function smarty_function_ms_greyboxheader($params, &$smarty) { PageUtil::addVar('stylesheet', 'modules/mediashare/pnincludes/greybox/gb_styles.css'); $script = '<script type="text/javascript"> var GB_ROOT_DIR = "' . pnGetBaseURL() . 'modules/mediashare/greybox/"; </script>'; PageUtil::addVar('rawtext', $script); PageUtil::addVar('javascript', 'modules/mediashare/pnincludes/greybox/AJS.js'); PageUtil::addVar('javascript', 'modules/mediashare/pnincludes/greybox/AJS_fx.js'); PageUtil::addVar('javascript', 'modules/mediashare/pnincludes/greybox/gb_scripts.js'); }
function dplink_user_main() { $url = trim(pnModGetVar('dplink', 'url')); $window = pnModGetVar('dplink', 'use_window'); $wrap = pnModGetVar('dplink', 'use_postwrap'); $user_data = array(); $home = pnGetBaseURL(); $home .= 'user.php?op=loginscreen&module=NS-User'; if (!pnUserLoggedIn()) { pnRedirect($home); } // We need to get the user password string from the database $uid = pnUserGetVar('uid'); list($dbconn) = pnDBGetConn(); $pntables = pnDBGetTables(); $usertable = $pntables['users']; $usercol =& $pntables['users_column']; $sql = "SELECT {$usercol['uname']}, {$usercol['pass']}, {$usercol['name']}, {$usercol['email']} " . "FROM {$usertable} WHERE {$usercol['uid']} = {$uid}"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die('Could not get user details'); } if ($result->EOF) { die('Could not get user detail'); } list($uname, $password, $user_name, $user_email) = $result->fields; $result->Close(); $user_data['login'] = $uname; $user_data['passwd'] = $password; $user_data['name'] = $user_name; $user_data['email'] = $user_email; $parm = serialize($user_data); $check = md5($parm); $cparm = gzcompress($parm); $bparm = urlencode(base64_encode($cparm)); if ($window) { $url .= '/index.php?login=pn&userdata=' . $bparm . '&check=' . $check; header('Location: ' . $url); } else { $url .= '/index.php?login=pn%26userdata=' . $bparm . '%26check=' . $check; if ($wrap) { header('Location: modules.php?op=modload&name=PostWrap&file=index&page=' . $url); } else { header('Location: modules.php?op=modload&name=dplink&file=index&url=' . $url); } } exit; }
// echo " <name>op=modload&name=Search&file=index&action=search&active_stories=1&Search</name>\n"; // echo " <link>".$link."/modules.php</link>\n"; // echo "</textinput>\n"; echo "<image>\n"; echo " <title>{$image_title}</title>\n"; echo " <url>{$image_url}</url>\n"; echo " <link>{$image_link}</link>\n"; echo "</image>\n"; echo "<webMaster>{$webmaster}</webMaster>\n"; if ($managingeditor != "") { echo "<managingEditor>{$managingeditor}</managingEditor>\n"; } // while(list($sid, $title) = $result->fields) { while (list($sid, $title, $ihome, $hometext) = $result->fields) { $title = pnVarPrepHTMLDisplay($title); $link = pnVarPrepForDisplay(pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}"); $content = pnVarPrepForDisplay($hometext); echo "<item>\n"; echo "<title>{$title}</title>\n"; echo "<link>{$link}</link>\n"; if ($show_content) { echo "<description>\n"; echo $content; echo "</description>\n"; } echo "</item>\n"; $result->MoveNext(); } echo "</channel>\n"; echo "</rss>\n"; }
/** * Carry out a redirect * @param the URL to redirect to * @returns void */ function pnRedirect($redirecturl) { // Always close session before redirect if (function_exists('session_write_close')) { session_write_close(); } if (preg_match('!^http!', $redirecturl)) { // Absolute URL - simple redirect Header("Location: {$redirecturl}"); return; } else { // Removing leading slashes from redirect url $redirecturl = preg_replace('!^/*!', '', $redirecturl); // Get base URL $baseurl = pnGetBaseURL(); Header("Location: {$baseurl}{$redirecturl}"); } }
