function vote($lang, $content_id, $content_type, $nomore)
{
$action = 'init';
if (!$nomore) {
if (isset($_POST['vote_plusone']) and isset($_POST['vote_id']) and $_POST['vote_id'] == $content_id and isset($_POST['vote_type']) and $_POST['vote_type'] == $content_type) {
$action = 'vote';
}
}
switch ($action) {
case 'vote':
require_once 'clientipaddress.php';
require_once 'userprofile.php';
$ip_address = client_ip_address();
$user_id = user_profile('id');
$r = vote_plusone($content_type, $content_id, $lang, $ip_address, $user_id);
break;
default:
break;
}
$vote_count = $vote_total = 0;
$r = vote_get_total_count($content_type, $content_id, $lang);
if ($r) {
extract($r);
// vote_count, vote_total
}
$output = view('vote', $lang, compact('content_type', 'content_id', 'vote_total', 'nomore'));
return $output;
}
function user($lang, $arglist = false)
{
global $login_verified, $base_url;
$login = build('login', $lang);
if ($login === true) {
$r = !empty($arglist['r']) ? $arglist['r'] : false;
if ($login_verified and array_intersect($login_verified, user_profile('role'))) {
$user = $_SESSION['user'];
unset($_SESSION['user']);
if (empty($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off') {
return run('error/unauthorized', $lang);
}
$_SESSION['unverified_user'] = $user;
$next_page = url('sslverifyclient');
if ($r) {
$next_page .= '?r=' . $r;
}
} else {
$next_page = $r ? $r : url('home', $lang);
}
return reload($base_url . $next_page);
}
$banner = build('banner', $lang);
$content = view('user', $lang, compact('login'));
head('title', translate('user:title', $lang));
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$output = layout('standard', compact('banner', 'content'));
return $output;
}
function account($lang)
{
if (!user_is_identified()) {
return run('user', $lang);
}
head('title', translate('account:title', $lang));
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$banner = build('banner', $lang);
$user_id = user_profile('id');
$useredit = build('useredit', $lang, $user_id);
$content = view('account', $lang, compact('useredit'));
$output = layout('standard', compact('banner', 'content'));
return $output;
}
function paypalcheckout($lang, $amount, $currency, $tax = 0, $context = false)
{
global $base_url, $paypal_url, $sitename, $supported_languages;
if (!user_is_identified()) {
return run('error/unauthorized', $lang);
}
if (!(is_numeric($amount) and $amount > 0)) {
return run('error/badrequest', $lang);
}
$amt = paypal_amt($amount);
if (!validate_currency($currency)) {
return run('error/badrequest', $lang);
}
$currencycode = $currency;
if (!(is_numeric($tax) and $tax >= 0)) {
return run('error/badrequest', $lang);
}
$taxamt = paypal_amt($tax);
$itemamt = paypal_amt($amount - $tax);
$name = translate('donate:name', $lang);
$locale = $lang;
if (!$locale) {
$locale = user_profile('locale');
}
if (!$locale) {
$locale = $supported_languages[0];
}
$localecode = paypal_localecode($locale);
$email = user_profile('mail');
$brandname = $sitename;
$hdrimg = $base_url . '/logos/sitelogo.png';
$returnurl = $base_url . url('paypalreturn', $lang);
$cancelurl = $base_url . url('paypalcancel', $lang);
$params = array('LOCALECODE' => $localecode, 'PAYMENTREQUEST_0_PAYMENTACTION' => 'Sale', 'PAYMENTREQUEST_0_CURRENCYCODE' => $currencycode, 'PAYMENTREQUEST_0_AMT' => $amt, 'PAYMENTREQUEST_0_ITEMAMT' => $itemamt, 'PAYMENTREQUEST_0_TAXAMT' => $taxamt, 'L_PAYMENTREQUEST_0_NAME0' => $name, 'L_PAYMENTREQUEST_0_AMT0' => $itemamt, 'L_PAYMENTREQUEST_0_TAXAMT0' => $taxamt, 'L_PAYMENTREQUEST_0_QTY0' => '1', 'NOSHIPPING' => '1', 'ALLOWNOTE' => '0', 'EMAIL' => $email, 'BRANDNAME' => $sitename, 'HDRIMG' => $hdrimg, 'RETURNURL' => $returnurl, 'CANCELURL' => $cancelurl);
$r = paypal_setexpresscheckout($params);
if (!$r) {
return run('error/internalerror', $lang);
}
$token = $r['TOKEN'];
$_SESSION['paypal'] = compact('token', 'amt', 'itemamt', 'taxamt', 'currencycode', 'context');
reload($paypal_url . '/webscr&cmd=_express-checkout&token=' . $token);
}
function unsubscribe($lang)
{
$with_captcha = true;
$action = 'init';
if (isset($_POST['unsubscribe_send'])) {
$action = 'unsubscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$subscribe_page = false;
switch ($action) {
case 'init':
$subscribe_page = url('newslettersubscribe', $lang);
break;
case 'unsubscribe':
if (isset($_POST['unsubscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail'])));
}
if (isset($_POST['unsubscribe_confirmed'])) {
$confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['unsubscribe_code'])) {
$code = readarg($_POST['unsubscribe_code']);
}
if (isset($_POST['unsubscribe_token'])) {
$token = readarg($_POST['unsubscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$unknown_mail = false;
$missing_confirmation = false;
$mail_unsubscribed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'unsubscribe':
if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (!newsletter_get_user($user_mail)) {
$unknown_mail = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'unsubscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) {
break;
}
require_once 'urlencodeaction.php';
$id = 1;
// confirmnewsletterunsubscribe, see saction
$param = $user_mail;
$s64 = urlencodeaction($id, $param);
if (!$s64) {
$internal_error = true;
break;
}
$saction_page = url('saction', $lang);
if (!$saction_page) {
$internal_error = true;
break;
}
global $base_url;
$url = $base_url . $saction_page . '/' . $s64;
require_once 'emailtext.php';
$to = $user_mail;
$subject = translate('newsletter:unregister_subject', $lang);
$f = translate('newsletter:unregister_text', $lang);
$s = sprintf($f, $url);
$msg = $s . "\n\n" . translate('email:salutations', $lang);
emailtext($msg, $to, $subject, false);
$mail_unsubscribed = $user_mail;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['unsubscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('mail_unsubscribed');
$output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos'));
return $output;
}
function newsletterpage($lang, $newsletter, $page)
{
global $with_toolbar;
$newsletter_id = thread_id($newsletter);
if (!$newsletter_id) {
return run('error/notfound', $lang);
}
$page_id = thread_node_id($newsletter_id, $page, $lang);
if (!$page_id) {
return run('error/notfound', $lang);
}
$r = thread_get($lang, $newsletter_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */
$newsletter_name = $thread_name;
$newsletter_title = $thread_title;
$newsletter_nocloud = $thread_nocloud;
$newsletter_nosearch = $thread_nosearch;
$r = thread_get_node($lang, $newsletter_id, $page_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */
if ($node_ignored) {
return run('error/notfound', $lang);
}
$page_name = $node_name;
$page_title = $node_title;
$page_abstract = $node_abstract;
$page_cloud = $node_cloud;
$page_modified = $node_modified;
if ($newsletter_title and $page_title) {
head('title', $newsletter_title . ' - ' . $page_title);
} else {
if ($page_title) {
head('title', $page_title);
} else {
if ($newsletter_title) {
head('title', $newsletter_title);
}
}
}
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$message_title = $message_html = $message_text = false;
$r = newsletter_get_message($newsletter_id, $page_id, $lang);
if ($r) {
list($message_title, $message_html, $message_text) = $r;
}
$postnews = false;
$with_mail = false;
$mailto = false;
$missing_mail = false;
$bad_mail = false;
$email_sent = false;
if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) {
require_once 'userprofile.php';
$mailto = user_profile('mail');
$with_mail = true;
if (isset($_POST['newsletterpage_send'])) {
