/**
* Log the user in
* @param uname the name of the user logging in
* @param pass the password of the user logging in
* @param whether or not to remember this login
* @returns bool
* @return true if the user successfully logged in, false otherwise
*/
function pnUserLogIn($uname, $pass, $rememberme)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnUserLoggedIn()) {
// Get user information
$userscolumn =& $pntable['users_column'];
$userstable = $pntable['users'];
$query = "SELECT {$userscolumn['uid']},\n {$userscolumn['pass']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
return false;
}
list($uid, $realpass) = $result->fields;
$result->Close();
// Confirm that passwords match
if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
return false;
}
// Set user session information (new table)
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "UPDATE {$sessioninfotable}\n SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
$dbconn->Execute($query);
// Set session variables
pnSessionSetVar('uid', (int) $uid);
if (!empty($rememberme)) {
pnSessionSetVar('rememberme', 1);
}
}
return true;
}
/**
* confirm an authorisation key is valid
* <br>
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
* @public
* @returns bool
* @return true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey($preview = false)
{
list($module, $authid) = pnVarCleanFromInput('module', 'authid');
// Regenerate static part of key
$partkey = pnSessionGetVar('rand') . strtolower($module);
if (md5($partkey) == $authid) {
// Match - generate new random number for next key and leave happy
if (!$preview) {
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
// Not found, assume invalid
return false;
}
/**
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
*/
function template_admin_updateconfig()
{
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
$bold = pnVarCleanFromInput('bold');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Template', 'admin', 'view'));
return true;
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be unset, so it is important to check them all and assign them
// default values if required
if (!isset($bold)) {
$bold = 0;
}
pnModSetVar('template', 'bold', $bold);
if (!isset($itemsperpage)) {
$itemsperpage = 10;
}
pnModSetVar('template', 'itemsperpage', $itemsperpage);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect(pnModURL('Template', 'admin', 'view'));
// Return
return true;
}
/**
* Selects all of a given item from database.
*
* @param $from STRING required table name to select items from.
* @return array of options for dropdowns.
*/
function Meds_userapi_DBselect($args)
{
// Initialize the return variable early on.
$select = array();
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
return $select;
}
// Define table to select from. (comparable to $object in other functions)
$from = (string) $args['from'];
// Define tables that can be selected from for dropdowns.
$tables = array('chem', 'company', 'moa', 'preserve');
// Ensure a valid table name was passed.
if (!in_array($from, $tables)) {
pnSessionSetVar('errormsg', 'Error selecting table from database.');
return false;
}
// Get database connection and tables references.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Dynamically create the table/field references based on $from.
$table =& $pntable['rx_' . $from];
$field =& $pntable['rx_' . $from . '_column'];
// Dynamically create the $id_field to select by.
$id_field = substr($from, 0, 4) . '_id';
// Create SQL to select the id and name of the item.
$sql = "SELECT {$field[$id_field]},\n {$field['name']}\n FROM {$table}\n ORDER BY {$field['name']}";
// Execute query.
$result = $dbconn->Execute($sql);
// Check for database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// Loop through $result set.
for (; !$result->EOF; $result->MoveNext()) {
// Extract data from result set.
list($id, $name) = $result->fields;
// Assign the data to the select array.
$select[$id] = array($id_field => $id, 'name' => $name);
}
// Close $result set.
$result->Close();
// Return.
return $select;
}
/**
* confirm an authorisation key is valid
* <br />
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
*
* @public
* @return bool true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey()
{
list($module, $authid) = pnVarCleanFromInput('module', 'authid');
// get the module info
$modinfo = pnModGetInfo(pnModGetIDFromName($module));
// Regenerate static part of key
$partkey = pnSessionGetVar('rand') . strtolower($modinfo['name']);
// Not using time-sensitive keys for the moment
// // Key life is 5 minutes, so search backwards and forwards 5
// // minutes to see if there is a match anywhere
// for ($i=-5; $i<=5; $i++) {
// $testdate = mktime(date('G'), date('i')+$i, 0, date('m') , date('d'), date('Y'));
// $testauthid = md5($partkey . date('YmdGi', $testdate));
// if ($testauthid == $authid) {
// // Match
// // We've used up the current random
// // number, make up a new one
// srand((double)microtime()*1000000);
// pnSessionSetVar('rand', rand());
// return true;
// }
// }
if (md5($partkey) == $authid) {
// Match - generate new random number for next key and leave happy
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
return true;
}
// Not found, assume invalid
return false;
}
/**
* Initialise PostNuke
* <br>
* Carries out a number of initialisation tasks to get PostNuke up and
* running.
* @returns void
*/
function pnInit()
{
// proper error_repoting
// e_all for development
// error_reporting(E_ALL);
// without warnings and notices for release
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_DEPRECATED);
// Hack for some weird PHP systems that should have the
// LC_* constants defined, but don't
if (!defined('LC_TIME')) {
define('LC_TIME', 'LC_TIME');
}
// ADODB configuration
define('ADODB_DIR', 'pnadodb');
require 'pnadodb/adodb.inc.php';
// Temporary fix for hacking the hlpfile global
// TODO - remove with pre-0.71 code
global $hlpfile;
$hlpfile = '';
// Initialise and load configuration
global $pnconfig, $pndebug;
$pnconfig = array();
include 'config.php';
// Set up multisites
// added this @define for .71, ugly ?
// i guess the E_ALL stuff.
@define('WHERE_IS_PERSO', '');
// Initialise and load pntables
global $pntable;
$pntable = array();
// if a multisite has its own pntables.
