) {
        return;
    }
    if (isset($userinfo['uid'])) {
        return $userinfo;
    }
    $user3 = cookiedecode();
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $column = $pntable['users_column'];
    $sql = "SELECT {$column['uid']} AS uid,\n                   {$column['name']} AS name,\n                   {$column['uname']} AS uname,\n                   {$column['email']} AS email,\n                   {$column['femail']} AS femail,\n                   {$column['url']} AS url,\n                   {$column['user_avatar']} AS user_avatar,\n                   {$column['user_icq']} AS user_icq,\n                   {$column['user_occ']} AS user_occ,\n                   {$column['user_from']} AS user_from,\n                   {$column['user_intrest']} AS user_intrest,\n                   {$column['user_sig']} AS user_sig,\n                   {$column['user_viewemail']} AS user_viewemail,\n                   {$column['user_theme']} AS user_theme,\n                   {$column['user_aim']} AS user_aim,\n                   {$column['user_yim']} AS user_yim,\n                   {$column['user_msnm']} AS user_msnm,\n                   {$column['pass']} AS pass,\n                   {$column['storynum']} AS storynum,\n                   {$column['umode']} AS umode,\n                   {$column['uorder']} AS uorder,\n                   {$column['thold']} AS thold,\n                   {$column['noscore']} AS noscore,\n                   {$column['bio']} AS bio,\n                   {$column['ublockon']} AS ublockon,\n                   {$column['ublock']} AS ublock,\n                   {$column['theme']} AS theme,\n                   {$column['commentmax']} AS commentmax,\n                   {$column['timezone_offset']} AS timezone_offset\n            FROM {$pntable['users']}\n            WHERE {$column['uname']} = '" . pnVarPrepForStore($user3[1]) . "'";
    $result = $dbconn->Execute($sql);
    if ($result->PO_RecordCount() == 1) {
        $userinfo = $result->GetRowAssoc(false);
    } else {
        echo "Problem obtaining user information<br>";
    }
    return $userinfo;
}
Exemplo n.º 17
0
/**
 * set a configuration variable
 * @param name the name of the variable
 * @param value the value of the variable
 * @returns bool
 * @return true on success, false on failure
 */
function pnConfigSetVar($name, $value)
{
    /*
     * The database parameter are not allowed to change
     */
    if (empty($name) || $name == 'dbtype' || $name == 'dbhost' || $name == 'dbuname' || $name == 'dbpass' || $name == 'dbname' || $name == 'system' || $name == 'prefix' || $name == 'encoded') {
        return false;
    }
    /*
     * Test on missing record
     *
     * Also solve SF-bug #580951
     */
    $must_insert = true;
    global $pnconfig;
    foreach ($pnconfig as $k => $v) {
        /*
         * Test if the key name is in the array
         */
        if ($k == $name) {
            /*
             * Set flag
             */
            $must_insert = false;
            /*
             * Test on change. If not, just quit now
             */
            if ($v == $value) {
                return true;
            }
            /*
             * End loop after success
             */
            break;
        }
    }
    /*
     * Fetch base data
     */
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $table = $pntable['module_vars'];
    $columns =& $pntable['module_vars_column'];
    /*
     * Update the table
     */
    if ($must_insert) {
        /*
         * Insert
         */
        $query = "INSERT INTO {$table}\n                  ({$columns['modname']},\n                   {$columns['name']},\n                   {$columns['value']})\n                  VALUES ('" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "',\n                          '" . pnVarPrepForStore($name) . "',\n                          '" . pnVarPrepForStore(serialize($value)) . "')";
    } else {
        /*
         * Update
         */
        $query = "UPDATE {$table}\n                   SET {$columns['value']}='" . pnVarPrepForStore(serialize($value)) . "'\n                   WHERE {$columns['modname']}='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'\n                   AND {$columns['name']}='" . pnVarPrepForStore($name) . "'";
    }
    $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return false;
    }
    /*
     * Update my vars
     */
    $pnconfig[$name] = $value;
    return true;
}
Exemplo n.º 18
0
 } elseif (ereg("SunOS", getenv("HTTP_USER_AGENT"))) {
     $os = "SunOS";
 } elseif (ereg("IRIX", getenv("HTTP_USER_AGENT"))) {
     $os = "IRIX";
 } elseif (ereg("BeOS", getenv("HTTP_USER_AGENT"))) {
     $os = "BeOS";
 } elseif (ereg("OS/2", getenv("HTTP_USER_AGENT"))) {
     $os = "OS/2";
 } elseif (ereg("AIX", getenv("HTTP_USER_AGENT"))) {
     $os = "AIX";
 } else {