if (isset($_POST['newsletterpage_mailto'])) {
$mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto'])));
if (!$mailto) {
$missing_mail = true;
} else {
if (!validate_mail($mailto)) {
$bad_mail = true;
}
}
}
if (!($missing_mail or $bad_mail)) {
require_once 'emailhtml.php';
$cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css';
$css = @file_get_contents($cssfile);
$r = emailhtml($message_text, $message_html, $css, $mailto, $message_title);
if ($r) {
$email_sent = true;
}
}
}
$postnews = build('postnews', $lang, $newsletter_id, $page_id);
}
$prev_page_label = $prev_page_url = false;
$r = thread_node_prev($lang, $newsletter_id, $page_id);
if ($r) {
extract($r);
/* prev_node_id prev_node_name prev_node_title prev_node_number */
$prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number;
$prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id);
}
$next_page_label = $next_page_url = false;
$r = thread_node_next($lang, $newsletter_id, $page_id);
if ($r) {
extract($r);
/* next_node_id next_node_name next_node_title next_node_number */
$next_page_label = $next_node_title ? $next_node_title : $next_node_number;
$next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id);
}
$content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent'));
$search = false;
if (!$newsletter_nosearch) {
$search_text = '';
$search_url = url('search', $lang, $newsletter_name);
$suggest_url = url('suggest', $lang, $newsletter_name);
$search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
}
$cloud = false;
if (!$newsletter_nocloud) {
$cloud_url = url('search', $lang, $newsletter_name);
$byname = $bycount = $index = true;
$cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index'));
}
$headline_text = $newsletter_title ? $newsletter_title : $newsletter_id;
$headline_url = url('newsletter', $lang);
$headline = compact('headline_text', 'headline_url');
$title = view('headline', false, $headline);
$sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
$search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false;
$edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false;
$validate = url('newsletter', $lang) . '/' . $page_name;
$banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search'));
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false;
$output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar'));
return $output;
}
<!DOCTYPE html>
<?php
include 'controller.php';
session_start();
if (isset($_SESSION['login'])) {
echo "\n<html lang='en'>\n\n<head>\n\n <meta charset='utf-8'>\n <meta http-equiv='X-UA-Compatible' content='IE=edge'>\n <meta name='viewport' content='width=device-width, initial-scale=1'>\n <meta name='description' content=''>\n <meta name='author' content=''>\n\n <title>Vocal Line - Admin page</title>\n <link href='../bower_components/bootstrap/dist/css/bootstrap.min.css' rel='stylesheet'>\n <link href='../bower_components/metisMenu/dist/metisMenu.min.css' rel='stylesheet'>\n <link href='../dist/css/sb-admin-2.css' rel='stylesheet'>\n <link href='../bower_components/font-awesome/css/font-awesome.min.css' rel='stylesheet' type='text/css'>\n</head>\n\n<body>\n <div class='container'>\n <div class='row'>\n <div class='col-lg-7 col-md-offset-3'>\n <div class='login-panel panel panel-default'>\n <div class='panel-heading'>\n <h3 class='panel-title'>User Profile <a href='index.php'>- Click to go back</a></h3>\n </div>\n <div class='panel-body'>\n \n <div class='table-responsive'>\n <table class='table table-striped table-bordered table-hover'>\n <thead>\n <tr>\n <th>Value</th>\n <th>Details</th>\n </tr>\n </thead>\n <tbody>\n ";
user_profile($dbh);
echo "\n </tbody>\n </table>\n </div>\n \n <form role='form' action='profileupdate.php' method='post'>\n <fieldset>\n <div class='form-group'>\n <p>Change email:</p>\n <input class='form-control' placeholder='Email' name='email' type='Email' autofocus>\n </div>\n <br>\n <div class='form-group'>\n <p>Change password:</p>\n <input class='form-control' placeholder='Current Password' name='oldpassword' type='password' value=''>\n </div>\n <div class='form-group'>\n <input class='form-control' placeholder='New password' name='password' type='password' value=''>\n </div>\n <div class='form-group'>\n <input class='form-control' placeholder='New password again' name='repassword' type='password' value=''>\n </div>\n <!-- Change this to a button or input when using this as a form -->\n <button class='btn btn-lg btn-success btn-block'>Change</button>\n </fieldset>\n </form>\n </div>\n </div>\n </div>\n </div>\n </div>\n <script src='../bower_components/jquery/dist/jquery.min.js'></script>\n <script src='../bower_components/bootstrap/dist/js/bootstrap.min.js'></script>\n <script src='../bower_components/metisMenu/dist/metisMenu.min.js'></script>\n <script src='../dist/js/sb-admin-2.js'></script>\n</body>\n</html>\n";
} else {
header("Location: index.php");
}
function threadeditsummary($lang, $clang, $thread)
{
global $supported_threads, $with_toolbar;
if (!user_has_role('writer')) {
return run('error/unauthorized', $lang);
}
$confirmed = false;
$thread_id = thread_id($thread);
if (!$thread_id) {
return run('error/notfound', $lang);
}
$action = 'init';
if (isset($_POST['thread_edit'])) {
$action = 'edit';
} else {
if (isset($_POST['thread_reorder'])) {
$action = 'reorder';
} else {
if (isset($_POST['node_create'])) {
$action = 'create';
} else {
if (isset($_POST['node_copy'])) {
$action = 'copy';
} else {
if (isset($_POST['node_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['node_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['node_hide'])) {
$action = 'hide';
} else {
if (isset($_POST['node_show'])) {
$action = 'show';
}
}
}
}
}
}
}
}
$thread_type = $thread_name = $thread_title = $thread_abstract = $thread_cloud = $thread_image = false;
$thread_search = $thread_tag = false;
$thread_comment = $thread_morecomment = $thread_vote = $thread_morevote = false;
$thread_ilike = $thread_tweet = $thread_plusone = $thread_linkedin = $thread_pinit = false;
$thread_visits = false;
$thread_nosearch = $thread_nocloud = $thread_nocomment = $thread_nomorecomment = $thread_novote = $thread_nomorevote = true;
$new_node_name = $new_node_title = $new_node_number = false;
$old_node_number = false;
$p = false;
switch ($action) {
case 'init':
case 'reset':
$r = thread_get($clang, $thread_id, false);
if ($r) {
extract($r);
/* thread_type thread_name thread_title thread_abstract thread_cloud thread_image thread_visits thread_nosearch thread_nocloud thread_nocomment thread_nomorecomment thread_novote thread_nomorevote */
}
$thread_search = !$thread_nosearch;
$thread_tag = !$thread_nocloud;
$thread_comment = !$thread_nocomment;
$thread_morecomment = !$thread_nomorecomment;
$thread_vote = !$thread_novote;
$thread_morevote = !$thread_nomorevote;
break;
case 'edit':
case 'create':
case 'copy':
case 'delete':
case 'hide':
case 'show':
case 'reorder':
if (isset($_POST['thread_type'])) {
$thread_type = readarg($_POST['thread_type']);
}
if (isset($_POST['thread_title'])) {
$thread_title = readarg($_POST['thread_title']);
}
if (isset($_POST['thread_name'])) {
$thread_name = strtofname(readarg($_POST['thread_name']));
}
if (!$thread_name and $thread_title) {
$thread_name = strtofname($thread_title);
}
if (isset($_POST['thread_abstract'])) {
$thread_abstract = readarg($_POST['thread_abstract']);
}
if (isset($_POST['thread_image'])) {
$thread_image = readarg($_POST['thread_image']);
}
if (isset($_POST['thread_cloud'])) {
$thread_cloud = readarg($_POST['thread_cloud'], true, false);
// trim but DON'T strip!