function postcalendar_admin_testSystem() { global $bgcolor1, $bgcolor2; if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $pcDir = pnVarPrepForOS($modinfo['directory']); $version = $modinfo['version']; unset($modinfo); $tpl = new pcSmarty(); $infos = array(); if (phpversion() >= '4.1.0') { $__SERVER =& $_SERVER; $__ENV =& $_ENV; } else { $__SERVER =& $HTTP_SERVER_VARS; $__ENV =& $HTTP_ENV_VARS; } if (defined('_PN_VERSION_NUM')) { $pnVersion = _PN_VERSION_NUM; } else { $pnVersion = pnConfigGetVar('Version_Num'); } array_push($infos, array('CMS Version', $pnVersion)); array_push($infos, array('Sitename', pnConfigGetVar('sitename'))); array_push($infos, array('url', pnGetBaseURL())); array_push($infos, array('PHP Version', phpversion())); if ((bool) ini_get('safe_mode')) { $safe_mode = "On"; } else { $safe_mode = "Off"; } array_push($infos, array('PHP safe_mode', $safe_mode)); if ((bool) ini_get('safe_mode_gid')) { $safe_mode_gid = "On"; } else { $safe_mode_gid = "Off"; } array_push($infos, array('PHP safe_mode_gid', $safe_mode_gid)); $base_dir = ini_get('open_basedir'); if (!empty($base_dir)) { $open_basedir = "{$base_dir}"; } else { $open_basedir = "NULL"; } array_push($infos, array('PHP open_basedir', $open_basedir)); array_push($infos, array('SAPI', php_sapi_name())); array_push($infos, array('OS', php_uname())); array_push($infos, array('WebServer', $__SERVER['SERVER_SOFTWARE'])); array_push($infos, array('Module dir', "modules/{$pcDir}")); $modversion = array(); include "modules/{$pcDir}/pnversion.php"; $error = ''; if ($modversion['version'] != $version) { $error = '<br /><div style=\\"color: red;\\">'; $error .= "new version {$modversion['version']} installed but not updated!"; $error .= '</div>'; } array_push($infos, array('Module version', $version . " {$error}")); array_push($infos, array('smarty version', $tpl->_version)); array_push($infos, array('smarty location', SMARTY_DIR)); array_push($infos, array('smarty template dir', $tpl->template_dir)); $info = $tpl->compile_dir; $error = ''; if (!file_exists($tpl->compile_dir)) { $error .= " compile dir doesn't exist! [{$tpl->compile_dir}]<br />"; } else { // dir exists -> check if it's writeable if (!is_writeable($tpl->compile_dir)) { $error .= " compile dir not writeable! [{$tpl->compile_dir}]<br />"; } } if (strlen($error) > 0) { $info .= "<br /><div style=\"color: red;\">{$error}</div>"; } array_push($infos, array('smarty compile dir', $info)); $info = $tpl->cache_dir; $error = ""; if (!file_exists($tpl->cache_dir)) { $error .= " cache dir doesn't exist! [{$tpl->cache_dir}]<br />"; } else { // dir exists -> check if it's writeable if (!is_writeable($tpl->cache_dir)) { $error .= " cache dir not writeable! [{$tpl->cache_dir}]<br />"; } } if (strlen($error) > 0) { $info .= "<br /><div style=\"color: red;\">{$error}</div>"; } array_push($infos, array('smarty cache dir', $info)); $header = <<<EOF \t<html> \t<head></head> \t<body bgcolor= EOF; $header .= '"' . $GLOBALS['style']['BGCOLOR2'] . '">'; $output .= $header; $output = postcalendar_adminmenu(); $output .= '<table border="1" cellpadding="3" cellspacing="1">'; $output .= ' <tr><th align="left">Name</th><th align="left">Value</th>'; $output .= '</tr>'; foreach ($infos as $info) { $output .= '<tr><td ><b>' . pnVarPrepHTMLDisplay($info[0]) . '</b></td>'; $output .= '<td>' . pnVarPrepHTMLDisplay($info[1]) . '</td></tr>'; } $output .= '</table>'; $output .= '<br /><br />'; $output .= postcalendar_admin_modifyconfig('', false); $output .= "</body></html>"; return $output; }