     $os = "Other";
 }
 /* Save on the databases the obtained values */
 //global $pntable, $dbconn;
 list($dbconn) = pnDBGetConn();
 $pntable = pnDBGetTables();
 $column =& $pntable['counter_column'];
 $dbconn->Execute("UPDATE {$pntable['counter']}\n                    SET {$column['count']}={$column['count']}+1\n                    WHERE ({$column['type']}='total' AND {$column['var']}='hits')\n                       OR ({$column['var']}='" . pnVarPrepForStore($browser) . "' AND {$column['type']}='browser')\n                       OR ({$column['var']}='" . pnVarPrepForStore($os) . "' AND {$column['type']}='os')");
 /* Per-Day-Counter */
 $xydate = date("dmY");
 $column =& $pntable['stats_date_column'];
 $xyval = $dbconn->Execute("SELECT {$column['hits']} as hits\n                           FROM {$pntable['stats_date']}\n                           WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'");
 if ($dbconn->ErrorNo() != 0) {
     echo "Error accessing stats information<P>";
 }
 $ttemp = $xyval->GetRowAssoc(false);
 $xyval->MoveNext();
 $happend = $ttemp['hits'];
 if ($happend == "" || $happend == false || !$happend) {
     $column =& $pntable['stats_date_column'];
Exemplo n.º 19
0
/**
 * display block
 */
function admin_messages_messagesblock_display($row)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!isset($row['title'])) {
        $row['title'] = '';
    }
    if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    $messagestable = $pntable['message'];
    $messagescolumn =& $pntable['message_column'];
    if (pnConfigGetVar('multilingual') == 1) {
        $currentlang = pnUserGetLang();
        $querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')";
    } else {
        $querylang = '';
    }
    $sql = "SELECT {$messagescolumn['mid']},\n                   {$messagescolumn['title']},\n                   {$messagescolumn['content']},\n                   {$messagescolumn['date']},\n                   {$messagescolumn['view']}\n            FROM {$messagestable}\n            WHERE {$messagescolumn['active']} = 1 \n            AND  ( {$messagescolumn['expire']} > unix_timestamp(now())\n                  OR {$messagescolumn['expire']} = 0)\n            {$querylang}\n            ORDER by {$messagescolumn['mid']} DESC";
    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        return;
    }
    $output = new pnHTML();
    while (list($mid, $title, $content, $date, $view) = $result->fields) {
        $result->MoveNext();
        $show = 0;
        if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) {
            switch ($view) {
                case 1:
                    // Message for everyone
                    $show = 1;
                    break;
                case 2:
                    // Message for users
                    if (pnUserLoggedIn()) {
                        $show = 1;
                    }
                    break;
                case 3:
                    // Messages for non-users
                    if (!pnUserLoggedIn()) {
                        $show = 1;
                    }
                    break;
                case 4:
                    // Messages for administrators of any description
                    if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
                        $show = 1;
                    }
                    break;
            }
        }
        if ($show) {
            list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content));
            $output->TableStart('', '', 0);
            $output->SetInputMode(_PNH_VERBATIMINPUT);
            $output->SetOutputMode(_PNH_RETURNOUTPUT);
            $ttitle = $output->Linebreak();
            $ttitle .= $output->Text($title);
            $ttitle .= $output->Linebreak(2);
            $output->SetOutputMode(_PNH_KEEPOUTPUT);
            $output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center');
            $output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left');
            $output->SetInputMode(_PNH_PARSEINPUT);
            $output->TableEnd();
        }
    }
    if ($output->output != "") {
        // Don't want a title
        $row['title'] = '';
        $row['content'] = $output->GetOutput();
        return themesideblock($row);
    }
}
Exemplo n.º 20
0
function delete_event($title)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $events_table = $pntable['postcalendar_events'];
    $events_column =& $pntable['postcalendar_events_column'];
    //this function is only used by the system to delete temp events used in certain
    //collision calculations
    $sql = "DELETE FROM {$events_table} WHERE pc_eventstatus = " . _EVENT_TEMPORARY . " AND pc_title = '{$title}'";
    $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        return 0;
    } else {
        return 1;
    }
}
Exemplo n.º 21