preg_match_all('/(\\S+)/', $thread_cloud, $r);
$thread_cloud = implode(' ', array_unique($r[0]));
}
if (isset($_POST['thread_search'])) {
$thread_search = readarg($_POST['thread_search']) == 'on' ? true : false;
$thread_nosearch = !$thread_search;
}
if (isset($_POST['thread_tag'])) {
$thread_tag = readarg($_POST['thread_tag']) == 'on' ? true : false;
$thread_nocloud = !$thread_tag;
}
if (isset($_POST['thread_visits'])) {
$thread_visits = readarg($_POST['thread_visits']) == 'on' ? true : false;
}
if (isset($_POST['thread_comment'])) {
$thread_comment = readarg($_POST['thread_comment']) == 'on' ? true : false;
$thread_nocomment = !$thread_comment;
}
if (isset($_POST['thread_morecomment'])) {
$thread_morecomment = readarg($_POST['thread_morecomment']) == 'on' ? true : false;
$thread_nomorecomment = !$thread_morecomment;
}
if (isset($_POST['thread_vote'])) {
$thread_vote = readarg($_POST['thread_vote']) == 'on' ? true : false;
$thread_novote = !$thread_vote;
}
if (isset($_POST['thread_morevote'])) {
$thread_morevote = readarg($_POST['thread_morevote']) == 'on' ? true : false;
$thread_nomorevote = !$thread_morevote;
}
if (isset($_POST['thread_ilike'])) {
$thread_ilike = readarg($_POST['thread_ilike'] == 'on' ? true : false);
}
if (isset($_POST['thread_tweet'])) {
$thread_tweet = readarg($_POST['thread_tweet'] == 'on' ? true : false);
}
if (isset($_POST['thread_plusone'])) {
$thread_plusone = readarg($_POST['thread_plusone'] == 'on' ? true : false);
}
if (isset($_POST['thread_linkedin'])) {
$thread_linkedin = readarg($_POST['thread_linkedin'] == 'on' ? true : false);
}
if (isset($_POST['thread_pinit'])) {
$thread_pinit = readarg($_POST['thread_pinit'] == 'on' ? true : false);
}
if (isset($_POST['new_node_title'])) {
$new_node_title = readarg($_POST['new_node_title']);
$new_node_name = strtofname($new_node_title);
}
if (isset($_POST['new_node_number'])) {
$new_node_number = readarg($_POST['new_node_number']);
}
if (isset($_POST['old_node_number'])) {
$old_node_number = readarg($_POST['old_node_number']);
}
if (isset($_POST['p'])) {
$p = $_POST['p'];
// DON'T readarg!
}
break;
default:
break;
}
$thread_contents = array();
$r = thread_get_contents($clang, $thread_id, false);
/* node_id node_number node_ignored node_name node_title node_cloud thread_image */
if (!$r or count($r) != count($p)) {
$p = false;
}
if ($r) {
$pos = 1;
$thread_url = url('threadedit', $lang) . '/' . $thread_id;
foreach ($r as $c) {
$c['node_url'] = $thread_url . '/' . $c['node_id'];
$c['pos'] = $p ? $p[$pos] : $pos;
$thread_contents[$pos] = $c;
$pos++;
}
}
$missing_thread_name = false;
$bad_thread_name = false;
$missing_thread_type = false;
$bad_thread_type = false;
$missing_new_node_title = false;
$bad_new_node_title = false;
$bad_new_node_number = false;
$missing_old_node_number = false;
$bad_old_node_number = false;
switch ($action) {
case 'edit':
if (!$thread_name) {
$missing_thread_name = true;
} else {
if (!preg_match('#^\\w+(-\\w+)*$#', $thread_name)) {
$bad_thread_name = true;
}
}
if (!$thread_type) {
$missing_thread_type = true;
} else {
if (!in_array($thread_type, $supported_threads)) {
$bad_thread_type = true;
}
}
break;
case 'create':
case 'copy':
if (!$new_node_title) {
$missing_new_node_title = true;
} else {
if (!$new_node_name) {
$bad_new_node_title = true;
} else {
if (!preg_match('#^\\w+(-\\w+)*$#', $new_node_name)) {
$bad_new_node_title = true;
}
}
}
if (!$new_node_number) {
$new_node_number = false;
} else {
if (!is_numeric($new_node_number)) {
$bad_new_node_number = true;
} else {
if ($new_node_number < 1 or $new_node_number > count($thread_contents) + 1) {
$bad_new_node_number = true;
}
}
}
if ($action == 'create') {
break;
}
/* fall thru */
/* fall thru */
case 'delete':
case 'hide':
case 'show':
if (!$old_node_number) {
$missing_old_node_number = true;
} else {
if (!is_numeric($old_node_number)) {
$bad_old_node_number = true;
} else {
if ($old_node_number < 1 or $old_node_number > count($thread_contents)) {
$bad_old_node_number = true;
}
}
}
break;
case 'reorder':
break;
default:
break;
}
$confirm_delete_node = false;
switch ($action) {
case 'edit':
if ($missing_thread_name or $bad_thread_name or $missing_thread_type or $bad_thread_type) {
break;
}
$r = thread_set($clang, $thread_id, $thread_name, $thread_title, $thread_type, $thread_abstract, $thread_cloud, $thread_image, $thread_visits, $thread_nosearch, $thread_nocloud, $thread_nocomment, $thread_nomorecomment, $thread_novote, $thread_nomorevote, $thread_ilike, $thread_tweet, $thread_plusone, $thread_linkedin, $thread_pinit);
if (!$r) {
break;
}
break;
case 'create':
case 'copy':
if ($missing_new_node_title or $bad_new_node_title or $bad_new_node_number or $action == 'copy' and ($missing_old_node_number or $bad_old_node_number)) {
break;
}
$user_id = user_profile('id');
if ($action == 'copy') {
$node_id = $thread_contents[$old_node_number]['node_id'];
$np = thread_copy_node($clang, $user_id, $thread_id, $node_id, $new_node_name, $new_node_title, $new_node_number);
} else {
$np = thread_create_node($clang, $user_id, $thread_id, $new_node_name, $new_node_title, $new_node_number);
}
if (!$np) {
break;
}
extract($np);
/* node_id node_number node_ignored */
$node_ignored = false;
$node_title = $new_node_title;
$node_url = url('threadedit', $lang) . '/' . $thread_id . '/' . $node_id;
$pos = $node_number;
if ($thread_contents) {
foreach ($thread_contents as &$c) {
if ($c['node_number'] >= $pos) {
$c['node_number']++;
}
if ($c['pos'] >= $pos) {
$c['pos']++;
}
}
array_splice($thread_contents, $pos - 1, 0, array(compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos')));
} else {
$pos = 1;
$thread_contents = array($pos => compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos'));
}
$new_node_name = $new_node_title = false;
$new_node_number = $node_number + 1;
$old_node_number = false;
break;
case 'delete':
if ($missing_old_node_number or $bad_old_node_number) {
break;
}
if (!$confirmed) {
$confirm_delete_node = true;
break;
}
$node_id = $thread_contents[$old_node_number]['node_id'];