if (file_exists(WHERE_IS_PERSO . 'pntables.php')) {
include WHERE_IS_PERSO . 'pntables.php';
} else {
require 'pntables.php';
}
// Decode encoded DB parameters
if ($pnconfig['encoded']) {
$pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
$pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
$pnconfig['encoded'] = 0;
}
// Connect to database
if (!pnDBInit()) {
die('Database initialisation failed');
}
// debugger if required
if ($pndebug['debug']) {
include_once 'includes/lensdebug.inc.php';
global $dbg, $debug_sqlcalls;
$dbg = new LensDebug();
$debug_sqlcalls = 0;
}
// Build up old config array
pnConfigInit();
// Set compression on if desired
//
if (pnConfigGetVar('UseCompression') == 1) {
ob_start("ob_gzhandler");
}
// Other includes
include 'includes/pnSession.php';
include 'includes/pnUser.php';
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
include 'includes/security.php';
// See if a language update is required
$newlang = pnVarCleanFromInput('newlang');
if (!empty($newlang)) {
$lang = $newlang;
pnSessionSetVar('lang', $newlang);
} else {
$lang = pnSessionGetVar('lang');
}
// Load global language defines
if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
$currentlang = $lang;
} else {
$currentlang = pnConfigGetVar('language');
pnSessionSetVar('lang', $currentlang);
}
include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
include 'modules/NS-Languages/api.php';
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
$pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
if ($pnAntiCrackerMode == 1) {
pnSecureInput();
}
// Banner system
include 'includes/pnBanners.php';
// Other other includes
include 'includes/advblocks.php';
include 'includes/counter.php';
include 'includes/pnHTML.php';
include 'includes/pnMod.php';
include 'includes/queryutil.php';
include 'includes/xhtml.php';
include 'includes/oldfuncs.php';
// Handle referer
if (pnConfigGetVar('httpref') == 1) {
include 'referer.php';
httpreferer();
}
return true;
}
/**
* load an API for a module
* @param modname - registered name of the module
* @param type - type of functions to load
* @returns bool
* @return true on success, false on failure
*/
function pnModAPILoad($modname, $type = 'user')
{
static $loaded = array();
if (empty($modname)) {
return false;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!empty($loaded["{$modname}{$type}"])) {
// Already loaded from somewhere else
return true;
}
$modulestable = $pntable['modules'];
$modulescolumn =& $pntable['modules_column'];
$query = "SELECT {$modulescolumn['name']},\n {$modulescolumn['directory']},\n {$modulescolumn['state']}\n FROM {$modulestable}\n WHERE {$modulescolumn['name']} = '" . pnVarPrepForStore($modname) . "'";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
pnSessionSetVar('errmsg', "Unknown module {$modname}");
return false;
}
list($name, $directory, $state) = $result->fields;
$result->Close();
list($osdirectory, $ostype) = pnVarPrepForOS($directory, $type);
$osfile = "modules/{$osdirectory}/pn{$ostype}api.php";
if (!file_exists($osfile)) {
// File does not exist
return false;
}
// Load the file
include $osfile;
$loaded["{$modname}{$type}"] = 1;
// Load the module language files
$currentlang = pnUserGetLang();
$defaultlang = pnConfigGetVar('language');
if (empty($defaultlang)) {
$defaultlang = 'eng';
}
list($oscurrentlang, $osdefaultlang) = pnVarPrepForOS($currentlang, $defaultlang);
if (file_exists("modules/{$osdirectory}/pnlang/{$oscurrentlang}/{$ostype}api.php")) {
include "modules/{$osdirectory}/pnlang/{$oscurrentlang}/{$ostype}api.php";
} elseif (file_exists("modules/{$osdirectory}/pnlang/{$osdefaultlang}/{$ostype}api.php")) {
include "modules/{$osdirectory}/pnlang/{$osdefaultlang}/{$ostype}api.php";
}
// Load datbase info
pnModDBInfoLoad($modname, $directory);
return true;
}
function Lenses_adminapi_update_lens($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments. In this case, $lens.
extract($args);
// Extract lens array.
extract($lens_data);
// Ensure valid values were passed in.
if (empty($tid) || !is_numeric($tid) || empty($name) || !is_string($name)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Check if lens exists.
if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $tid, 'item_type' => 'lens'))) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// Define table and column to work with.
$lenses_table =& $pntable['lenses'];
$lenses_field =& $pntable['lenses_column'];
// NOTE: We need to take care of a few preliminaries
// before passing the data off to the database
// for storage. Specifically:
// 1) Get today's date - $updated
// Today's date.
$updated = date('Y-m-d');
// NOTE: There would typically be a list() of all variables here
// which would be prepped for db storage before being used
// in the $sql query below. This is not the case when the
// new lens is being inserted as this effectively adds apx
// 165 lines of code between here and the $sql query. The
// data is instead cleaned, still via pnVarPrepForStore(),
// as it would have been done here in a list(); the only
// difference here is that the data is cleaned AS the $sql
// query string is created, instead of BEFOREHAND.
// Create sql to insert lens.
$sql = "UPDATE {$lenses_table}\n SET {$lenses_field['name']} = '" . pnVarPrepForStore($name) . "',\n {$lenses_field['aliases']} = '" . pnVarPrepForStore($aliases) . "',\n {$lenses_field['comp_id']} = '" . pnVarPrepForStore($comp_id) . "',\n {$lenses_field['poly_id']} = '" . pnVarPrepForStore($poly_id) . "',\n {$lenses_field['visitint']} = '" . pnVarPrepForStore($visitint) . "',\n {$lenses_field['ew']} = '" . pnVarPrepForStore($ew) . "',\n {$lenses_field['ct']} = '" . pnVarPrepForStore($ct) . "',\n {$lenses_field['dk']} = '" . pnVarPrepForStore($dk) . "',\n {$lenses_field['oz']} = '" . pnVarPrepForStore($oz) . "',\n {$lenses_field['process_text']} = '" . pnVarPrepForStore($process_text) . "',\n {$lenses_field['process_simple']} = '" . pnVarPrepForStore($process_simple) . "',\n {$lenses_field['qty']} = '" . pnVarPrepForStore($qty) . "',\n {$lenses_field['replace_simple']} = '" . pnVarPrepForStore($replace_simple) . "',\n {$lenses_field['replace_text']} = '" . pnVarPrepForStore($replace_text) . "',\n {$lenses_field['wear']} = '" . pnVarPrepForStore($wear) . "',\n {$lenses_field['price']} = '" . pnVarPrepForStore($price) . "',\n {$lenses_field['markings']} = '" . pnVarPrepForStore($markings) . "',\n {$lenses_field['fitting_guide']} = '" . pnVarPrepForStore($fitting_guide) . "',\n {$lenses_field['website']} = '" . pnVarPrepForStore($website) . "',\n {$lenses_field['image']} = '" . pnVarPrepForStore($image) . "',\n {$lenses_field['other_info']} = '" . pnVarPrepForStore($other_info) . "',\n {$lenses_field['discontinued']} = '" . pnVarPrepForStore($discontinued) . "',\n {$lenses_field['display']} = '" . pnVarPrepForStore($display) . "',\n {$lenses_field['redirect']} = '" . pnVarPrepForStore($redirect) . "',\n {$lenses_field['bc_simple']} = '" . pnVarPrepForStore($bc_simple) . "',\n\t\t\t\t {$lenses_field['bc_all']} \t= '" . pnVarPrepForStore($bc_all) . "',\n {$lenses_field['max_plus']} = '" . pnVarPrepForStore($max_plus) . "',\n {$lenses_field['max_minus']} = '" . pnVarPrepForStore($max_minus) . "',\n {$lenses_field['max_diam']} = '" . pnVarPrepForStore($max_diam) . "',\n {$lenses_field['min_diam']} = '" . pnVarPrepForStore($min_diam) . "',\n {$lenses_field['diam_1']} = '" . pnVarPrepForStore($diam_1) . "',\n {$lenses_field['base_curves_1']} = '" . pnVarPrepForStore($base_curves_1) . "',\n {$lenses_field['powers_1']} = '" . pnVarPrepForStore($powers_1) . "',\n {$lenses_field['diam_2']} = '" . pnVarPrepForStore($diam_2) . "',\n {$lenses_field['base_curves_2']} = '" . pnVarPrepForStore($base_curves_2) . "',\n {$lenses_field['powers_2']} = '" . pnVarPrepForStore($powers_2) . "',\n {$lenses_field['diam_3']} = '" . pnVarPrepForStore($diam_3) . "',\n {$lenses_field['base_curves_3']} = '" . pnVarPrepForStore($base_curves_3) . "',\n {$lenses_field['powers_3']} = '" . pnVarPrepForStore($powers_3) . "',\n\t\t\t\t {$lenses_field['sph_notes']} = '" . pnVarPrepForStore($sph_notes) . "',\n \n {$lenses_field['toric']} = '" . pnVarPrepForStore($toric) . "',\n {$lenses_field['toric_type']} = '" . pnVarPrepForStore($toric_type) . "',\n {$lenses_field['toric_type_simple']} = '" . pnVarPrepForStore($toric_type_simple) . "',\n {$lenses_field['cyl_power']} = '" . pnVarPrepForStore($cyl_power) . "',\n {$lenses_field['max_cyl_power']} = '" . pnVarPrepForStore($max_cyl_power) . "',\n {$lenses_field['cyl_axis']} = '" . pnVarPrepForStore($cyl_axis) . "',\n {$lenses_field['cyl_axis_steps']} = '" . pnVarPrepForStore($cyl_axis_steps) . "',\n {$lenses_field['oblique']} = '" . pnVarPrepForStore($oblique) . "',\n\t\t\t\t {$lenses_field['cyl_notes']} = '" . pnVarPrepForStore($cyl_notes) . "',\n \n {$lenses_field['bifocal']} = '" . pnVarPrepForStore($bifocal) . "',\n {$lenses_field['bifocal_type']} = '" . pnVarPrepForStore($bifocal_type) . "',\n {$lenses_field['add_text']} = '" . pnVarPrepForStore($add_text) . "',\n {$lenses_field['max_add']} = '" . pnVarPrepForStore($max_add) . "',\n {$lenses_field['cosmetic']} = '" . pnVarPrepForStore($cosmetic) . "',\n {$lenses_field['enh_names']} = '" . pnVarPrepForStore($enh_names) . "',\n {$lenses_field['enh_names_simple']} = '" . pnVarPrepForStore($enh_names_simple) . "',\n {$lenses_field['opaque_names']} = '" . pnVarPrepForStore($opaque_names) . "',\n {$lenses_field['opaque_names_simple']} = '" . pnVarPrepForStore($opaque_names_simple) . "',\n {$lenses_field['updated']} = '" . date('Y-m-d') . "'\n WHERE {$lenses_field['tid']} = '" . (int) pnVarPrepForStore($tid) . "'\n ";
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATEFAILED . '<br />' . mysql_error());
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
function modules_admin_regenerate()
{
// Security check
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
// Load in API
pnModAPILoad('Modules', 'admin');
// Regenerate modules
if (pnModAPIFunc('Modules', 'admin', 'regenerate')) {
// Success
pnSessionSetVar('statusmsg', _MODREGENERATED);
}
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
/**
* upgrade the template module from an old version
* This function can be called multiple times
*/
function template_upgrade($oldversion)
{
// Upgrade dependent on old version number
switch ($oldversion) {
case 0.5:
// Version 0.5 didn't have a 'number' field, it was added
// in version 1.0
// Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
// return arrays but we handle them differently. For pnDBGetConn()
// we currently just want the first item, which is the official
// database handle. For pnDBGetTables() we want to keep the entire
// tables array together for easy reference later on
// This code could be moved outside of the switch statement if
// multiple upgrades need it
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// It's good practice to name the table and column definitions you
// are getting - $table and $column don't cut it in more complex
// modules
// This code could be moved outside of the switch statement if
// multiple upgrades need it
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Add a column to the table - the formatting here is not
// mandatory, but it does make the SQL statement relatively easy
// to read. Also, separating out the SQL statement from the
// Execute() command allows for simpler debug operation if it is
// ever needed
$sql = "ALTER TABLE {$templatetable}\n ADD {$templatecolumn['number']} int(5) NOT NULL default 0";
$dbconn->Execute($sql);
// Check for an error with the database code, and if so set an
// appropriate error message and return
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATETABLEFAILED);
return false;
}
// At the end of the successful completion of this function we
// recurse the upgrade to handle any other upgrades that need
// to be done. This allows us to upgrade from any version to
// the current version with ease
return template_upgrade(1.0);
case 1.0:
// Code to upgrade from version 1.0 goes here
break;
case 2.0:
// Code to upgrade from version 2.0 goes here
break;
}
// Update successful
return true;
}
/** Initialise session.
* @return bool
*/
function pnSessionInit()
{
global $HTTP_SERVER_VARS;
// Fetch database aliases
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// First thing we do is ensure that there is no attempted pollution
// of the session namespace
foreach ($GLOBALS as $k => $v) {
if (preg_match('/^PNSV/', $k)) {
return false;
}
}
// Kick it
session_start();
// Have to re-write the cache control header to remove no-save, this
// allows downloading of files to disk for application handlers
// adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al.
// any strange behaviour encountered, revert to commented out code.
//Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
Header('Cache-Control: cache');
// Get session id
$sessid = session_id();
// Get (actual) client IP addr
$ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR'];
if (empty($ipaddr)) {
$ipaddr = getenv('REMOTE_ADDR');
}
if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
$ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
}
$tmpipaddr = getenv('HTTP_CLIENT_IP');
if (!empty($tmpipaddr)) {
$ipaddr = $tmpipaddr;
}
if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
$ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
}
$tmpipaddr = getenv('HTTP_X_FORWARDED_FOR');
if (!empty($tmpipaddr)) {
$ipaddr = preg_replace('/,.*/', '', $tmpipaddr);
}
// END IP addr retrieval
// Table columns used to store session data in database
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
// Find out if session already exists
$query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
// Die on any error except "no results"
// Session already exists, we define it as current
if (!$result->EOF) {
$result->Close();
pnSessionCurrent($sessid);
} else {
pnSessionNew($sessid, $ipaddr);
// Generate a random number, used for
// some authentication
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
function httpreferer()
{
/***
* Here we set up some variables for the rest of the script.
* if you want to see whats going on, set $DEBUG to 1
* I use $httphost here because i dont want to deal with the need to have
* to see if $nuke_url is set correctly and whatnot. if you prefer to use
* $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines.
*/
$DEBUG = 0;
$httpreferer = pnServerGetVar('HTTP_REFERER');
$httphost = pnServerGetVar('HTTP_HOST');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if ($DEBUG == 1) {
echo 'HTTP_HOST = ' . pnVarPrepForDisplay($httphost) . '<br /> HTTP_REFERER = ' . pnVarPrepForDisplay($httpreferer) . '<br />';
}
/***
* This is the first thing we need to check. what this does is see if
* HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming
* from our own domain.
*/
if (!ereg("{$httphost}", $httpreferer)) {
/***
* If $httpreferer is not set, set $httpreferer to value "bookmark"
* This is to show how many people have this bookmarked or type in the
* URL into the browser. also so we dont have empty referers.
*/
if ($httpreferer == '') {
$httpreferer = 'bookmark';
}
$httpreferer = trim($httpreferer);
$writeref = true;
$refex = pnConfigGetVar('httprefexcluded');
if (!empty($refex)) {
$refexclusion = explode(' ', $refex);
$count = count($refexclusion);
$eregicondition = "((";
for ($i = 0; $i < $count; $i++) {
if ($i != $count - 1) {
$eregicondition .= $refexclusion[$i] . ")|(";
} else {
$eregicondition .= $refexclusion[$i] . "))";
}
}
if (eregi($eregicondition, $httpreferer)) {
$writeref = false;
}
}
if ($writeref == true) {
// grab a reference to our table column defs for easier reading below
$column =& $pntable['referer_column'];
/***
* Lets select from the table where we have $httpreferer (whether it be
* a valid referer or 'bookmark'. if we return 1 row, that means someones
* used this referer before and update the set appropriatly.