/** * generate a module function URL * @param modname - registered name of module * @param type - type of function * @param func - module function * @param args - array of arguments to put on the URL * @returns string * @return absolute URL for call */ function pnModURL($modname, $type = 'user', $func = 'main', $args = array(), $path = '') { if (empty($modname)) { return false; } global $HTTP_SERVER_VARS; // Hostname $host = $HTTP_SERVER_VARS['HTTP_HOST']; if (empty($host)) { $host = getenv('HTTP_HOST'); if (empty($host)) { return false; } } // The arguments $urlargs[] = "module={$modname}"; if (!empty($type) && $type != 'user') { $urlargs[] = "type={$type}"; } if (!empty($func) && $func != 'main') { $urlargs[] = "func={$func}"; } $urlargs = join('&', $urlargs); $url = "index.php?{$urlargs}"; // <rabbitt> added array check on args // April 11, 2003 if (!is_array($args)) { return false; } else { foreach ($args as $k => $v) { if (is_array($v)) { foreach ($v as $l => $w) { $url .= "&{$k}" . "[{$l}]={$w}"; } } else { $url .= "&{$k}={$v}"; } } } //remove characters not belonging in a path, prevent possible injection //this may break windows path accesses? $path = preg_replace("/[^\\.\\/a-zA-Z0-9]/", "", $path); // The URL $final_url = pnGetBaseURL() . $path . $url; return $final_url; }
function mediashare_remote_fetchalbumimages() { $albumId = $_POST['set_albumName']; if (($images = pnModAPIFunc('mediashare', 'user', 'getMediaItems', array('access' => mediashareAccessRequirementView, 'albumId' => $albumId))) === false) { return mediashareErrorAPIRemote(); } if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) { return mediashareErrorAPIRemote(); } $baseurl = pnGetBaseURL() . pnModAPIFunc('mediashare', 'user', 'getRelativeMediadir'); echo "__#GR2PROTO__\nstatus=0\nstatus_text=ok\nalbum.caption={$album['title']}"; for ($i = 1, $cou = count($images); $i <= $cou; ++$i) { $image =& $images[$i - 1]; echo "\nimage.name.{$i}={$image['originalRef']}\nimage.raw_width.{$i}={$image['originalWidth']}\nimage.raw_height.{$i}={$image['originalHeight']}\nimage.raw_filesize.{$i}={$image['originalBytes']}\nimage.resizedName.{$i}={$image['previewRef']}\nimage.resized_width.{$i}={$image['previewWidth']}\nimage.resized_height.{$i}={$image['previewHeight']}\nimage.thumbName.{$i}={$image['thumbnailRef']}\nimage.thumb_width.{$i}={$image['thumbnailWidth']}\nimage.thumb_height.{$i}={$image['thumbnailHeight']}\nimage.caption.{$i}=" . mediashareRemoteEscape($image[title]) . "\nimage.title.{$i}=" . mediashareRemoteEscape($image[title]) . "\nimage.clicks.{$i}=0\nimage.hidden.{$i}=no"; } echo "\nimage_count=" . count($images) . "\nbaseurl={$baseurl}\n"; return true; }
/** * generate a module function URL * @param modname - registered name of module * @param type - type of function * @param func - module function * @param args - array of arguments to put on the URL * @returns string * @return absolute URL for call */ function pnModURL($modname, $type = 'user', $func = 'main', $args = array()) { if (empty($modname)) { return false; } global $HTTP_SERVER_VARS; // Hostname $host = $HTTP_SERVER_VARS['HTTP_HOST']; if (empty($host)) { $host = getenv('HTTP_HOST'); if (empty($host)) { return false; } } // The arguments $urlargs[] = "module={$modname}"; if (!empty($type) && $type != 'user') { $urlargs[] = "type={$type}"; } if (!empty($func) && $func != 'main') { $urlargs[] = "func={$func}"; } $urlargs = join('&', $urlargs); $url = "index.php?{$urlargs}"; // <rabbitt> added array check on args // April 11, 2003 if (!is_array($args)) { return false; } else { foreach ($args as $k => $v) { if (is_array($v)) { foreach ($v as $l => $w) { $url .= "&{$k}" . "[{$l}]={$w}"; } } else { $url .= "&{$k}={$v}"; } } } // The URL return pnGetBaseURL() . $url; }