$r = thread_delete_node($thread_id, $node_id);
if (!$r) {
break;
}
unset($thread_contents[$old_node_number]);
$thread_contents = array_values($thread_contents);
foreach ($thread_contents as &$c) {
if ($c['node_number'] >= $old_node_number) {
$c['node_number']--;
}
if ($c['pos'] >= $old_node_number) {
$c['pos']--;
}
}
$new_node_number = $old_node_number = false;
break;
case 'hide':
if ($missing_old_node_number or $bad_old_node_number) {
break;
}
$node_id = $thread_contents[$old_node_number]['node_id'];
$r = thread_set_node_ignored($thread_id, $node_id, true);
if (!$r) {
break;
}
$thread_contents[$old_node_number]['node_ignored'] = true;
break;
case 'show':
if ($missing_old_node_number or $bad_old_node_number) {
break;
}
$node_id = $thread_contents[$old_node_number]['node_id'];
$r = thread_set_node_ignored($thread_id, $node_id, false);
if (!$r) {
break;
}
$thread_contents[$old_node_number]['node_ignored'] = false;
break;
case 'reorder':
if (!$p) {
break;
}
$neworder = range(1, count($p));
array_multisort($p, SORT_NUMERIC, $neworder);
$number = 1;
$nc = array();
foreach ($neworder as $i) {
$c =& $thread_contents[$i];
if ($c['node_number'] != $number) {
thread_set_node_number($thread_id, $c['node_id'], $number);
$c['node_number'] = $number;
}
$c['pos'] = $number;
$nc[$number++] = $c;
}
$thread_contents = $nc;
break;
default:
break;
}
head('title', $thread_title ? $thread_title : $thread_id);
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$headline_text = translate('threadall:title', $lang);
$headline_url = url('threadedit', $lang) . '?' . 'clang=' . $clang;
$headline = compact('headline_text', 'headline_url');
$view = $thread_name ? url('thread', $clang) . '/' . $thread_id . '?' . 'slang=' . $lang : false;
$scroll = true;
$banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view'));
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false;
$title = view('headline', false, $headline);
$sidebar = view('sidebar', false, compact('title'));
$inlanguages = view('inlanguages', false, compact('clang'));
$errors = compact('missing_thread_name', 'bad_thread_name', 'missing_thread_type', 'bad_thread_type', 'missing_new_node_title', 'bad_new_node_title', 'bad_new_node_number', 'missing_old_node_number', 'bad_old_node_number');
$content = view('editing/threadeditsummary', $lang, compact('clang', 'inlanguages', 'supported_threads', 'thread_id', 'thread_type', 'thread_title', 'thread_name', 'thread_abstract', 'thread_cloud', 'thread_image', 'thread_visits', 'thread_search', 'thread_tag', 'thread_comment', 'thread_morecomment', 'thread_vote', 'thread_morevote', 'thread_ilike', 'thread_tweet', 'thread_plusone', 'thread_linkedin', 'thread_pinit', 'thread_contents', 'new_node_name', 'new_node_title', 'new_node_number', 'old_node_number', 'confirm_delete_node', 'errors'));
$output = layout('editing', compact('toolbar', 'banner', 'content', 'sidebar'));
return $output;
}
function subscribe($lang)
{
global $sitekey, $system_languages;
$with_locale = count($system_languages) > 1;
// true, false
$with_captcha = true;
$action = 'init';
if (isset($_POST['subscribe_send'])) {
$action = 'subscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$user_locale = user_profile('locale');
if (!$user_locale) {
$user_locale = $lang;
}
$unsubscribe_page = false;
switch ($action) {
case 'init':
if ($sitekey) {
$unsubscribe_page = url('newsletterunsubscribe', $lang);
}
break;
case 'subscribe':
if (isset($_POST['subscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
}
if ($with_locale) {
if (isset($_POST['subscribe_locale'])) {
$user_locale = readarg($_POST['subscribe_locale']);
}
}
if (isset($_POST['subscribe_confirmed'])) {
$confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['subscribe_code'])) {
$code = readarg($_POST['subscribe_code']);
}
if (isset($_POST['subscribe_token'])) {
$token = readarg($_POST['subscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$missing_locale = false;
$bad_locale = false;
$missing_confirmation = false;
$email_registered = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'subscribe':
if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (newsletter_get_user($user_mail)) {
$duplicated_mail = true;
}
}
}
if ($with_locale) {
if (!$user_locale) {
$missing_locale = true;
} else {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'subscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
break;
}
$r = newsletter_create_user($user_mail, $user_locale);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'subscribe' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
@emailme($subject, $msg);
$email_registered = true;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['subscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_registered');
$output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
return $output;
}
$content .= "</table>";
} elseif ($action == "viewForum" && isset($forum)) {
if (acl_access("forum", $forum, $sessioninfo->eventID) && $sessioninfo->userID > 1) {
$content .= "<a href=?module=forum&action=newThread&forum={$forum}>" . lang("Start new thread", "forum") . "</a>";
}
$content .= "<table>";
$qFindThreads = db_query("SELECT * FROM " . $sql_prefix . "_forumThreads WHERE forumID = '" . db_escape($forum) . "' AND threadDeleted = 0 ORDER BY lastPost DESC");
while ($rFindThreads = db_fetch($qFindThreads)) {
$link_start = "<a href=?module=forum&action=viewThread&thread={$rFindThreads->ID}>";
$content .= "<tr><td>";
$content .= $link_start . $rFindThreads->threadTopic . "</a>";
$content .= "</td><td>";
$qFindLastPost = db_query("SELECT * FROM " . $sql_prefix . "_forumPosts WHERE threadID = '{$rFindThreads->ID}' ORDER BY postTimestamp DESC LIMIT 0,1");
$rFindLastPost = db_fetch($qFindLastPost);
$content .= lang("Last post by: ", "forum");
$content .= user_profile($rFindLastPost->postAuthor);
$content .= " " . date("Y-m-d H:m:s", $rFindLastPost->postTimestamp);
$content .= "</td></tr>\n\n";
}
// End while
$content .= "</table>";
} elseif ($action == "newThread" && isset($forum) && $sessioninfo->userID > 1) {