*
* If we dont have any rows (it returns 0), we have a new entry in the
* table, update accordingly.
*
* After we figure out what SQL statement we are using, lets perform the
* query and we're done !
*/
$check_sql = "SELECT count({$column['rid']}) as c\n FROM {$pntable['referer']}\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
$result =& $dbconn->Execute($check_sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return false;
}
$row = $result->fields;
$count = $row[0];
if ($count == 1) {
$update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
} else {
/***
* "auto-increment" isn't portable so we have to use the standard
* interface for grabbing sequence numbers. The underlying
* implementation handles the correct method for the RDBMS we are
* using.
*/
$rid = $dbconn->GenId($pntable['referer'], true);
$update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($httpreferer) . "',\n 1)";
}
$result =& $dbconn->Execute($update_sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return false;
}
if ($DEBUG == 1) {
echo "<br />" . $check_sql . "<br />" . $update_sql . "<br />";
}
}
}
}
function pollCollector($pollID, $voteID, $forwarder)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// Check that the user hasn't voted for this poll already
if (pnSessionGetVar("poll_voted{$pollID}")) {
$warn = "You already voted today!";
} else {
pnSessionSetVar("poll_voted{$pollID}", 1);
$column =& $pntable['poll_data_column'];
$dbconn->Execute("UPDATE {$pntable['poll_data']} SET {$column['optioncount']}={$column['optioncount']}+1 WHERE ({$column['pollid']}=" . (int) pnVarPrepForStore($pollID) . ") AND ({$column['voteid']}=" . (int) pnVarPrepForStore($voteID) . ")");
$column =& $pntable['poll_desc_column'];
$dbconn->Execute("UPDATE {$pntable['poll_desc']} SET {$column['voters']}={$column['voters']}+1 WHERE {$column['pollid']}=" . (int) pnVarPrepForStore($pollID) . "");
}
pnRedirect($forwarder);
}
function Lenses_delete()
{
// Get a reference to the database connection and PN tables.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Create a new data object.
$dict =& NewDataDictionary($dbconn);
// The SQL to delete all module tables is setup inside $schema.
// Notable is that table names are passed directly by reference
// instead of pre-assigning the references to an intermediary
// variable. Setting up the tables as $schema allows for a loop
// to delete all tables with only a single block of table-deletion
// and error-checking code.
$schema[] = $dict->DropTableSQL(&$pntable['lenses']);
$schema[] = $dict->DropTableSQL(&$pntable['lenses_companies']);
$schema[] = $dict->DropTableSQL(&$pntable['lenses_polymers']);
// Loop through $schema array.
foreach ($schema as $sqlarray) {
// Run SQL query and check for database error.
if ($dict->ExecuteSQLArray($sqlarray) != 2) {
// Set an error message.
pnSessionSetVar('errormsg', _LENSES_DROP_TABLE_FAILURE);
// Report failure.
return false;
}
}
// Delete any lingering module variables.
pnModDelVar('Lenses');
// Module deletion successful. Report success.
return true;
}
function dplink_admin_updateconfig()
{
// Get parameters from whatever input we need.
$_loc = pnVarCleanFromInput('url');
$_window = pnVarCleanFromInput('use_window');
$_wrap = pnVarCleanFromInput('use_postwrap');
// Confirm authorisation code.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('dplink', 'admin', ''));
return true;
}
// Update module variables.
pnModSetVar('dplink', 'url', $_loc);
pnModSetVar('dplink', 'use_window', $_window);
pnModSetVar('dplink', 'use_postwrap', $_wrap);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect('admin.php');
// Return
return true;
}
/**
* Checks if user controlled block state
*
* Checks if the user has a state set for a current block
* Sets the default state for that block if not present
*
* @access private
*/
function pnCheckUserBlock($row)
{
if (!isset($row['bid'])) {
$row['bid'] = '';
}
if (pnUserLoggedIn()) {
$uid = pnUserGetVar('uid');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['userblocks_column'];
$sql = "SELECT {$column['active']}\n\t\t FROM {$pntable['userblocks']}\n\t\t WHERE {$column['bid']} = '" . pnVarPrepForStore($row['bid']) . "'\n\t\t\t AND {$column['uid']} = '" . pnVarPrepForStore($uid) . "'";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return true;
}
if ($result->EOF) {
$uid = pnVarPrepForStore($uid);
$row['bid'] = pnVarPrepForStore($row['bid']);
$sql = "INSERT INTO {$pntable['userblocks']}\n\t\t\t \t\t ({$column['uid']},\n\t\t\t\t\t \t\t\t{$column['bid']},\n\t\t\t\t\t \t\t\t{$column['active']})\n\t\t\t\t\tVALUES (" . pnVarPrepForStore($uid) . ",\n\t\t\t\t\t '{$row['bid']}',\n\t\t\t\t\t\t\t" . pnVarPrepForStore($row['defaultstate']) . ")";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return true;
}
return true;
} else {
list($active) = $result->fields;
return $active;
}
} else {
return false;
}
}
function Lenses_userapi_search_report($args)
{
$time = pnVarCleanFromInput('time');
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) {
return $items_array;
}
extract($args);
$items_array = array();
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
$table =& $pntable['lenses_stats'];
$field =& $pntable['lenses_stats_column'];
$lens_table =& $pntable['lenses'];
$lens_field =& $pntable['lenses_column'];
$sql = "SELECT {$field['id']}, {$lens_field['name']}, {$field['this_month']}, {$field['last_month']}, {$field['total']}\n \t\tFROM {$table}, {$lens_table}\n\t\t\t\t\t\tWHERE {$field['id']} = {$lens_field['tid']} \n \t\t\tORDER BY {$field[$time]} DESC LIMIT 0,40";
//print ($sql);
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// A switch to extract the data from a given result set.
for (; !$result->EOF; $result->MoveNext()) {
list($id, $name, $total, $last_month, $this_month) = $result->fields;
$items_array[] = array('id' => $id, 'name' => $name, 'total' => $total, 'last_month' => $last_month, 'this_month' => $this_month);
}
$result->Close();
//print_r($items_array);
return $items_array;
}
function Lenses_userapi_getall($args)
{
$items_array = array();
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) {
return $items_array;
}
extract($args);
// Ensure valid values were passed in.
if (empty($item_type) || !is_string($item_type)) {
echo 'HERERE<br />';
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// A switch to choose the proper table.
switch ($item_type) {
case 'lenses':
$table =& $pntable['lenses'];
$field =& $pntable['lenses_column'];
break;
case 'companies':
$table =& $pntable['lenses_companies'];
$field =& $pntable['lenses_companies_column'];
break;
case 'polymers':
$table =& $pntable['lenses_polymers'];
$field =& $pntable['lenses_polymers_column'];
break;
default:
break;
}
// SQL string to select the proper sphere.