$body .= "<pubDate>" . date('r', strtotime($time)) . "</pubDate>\n"; $body .= "</item>\n"; } } // end of dynamic output $sitename = pnConfigGetVar('sitename'); if (isset($topicid) && is_numeric($topicid)) { $title = pnVarPrepForDisplay($sitename) . ' :: ' . pnVarPrepForDisplay($topictitle); } else { if (isset($catid) && is_numeric($catid)) { $title = pnVarPrepForDisplay($sitename) . ' :: ' . pnVarPrepForDisplay($categorytitle); } else { $title = pnVarPrepForDisplay($sitename); } } $link = pnVarPrepForDisplay(pnGetBaseURL()); $description = pnVarPrepForDisplay(pnConfigGetVar('backend_title')); $backend_language = pnVarPrepForDisplay($backendlang); $webmaster = pnVarPrepForDisplay(pnConfigGetVar('adminmail')); $image_url = $link . 'images/' . pnVarPrepForDisplay(pnConfigGetVar('site_logo')); $image_title = $title; // RSS parsers usually use this for the ALT tag on the image $image_link = $link; // RSS parsers usually use this as the link when users click on the image // start the RSS output echo "<?xml version=\"1.0\" encoding=\"{$charset}\"?>\n\n"; echo "<rss version=\"2.0\" xmlns:dc=\"http://purl.org/dc/elements/1.1/\">"; echo "<channel>\n"; echo "<title>{$title}</title>\n"; echo "<pubDate>" . date('r', strtotime($mostrecentdate)) . "</pubDate>\n"; echo "<link>{$link}</link>\n";
function blocks_rss_refresh($row, $forceupdate = 0) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // Get arguments $args = pnBlockVarsFromContent($row['content']); // Check for URL if (empty($args['rssurl'])) { return $row; } $past = time() - $row['refresh']; if (!$forceupdate && $row['unix_update'] > $past) { return $row; } $rss = parse_url($args['rssurl']); if (!isset($rss['port'])) { $rss['port'] = 80; } if (!isset($rss['query'])) { $rss['query'] = ''; } // retrive the rss file $fp = fsockopen($rss['host'], $rss['port'], $errno, $errstr, 10); if (!$fp) { $next_try = time() + 600; $column =& $pntable['blocks_column']; $sql = "UPDATE {$pntable['blocks']}\n SET {$column['last_update']}=" . pnVarPrepForStore($next_try) . "\n WHERE {$column['bid']}=" . pnVarPrepForStore($row['bid']); $result = $dbconn->Execute($sql); $row['title'] .= ' *'; return $row; } fputs($fp, 'GET ' . $rss['path'] . '?' . $rss['query'] . " HTTP/1.0\r\n"); // cocomp 2002/07/13 Added Referer & User-Agent as some sites won't give RSS // feed otherwise fputs($fp, 'HOST: ' . $rss['host'] . "\r\n"); fputs($fp, 'Referer: ' . pnGetBaseURL() . "\r\n"); fputs($fp, 'User-Agent: ' . pnConfigGetVar('Version_ID') . ': ' . pnConfigGetVar('Version_Sub') . ': ' . pnConfigGetVar('Version_Num') . "\r\n\r\n"); $rss_file = ''; $start_time = time(); while (!feof($fp)) { $line = fgets($fp, 4096); if (empty($go)) { if ($line[0] == '<') { $go = true; } /* * Fix on SF-bug #566489 */ if (preg_match("/[\n]?[\r]{1}[^\n]{1}/", $line)) { $line = preg_replace("/([\n]?[\r]{1})([^\n]{1})/", "\n\\2", $line); $lines = explode("\n", $line); $first = true; foreach ($lines as $line) { if ($first) { $first = !$first; } else { $rss_file[] = trim($line); } } } /* * End of fix */ } else { /* * Fix on SF-bug #566489 */ if (preg_match("/[\n]?[\r]{1}[^\n]{1}/", $line)) { $line = preg_replace("/([\n]?[\r]{1})([^\n]{1})/", "\n\\2", $line); $lines = explode("\r\n", $line); foreach ($lines as $line) { $rss_file[] = trim($line); } } else { $rss_file[] = trim($line); } /* * End of fix */ } if (time() - $start_time == 5) { // if the source server is too slow, we give up. 5 seconds is more then enough time fputs($fp, "Connection: close\r\n\r\n"); fclose($fp); $column =& $pntable['blocks_column']; $sql = "UPDATE {$pntable['blocks']}\n SET {$column['last_update']}=0\n WHERE {$column['bid']}=" . pnVarPrepForStore($row['bid']); $result = $dbconn->Execute($sql); return $row; } } fputs($fp, "Connection: close\r\n\r\n"); fclose($fp); $struct = rss_parse_array($rss_file); // parse the file $channel_data = ''; $image_data = ''; $item_data = array(); $search_data = ''; $total_items = 0; $cur_block = ''; foreach ($struct as $v) { if (!is_array($v)) { continue; } if ($v['type'] == 'open') { switch ($v['tag']) { case 'channel': $cur_block = 'channel'; break; case 'image': $cur_block = 'image'; break; case 'item': $cur_block = 'item'; break; case 'textinput': $cur_block = 'textinput'; break; } } elseif ($v['type'] == 'close') { switch ($v['tag']) { case 'channel': $cur_block = ''; break; case 'image': $cur_block = ''; break; case 'item': $cur_block = ''; $total_items++; break; case 'textinput': $cur_block = ''; break; } } elseif ($v['type'] == 'complete') { $tag = $v['tag']; switch ($cur_block) { case 'channel': $channel_data[$tag] = $v['value']; break; case 'image': $image_data[$tag] = $v['value']; break; case 'item': $item_data[$total_items][$tag] = $v['value']; break; case 'textinput': $search_data[$tag] = $v['value']; break; } } } // start generating content $content = ''; // image & link if (!empty($args['showimage'])) { // cocomp 2002/07/13 - prevent E_ALL errors check for $image_data if (isset($image_data) && is_array($image_data)) { if (isset($image_data['url']) && $image_data['url'] != 'http://yoursite.com/images/logo.gif') { if (!$image_data['link']) { $image_data['link'] = $channel_data['link']; } if (!$image_data['title']) { $image_data['title'] = $channel_data['title']; } if (!isset($image_data['description'])) { if ($channel_data['description']) { $image_data['description'] = $channel_data['description']; } else { $image_data['description'] = 'No description provided...'; } } if (!isset($image_data['width'])) { $image_data['width'] = 88; } if (!isset($image_data['height'])) { $image_data['height'] = 31; } if ($args['altstyle']) { $content .= "<a class=\"pn-normal\" href=\"{$image_data['link']}\" target=\"_blank\" title=\"{$image_data['description']}\">\n" . "<img src=\"{$image_data['url']}\" border=\"0\" alt=\"{$image_data['title']}\" width=\"{$image_data['width']}\" height=\"{$image_data['height']}\"></a>\n" . "<br>\n"; } else { $content .= "<div align=\"center\" style=\"text-align:center\"><a class=\"pn-normal\" href=\"{$image_data['link']}\" target=\"_blank\" title=\"{$image_data['description']}\">\n" . "<img src=\"{$image_data['url']}\" border=\"0\" alt=\"{$image_data['title']}\" width=\"{$image_data['width']}\" height=\"{$image_data['height']}\"></a>\n" . "</div>"; } } } } // pub date if (isset($channel_data['pubDate'])) { $content .= "<div align=\"center\" style=\"text-align:center\">\n" . "<b>({$channel_data['pubDate']})</b></div>"; } // items if ($total_items > $args['maxitems']) { // we don't want a bunch of empty item spaces $total_items = $args['maxitems']; } for ($i = 0; $i < $total_items; $i++) { if ($i) { if ($args['altstyle']) { $content .= "\n"; } else { $content .= "<hr noshade size=\"1\" width=\"50%\">\n"; } } if (empty($item_data[$i]['title'])) { $item_data[$i]['title'] = '<i>[no title]</i>'; } // cocomp 2002/07/13 prevent E_ALL errors check for $item_data[$i]['link'] if (isset($item_data[$i]['link'])) { if ($args['altstyle']) { $content .= '<font class="pn-normal"><strong><big>·</big></strong> </font><a class="pn-normal" href="' . $item_data[$i]['link'] . '" title="' . $item_data[$i]['title'] . '" target="_blank">' . $item_data[$i]['title'] . '</a><br>'; } else { $content .= '<a href="' . $item_data[$i]['link'] . '" title="' . $item_data[$i]['title'] . '" target="_blank" class="pn-normal">' . $item_data[$i]['title'] . '</a><br>'; } } if (!empty($args['showdescriptions']) && isset($item_data[$i]['description'])) { $content .= '<font class="pn-normal"><i>' . $item_data[$i]['description'] . '</i></font><br>'; } } // search if (!empty($args['showsearch'])) { if (isset($search_data['link']) && isset($search_data['name']) && isset($search_data['title'])) { if ($args['altstyle']) { $content .= '<br>'; } else { $content .= '<hr noshade size="1" width="50%">'; } $content .= "<center><form method=\"get\" action=\"{$search_data['link']}\" target=\"_blank\">\n"; if ($search_data['description']) { $content .