$content .= "<table>";
$content .= "<form method=POST action=?module=forum&action=doNewThread&forum={$forum}>\n";
$content .= "<tr><td>";
$content .= lang("Thread name", "forum");
$content .= "</td><td>";
$content .= "<input type=text name=threadName>";
$content .= "</td></tr>";
$content .= "<tr><td>";
$content .= lang("Thread content", "forum");
$posts = mysqli_num_rows($run_posts);
//getting the number of unread messages
$sel_msg = "select * from messages where receiver='{$user_id}' AND status='unread' ORDER by 1 DESC";
$run_msg = mysqli_query($con, $sel_msg);
$count_msg = mysqli_num_rows($run_msg);
echo "\n\t\t\t\t\t\t<center>\n\t\t\t\t\t\t<img src='user/user_images/{$user_image}' width='200' height='200'/>\n\t\t\t\t\t\t</center>\n\t\t\t\t\t\t<div id='user_mention'>\n\t\t\t\t\t\t<p><strong>Name:</strong> {$user_name}</p>\n\t\t\t\t\t\t<p><strong>Country:</strong> {$user_country}</p>\n\t\t\t\t\t\t<p><strong>Last Login:</strong> {$last_login}</p>\n\t\t\t\t\t\t<p><strong>Member Since:</strong> {$register_date}</p>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<p><a href='my_messages.php?u_id={$user_id}'>Messages ({$count_msg})</a></p>\n\t\t\t\t\t\t<p><a href='my_posts.php?u_id={$user_id}'>My Posts ({$posts})</a></p>\n\t\t\t\t\t\t<p><a href='edit_profile.php?u_id={$user_id}'>Edit My Account</a></p>\n\t\t\t\t\t\t<p><a href='logout.php'>Logout</a></p>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t";
?>
</div>
</div>
<!--user timeline ends-->
<!--Content timeline starts-->
<div id="content_timeline">
<h2 align="center">Info About This User:</h2>
<?php
user_profile();
?>
</div>
<!--Content timeline ends-->
</div>
<!--Content area ends-->
</div>
<!--Container ends-->
</body>
</html>
<?php
}
function nodecomment($lang, $node_id, $node_user_id, $node_url, $nomore)
{
$user_id = user_profile('id');
$moderator = user_has_role('moderator');
// $user_id == $node_user_id || user_has_role('moderator')
$now = time();
$message_maxlen = 1000;
$with_captcha = false;
$action = 'init';
if ($user_id) {
if (isset($_POST['comment_comment'])) {
$action = 'comment';
} else {
if (isset($_POST['comment_edit'])) {
$action = 'edit';
} else {
if (isset($_POST['comment_validate'])) {
$action = 'validate';
} else {
if (isset($_POST['comment_moderate'])) {
$action = 'moderate';
} else {
if (isset($_POST['comment_modify'])) {
$action = 'modify';
} else {
if (isset($_POST['comment_delete'])) {
$action = 'delete';
}
}
}
}
}
}
}
$id = $message = $token = false;
switch ($action) {
case 'validate':
if (isset($_POST['comment_code'])) {
$code = readarg($_POST['comment_code']);
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
case 'moderate':
if (isset($_POST['comment_moderate'])) {
$id = readarg($_POST['comment_moderate']);
}
break;
case 'modify':
case 'delete':
if (isset($_POST['comment_id'])) {
$id = readarg($_POST['comment_id']);
}
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_id = false;
$bad_id = false;
$missing_message = false;
$message_too_long = false;
switch ($action) {
case 'validate':
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['comment']) ? $_SESSION['captcha']['comment'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
case 'modify':
case 'delete':
if (!isset($_SESSION['comment_token']) or $token != $_SESSION['comment_token']) {
$bad_token = true;
}
break;
default:
break;
}
switch ($action) {
case 'moderate':
case 'modify':
case 'delete':
if ($bad_token) {
break;
}
if (!$id) {
$missing_id = true;
break;
}
if (!is_numeric($id)) {
$id = false;
$bad_id = true;
break;
}
if (!$moderator) {
$r = node_get_comment($node_id, $id, $lang);
if (!$r) {
$id = false;
$bad_id = true;
break;
}
extract($r);
/* comment_user_id, comment_created */
if (!($comment_user_id == $user_id and $comment_created + 15 * 60 > $now)) {
$id = false;
$bad_id = true;
break;
}
}
break;
default:
break;
}
switch ($action) {
case 'comment':
case 'validate':
case 'edit':
case 'modify':
if ($bad_token or $missing_code or $bad_code or $missing_id or $bad_id) {
break;
}
if (!$message) {
$missing_message = true;
} else {
if (strlen(utf8_decode($message)) > $message_maxlen) {
$message_too_long = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'validate':
if ($bad_token or $missing_code or $bad_code or $missing_message or $message_too_long) {
break;
}
$ip_address = client_ip_address();
$r = node_add_comment($node_id, $user_id, $ip_address, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'comment' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user_id . ' ' . $lang . ' ' . $node_id . ' ' . $node_url;
@emailme($subject, $msg);
$message = false;
break;
case 'modify':
if ($bad_token or $missing_id or $bad_id or $missing_message or $message_too_long) {
break;
}
$r = node_set_comment($node_id, $id, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
case 'delete':
if ($bad_token or $missing_id or $bad_id) {
break;
}
$r = node_delete_comment($node_id, $id);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
default:
break;
}
$newcomment = $user_page = false;
if (!$id and !$nomore) {
if ($user_id) {
$newcomment = true;
} else {
$user_page = url('user', $lang);
}
}
$comments = node_get_all_comments($node_id, $lang);
$moderated = false;
if ($comments) {
if ($moderator) {
$moderated = true;
} else {
$moderated = array();
foreach ($comments as $c) {
if ($c['comment_user_id'] == $user_id and $c['comment_created'] + 15 * 60 > $now) {
$moderated[] = $c['comment_id'];
}
}
}
}
$_SESSION['comment_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_message', 'message_too_long');
$output = view('nodecomment', $lang, compact('token', 'with_captcha', 'comments', 'moderated', 'id', 'newcomment', 'message', 'message_maxlen', 'user_page', 'node_url', 'errors'));
return $output;
}
</div>
</div>
<div class="row">
<div class="panel panel-primary">
<div class="panel-heading"><strong>Biodata</strong><button data-toggle="modal" data-target="#editcrew<?php
echo $id_user;
?>
" type="button" class="btn btn-default pull-right">