$sql = "SELECT *\n FROM {$table}\n WHERE {$field['tid']} > '0'\n ORDER BY {$field['tid']}";
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// A switch to extract the data from a given result set.
switch ($item_type) {
case 'lenses':
for (; !$result->EOF; $result->MoveNext()) {
list($tid, $name, $aliases, $comp_id, $poly_id, $visitint, $ew, $ct, $dk, $oz, $qty, $price, $wear, $markings, $process_simple, $process_text, $replace_simple, $replace_text, $website, $fitting_guide, $image, $discontinued, $display, $redirect, $keywords, $other_info, $bc_flat, $bc_med, $bc_steep, $max_plus, $max_minus, $max_diam, $min_diam, $diam_1, $powers_1, $base_curves_1, $diam_2, $powers_2, $base_curves_2, $diam_3, $powers_3, $base_curves_3, $sphere_alt, $bifocal, $bifocal_type, $add_text, $max_add, $toric, $toric_type, $toric_type_simple, $cyl_power, $max_cyl_power, $cyl_axis, $cyl_axis_steps, $oblique, $cyl_alt, $cosmetic, $enh_names, $opaque_names, $e_aqua, $e_amber, $e_blue, $e_brown, $e_gray, $e_green, $e_hazel, $e_honey, $e_violet, $e_sports, $e_novelty, $o_aqua, $o_amber, $o_blue, $o_brown, $o_gray, $o_green, $o_hazel, $o_honey, $o_violet, $o_sports, $o_novelty, $color_images, $updated) = $result->fields;
$items_array[$tid] = array('tid' => $tid, 'name' => $name, 'aliases' => $aliases, 'comp_id' => $comp_id, 'poly_id' => $poly_id, 'visitint' => $visitint, 'ew' => $ew, 'ct' => $ct, 'dk' => $dk, 'oz' => $oz, 'qty' => $qty, 'price' => $price, 'wear' => $wear, 'markings' => $markings, 'process_simple' => $process_simple, 'process_text' => $process_text, 'replace_simple' => $replace_simple, 'replace_text' => $replace_text, 'website' => $website, 'fitting_guide' => $fitting_guide, 'image' => $image, 'discontinued' => $discontinued, 'display' => $display, 'redirect' => $redirect, 'keywords' => $keywords, 'other_info' => $other_info, 'bc_flat' => $bc_flat, 'bc_med' => $bc_med, 'bc_steep' => $bc_steep, 'max_plus' => $max_plus, 'max_minus' => $max_minus, 'max_diam' => $max_diam, 'min_diam' => $min_diam, 'diam_1' => $diam_1, 'powers_1' => $powers_1, 'base_curves_1' => $base_curves_1, 'diam_2' => $diam_2, 'powers_2' => $powers_2, 'base_curves_2' => $base_curves_2, 'diam_3' => $diam_3, 'powers_3' => $powers_3, 'base_curves_3' => $base_curves_3, 'sphere_alt' => $sphere_alt, 'bifocal' => $bifocal, 'bifocal_type' => $bifocal_type, 'bifocal_type_simple' => $bifocal_type_simple, 'add_text' => $add_text, 'max_add' => $max_add, 'toric' => $toric, 'toric_type' => $toric_type, 'toric_type_simple' => $toric_type_simple, 'cyl_power' => $cyl_power, 'max_cyl_power' => $max_cyl_power, 'cyl_axis' => $cyl_axis, 'cyl_axis_steps' => $cyl_axis_steps, 'oblique' => $oblique, 'cyl_alt' => $cyl_alt, 'cosmetic' => $cosmetic, 'enh_names' => $enh_names, 'opaque_names' => $opaque_names, 'e_aqua' => $e_aqua, 'e_amber' => $e_amber, 'e_blue' => $e_blue, 'e_brown' => $e_brown, 'e_gray' => $e_gray, 'e_green' => $e_green, 'e_hazel' => $e_hazel, 'e_honey' => $e_honey, 'e_violet' => $e_violet, 'e_sports' => $e_sports, 'e_novelty' => $e_novelty, 'o_aqua' => $o_aqua, 'o_amber' => $o_amber, 'o_blue' => $o_blue, 'o_brown' => $o_brown, 'o_gray' => $o_gray, 'o_green' => $o_green, 'o_hazel' => $o_hazel, 'o_honey' => $o_honey, 'o_violet' => $o_violet, 'o_sports' => $o_sports, 'o_novelty' => $o_novelty, 'color_images' => $color_images, 'updated' => $updated);
}
break;
case 'companies':
for (; !$result->EOF; $result->MoveNext()) {
list($tid, $name, $address, $city, $state, $zip, $phone, $email, $url, $desc) = $result->fields;
$items_array[$tid] = array('tid' => $tid, 'name' => $name, 'address' => $address, 'city' => $city, 'state' => $state, 'zip' => $zip, 'phone' => $phone, 'email' => $email, 'url' => $url, 'desc' => $desc);
}
break;
case 'polymers':
for (; !$result->EOF; $result->MoveNext()) {
list($tid, $fda_grp, $h2o, $name, $desc) = $result->fields;
$items_array[$tid] = array('tid' => $tid, 'fda_grp' => $fda_grp, 'h2o' => $h2o, 'name' => $name, 'desc' => $desc);
}
break;
default:
break;
}
$result->Close();
return $items_array;
}
function Lenses_adminapi_update_polymer($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments. In this case, $polymer.
extract($args);
// Extract polymer array.
extract($polymer);
// Ensure valid values were passed in.
if (empty($poly_tid) || !is_numeric($poly_tid) || empty($fda_grp) || !is_numeric($fda_grp) || empty($h2o) || !is_string($h2o) || empty($poly_name) || !is_string($poly_name) || empty($poly_desc) || !is_string($poly_desc)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// NOTE: No check for alt field as it can be empty.
// Check if polymer exists.
if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $poly_tid, 'item_type' => 'polymer'))) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// Define table and column to work with.
$polymers_table =& $pntable['lenses_polymers'];
$polymers_field =& $pntable['lenses_polymers_column'];
// Prep data for storage in database.
list($poly_tid, $fda_grp, $h2o, $name, $poly_desc) = pnVarPrepForStore($poly_tid, $fda_grp, $h2o, $name, $poly_desc);
// Create SQL string to update the polymer record.
