mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);
if (isset($_POST['message'])) {
if (!isset($_POST['formToken']) || $_POST['formToken'] != $_SESSION['formToken']) {
echo "Warning: CSRF!";
exit;
}
$message = $_POST['message'];
$username = $_SESSION['user'];
$insertSql = "INSERT INTO Messages (Content, Username) VALUES ('" . $message . "', '" . $username . "')";
$result = mysql_query($insertSql);
if ($result) {
showMessages();
}
} else {
showMessages();
}
function showMessages()
{
$selectMessages = "SELECT Content, Username FROM Messages ORDER BY Id DESC";
$resultMessages = mysql_query($selectMessages);
$row = mysql_fetch_assoc($resultMessages);
if ($row) {
while ($row) {
//$message = htmlentities($row['Content']);
$message = $row['Content'];
$username = $row['Username'];
echo "<li><strong>{$username}</strong>: {$message}</li>";
$row = mysql_fetch_assoc($resultMessages);
}
} else {
newMessage($option, mosGetParam($_REQUEST, 'userid', 0), mosGetParam($_REQUEST, 'subject', ''));
break;
case "save":
saveMessage($option);
break;
case "remove":
removeMessage($cid, $option);
break;
case "config":
editConfig($option);
break;
case "saveconfig":
saveConfig($option);
break;
default:
showMessages($option);
break;
}
function editConfig($option)
{
global $database, $my;
$database->setQuery("SELECT cfg_name, cfg_value FROM #__messages_cfg WHERE user_id='{$my->id}'");
$data = $database->loadObjectList('cfg_name');
$vars = array();
$vars['lock'] = mosHTML::yesnoSelectList("vars[lock]", 'class="inputbox" size="1"', @$data['lock']->cfg_value);
$vars['mail_on_new'] = mosHTML::yesnoSelectList("vars[mail_on_new]", 'class="inputbox" size="1"', @$data['mail_on_new']->cfg_value);
HTML_messages::editConfig($vars, $option);
}
function saveConfig($option)
{
global $database, $my;
\t'site_absolute_path'\t=>\t'{$abs}',
\t'locale'\t\t\t=>\t'{$_SESSION['locale']}', // en_EN, fr_FR
\t'mode'\t\t\t=>\t'p' //Production mode.
);
END;
if (is_writable('../configuration.php')) {
$OUT = fopen('../configuration.php', 'w');
fwrite($OUT, $configuration);
fclose($OUT);
$QUERY['success'][] = 'Saved the configuration file. <a href="' . $_REQUEST['url'] . '">Go to Nexty</a>';
} else {
$QUERY['error'][] = 'Configuration file (configuration.php) is not writable. Please copy the configuration code and enter it into the "configuration.php" file. Then press continue.';
}
showMessages('error');
showMessages('success');
?>
<textarea name="code" rows="15" cols="50"><?php
echo $configuration;
?>
</textarea>
<p>After installation, it is recommended that you <strong style="background-color:#ddd;">make the 'configuration.php' file read only and
remove the 'install' folder for security purposes</strong>. But we all know that you are just going to
rename the 'install' folder to '1install' or something like that. So I am not even going to
check for that. Plus, I am lazy ;-).</p>
<?php
} elseif ($_REQUEST['step'] == 3) {
?>
function showMsgs()
{
if (isset($_SESSION["Errors"]) || isset($_SESSION["Warnings"]) || isset($_SESSION["Successes"])) {
echo "<ul class=\"messages\">";
showMessages("Errors", "error");
showMessages("Warnings", "warning");
showMessages("Successes", "success");
echo "</ul>";
}
}
</div>
<?php
echo $lang['install_step1_instructions_manual_setup'];
?>
<a href='?step=1&action=install&type=manual'><?php
echo $lang['install_step1_instructions_manual_setup_click'];
?>
</a>.
</div>
<!-- Manual creation link -->
<div class='install_content'>
<?php
showMessages($h);
?>
<div class='panel panel-primary'>
<div class='panel-heading'>
<h3 class='panel-title'>Database Setup Information</h3>
</div>
<div class='panel-body'>
<!-- Registration form -->
<form class='form-horizontal' role='form' name='install_admin_reg_form' action='../install/index.php?step=1' method='post'>
<!-- BASEURL -->
<div class='form-group'>
<label for='inputBaseURL' class='col-sm-2 control-label'><?php
echo $lang['install_step1_baseurl'];