= htmlspecialchars($search_data['description']) . '<br>'; } $content .= "<input type=\"text\" name=\"{$search_data['name']}\" size=\"15\"><br><input type=\"submit\" value=\"{$search_data['title']}\"></form></center>\n"; } // copyright if (isset($channel_data['copyright'])) { $content .= "<font class=\"pn-normal\">{$channel_data['copyright']}</font>\n"; } // done with rdf file if ($args['altstyle']) { $content .= "<br><a class=\"pn-normal\" href=\"{$channel_data['link']}\" target=\"_blank\"><b>_RSSREADMORE</b></a>\n"; } else { $content .= "<div align=\"right\" style=\"text-align:right\"><a class=\"pn-normal\" href=\"{$channel_data['link']}\" target=\"_blank\"><b>_RSSREADMORE</b></a></div>\n"; } $content = "<font class=\"pn-normal\">{$content}</font>\n"; } $args['headlines'] = $content; $row['content'] = pnBlockVarsToContent($args); $column =& $pntable['blocks_column']; // cocomp 2002/07/13 cross db compatibility - changed now() to DBTimestamp $sql = "UPDATE {$pntable['blocks']}\n SET {$column['content']}='" . pnVarPrepForStore($row['content']) . "',\n {$column['last_update']}=" . $dbconn->DBTimestamp(time()) . "\n WHERE {$column['bid']}=" . pnVarPrepForStore($row['bid']); $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { $row['title'] .= ' *'; } return $row; }
function send_email() { /* send error reporting email to admin */ global $REQUEST_URI, $HTTP_REFERER, $REMOTE_ADDR; $reportlevel = pnConfigGetVar('reportlevel'); $adminmail = pnConfigGetVar('adminmail'); $notify_from = pnConfigGetVar('notify_from'); $errortime = date("m/j/Y at g:i a"); $message .= "" . _ERR404 . "\n\n" . _ERRMAIL404 . " {$REMOTE_ADDR}"; $message .= "" . _ERRMAILON . " {$errortime}.\n\n"; $message .= "" . _ERRMAILURI . " \n" . pnGetBaseURL() . "{$REQUEST_URI}\n\n"; $message .= "" . _ERRMAILREF . "\n{$HTTP_REFERER}\n\n"; # Send the mail message. This assumes mail() will work on your system! // 11-09-01 eugeniobaldi not compliant with PHP < 4.0.5 // pnMail($adminmail, _ERR404REP, $message, "From: $notify_from"); pnMail($adminmail, _ERR404REP, $message); }
<?php if (!defined("LOADED_AS_MODULE")) { die("You cannot access this file directly"); } if (!pnLocalReferer()) { die("You cannot access this file from an external site"); } if (!$url) { die("You must use the {} calling method in your menu, not []"); } $home = pnGetBaseURL(); $home .= "user.php?op=loginscreen&module=NS-User"; if (!pnUserLoggedIn()) { pnRedirect($home); } include "header.php"; echo "<iframe name='dplink' src='{$url}' width='100%' height='1600'\nmarginwidth=0 marginheight=0 frameborder=0></iframe>"; include "footer.php";
/** * Carry out a redirect * * @param the $ URL to redirect to * @returns bool true if redirect successful, false otherwise */ function pnRedirect($redirecturl) { // very basic input validation against HTTP response splitting $redirecturl = str_replace(array('\\r', '\\n', '%0d', '%0a'), '', $redirecturl); // check if the headers have already been sent if (headers_sent()) { return false; } // Always close session before redirect if (function_exists('session_write_close')) { session_write_close(); } if (preg_match('!^http!', $redirecturl)) { // Absolute URL - simple redirect header("Location: {$redirecturl}"); return true; } // Removing leading slashes from redirect url $redirecturl = preg_replace('!^/*!', '', $redirecturl); // Get base URL $baseurl = pnGetBaseURL(); header("Location: {$baseurl}{$redirecturl}"); return true; }