$sql = "UPDATE {$polymers_table}\n SET {$polymers_field['fda_grp']} \t\t= '{$fda_grp}',\n {$polymers_field['h2o']} \t\t= '{$h2o}',\n {$polymers_field['poly_name']} \t= '{$poly_name}',\n {$polymers_field['poly_desc']} \t= '{$poly_desc}'\n WHERE {$polymers_field['poly_tid']} \t= '{$poly_tid}'";
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATEFAILED);
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
/**
* get a specific item
* @param $args['tid'] id of example item to get
* @returns array
* @return item array, or false on failure
*/
function template_userapi_get($args)
{
// Get arguments from argument array - all arguments to this function
// should be obtained from the $args array, getting them from other places
// such as the environment is not allowed, as that makes assumptions that
// will not hold in future versions of PostNuke
extract($args);
// Argument check - make sure that all required arguments are present, if
// not then set an appropriate error message and return
if (!isset($tid)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
// return arrays but we handle them differently. For pnDBGetConn() we
// currently just want the first item, which is the official database
// handle. For pnDBGetTables() we want to keep the entire tables array
// together for easy reference later on
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// It's good practice to name the table and column definitions you are
// getting - $table and $column don't cut it in more complex modules
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Get item - the formatting here is not mandatory, but it does make the
// SQL statement relatively easy to read. Also, separating out the sql
// statement from the Execute() command allows for simpler debug operation
// if it is ever needed
$sql = "SELECT {$templatecolumn['name']},\n {$templatecolumn['number']}\n FROM {$templatetable}\n WHERE {$templatecolumn['tid']} = '" . pnVarPrepForStore($tid) . "'";
$result = $dbconn->Execute($sql);
// Check for an error with the database code, and if so set an appropriate
// error message and return
if ($dbconn->ErrorNo() != 0) {
return false;
}
// Check for no rows found, and if so return
if ($result->EOF) {
return false;
}
// Obtain the item information from the result set
list($name, $number) = $result->fields;
// All successful database queries produce a result set, and that result
// set should be closed when it has been finished with
$result->Close();
// Security check - important to do this as early on as possible to avoid
// potential security holes or just too much wasted processing. Although
// this one is a bit late in the function it is as early as we can do it as
// this is the first time we have the relevant information
if (!pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
return false;
}
// Create the item array
$item = array('tid' => $tid, 'name' => $name, 'number' => $number);
// Return the item array
return $item;
}
/**
* update a template item
* @param $args['tid'] the ID of the item
* @param $args['name'] the new name of the item
* @param $args['number'] the new number of the item
*/
function template_adminapi_update($args)
{
// Get arguments from argument array - all arguments to this function
// should be obtained from the $args array, getting them from other
// places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
extract($args);
// Argument check - make sure that all required arguments are present,
// if not then set an appropriate error message and return
if (!isset($tid) || !isset($name) || !isset($number)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Load API. Note that this is loading the user API in addition to
// the administration API, that is because the user API contains
// the function to obtain item information which is the first thing
// that we need to do. If the API fails to load an appropriate error
// message is posted and the function returns
if (!pnModAPILoad('Template', 'user')) {
$output->Text(_LOADFAILED);
return $output->GetOutput();
}
// The user API function is called. This takes the item ID which
// we obtained from the input and gets us the information on the
// appropriate item. If the item does not exist we post an appropriate
// message and return
$item = pnModAPIFunc('Template', 'user', 'get', array('tid' => $tid));
if ($item == false) {
$output->Text(_TEMPLATENOSUCHITEM);
return $output->GetOutput();
}
// Security check - important to do this as early on as possible to
// avoid potential security holes or just too much wasted processing.
// However, in this case we had to wait until we could obtain the item
// name to complete the instance information so this is the first
// chance we get to do the check
// Note that at this stage we have two sets of item information, the
// pre-modification and the post-modification. We need to check against
// both of these to ensure that whoever is doing the modification has
// suitable permissions to edit the item otherwise people can potentially
// edit areas to which they do not have suitable access
if (!pnSecAuthAction(0, 'Template::Item', "{$item['name']}::{$tid}", ACCESS_EDIT)) {
pnSessionSetVar('errormsg', _TEMPLATENOAUTH);
return false;
}
if (!pnSecAuthAction(0, 'Template::Item', "{$name}::{$tid}", ACCESS_EDIT)) {
pnSessionSetVar('errormsg', _TEMPLATENOAUTH);
return false;
}
// Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
// return arrays but we handle them differently. For pnDBGetConn()
// we currently just want the first item, which is the official
// database handle. For pnDBGetTables() we want to keep the entire
// tables array together for easy reference later on
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// It's good practice to name the table and column definitions you
// are getting - $table and $column don't cut it in more complex
// modules
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Update the item - the formatting here is not mandatory, but it does
// make the SQL statement relatively easy to read. Also, separating
// out the sql statement from the Execute() command allows for simpler
// debug operation if it is ever needed
$sql = "UPDATE {$templatetable}\n SET {$templatecolumn['name']} = '" . pnVarPrepForStore($name) . "',\n {$templatecolumn['number']} = '" . pnVarPrepForStore($number) . "'\n WHERE {$templatecolumn['tid']} = '" . pnVarPrepForStore($tid) . "'";
$dbconn->Execute($sql);
// Check for an error with the database code, and if so set an
// appropriate error message and return
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _DELETEFAILED);
return false;
}
// Let the calling process know that we have finished successfully
return true;
}
function Lenses_admin_update_polymer($args)
{
// Clean input from the form.
$polymer = pnVarCleanFromInput('polymer');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
// Attempt to update polymer.
if (pnModAPIFunc('Lenses', 'admin', 'update_polymer', array('polymer' => $polymer))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_polymers'));
}
function Lenses_adminapi_update_company($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments. In this case, $company.
extract($args);
// Extract company array.
extract($company);
// Ensure valid values were passed in.
if (empty($comp_tid) || !is_numeric($comp_tid) || empty($comp_name) || !is_string($comp_name)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// NOTE: No check for other fields as they are not required.
// Check if company exists.
if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $comp_tid, 'item_type' => 'company'))) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// Define table and column to work with.
$companies_table =& $pntable['lenses_companies'];
$companies_field =& $pntable['lenses_companies_column'];
// Prep data for storage in database.
list($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc) = pnVarPrepForStore($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc);
// Create SQL string to update the company record.
$sql = "UPDATE {$companies_table}\n SET {$companies_field['comp_name']} = '{$comp_name}',\n\t\t\t\t\t{$companies_field['logo']} \t = '{$logo}',\n {$companies_field['phone']} \t= '{$phone}',\n {$companies_field['address']} \t\t= '{$address}',\n {$companies_field['city']} \t= '{$city}',\n {$companies_field['state']} \t= '{$state}',\n {$companies_field['zip']} \t= '{$zip}',\n {$companies_field['url']} \t= '{$url}',\n {$companies_field['email']} \t= '{$email}',\n {$companies_field['comp_desc']} = '{$comp_desc}'\n WHERE {$companies_field['comp_tid']} = '{$comp_tid}'";
//echo($sql);
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATEFAILED);
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
/**
* upgrade a module
*/
function modules_adminapi_upgrade($args)
{
// 20021216 fixed the fix : larsneo (thx to cmgrote and jojodee)
// Get arguments from argument array
extract($args);
// Argument check
if (!isset($mid) || !is_numeric($mid)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Get module information
$modinfo = pnModGetInfo($mid);
if (empty($modinfo)) {
pnSessionSetVar('errormsg', _MODNOSUCHMOD);
return false;
}
// Get module database info
pnModDBInfoLoad($modinfo['name'], $modinfo['directory']);
// Module upgrade function
$osdir = pnVarPrepForOS($modinfo['directory']);
@(include "modules/{$osdir}/pninit.php");
$func = $modinfo['name'] . '_upgrade';
if (function_exists($func)) {
if ($func($modinfo['version']) != true) {
return false;
}
}
// Update state of module
if (!modules_adminapi_setstate(array('mid' => $mid, 'state' => _PNMODULE_STATE_INACTIVE))) {
return false;
}
// BEGIN bugfix (561802) - cmgrote
// Get the new version information...