0
/**
 * get authorisation information for this user
 * 
 * @public 
 * @return array two element array of user and group permissions
 */
function pnSecGetAuthInfo()
{
    // Load the groups db info
    pnModDBInfoLoad('Groups');
    pnModDBInfoLoad('Permissions');
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    // Tables we use
    $userpermtable = $pntable['user_perms'];
    $userpermcolumn =& $pntable['user_perms_column'];
    $groupmembershiptable = $pntable['group_membership'];
    $groupmembershipcolumn =& $pntable['group_membership_column'];
    $grouppermtable = $pntable['group_perms'];
    $grouppermcolumn =& $pntable['group_perms_column'];
    $realmtable = $pntable['realms'];
    $realmcolumn =& $pntable['realms_column'];
    // Empty arrays
    $userperms = array();
    $groupperms = array();
    $uids[] = -1;
    // Get user ID
    if (!pnUserLoggedIn()) {
        // Unregistered UID
        $uids[] = 0;
        $vars['Active User'] = '******';
    } else {
        $uids[] = pnUserGetVar('uid');
        $vars['Active User'] = pnUserGetVar('uid');
    }
    $uids = implode(",", $uids);
    // Get user permissions
    $query = "SELECT {$userpermcolumn['realm']},\n                     {$userpermcolumn['component']},\n                     {$userpermcolumn['instance']},\n                     {$userpermcolumn['level']}\n              FROM {$userpermtable}\n              WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n              ORDER by {$userpermcolumn['sequence']}";
    $result =& $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return array($userperms, $groupperms);
    }
    while (list($realm, $component, $instance, $level) = $result->fields) {
        $result->MoveNext();
        //itevo
        $component = fixsecuritystring($component);
        $instance = fixsecuritystring($instance);
        $userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
    }
    // Get all groups that user is in
    $query = "SELECT {$groupmembershipcolumn['gid']}\n              FROM {$groupmembershiptable}\n              WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")";
    $result =& $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return array($userperms, $groupperms);
    }
    $usergroups[] = -1;
    if (!pnUserLoggedIn()) {
        // Unregistered GID
        $usergroups[] = 0;
    }
    while (list($gid) = $result->fields) {
        $result->MoveNext();
        $usergroups[] = $gid;
    }
    $usergroups = implode(",", $usergroups);
    // Get all group permissions
    $query = "SELECT {$grouppermcolumn['realm']},\n                     {$grouppermcolumn['component']},\n                     {$grouppermcolumn['instance']},\n                     {$grouppermcolumn['level']}\n              FROM {$grouppermtable}\n              WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n              ORDER by {$grouppermcolumn['sequence']}";
    $result =& $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return array($userperms, $groupperms);
    }
    while (list($realm, $component, $instance, $level) = $result->fields) {
        $result->MoveNext();
        //itevo
        $component = fixsecuritystring($component);
        $instance = fixsecuritystring($instance);
        // Search/replace of special names
        preg_match_all("/<([^>]+)>/", $instance, $res);
        for ($i = 0; $i < count($res[1]); $i++) {
            $instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1);
        }
        $groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
    }
    // we've now got the permissions info
    $GLOBALS['authinfogathered'] = 1;
    return array($userperms, $groupperms);
}
Exemplo n.º 22
0
/**
 * Get the uid of a user from the username
 *
 * @access public
 * @author Michael Halbrook
 * @since 1.9 - 19/04/2004
 * @param uname $ the username
 * @return mixed userid if found, false if not, void upon error
 */
function pnUserGetIDFromName($uname)
{
    $uname = isset($uname) ? $uname : '';
    if (!pnVarValidate($uname, 'uname')) {
        return false;
    }
    static $uid = array();
    if (isset($uid[$uname])) {
        return $uid[$uname];
    }
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    $userstable = $pntable['users'];
    $userscolumn =& $pntable['users_column'];
    $query = "SELECT {$userscolumn['uid']}\n              FROM {$userstable}\n              WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
    $result =& $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return;
    }
    if ($result->EOF) {
        $uid[$uname] = false;
        return false;
    }
    list($uid[$uname]) = $result->fields;
    $result->Close();
    return $uid[$uname];
}
Exemplo n.º 23
0
function httpreferer()
{
    global $HTTP_SERVER_VARS;
    /*** 
     * Here we set up some variables for the rest of the script. 
     * if you want to see whats going on, set $DEBUG to 1 
     * I use $HTTP_HOST here because i dont want to deal with the need to have 
     * to see if $nuke_url is set correctly and whatnot. if you prefer to use 
     * $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines. 
     */
    $DEBUG = 0;
    $HTTP_REFERER = getenv('HTTP_REFERER');
    $HTTP_HOST = getenv('HTTP_HOST');
    // nkame: PWS/IIS doesn't put those variables in the environment
    if (empty($HTTP_HOST)) {
        $HTTP_HOST = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'];
        $HTTP_REFERER = $HTTP_SERVER_VARS['HTTP_REFERER'];
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if ($DEBUG == 1) {
        echo "HTTP_HOST = " . $HTTP_HOST . "<br> HTTP_REFERER = " . $HTTP_REFERER . "<br>";
    }
    /*** 
     * This is the first thing we need to check. what this does is see if  
     * HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming 
     * from our own domain. 
     */
    if (!ereg("{$HTTP_HOST}", $HTTP_REFERER)) {
        /*** 
         * If $HTTP_REFERER is not set, set $HTTP_REFERER to value "bookmark" 
         * This is to show how many people have this bookmarked or type in the 
         * URL into the browser. also so we dont have empty referers. 
         */
        if ($HTTP_REFERER == "") {
            $HTTP_REFERER = "bookmark";
        }
        // grab a reference to our table column defs for easier reading below
        $column =& $pntable['referer_column'];
        /*** 
         * Lets select from the table where we have $HTTP_REFERER (whether it be 
         * a valid referer or 'bookmark'. if we return 1 row, that means someones 
         * used this referer before and update the set appropriatly.  
         * 
         * If we dont have any rows (it returns 0), we have a new entry in the 
         * table, update accordingly. 
         * 
         * After we figure out what SQL statement we are using, lets perform the 
         * query and we're done ! 
         */
        $check_sql = "SELECT count({$column['rid']}) as c \n                      FROM {$pntable['referer']} \n                      WHERE {$column['url']} = '" . $HTTP_REFERER . "'";
        $result = $dbconn->Execute($check_sql);
        if ($result === false) {
            PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
        }
        $row = $result->fields;
        $count = $row[0];
        if ($count == 1) {
            $update_sql = "UPDATE {$pntable['referer']}\n                           SET {$column['frequency']} = {$column['frequency']} + 1\n                           WHERE {$column['url']} = '" . $HTTP_REFERER . "'";
        } else {
            /***
             * "auto-increment" isn't portable so we have to use the standard
             * interface for grabbing sequence numbers.  The underlying
             * implementation handles the correct method for the RDBMS we are
             * using.