<span class="glyphicon glyphicon-pencil" aria-hidden="true"></span>
</button></div>
<div class="panel-body" style="padding:0px;">
<table class="table table-striped">
<tbody>
<?php
echo user_profile();
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div class="col-md-8">
<div>
<!-- Nav tabs -->
<ul class="nav nav-tabs nav-justified" role="tablist">
<li role="presentation" class="active"><a href="#post" aria-controls="post" role="tab" data-toggle="tab" style="color:black;">Post</a></li>
<li role="presentation"><a href="#acara" aria-controls="acara" role="tab" data-toggle="tab" style="color:black;">Acara</a></li>
<li role="presentation"><a href="#rapat" aria-controls="rapat" role="tab" data-toggle="tab" style="color:black;">Rapat</a></li>
function useredit($lang, $user_id)
{
global $system_languages, $supported_roles;
$is_admin = user_has_role('administrator');
$is_owner = $user_id == user_profile('id');
$with_name = true;
$with_status = ($user_id != 1 and $is_admin);
$with_delete = ($user_id != 1 and $is_admin and !$is_owner);
$with_newpassword = false;
// ($user_id != 1 and $is_owner);
$with_locale = count($system_languages) > 1 ? true : false;
$with_role = ($user_id != 1 and $is_admin);
$with_timezone = ($user_id != 1 and $is_admin);
$with_website = true;
$with_info = false;
$confirmed = false;
$action = 'init';
if (isset($_POST['useredit_modify'])) {
$action = 'modify';
}
if ($with_newpassword) {
if (isset($_POST['useredit_change'])) {
$action = 'change';
}
}
if ($with_delete) {
if (isset($_POST['useredit_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['useredit_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['useredit_cancel'])) {
$action = 'cancel';
}
}
}
}
$user_name = $user_mail = $user_locale = $user_timezone = false;
$user_website = false;
$user_active = $user_banned = false;
$user_accessed = false;
$user_role = false;
$user_newpassword = false;
$user_lastname = $user_firstname = false;
$token = false;
switch ($action) {
case 'init':
case 'reset':
$r = user_get($user_id);
if ($r) {
extract($r);
/* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
}
$user_newpassword = false;
if ($with_info) {
$r = user_get_info($user_id);
if ($r) {
extract($r);
/* user_lastname, user_firstname */
}
}
if ($with_role) {
$user_role = user_get_role($user_id);
}
break;
case 'modify':
case 'change':
case 'delete':
case 'cancel':
if ($with_info) {
if (isset($_POST['useredit_lastname'])) {
$user_lastname = readarg($_POST['useredit_lastname']);
}
if (isset($_POST['useredit_firstname'])) {
$user_firstname = readarg($_POST['useredit_firstname']);
}
}
if (isset($_POST['useredit_name'])) {
$user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
}
if (isset($_POST['useredit_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
}
if (isset($_POST['useredit_website'])) {
$user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
}
if (isset($_POST['useredit_timezone'])) {
$user_timezone = readarg($_POST['useredit_timezone']);
}
if (isset($_POST['useredit_locale'])) {
$user_locale = readarg($_POST['useredit_locale']);
}
if ($with_role) {
if (isset($_POST['useredit_role'])) {
$user_role = readarg($_POST['useredit_role']);
}
}
if ($with_status) {
if (isset($_POST['useredit_active'])) {
$user_active = readarg($_POST['useredit_active']) == 'on';
}
if (isset($_POST['useredit_banned'])) {
$user_banned = readarg($_POST['useredit_banned']) == 'on';
}
if (isset($_POST['useredit_accessed'])) {
$user_accessed = (int) readarg($_POST['useredit_accessed']);
}
}
if ($with_newpassword) {
if (isset($_POST['useredit_newpassword'])) {
$user_newpassword = readarg($_POST['useredit_newpassword']);
}
}
if (isset($_POST['useredit_token'])) {
$token = readarg($_POST['useredit_token']);
}
break;
default:
break;
}
$bad_token = false;
$missing_lastname = false;
$missing_firstname = false;
$missing_name = false;
$bad_name = false;
$duplicated_name = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$bad_role = false;
$bad_website = false;
$missing_locale = false;
$bad_locale = false;
$bad_timezone = false;
$missing_newpassword = false;
$bad_newpassword = false;
$account_modified = false;
$password_changed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'modify':
if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
$bad_token = true;
}
if ($with_info) {
if (!$user_lastname) {
$missing_lastname = true;
}
if (!$user_firstname) {
$missing_firstname = true;
}
}
if ($with_name and !$user_name) {
$missing_name = true;
}
if ($user_name) {
if (!validate_user_name($user_name)) {
$bad_name = true;
} else {
if (!user_check_name($user_name, $user_id)) {
$duplicated_name = true;
}
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail)) {
$bad_mail = true;
} else {
if (!user_check_mail($user_mail, $user_id)) {
$duplicated_mail = true;
}
}
}
if ($user_role) {
foreach ($user_role as $role) {
if (!validate_role($role)) {
$bad_role = true;
break;
}
}
}
if ($user_website) {
if (!validate_website($user_website)) {
$bad_website = true;
} else {
$user_website = normalize_website($user_website);
}
}
if ($user_timezone) {
if (!validate_timezone($user_timezone)) {
$bad_timezone = true;
}
}
if ($with_locale and !$user_locale) {
$missing_locale = true;
}
if ($user_locale) {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
break;
case 'change':
if (!$user_newpassword) {
$missing_newpassword = true;
} else {
if (!validate_password($user_newpassword)) {
$bad_newpassword = true;
}
}
break;
default:
break;
}
$confirm_delete = false;
switch ($action) {
case 'modify':
if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
break;
}
$r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['name'] = $user_name;
$_SESSION['user']['mail'] = $user_mail;
$_SESSION['user']['website'] = $user_website;
$_SESSION['user']['locale'] = $user_locale;
$_SESSION['user']['timezone'] = $user_timezone;
}
if ($with_info) {
$r = user_set_info($user_id, $user_lastname, $user_firstname);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['lastname'] = $user_lastname;
$_SESSION['user']['firstname'] = $user_firstname;
}
}
if ($with_role) {
$r = user_set_role($user_id, $user_role);
if (!$r) {
$internal_error = true;
break;
}
}
if ($with_status) {
$r = user_set_status($user_id, $user_active, $user_banned);
if (!$r) {
$internal_error = true;
break;
}
}
$account_modified = true;
break;
case 'change':
if ($missing_newpassword or $bad_newpassword) {
break;
}
$r = user_set_newpassword($user_id, $user_newpassword);
if (!$r) {
$internal_error = true;
break;
}
$password_changed = true;
break;
case 'delete':
if (!$confirmed) {
$confirm_delete = true;
break;
}
$r = user_delete($user_id);
if (!$r) {
$internal_error = true;
break;
}
return false;
default:
break;
}
$user_newpassword = false;
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['useredit_token'] = $token = token_id();
$errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
$infos = compact('account_modified', 'password_changed');
$output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
return $output;
}
}
// End db_num()
header("Location: ?module=kioskadmin&action=editWare&wareID={$wareID}");
} elseif ($action == "rmBarcode" && !empty($_GET['barcode']) && !empty($_GET['wareID'])) {
$wareID = $_GET['wareID'];
$barcode = $_GET['barcode'];
db_query(sprintf("DELETE FROM %s WHERE barcode=%s AND wareID=%s", $sql_prefix . "_kiosk_barcodes", $barcode, $wareID));
$log = array('barcode' => $barcode, 'wareID' => $wareID);
log_add("kioskadmin", "rmBarcode", serialize($log));
header("Location: ?module=kioskadmin&action=editWare&wareID={$wareID}");
} elseif ($action == "credit") {
$qFindCredits = db_query("SELECT u.nick,u.ID,SUM(totalPrice) AS totalPrice FROM " . $sql_prefix . "_kiosk_sales ks JOIN " . $sql_prefix . "_users u ON u.ID=ks.soldTo WHERE ks.credit = 1 AND creditPaid = 0 AND ks.totalPrice >0 AND eventID = '{$sessioninfo->eventID}' GROUP BY u.nick ORDER BY totalPrice DESC");
$content .= "<table>";
while ($rFindCredits = db_fetch($qFindCredits)) {
$content .= "<tr><td>";
$content .= user_profile($rFindCredits->ID);
$content .= "</td><td>\n";
$content .= "<a href='?module=kioskadmin&action=viewCreditSales&user={$rFindCredits->ID}'>";
$content .= $rFindCredits->totalPrice;
$content .= "</a></td></tr>";
}
// End while
$content .= "</table>\n\n";
} elseif ($action == 'viewCreditSales' && !empty($_GET['user'])) {
$user = $_GET['user'];
$qFindWares = db_query("SELECT kw.ID,kw.name,kw.price,kw.wareType,ksi.amount FROM (" . $sql_prefix . "_kiosk_saleitems ksi LEFT JOIN " . $sql_prefix . "_kiosk_sales ks ON ks.ID=ksi.saleID) LEFT JOIN " . $sql_prefix . "_kiosk_wares kw ON ksi.wareID=kw.ID WHERE ks.credit=1 AND ks.soldTo = '" . db_escape($user) . "' AND ks.totalPrice > 0 AND ks.eventID = '{$sessioninfo->eventID}' ORDER BY kw.name ASC");
$content .= "<table>";
while ($rFindWares = db_fetch($qFindWares)) {
$content .= "<tr><td>";
$content .= $rFindWares->name;
$content .= "</td><td>";
?>
" /></a>
</div>
<?php
if ($this->session->userdata('id') == $comment['user_id']) {
?>
<?php
echo anchor('share/remove_comment/' . $comment['update_comment_id'], icon_img_tag('remove.png'), 'title="' . lang('home_comment_remove') . '" class="update-comment-remove comment-remove-action"');
?>
<?php
}
?>
<?php
echo anchor(user_profile($comment['username']), $comment['username']);
?>
(<small><?php
echo timeSince(strtotime($comment['update_comment_created']));
?>
</small>):
<?php
echo $comment['update_comment_content'];
?>
<div class="clear"></div>
</div>
<?php
}
?>
</div>
$qGetTickets = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE eventID = '{$sessioninfo->eventID}' AND {$where}");
$content .= "<table>\n";
$content .= "<tr><th>" . lang("Ticketnumber", "ticketorder");
$content .= "</th><th>" . lang("Owner", "ticketorder");
$content .= "</th><th>" . lang("User", "ticketorder");
$content .= "</th><th>" . lang("Status", "ticketorder");
$content .= "</th><th>" . lang("Map placement", "ticketorder");
$content .= "</th><th>" . lang("Paid?", "ticketorder");
$content .= "</th></tr>\n\n";
while ($rGetTickets = db_fetch($qGetTickets)) {
$content .= "<tr><td>";
$content .= $rGetTickets->ticketID;
$content .= "</td><td>";
$content .= user_profile($rGetTickets->owner);
$content .= "</td><td>";
$content .= user_profile($rGetTickets->user);
$content .= "</td><td>";
if ($rGetTickets->status == 'used') {
$content .= _("used");
} else {
$content .= _("not used");
}
# $content .= lang($rGetTickets->status, "ticketorder");
$content .= "</td><td>";
$content .= "<a href='?module=seating&ticketID={$rGetTickets->ticketID}'>";
$qFindSeating = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings WHERE ticketID = '{$rGetTickets->ticketID}'");
if (db_num($qFindSeating) == 1) {
$rFindSeating = db_fetch($qFindSeating);
$content .= $rFindSeating->seatX . " / " . $rFindSeating->seatY;
} else {
$content .= lang("No seat chosen");
function threadeditall($lang, $clang)
{
global $supported_threads, $with_toolbar;
if (!user_has_role('writer')) {
return run('error/unauthorized', $lang);
}
$confirmed = false;
$action = 'init';
if (isset($_POST['thread_create'])) {
$action = 'create';
} else {
if (isset($_POST['thread_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['thread_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['threadlist_reorder'])) {
$action = 'reorder';
}
}
}
}
$new_thread_name = $new_thread_title = $new_thread_type = $new_thread_number = false;
$old_thread_number = false;
$p = false;
switch ($action) {
case 'init':
case 'reset':
break;
case 'create':
case 'delete':
case 'reorder':
if (isset($_POST['new_thread_title'])) {
$new_thread_title = readarg($_POST['new_thread_title']);
}
if ($new_thread_title) {
$new_thread_name = strtofname($new_thread_title);
}
if (isset($_POST['new_thread_number'])) {
$new_thread_number = readarg($_POST['new_thread_number']);
}
if (isset($_POST['new_thread_type'])) {
$new_thread_type = readarg($_POST['new_thread_type']);
}
if (isset($_POST['old_thread_number'])) {
$old_thread_number = readarg($_POST['old_thread_number']);
}
if (isset($_POST['p'])) {
$p = $_POST['p'];
// DON'T readarg!
}
default:
break;
}
$thread_list = array();
$r = thread_list($clang, false, false);
if (!$r or count($r) != count($p)) {
$p = false;
}
if ($r) {
$pos = 1;
$thread_url = url('threadedit', $lang);
foreach ($r as $b) {
$b['thread_url'] = $thread_url . '/' . $b['thread_id'];
$b['pos'] = $p ? $p[$pos] : $pos;
$thread_list[$pos] = $b;
$pos++;
}
}
$missing_new_thread_title = false;
$missing_new_thread_name = false;
$bad_new_thread_name = false;
$missing_new_thread_type = false;
$bad_new_thread_type = false;
$bad_new_thread_number = false;
$missing_old_thread_number = false;
$bad_old_thread_number = false;
switch ($action) {
case 'create':
if (!$new_thread_title) {
$missing_new_thread_title = true;
}
if (!$new_thread_name) {
$missing_new_thread_name = true;
} else {
if (!preg_match('#^[\\w-]{2,}$#', $new_thread_name)) {
$bad_new_thread_name = true;
}
}
if (!$new_thread_number) {
$bad_new_thread_number = false;
} else {
if (!is_numeric($new_thread_number)) {
$bad_new_thread_number = true;
} else {
if ($new_thread_number < 1 or $new_thread_number > count($thread_list) + 1) {
$bad_new_thread_number = true;
}
}
}
if (!$new_thread_type) {
$missing_new_thread_type = true;
} else {
if (!in_array($new_thread_type, $supported_threads)) {
$bad_new_thread_type = true;
}
}
break;
case 'delete':
if (!$old_thread_number) {
$missing_old_thread_number = true;
} else {
if (!is_numeric($old_thread_number)) {
$bad_old_thread_number = true;
} else {
if ($old_thread_number < 1 or $old_thread_number > count($thread_list)) {
$bad_old_thread_number = true;
}
}
}
break;
default:
break;
}
$confirm_delete_thread = false;
switch ($action) {
case 'create':
if ($missing_new_thread_title or $missing_new_thread_name or $bad_new_thread_name or $bad_new_thread_number or $missing_new_thread_type or $bad_new_thread_type) {
break;
}
$user_id = user_profile('id');
$np = thread_create($clang, $user_id, $new_thread_name, $new_thread_title, $new_thread_type, $new_thread_number);
if (!$np) {
break;
}
extract($np);
/* thread_id thread_number */
$thread_title = $new_thread_title;
$thread_url = url('threadedit', $lang) . '/' . $thread_id;
$pos = $thread_number;
if ($thread_list) {
foreach ($thread_list as &$tr) {
if ($tr['thread_number'] >= $pos) {
$tr['thread_number']++;
}
if ($tr['pos'] >= $pos) {
$tr['pos']++;
}
}
array_splice($thread_list, $pos - 1, 0, array(compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos')));
array_multisort(range(1, count($thread_list)), $thread_list);
} else {
$pos = 1;
$thread_list = array($pos => compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos'));
}
break;
case 'delete':
if ($missing_old_thread_number or $bad_old_thread_number) {
break;
}
if (!$confirmed) {
$confirm_delete_thread = true;
break;
}
$thread_id = $thread_list[$old_thread_number]['thread_id'];
$r = thread_delete($thread_id);
if (!$r) {
break;
}
unset($thread_list[$old_thread_number]);
foreach ($thread_list as &$b) {
if ($b['pos'] >= $old_thread_number) {
$b['pos']--;
}
}
$old_thread_number = false;
break;
case 'reorder':
if (!$p) {
break;
}
$neworder = range(1, count($p));
array_multisort($p, SORT_NUMERIC, $neworder);
$number = 1;
$nl = array();
foreach ($neworder as $i) {
$tr =& $thread_list[$i];
if ($tr['thread_number'] != $number) {
thread_set_number($tr['thread_id'], $number);
$tr['thread_number'] = $number;
}
$tr['pos'] = $number;
$nl[$number++] = $tr;
}
$thread_list = $nl;
break;
default:
break;
}
head('title', translate('threadall:title', $lang));
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$site_title = translate('title', $lang);
$view = url('thread', $clang) . '?' . 'slang=' . $lang;
$banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view'));
$scroll = true;
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false;
$inlanguages = view('inlanguages', false, compact('clang'));
$errors = compact('missing_new_thread_title', 'bad_new_thread_title', 'missing_new_thread_name', 'missing_new_thread_type', 'bad_new_thread_name', 'bad_new_thread_type', 'bad_new_thread_number', 'missing_old_thread_number', 'bad_old_thread_number');
$content = view('editing/threadeditall', $lang, compact('clang', 'site_title', 'inlanguages', 'supported_threads', 'thread_list', 'new_thread_title', 'new_thread_type', 'new_thread_number', 'old_thread_number', 'confirm_delete_thread', 'errors'));
$output = layout('editing', compact('toolbar', 'banner', 'content'));
return $output;
}
}
// End else
if (!isset($action)) {
# $seatX = $_GET['seatX'];
# $seatY = $_GET['seatY'];
include_once __DIR__ . '/../seatmap/seatmap.php';
if (!empty($_GET['seatX']) && !empty($_GET['seatY'])) {
// Display information about the seat
$qFindSeatings = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings \n\t\t\tWHERE seatX = '" . db_escape($_GET['seatX']) . "'\n\t\t\tAND seatY = '" . db_escape($_GET['seatY']) . "'\n\t\t\tAND eventID = '{$sessioninfo->eventID}'");
if (db_num($qFindSeatings) > 0) {
$rFindSeatings = db_fetch($qFindSeatings);
$qFindTicket = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '{$rFindSeatings->ticketID}'");
$rFindTicket = db_fetch($qFindTicket);
# $qFindUser = db_query("SELECT * FROM ".$sql_prefix."_users WHERE ID = '$rFindTicket->user'");
# $rFindUser = db_fetch($qFindUser);
$content .= user_profile($rFindTicket->user);
# $content .= $rFindUser->firstName." ".$rFindUser->lastName." ".lang("a.k.a.", "seating")." ".$rFindUser->nick;
# if($sessioninfo->userID != 1 && $rFindUser->EMail != '') {
# $qCheckMailSetting = db_query("SELECT * FROM ".$sql_prefix."_userPreferences WHERE name = 'allowViewMail' AND userID = '$rFindTicket->user'");
# $rCheckMailSetting = db_fetch($qCheckMailSetting);
# if($rCheckMailSetting->value == 'on') $content .= "<br />".lang("Contact this user: "******"seating").$rFindUser->EMail;
# } // End if sessioninfo->userID != 1
}
// End db_num > 0
}
// End !empty
$content .= "<br /><br />";
$content .= display_systemstatic("seatmap");
} elseif ($_GET['action'] == "takeseat") {
$seatX = $_GET['seatX'];
$seatY = $_GET['seatY'];
<td width="245" height="177" background="images/w01.jpg" style="padding-left:30px;padding-top:40px;" valign="top">
<?php
if (!defined('GALLERY')) {
die("Hack attempt!");
}
if (isset($_GET[logout])) {
unset($_SESSION['user_id']);
echo "Вы успешно вышли!<br>";
}
if (isset($_SESSION['user_id'])) {
session_start();
$user_id = mysql_real_escape_string($_SESSION['user_id']);
if (!check_user($user_id) || isset($_GET[edit_profile])) {
user_profile($user_id);
} else {
$errors = 0;
//0 - нет препятствий для заливки новых фото
$query = "SELECT * FROM `users` WHERE `id`='{$user_id}'";
$sql = mysql_query($query) or die(mysql_error());
$rows = mysql_fetch_assoc($sql);
if ($rows[photos_count] == 6) {
$errors = 1;
echo "Уведомление: вы достигли максимума загружаемых фото";
}
//define a maxim size for the uploaded images in Kb
define("MAX_SIZE", "1024");
if (isset($_POST['Submit']) && $errors == 0) {
$image = $_FILES['image']['name'];
if ($image) {
//get the original name of the file from the clients machine
$filename = stripslashes($_FILES['image']['name']);