$modversion['version'] = '0';
@(include "modules/{$modinfo['directory']}/Version.php");
@(include "modules/{$modinfo['directory']}/pnversion.php");
$version = $modversion['version'];
// Note the changes in the database...
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$modulestable = $pntable['modules'];
$modulescolumn =& $pntable['modules_column'];
$sql = "UPDATE {$modulestable}\n\t\t\tSET {$modulescolumn['version']} = '" . pnVarPrepForStore($modversion['version']) . "',\n\t\t\t\t{$modulescolumn['admin_capable']} = '" . pnVarPrepForStore($modversion['admin']) . "',\n\t\t\t\t{$modulescolumn['description']} = '" . pnVarPrepForStore($modversion['description']) . "'\n\t\t\tWHERE {$modulescolumn['id']} = " . pnVarPrepForStore($mid);
$dbconn->Execute($sql);
// END bugfix (561802) - cmgrote
// Message
pnSessionSetVar('errormsg', _MODULESAPIUPGRADED);
// Success
return true;
}
/**
* Load language files for the current language
*
* @return void
*/
function pnLangLoad()
{
// See if a language update is required for ml-enviroments
$newlang = pnVarCleanFromInput('newlang');
if (!empty($newlang) && pnConfigGetVar('multilingual') == 1) {
$langlist = languagelist();
if (file_exists('language/' . pnVarPrepForOS($newlang) . '/global.php') && isset($langlist[$newlang])) {
// newlang is valid and exists
$lang = $newlang;
pnSessionSetVar('lang', $newlang);
} else {
// newlang is either not valid or doesn't exist - restore default values
$lang = pnConfigGetVar('language');
pnSessionSetVar('lang', $lang);
}
} else {
$detectlang = pnConfigGetVar('language_detect');
$defaultlang = pnConfigGetVar('language');
switch ($detectlang) {
case 1:
// Detect Browser Language
$cnvlanguage = cnvlanguagelist();
$currentlang = '';
$langs = split('[,;]', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
foreach ($langs as $lang) {
if (isset($cnvlanguage[$lang]) && file_exists('language/' . pnVarPrepForOS($cnvlanguage[$lang]) . '/global.php')) {
$currentlang = $cnvlanguage[$lang];
break;
}
}
if ($currentlang == '') {
$currentlang = $defaultlang;
}
break;
default:
$currentlang = $defaultlang;
}
$lang = pnSessionGetVar('lang');
}
// Load global language defines
// these are deprecated and will be moved to the relevant modules
// with .8x
if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
$currentlang = $lang;
} else {
$currentlang = pnConfigGetVar('language');
pnSessionSetVar('lang', $currentlang);
}
$oscurrentlang = pnVarPrepForOS($currentlang);
if (file_exists('language/' . $oscurrentlang . '/global.php')) {
include 'language/' . $oscurrentlang . '/global.php';
}
// load the languge language file
if (file_exists('language/languages.php')) {
include 'language/languages.php';
}
// load the core language file
if (file_exists('language/' . $oscurrentlang . '/core.php')) {
include 'language/' . $oscurrentlang . '/core.php';
}
// set the correct locale
// note: windows has different requires for the setlocale funciton to other OS's
// See: http://uk.php.net/setlocale
if (stristr(getenv('OS'), 'windows')) {
// for windows we either use the _LOCALEWIN define or the existing language code
if (defined('_LOCALEWIN')) {
setlocale(LC_ALL, _LOCALEWIN);
} else {
setlocale(LC_ALL, $currentlang);
}
} else {
// for other OS's we use the _LOCALE define
setlocale(LC_ALL, _LOCALE);
}
}
function Lenses_user_display($args)
{
//Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_READ)) {
return pnVarPrepHTMLDisplay(_MODULENOAUTH);
}
// Clean $tid from input.
$tid = pnVarCleanFromInput('tid');
extract($args);
// Ensure valid values were passed in.
if (empty($tid) || !is_numeric($tid)) {
//echo 'TID: $tid<br />';
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Start a new output object.
$pnRender =& new pnRender('Lenses');
// Call API function to get all lens data.
$lens_data = pnModAPIFunc('Lenses', 'user', 'get', array('item_type' => 'lens', 'item_id' => $tid));
//the image field will be a comma-separated string. Explode it. The first element will be placed into the "image1" field and the rest will be kept in the images field
$lens_data[images] = explode(",", $lens_data[image]);
//record lens ID as a session variable so it can be used to provide an option to compare recently searched lenses
$saved_lens_array = array();
$saved_lens_array = pnSessionGetVar('saved_lens_array');
$saved_lens_array[$lens_data[name]] = $tid;
pnSessionSetVar('saved_lens_array', array_unique($saved_lens_array));
//count how many recently searched lenses are now saved as a session variable.
$saved_lens_count = count($saved_lens_array);
//create text for company popups:
$lens_data['comp_info'] = pnModFunc('Lenses', 'user', 'company_popup', array('comp_id' => $lens_data['comp_id']));
//create popup text for FDA groups:
$fda_desc = pnModAPIFunc('Lenses', 'user', 'fda_descriptions');
$lens_data['fda_grp_desc'] = $fda_desc[$lens_data['fda_grp']];
//if possible, create dk/t value
if ($lens_data['dk'] > 0 && $lens_data['ct'] > 0) {
$lens_data['dkt'] = $lens_data['dk'] / $lens_data['ct'] / 10;
}
// Let any hooks know that we are displaying an item. As this is a display
// hook we're passing a URL as the extra info, which is the URL that any
// hooks will show after they have finished their own work. It is normal
// for that URL to bring the user back to this function
$pnRender->assign('hooks', pnModCallHooks('item', 'display', $tid, pnModURL('Lenses', 'user', 'display', array('tid' => $tid))));
//if user is allowed to edit, allow them to go to the edit page for the lens they're veiwing
if (pnSecAuthAction(0, 'Lenses::', '::', ACCESS_EDIT)) {
$pnRender->assign('edit_lens', true);
}
//only enable those with comment access (users) to see wholesale prices
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_COMMENT)) {
$lens_data['price'] = "";
}
// Assign $lenses to template.
$pnRender->assign('lens_data', $lens_data);
$pnRender->assign('saved_lens_count', $saved_lens_count);
// return templated output.
return $pnRender->fetch('lenses_user_display.htm');
}
/**
* Initialise session
*/
function pnSessionInit()
{
global $HTTP_SERVER_VARS;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// First thing we do is ensure that there is no attempted pollution
// of the session namespace
//--pennfirm
/* foreach($GLOBALS as $k=>$v) {
if (preg_match('/^PNSV/', $k)) {
return false;
}
}
*/
// Kick it
if (!session_id) {
session_start();
}
// Have to re-write the cache control header to remove no-save, this
// allows downloading of files to disk for application handlers
// adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al.
// any strange behaviour encountered, revert to commented out code.
//Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
Header('Cache-Control: cache');
$sessid = session_id();
// Get (actual) client IP addr
$ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR'];
if (empty($ipaddr)) {
$ipaddr = getenv('REMOTE_ADDR');
}
if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
$ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
}
$tmpipaddr = getenv('HTTP_CLIENT_IP');
if (!empty($tmpipaddr)) {
$ipaddr = $tmpipaddr;
}
if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
$ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
}
$tmpipaddr = getenv('HTTP_X_FORWARDED_FOR');
if (!empty($tmpipaddr)) {
$ipaddr = preg_replace('/,.*/', '', $tmpipaddr);
}
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "SELECT {$sessioninfocolumn['ipaddr']}\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
if (!$result->EOF) {
// jgm - this has been commented out so that the nice AOL people
// can view PN pages, will examine full implications of this
// later
// list($dbipaddr) = $result->fields;
$result->Close();
// if ($ipaddr == $dbipaddr) {
pnSessionCurrent($sessid);
// } else {
// // Mismatch - destroy the session
// session_destroy();
// pnRedirect('index.php');
// return false;
// }
} else {
pnSessionNew($sessid, $ipaddr);
// Generate a random number, used for
// some authentication
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
/**
* Delete module.
*
* @return true on successful module deletion, else false.
*/
function Meds_delete()
{
// Get database connection and tables references.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Create a new data object.
$dict =& NewDataDictionary($dbconn);
// The SQL to delete all module tables is setup inside $schema.
// Notable is that table names are passed directly by reference
// instead of pre-assigning the references to an intermediary
// variable. Setting up the tables under $schema allows for a loop
// to delete all tables with only a single block of table-deletion
// and error-checking code.
$schema[] = $dict->DropTableSQL(&$pntable['rx_meds']);
$schema[] = $dict->DropTableSQL(&$pntable['rx_preserve']);
$schema[] = $dict->DropTableSQL(&$pntable['rx_company']);
$schema[] = $dict->DropTableSQL(&$pntable['rx_chem']);
$schema[] = $dict->DropTableSQL(&$pntable['rx_moa']);
// Loop through $schema array, executing each and
// checking for errors along the way. Fails on error.
foreach ($schema as $sqlarray) {
if ($dict->ExecuteSQLArray($sqlarray) != 2) {
pnSessionSetVar('errormsg', _MEDS_INI_DROP_TABLE_FAILURE);
return false;
}
}
// Delete any lingering module variables.
pnModDelVar('Meds');
// Module deleted.
return true;
}
/**
* get the user's theme
* <br />
* This function will return the current theme for the user.
* Order of theme priority:
* - page-specific
* - category
* - user
* - system
*
* @public
* @return string the name of the user's theme
**/
function pnUserGetTheme()
{
static $theme;
if (isset($theme)) {
return $theme;
}
// Page-specific theme
$pagetheme = pnVarCleanFromInput('theme');
if (!empty($pagetheme)) {
$themeinfo = pnThemeInfo($pagetheme);
if ($themeinfo && $themeinfo['active']) {
$theme = $pagetheme;
return $pagetheme;
}
}
// set a new theme for the user
$pagetheme = pnVarCleanFromInput('newtheme');
if (!empty($pagetheme) && !pnConfigGetVar('theme_change')) {
$themeinfo = pnThemeInfo($pagetheme);
if ($themeinfo && $themeinfo['active']) {
if (pnUserLoggedIn()) {
$uid = pnUserGetVar('uid');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['users_column'];
$sql = "UPDATE {$pntable['users']}\n SET {$column['theme']}='" . pnVarPrepForStore($pagetheme) . "'\n WHERE {$column['uid']}='" . pnVarPrepForStore($uid) . "'";
$dbconn->Execute($sql);
} else {
pnSessionSetVar('theme', $pagetheme);
}
$theme = $pagetheme;
return $pagetheme;
}
}
// eugenio themeover 20020413
// override the theme per category or story
// precedence is story over category override
list($sid, $file) = pnVarCleanFromInput('sid', 'file');
if (pnModGetName() == 'News' && (!empty($sid) || strtolower($file) == 'article')) {
$modinfo = pnModGetInfo(pnModGetIDFromName('News'));
include_once 'modules/' . $modinfo['directory'] . '/funcs.php';
$pntable =& pnDBGetTables();
$results = getArticles("{$pntable['stories_column']['sid']}='" . (int) pnVarPrepForStore($sid) . "'", "", "");
if (is_array($results) && count($results) > 0) {
$info = genArticleInfo($results[0]);
$themeinfo = pnThemeInfo($info['catthemeoverride']);
if ($themeinfo && $themeinfo['active']) {
$theme = $info['catthemeoverride'];
return $theme;
}
$themeinfo = pnThemeInfo($info['themeoverride']);
if ($themeinfo && $themeinfo['active']) {
$theme = $info['themeoverride'];
return $theme;
}
}
}
// User theme
if (!pnConfigGetVar('theme_change')) {
if (pnUserLoggedIn()) {
$usertheme = pnUserGetVar('theme');
} else {
$usertheme = pnSessionGetVar('theme');
}
$themeinfo = pnThemeInfo($usertheme);
if ($themeinfo && $themeinfo['active']) {
$theme = $usertheme;
return $usertheme;
}
}
// default site theme
$defaulttheme = pnConfigGetVar('Default_Theme');
$themeinfo = pnThemeInfo($defaulttheme);
if ($themeinfo && $themeinfo['active']) {
$theme = $defaulttheme;
return $theme;
}
return false;
}
/**
* Update the configuration
*
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
* Modify configuration
*
* @author Jim McDonald
* @param bold print items in bold
* @param itemsperpage number of items per page
*/
function Example_admin_updateconfig()
{
// Security check - important to do this as early as possible to avoid
// potential security holes or just too much wasted processing
if (!pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) {
return pnVarPrepHTMLDisplay(_MODULENOAUTH);
}
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
list($bold, $itemsperpage) = pnVarCleanFromInput('bold', 'itemsperpage');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Example', 'admin', 'view'));
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be empty, so it is important to check them all and assign them
// default values if required.
// ** Please note pnVarCleanFromInput will always return a set variable, even
// it's empty so isset() checking is not appropriate.
if (empty($bold)) {
$bold = false;
}
pnModSetVar('Example', 'bold', (bool) $bold);
if (empty($itemsperpage)) {
$itemsperpage = 10;
}
// make sure $itemsperpage is a positive integer
if (!is_integer($itemsperpage) || $itemsperpage < 1) {
pnSessionSetVar('errormsg', pnVarPrepForDisplay(_EXAMPLEITEMSPERPAGE));
$itemsperpage = (int) $itemsperpage;
if ($itemsperpage < 1) {
$itemsperpage = 25;
}
}
pnModSetVar('Example', 'itemsperpage', $itemsperpage);
// The configuration has been changed, so we clear all caches for
// this module.
$pnRender =& new pnRender('Example');
// Please note that by using clear_cache without any parameter,
// we clear all cached pages for this module.
$pnRender->clear_cache();
// the module configuration has been updated successfuly
pnSessionSetVar('statusmsg', _CONFIGUPDATED);
// Let any other modules know that the modules configuration has been updated
pnModCallHooks('module', 'updateconfig', 'Example', array('module' => 'Example'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
return pnRedirect(pnModURL('Example', 'admin', 'view'));
}