             */
            $rid = $dbconn->GenId($pntable['referer'], true);
            $update_sql = "INSERT INTO {$pntable['referer']}\n                             ({$column['rid']},\n                              {$column['url']},\n                              {$column['frequency']})\n                           VALUES\n                             (" . pnVarPrepForStore($rid) . ",\n                              '" . pnVarPrepForStore($HTTP_REFERER) . "',\n                              1)";
        }
        $result = $dbconn->Execute($update_sql);
        if ($result === false) {
            error_log("error in referer.php, " . __LINE__ . ", sql='{$update_sql}'");
            PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
        }
        if ($DEBUG == 1) {
            echo "<br>" . $check_sql . "<br>" . $update_sql . "<br>";
        }
    }
}
Exemplo n.º 24
0
/**
 * carry out hook operations for module
 * @param hookobject the object the hook is called for - either 'item' or 'category'
 * @param hookaction the action the hook is called for - one of 'create', 'delete', 'transform', or 'display'
 * @param hookid the id of the object the hook is called for (module-specific)
 * @param extrainfo extra information for the hook, dependent on hookaction
 * @returns string
 * @return output from hooks
 */
function pnModCallHooks($hookobject, $hookaction, $hookid, $extrainfo)
{
    // Get database info
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $hookstable = $pntable['hooks'];
    $hookscolumn =& $pntable['hooks_column'];
    // Get applicable hooks
    $sql = "SELECT {$hookscolumn['tarea']},\n                   {$hookscolumn['tmodule']},\n                   {$hookscolumn['ttype']},\n                   {$hookscolumn['tfunc']}\n            FROM {$hookstable}\n            WHERE {$hookscolumn['smodule']} = '" . pnVarPrepForStore(pnModGetName()) . "'\n            AND {$hookscolumn['object']} = '" . pnVarPrepForStore($hookobject) . "'\n            AND {$hookscolumn['action']} = '" . pnVarPrepForStore($hookaction) . "'";
    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        return null;
    }
    $output = '';
    // Call each hook
    for (; !$result->EOF; $result->MoveNext()) {
        list($hookarea, $hookmodule, $hooktype, $hookfunc) = $result->fields;
        if ($hookarea == 'GUI') {
            if (pnModAvailable($hookmodule, $hooktype) && pnModLoad($hookmodule, $hooktype)) {
                $output .= pnModFunc($hookmodule, $hooktype, $hookfunc, array('objectid' => $hookid, 'extrainfo' => $extrainfo));
            }
        } else {
            if (pnModAvailable($hookmodule, $hooktype) && pnModAPILoad($hookmodule, $hooktype)) {
                $extrainfo = pnModAPIFunc($hookmodule, $hooktype, $hookfunc, array('objectid' => $hookid, 'extrainfo' => $extrainfo));
            }
        }
    }
    if ($hookaction == 'display') {
        return $output;
    } else {
        return $extrainfo;
    }
}
Exemplo n.º 25
0
/**
 * PHP function to garbage collect session information
 * @private
 */
function pnSessionGC($maxlifetime)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $sessioninfocolumn =& $pntable['session_info_column'];
    $sessioninfotable = $pntable['session_info'];
    switch (pnConfigGetVar('seclevel')) {
        case 'Low':
            // Low security - delete session info if user decided not to
            //                remember themself
            $where = "WHERE {$sessioninfocolumn['vars']} NOT LIKE '%PNSVrememberme|%'\n                      AND {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60);
            break;
        case 'Medium':
            // Medium security - delete session info if session cookie has
            //                   expired or user decided not to remember
            //                   themself
            $where = "WHERE ({$sessioninfocolumn['vars']} NOT LIKE '%PNSVrememberme|%'\n                        AND {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60) . ")\n                      OR {$sessioninfocolumn['firstused']} < " . (time() - pnConfigGetVar('secmeddays') * 86400);
            break;
        case 'High':
        default:
            // High security - delete session info if user is inactive
            $where = "WHERE {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60);
            break;
    }
    $query = "DELETE FROM {$sessioninfotable} {$where}";
    $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return false;
    }
    return true;
}
Exemplo n.º 26
0
function &postcalendar_userapi_getCategoryLimits()
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $cat_table = $pntable['postcalendar_limits'];
    $sql = "SELECT pc_limitid,pc_catid,pc_starttime,pc_endtime,\n            pc_limit FROM {$cat_table}\n            ORDER BY pc_limitid";
    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
        return array();
    }
    if (!isset($result)) {
        return array();
    }
    $limits = array();
    for ($i = 0; !$result->EOF; $result->MoveNext()) {
        list($limitid, $catid, $startTime, $endTime, $limit) = $result->fields;
        // check the category's permissions
        if (!pnSecAuthAction(0, 'PostCalendar::Category', "{$catname}::{$catid}", ACCESS_OVERVIEW)) {
            continue;
        }
        $limits[$i]['limitid'] = $limitid;
        $limits[$i]['catid'] = $catid;
        $limits[$i]['startTime'] = $startTime;
        $limits[$i]['endTime'] = $endTime;
        $limits[$i++]['limit'] = $limit;
    }
    $result->Close();
    return $limits;
}
Exemplo n.º 27
0
/** 
 * Selects all of a given item from database.
 * 
 * @param  $from   STRING  required    table name to select items from.
 * @return array of options for dropdowns. 
 */
function Meds_userapi_DBselect($args)
{
    // Initialize the return variable early on.
    $select = array();
    // Permission check.
    if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
        return $select;
    }
    // Define table to select from. (comparable to $object in other functions)
    $from = (string) $args['from'];
    // Define tables that can be selected from for dropdowns.
    $tables = array('chem', 'company', 'moa', 'preserve');
    // Ensure a valid table name was passed.
    if (!in_array($from, $tables)) {
        pnSessionSetVar('errormsg', 'Error selecting table from database.');
        return false;
    }
    // Get database connection and tables references.
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    // Dynamically create the table/field references based on $from.
    $table =& $pntable['rx_' . $from];
    $field =& $pntable['rx_' . $from . '_column'];
    // Dynamically create the $id_field to select by.
    $id_field = substr($from, 0, 4) . '_id';
    // Create SQL to select the id and name of the item.
    $sql = "SELECT {$field[$id_field]},\n                   {$field['name']}\n              FROM {$table}\n          ORDER BY {$field['name']}";
    // Execute query.
    $result = $dbconn->Execute($sql);
    // Check for database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    // Loop through $result set.
    for (; !$result->EOF; $result->MoveNext()) {
        // Extract data from result set.
        list($id, $name) = $result->fields;
        // Assign the data to the select array.
        $select[$id] = array($id_field => $id, 'name' => $name);
    }
    // Close $result set.
    $result->Close();
    // Return.
    return $select;
}
Exemplo n.º 28
0
function Lenses_adminapi_update_company($args)
{
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
        pnSessionSetVar('errormsg', _MODULENOAUTH);
        return false;
    }
    // Extract arguments.  In this case, $company.
    extract($args);
    // Extract company array.
    extract($company);
    // Ensure valid values were passed in.
    if (empty($comp_tid) || !is_numeric($comp_tid) || empty($comp_name) || !is_string($comp_name)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // NOTE: No check for other fields as they are not required.
    // Check if company exists.
    if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $comp_tid, 'item_type' => 'company'))) {
        pnSessionSetVar('errormsg', _NOSUCHITEM);
        return false;
    }
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    // Define table and column to work with.
    $companies_table =& $pntable['lenses_companies'];
    $companies_field =& $pntable['lenses_companies_column'];
    // Prep data for storage in database.
    list($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc) = pnVarPrepForStore($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc);
    // Create SQL string to update the company record.
    $sql = "UPDATE {$companies_table}\n                SET {$companies_field['comp_name']}     = '{$comp_name}',\n\t\t\t\t\t{$companies_field['logo']}     \t    = '{$logo}',\n                    {$companies_field['phone']}     \t= '{$phone}',\n                    {$companies_field['address']}  \t\t= '{$address}',\n                    {$companies_field['city']}      \t= '{$city}',\n                    {$companies_field['state']}     \t= '{$state}',\n                    {$companies_field['zip']}       \t= '{$zip}',\n                    {$companies_field['url']}       \t= '{$url}',\n                    {$companies_field['email']}     \t= '{$email}',\n                    {$companies_field['comp_desc']}     = '{$comp_desc}'\n              WHERE {$companies_field['comp_tid']}      = '{$comp_tid}'";
    //echo($sql);
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _UPDATEFAILED);
        return false;
    }
    // Start a new output object.
    // This function isn't an output function, but needs an output
    // object started before the cache can be cleared.
    $pnRender =& new pnRender('Lenses');
    // Clear the cache.
    $pnRender->clear_cache();
    // Return success.
    return true;
}
Exemplo n.º 29
0
function blocks_online_block($row)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) {
        return;
    }
    $sessioninfocolumn =& $pntable['session_info_column'];
    $sessioninfotable = $pntable['session_info'];
    $sessioninfocolumn =& $pntable['session_info_column'];
    $sessioninfotable = $pntable['session_info'];
    $activetime = time() - pnConfigGetVar('secinactivemins') * 60;
    $query = "SELECT count( 1 )\n             FROM {$sessioninfotable}\n             WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t  GROUP BY {$sessioninfocolumn['uid']}\n\t\t ";
    $result = $dbconn->Execute($query);
    $numusers = $result->RecordCount();
    $result->Close();
    $query2 = "SELECT count( 1 )\n             FROM {$sessioninfotable}\n              WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t  GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t ";
    $result2 = $dbconn->Execute($query2);
    $numguests = $result2->RecordCount();
    $result2->Close();
    // Pluralise
    if ($numguests == 1) {
        $guests = _GUEST;
    } else {
        $guests = _GUESTS;
    }
    if ($numusers == 1) {
        $users = _MEMBER;
    } else {
        $users = _MEMBERS;
    }
    $content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n";
    if (pnUserLoggedIn()) {
        $content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />';
        if (pnModAvailable('Messages')) {
            // display private messages only when module is active
            $column =& $pntable['priv_msgs_column'];
            $result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid'));
            list($numrow) = $result2->fields;
            // get unread messages
            $result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'");
            list($unreadrow) = $result3->fields;
            if ($numrow == 0) {
                $content .= '<br /></span>';
            } else {
                $content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Messages&amp;file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Messages&amp;file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) ";
                if ($numrow == 1) {
                    $content .= _PRIVATEMSG;
                } elseif ($numrow > 1) {
                    $content .= _PRIVATEMSGS;
                }
                $content .= "</span><br />";
            }
        }
    } else {
        $content .= '<br />' . _YOUAREANON . '</span><br />';
    }
    if (empty($row['title'])) {
        $row['title'] = _WHOSONLINE;
    }
    $row['content'] = $content;
    return themesideblock($row);
}
Exemplo n.º 30
0
function postcalendar_admin_categoryLimitsUpdate()
{
    if (!PC_ACCESS_ADMIN) {
        return _POSTCALENDAR_NOAUTH;
    }
    $output = new pnHTML();
    $output->SetInputMode(_PNH_VERBATIMINPUT);
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit');
    $updates = array();
    if (isset($id)) {
        foreach ($id as $k => $i) {
            $found = false;
            if (count($del)) {
                foreach ($del as $d) {
                    if ($i == $d) {
                        $found = true;
                        break;
                    }
                }
            }
            if (!$found) {
                $start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0));
                $end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0));
                $update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t                             SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t                                 pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t                                 pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t                                 pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t                             WHERE pc_limitid={$i}";
                array_push($updates, $update_sql);
            }
        }
    }
    $dels = implode(",", $del);
    $delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})";
    $e = $msg = '';
    if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) {
        $e .= 'UPDATE FAILED';
    }
    if (isset($dels)) {
        if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) {
            $e .= 'DELETE FAILED';
        }
    }
    if (isset($newLimit) && $newLimit > 0) {
        $start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0));
        $end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0));
        if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) {
            $e .= 'INSERT FAILED';
        }
    }
    if (empty($e)) {
        $msg = 'DONE';
    }
    $output->Text(postcalendar_admin_categoryLimits($msg, $e));
    return $output->GetOutput();
}