/** * generate a module function URL * * if the module is non-API compliant (type 1) then * a) $func is ignored. * b) $type=admin will generate admin.php?module=... and $type=user will generate index.php?name=... * * @author Jim McDonald <*****@*****.**> * @link http://www.mcdee.net * @param 'modname' the name of the module * @param 'type' the type of function to run * @param 'func' the specific function to run * @param 'args' the array of arguments to put on the URL * @param 'ssl' set to constant null,true,false $ssl = true not $ssl = 'true' null - leave the current status untouched, true - create a ssl url, false - create a non-ssl url * @return sting absolute URL for call */ function pnModURL($modname, $type = 'user', $func = 'main', $args = array(), $ssl = null) { // define input, all numbers and booleans to strings $modname = isset($modname) ? (string) $modname : ''; // validate if (!pnVarValidate($modname, 'mod')) { return null; } //get the module info $modinfo = pnModGetInfo(pnModGetIDFromName($modname)); // set the module name to the display name if this is present if (isset($modinfo['displayname']) && !empty($modinfo['displayname'])) { $modname = rawurlencode($modinfo['displayname']); } // check the type of module $root = 'index.php'; if ($modinfo['type'] == 1) { if ($type == 'admin') { $urlargs[] = "name={$modname}"; $root = 'admin.php'; } else { $urlargs[] = "name={$modname}"; } } else { // The arguments $urlargs[] = "module={$modname}"; if (!empty($type) && $type != 'user') { $urlargs[] = "type={$type}"; } if (!empty($func) && $func != 'main') { $urlargs[] = "func={$func}"; } } $urlargs = join('&', $urlargs); $url = "{$root}?{$urlargs}"; // <rabbitt> added array check on args // April 11, 2003 if (!is_array($args)) { return false; } else { foreach ($args as $k => $v) { if (is_array($v)) { foreach ($v as $l => $w) { $url .= "&{$k}" . "[{$l}]={$w}"; } } else { $url .= "&{$k}={$v}"; } } } // Changes by pnCommerce team + the additional parameter SSL // The URL $url = pnGetBaseURL() . $url; // pnc addon - if ssl is set to true, change protocol to https // otherwise make sure http is used if ($ssl === true) { // itevo $url = str_replace("http://", "https://", $url); } else { if ($ssl === false) { // itevo $url = str_replace("https://", "http://", $url); } } return $url; //End Changes by pnCommerce team }
function PrintPage($sid) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // grab the actual story from the database $column =& $pntable['stories_column']; $result = $dbconn->Execute("SELECT {$column['title']},\n {$column['time']},\n {$column['hometext']},\n {$column['bodytext']},\n {$column['topic']},\n {$column['notes']},\n {$column['cid']},\n {$column['aid']}\n FROM {$pntable['stories']} where {$column['sid']} = '" . pnVarPrepForStore($sid) . "'"); list($title, $time, $hometext, $bodytext, $topic, $notes, $cid, $aid) = $result->fields; if (!isset($title) || $title == '') { include 'header.php'; echo _DBSELECTERROR; include 'footer.php'; exit; } if ($dbconn->ErrorNo() != 0) { include 'header.php'; echo _DBSELECTERROR; include 'footer.php'; exit; } // Get data for "autorise check" // Just a temp. solution; // Print.php needs completely redesign by using getArticles() and genArticleInfo() // fix for Stories::Story, Topics::Topic [larsneo] // find out the cattitle if ($cid == 0) { // Default category $cattitle = "" . _ARTICLES . ""; } else { $catcolumn =& $pntable['stories_cat_column']; $catquery = buildSimpleQuery('stories_cat', array('title'), "{$catcolumn['catid']} = {$cid}"); $catresult = $dbconn->Execute($catquery); list($cattitle) = $catresult->fields; } // find out the topictext $topicscolumn =& $pntable['topics_column']; $topicquery = buildSimpleQuery('topics', array('topictext', 'topicname'), "{$topicscolumn['topicid']} = {$topic}"); $topicresult = $dbconn->Execute($topicquery); list($topictext, $topicname) = $topicresult->fields; if (pnSecAuthAction(0, 'Stories::Story', "{$aid}:{$cattitle}:{$sid}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$topicname}::{$topic}", ACCESS_READ)) { // user is authorised to view Stories::Story and Topics::Topic // Increment the read counter $column =& $pntable['stories_column']; $dbconn->Execute("UPDATE {$pntable['stories']} SET {$column['counter']}={$column['counter']}+1 WHERE {$column['sid']}='" . pnVarPrepForStore($sid) . "'"); $time = $result->UnixTimeStamp($time); $cWhereIsPerso = WHERE_IS_PERSO; if (!empty($cWhereIsPerso)) { include "modules/NS-Multisites/print.inc.php"; } else { $themesarein = ""; $ThemeSel = pnUserGetTheme(); } /* with this code there's no output if wiki is removed [larsneo] pnModAPILoad('Wiki', 'user'); list($title, $hometext, $bodytext, $notes) = pnModAPIFunc('wiki', 'user', 'transform', array('objectid' => $sid, 'extrainfo' => array($title, $hometext, $bodytext, $notes))); */ // call hooks list($title, $hometext, $bodytext, $notes) = pnModCallHooks('item', 'transform', '', array($title, $hometext, $bodytext, $notes)); echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n" . "<html>\n" . "<head><title>" . pnConfigGetVar('sitename') . "</title>\n"; if (defined("_CHARSET") && _CHARSET != "") { echo "<META HTTP-EQUIV=\"Content-Type\" " . "CONTENT=\"text/html; charset=" . _CHARSET . "\">\n"; } //changed to local stylesheet //echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"".$themesarein."themes/$ThemeSel/style/style.css\">"; echo "<style type=\"text/css\">\n" . "<!--\n" . ".print-title {\n" . "background-color: transparent;\n" . "color: #990000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 14px;\n" . "font-weight: bold;\n" . "text-decoration: none;\n" . "}\n" . ".print-sub {\n" . "background-color: transparent;\n" . "color: #000000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 11px;\n" . "font-weight: normal;\n" . "text-decoration: none;\n" . "}\n" . ".print-normal {\n" . "background-color: transparent;\n" . "color: #000000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 12px;\n" . "font-weight: normal;\n" . "text-decoration: none;\n" . "}\n" . ".print {\n" . "color: #000000;\n" . "background-color: #FFFFFF;\n" . "}\n" . "-->\n" . "</style>\n"; echo "</head>\n" . "<body class=\"print\" bgcolor=\"#FFFFFF\" text=\"#000000\">\n" . "\n<table border=\"0\" width=\"85%\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">\n" . "<tr><td>\n" . "<table border=\"0\" width=\"100%\" cellpadding=\"5\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">\n" . "<tr><td>\n" . "<img src=\"" . WHERE_IS_PERSO . "images/" . pnConfigGetVar('site_logo') . "\" border=\"0\" alt=\"" . pnConfigGetVar('sitename') . "\">\n" . "<br /><br />\n" . "<b><font class=\"print-title\">" . pnVarPrepHTMLDisplay($title) . "</font></b><br /><br />\n" . "<font class=\"print-sub\">" . pnVarPrepHTMLDisplay($cattitle) . " / " . pnVarPrepHTMLDisplay($topictext) . "<br />\n" . "<b>" . _DATE . ":</b> " . ml_ftime(_DATETIMEBRIEF, $time) . "</font>\n" . "</td></tr>\n" . "<tr><td>\n" . "<font class=\"print-normal\">" . pnVarPrepHTMLDisplay($hometext) . "<br /><br />\n"; if (!empty($bodytext)) { echo pnVarPrepHTMLDisplay($bodytext) . "<br />\n"; } if (!empty($notes)) { echo pnVarPrepHTMLDisplay($notes) . "<br />\n"; } else { echo "<br />\n"; } echo "</font>\n" . "</td></tr>\n" . "<tr><td>\n" . "<hr size=\"1\"><font class=\"print-normal\">\n" . "" . _COMESFROM . " " . pnConfigGetVar('sitename') . "<br />\n" . "<a class=\"print-normal\" href=\"" . pnGetBaseURL() . "\">" . pnGetBaseURL() . "</a>\n" . "<br /><br />\n" . "" . _THEURL . "" . "<br />\n" . "<a class=\"print-normal\" href=\"" . pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}\">" . pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}" . "</a>\n" . "</font>\n" . "</td></tr>\n" . "</table>\n</td></tr>\n</table>\n" . "</body>\n" . "</html>\n"; } else { // user is not authorised to view Stories::Story and Topics::Topic include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } }