Exemplo n.º 1
0
 function __construct()
 {
     global $MAIN_CFG, $CPG_SESS;
     if (!is_dir(BASEDIR . 'themes/default/template')) {
         trigger_error('"default" theme does not exist', E_USER_ERROR);
     }
     $this->get_theme();
     $this->_tpldata['.'][0]['REQUEST_URI'] = str_replace('&', '&', substr(URL::uri(), strlen($MAIN_CFG['server']['path'])));
     $this->root = 'themes/' . $this->tpl . '/template';
 }
Exemplo n.º 2
0
function online()
{
    global $userinfo, $prefix, $db, $module_title, $SESS, $mainindex;
    if ($SESS->dbupdate) {
        $url = URL::uri();
        $uname = $SESS->sess_id;
        $guest = 1;
        if (is_user()) {
            $uname = $userinfo['username'];
            $guest = 0;
        } elseif (SEARCHBOT) {
            $uname = SEARCHBOT;
            $guest = 3;
        }
        if (is_admin()) {
            global $CLASS;
            if ($guest == 1) {
                $uname = $CLASS['member']->admin['aid'];
            }
            $guest = 2;
            if (defined('ADMIN_PAGES')) {
                $url = $mainindex;
            }
        }
        $uname = Fix_Quotes($uname);
        if (empty($uname)) {
            return;
        }
        # something screwey
        $ctime = time();
        $custom_title = Fix_Quotes($module_title ? $module_title : _HOME);
        $url = Fix_Quotes(str_replace('&', '&', $url));
        if ($db->sql_count($prefix . '_session', "uname='{$uname}'")) {
            $db->sql_query('UPDATE ' . $prefix . "_session SET time='{$ctime}', module='{$custom_title}', url='{$url}', guest='{$guest}' WHERE uname='{$uname}'", true);
        } else {
            $db->sql_query('INSERT INTO ' . $prefix . "_session (uname, time, host_addr, guest, module, url) VALUES ('{$uname}', '{$ctime}', {$userinfo['user_ip']}, '{$guest}', '{$custom_title}', '{$url}')", true);
        }
    }
}
Exemplo n.º 3
0
        return '<span style="padding:1px; background-color:' . $bgcolor2 . '; border-bottom:solid 1px ' . $bgcolor4 . ';">' . $content . '</span>';
    }
}
$pagetitle .= $module_title . ' ' . _BC_DELIM . ' Search';
require_once 'header.php';
OpenTable();
echo dl_menu() . '<br /><hr />';
$search = new DL_Search();
if (isset($_POST['search']) || isset($_GET['sa']) || isset($_GET['key']) || isset($_GET['search_id'])) {
    $cur_page = isset($_GET['page']) && $_GET['page'] > 0 ? intval($_GET['page']) : 1;
    $perpage = $dl_config['perpage'];
    $limit = ($cur_page - 1) * $perpage;
    $search->search(isset($_GET['search_id']) ? $_GET['search_id'] : '');
    if (count($search->criteria) > 0) {
        echo '<div style="background-color:' . $bgcolor2 . '; padding:3px;"><span class="genmed">Advanced search results</span></div>
<div style="background-color:' . $bgcolor3 . '; border-bottom:1px solid ' . $bgcolor2 . '; padding:3px;"><span style="float:left;" class="genmed">Searching for downloads that match the following criteria:</span><span class="genmed" style="float:right;"><a href="' . URL::index('&amp;file=search&amp;edit=' . $search->search_id) . '">Edit search criteria</a></span><br />';
        foreach ($search->criteria as $key => $value) {
            echo $search->criterion_label($key, htmlprepare($value));
        }
        echo '<br /><br style="clear:both; line-height:0;" /></div>';
    }
    if (!$search->error && $search->result_count == 0) {
        echo $search->show_error('No matching downloads found');
    }
    $cpgtpl->assign_vars(array('NO_DOWNLOADS' => false, 'DL_REVIEW_ACTIVE' => $dl_config['r_active'], 'DL_PAGINATION' => gen_pagination($search->total_results, $perpage, $cur_page, '&amp;file=search&amp;search_id=' . $search->search_id), 'U_TO_TOP' => htmlprepare(URL::uri()), 'L_TO_TOP' => strtolower(_DLP_BACK2TOP), 'L_PAGE' => _DLP_PAGE, 'L_RATING' => _RATING, 'L_POPULARITY' => _POPULARITY, 'L_HOMEPAGE' => 'Homepage', 'L_SUBMITTEDBY' => _DLP_SUBMITTEDBY, 'L_WRITE_REVIEW' => _DLP_WRITEREVIEW));
    $cpgtpl->set_filenames(array('body' => 'downloads/list_downloads.html'));
    $cpgtpl->display('body');
} else {
    echo $search->search_form(isset($_GET['edit']) ? intval($_GET['edit']) : false);
}
CloseTable();
Exemplo n.º 4
0
        }
    }
    $content .= "<img src=\"{$avatar}\" alt=\"\" />";
    $content .= '<br />' . _BWEL . ' <b>' . $userinfo['username'] . '</b><br /><img src="images/spacer.gif" style="height:8px;" alt="" /></div>';
    if ($pm_active) {
        $pm = $userinfo['user_new_privmsg'] + $userinfo['user_unread_privmsg'];
        $content .= '&nbsp;<a title="' . _READSEND . '" href="' . URL::index('Private_Messages') . '"><img src="images/blocks/email.gif" alt="" style="border:0;" /></a>&nbsp;&nbsp;<a title="' . _READSEND . '" href="' . URL::index('Private_Messages') . '">' . _INBOX . '</a>';
        $content .= '&nbsp;&nbsp;' . _NEW . ": <b>{$pm}</b><br />\n";
    }
    $content .= '<a title="' . _ACCOUNTOPTIONS . '" href="' . URL::index('Your_Account') . '"><img src="images/blocks/logout.gif" alt="" /></a>&nbsp;<a title="' . _ACCOUNTOPTIONS . '" href="' . URL::index('Your_Account') . '">' . _Your_AccountLANG . '</a><br />
	<a title="' . _LOGOUTACCT . '" href="' . URL::index('Your_Account&amp;op=logout&amp;redirect', false) . '"><img src="images/blocks/login.gif" alt="" style="float:left;" /></a>&nbsp;<a title="' . _LOGOUTACCT . '" href="' . URL::index('Your_Account&amp;op=logout&amp;redirect', false) . '">' . _LOGOUT . '</a>';
} else {
    if (isset($_GET['redirect']) && !isset($CPG_SESS['user']['redirect'])) {
        $CPG_SESS['user']['redirect'] = $CPG_SESS['user']['uri'];
    }
    $redirect = isset($CPG_SESS['user']['redirect']) ? $CPG_SESS['user']['redirect'] : URL::uri();
    $content .= '<div style="text-align:center;"><img src="images/blocks/no_avatar.gif" alt="" /><br />' . _BWEL . ' <b>' . _ANONYMOUS . '</b></div>
	<hr /><form action="' . $redirect . '" method="post" enctype="multipart/form-data" accept-charset="utf-8" style="margin:0;"><div>
	<span style="float:left; height:25px;">' . _NICKNAME . '</span><span style="float:right; height:25px;"><input type="text" name="ulogin" size="10" maxlength="25" /></span><br />
	<span style="float:left; height:25px;">' . _PASSWORD . '</span><span style="float:right; height:25px;"><input type="password" name="user_password" size="10" maxlength="20" /></span><br />
	';
    if ($MAIN_CFG['debug']['sec_code'] & 2) {
        $content .= '<span style="float:left; height:25px;">' . _SECURITYCODE . '</span><span style="float:right; height:25px;">' . generate_secimg() . '</span><br style="clear:left;" />
		<span style="float:left; height:25px;">' . _TYPESECCODE . '</span><span style="float:right; height:25px;"><input type="text" name="gfx_check" size="8" maxlength="8" /></span><br />';
    }
    // don't show register link unless allowuserreg is yes
    $content .= '<span style="float:left; height:25px;">' . ($MAIN_CFG['member']['allowuserreg'] ? '<input type="button" value="' . _BREG . '" onclick="window.location=\'' . URL::index('Your_Account&amp;file=register', 1, 1) . '\'" />' : '') . '</span>
	<span style="float:right; height:25px;"><input type="submit" value="' . _LOGIN . '" />
	</span></div></form>';
}
if (is_admin()) {
Exemplo n.º 5
0
        $faq_block[$j][$counter]['question'] = $faq[$i][0];
        $faq_block[$j][$counter]['answer'] = $faq[$i][1];
        $counter++;
        $counter_2++;
    } else {
        $j = $counter != 0 ? $j + 1 : 0;
        $faq_block_titles[$j] = $faq[$i][1];
        $counter = 0;
    }
}
//
// Lets build a page ...
//
$page_title = $l_title;
require_once 'includes/phpBB/page_header.php';
make_jumpbox('viewforum');
$template->assign_vars(array('L_FAQ_TITLE' => $l_title, 'L_BACK_TO_TOP' => $lang['Back_to_top'], 'L_GO' => $lang['Go']));
for ($i = 0; $i < count($faq_block); $i++) {
    if (count($faq_block[$i])) {
        $template->assign_block_vars('faq_block', array('BLOCK_TITLE' => $faq_block_titles[$i]));
        $template->assign_block_vars('faq_block_link', array('BLOCK_TITLE' => $faq_block_titles[$i]));
        for ($j = 0; $j < count($faq_block[$i]); $j++) {
            $row_color = !($j % 2) ? $bgcolor2 : $bgcolor1;
            $row_class = !($j % 2) ? 'row1' : 'row2';
            $template->assign_block_vars('faq_block.faq_row', array('ROW_COLOR' => $row_color, 'ROW_CLASS' => $row_class, 'FAQ_QUESTION' => $faq_block[$i][$j]['question'], 'FAQ_ANSWER' => $faq_block[$i][$j]['answer'], 'U_FAQ_ID' => $faq_block[$i][$j]['id'], 'REQUEST_URI' => URL::uri()));
            $template->assign_block_vars('faq_block_link.faq_row_link', array('ROW_COLOR' => $row_color, 'ROW_CLASS' => $row_class, 'FAQ_LINK' => $faq_block[$i][$j]['question'], 'U_FAQ_LINK' => URL::uri() . '#' . $faq_block[$i][$j]['id']));
        }
    }
}
$template->set_filenames(array('body' => 'forums/faq_body.html'));
require_once 'includes/phpBB/page_tail.php';
Exemplo n.º 6
0
function get_uri()
{
    depricated_warning();
    return URL::uri();
}
Exemplo n.º 7
0
  +-------------------------------------------------------------------+
*/
if (!defined('CPG_NUKE')) {
    exit;
}
global $db, $user_prefix, $userinfo, $SESS;
if (is_user()) {
    $newsletter = $userinfo['newsletter'];
    $user_id = $userinfo['user_id'];
    if ($newsletter) {
        $message = _NEWSLETTERBLOCKSUBSCRIBED;
        $action = '<form action="' . URL::uri() . '" method="post"><div><input type="submit" name="nb_unsubscribe" value="' . _NEWSLETTERBLOCKUNSUBSCRIBE . '" /></div></form>';
        if (isset($_POST['nb_unsubscribe'])) {
            $db->sql_query("UPDATE " . $user_prefix . "_users SET newsletter='0' WHERE user_id='{$user_id}'");
            unset($_SESSION['CPG_USER']);
            URL::redirect($uri);
        }
    } else {
        $message = _NEWSLETTERBLOCKNOTSUBSCRIBED;
        $action = '<form action="' . URL::uri() . '" method="post"><div><input type="submit" name="nb_subscribe" value="' . _NEWSLETTERBLOCKSUBSCRIBE . '" /></div></form>';
        if (isset($_POST['nb_subscribe'])) {
            $db->sql_query("UPDATE " . $user_prefix . "_users SET newsletter='1' WHERE user_id='{$user_id}'");
            unset($_SESSION['CPG_USER']);
            URL::redirect($uri);
        }
    }
} else {
    $message = _NEWSLETTERBLOCKREGISTER;
    $action = '<a href="' . URL::index('Your_Account&amp;file=register') . '" title="' . _NEWSLETTERBLOCKREGISTERNOW . '">' . _NEWSLETTERBLOCKREGISTERNOW . '</a>';
}
$content = '<div style="text-align:center;"><img src="images/blocks/newsletter.png" alt="' . _NEWSLETTER . '" title="' . _NEWSLETTER . '" /><br /><br />' . $message . '<br /><br />' . $action . '</div>';
Exemplo n.º 8
0
if ($forum_topic_data['parent_id'] != 0) {
    $is_subforum = true;
    $parent_id = $forum_topic_data['parent_id'];
    $parents = array();
    while ($parent_id != 0) {
        list($parent_name, $parent_id, $parent_forum_id) = $db->sql_ufetchrow("SELECT forum_name AS parent_name, parent_id, forum_id FROM " . FORUMS_TABLE . " WHERE forum_id = {$parent_id}", SQL_NUM);
        $parents[] = '<a href="' . URL::index("&amp;viewforum&amp;f={$parent_forum_id}") . '">' . $parent_name . '</a>';
    }
    $parents = array_reverse($parents);
    $parents_list = implode(' ' . _BC_DELIM . ' ', $parents);
} else {
    $is_subforum = false;
    $parents_list = '';
}
# Send vars to template
$template->assign_vars(array('START_REL' => $start + 1, 'FINISH_REL' => isset($_GET['finish_rel']) ? intval($_GET['finish_rel']) : $board_config['posts_per_page'] - $start, 'FORUM_ID' => $forum_id, 'FORUM_NAME' => $forum_name, 'FORUM_DESC' => $forum_desc, 'TOPIC_ID' => $topic_id, 'TOPIC_TITLE' => $topic_title, 'PAGINATION' => $pagination, 'PAGE_NUMBER' => sprintf($lang['Page_of'], floor($start / $pagination_ppp) + 1, ceil($total_replies / $pagination_ppp)), 'POST_IMG' => $post_img, 'REPLY_IMG' => $reply_img, 'PRINTER_IMG' => $printer_img, 'BC_DELIM' => _BC_DELIM, 'IS_SUBFORUM' => $is_subforum, 'SF_PARENTS' => $parents_list, 'L_AUTHOR' => $lang['Author'], 'L_MESSAGE' => $lang['Message'], 'L_POSTED' => $lang['Posted'], 'L_POST_SUBJECT' => $lang['Post_subject'], 'L_VIEW_NEXT_TOPIC' => $lang['View_next_topic'], 'L_VIEW_PREVIOUS_TOPIC' => $lang['View_previous_topic'], 'L_POST_NEW_TOPIC' => $post_alt, 'L_POST_REPLY_TOPIC' => $reply_alt, 'L_PRINTER_TOPIC' => $printer_alt, 'L_BACK_TO_TOP_LINK' => URL::uri(), 'L_BACK_TO_TOP' => $lang['Back_to_top'], 'L_DISPLAY_POSTS' => $lang['Display_posts'], 'L_LOCK_TOPIC' => $lang['Lock_topic'], 'L_UNLOCK_TOPIC' => $lang['Unlock_topic'], 'L_MOVE_TOPIC' => $lang['Move_topic'], 'L_SPLIT_TOPIC' => $lang['Split_topic'], 'L_DELETE_TOPIC' => $lang['Delete_topic'], 'L_GOTO_PAGE' => $lang['Goto_page'], 'L_GO' => $lang['Go'], 'S_TOPIC_LINK' => POST_TOPIC_URL, 'S_SELECT_POST_DAYS' => $select_post_days, 'S_SELECT_POST_ORDER' => $select_post_order, 'S_POST_DAYS_ACTION' => URL::index("&amp;file=viewtopic&amp;" . POST_TOPIC_URL . "={$topic_id}&amp;start={$start}"), 'S_AUTH_LIST' => $s_auth_can, 'S_TOPIC_ADMIN' => $topic_mod, 'S_WATCH_TOPIC' => $s_watching_topic, 'S_WATCH_TOPIC_IMG' => $s_watching_topic_img, 'U_VIEW_TOPIC' => URL::index("&amp;file=viewtopic&amp;" . POST_TOPIC_URL . "={$topic_id}&amp;start={$start}&amp;postdays={$post_days}&amp;postorder={$post_order}&amp;highlight={$highlight}"), 'U_VIEW_FORUM' => $view_forum_url, 'U_VIEW_OLDER_TOPIC' => $view_prev_topic_url, 'U_VIEW_NEWER_TOPIC' => $view_next_topic_url, 'U_POST_NEW_TOPIC' => $new_topic_url, 'U_PRINTER_TOPIC' => $printer_topic_url, 'U_POST_REPLY_TOPIC' => $reply_topic_url));
# Does this topic contain a poll?
if (!empty($forum_topic_data['topic_vote'])) {
    $s_hidden_fields = '';
    $sql = "SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result\n\t\tFROM " . VOTE_DESC_TABLE . " vd, " . VOTE_RESULTS_TABLE . " vr\n\t\tWHERE vd.topic_id = {$topic_id} AND vr.vote_id = vd.vote_id\n\t\tORDER BY vr.vote_option_id ASC";
    $vote_info = $db->sql_ufetchrowset($sql, SQL_ASSOC);
    if ($vote_info) {
        $vote_options = count($vote_info);
        $vote_id = $vote_info[0]['vote_id'];
        $vote_title = $vote_info[0]['vote_text'];
        $result = $db->sql_query("SELECT vote_id FROM " . VOTE_USERS_TABLE . " WHERE vote_id = {$vote_id} AND vote_user_id = " . intval($userdata['user_id']));
        $user_voted = ($row = $db->sql_fetchrow($result)) ? TRUE : 0;
        $db->sql_freeresult($result);
        if (isset($_GET['vote']) || isset($_POST['vote'])) {
            $view_result = (isset($_GET['vote']) ? $_GET['vote'] : $_POST['vote']) == 'viewresult' ? TRUE : 0;
        } else {
Exemplo n.º 9
0
    }
    $row['link_type'] = -1;
    if (!isset($row['catpos'])) {
        $row['catpos'] = -1;
    }
    $menucats[$row['catpos']][$row['linkpos']] = $row;
}
// Load custom links from database
$result = $db->sql_query("SELECT l.title, l.link, l.link_type, l.view, l.active, l.cat_id, l.pos AS linkpos, c.name, c.image, c.pos AS catpos, c.link AS catlnk, c.link_type AS cattype FROM " . $prefix . "_modules_links AS l LEFT JOIN " . $prefix . "_modules_cat c ON (c.cid = l.cat_id) {$lnkquery} ORDER BY l.pos");
while ($row = $db->sql_fetchrow($result)) {
    if (defined($row['title'])) {
        $row['title'] = constant($row['title']);
    }
    $link = str_ireplace('&amp;', '&', $row['link']);
    if (URL::uri() != '') {
        if (false !== strpos(URL::uri(), $link)) {
            $row['lnkimage'] = 'icon_select.gif';
            $setimage = 0;
        }
    }
    $row['link'] = str_ireplace('&', '&amp;', $link);
    $row['catlnk'] = str_ireplace('&', '&amp;', $row['catlnk']);
    $row['inmenu'] = 1;
    if (!isset($row['catpos'])) {
        $row['catpos'] = -1;
    }
    $menucats[$row['catpos']][$row['linkpos']] = $row;
}
ksort($menucats);
$nocatcontent = '';
while (list($cat, $items) = each($menucats)) {
Exemplo n.º 10
0
    } else {
        $cpgtpl->assign_var('DL_REVIEWS', false);
    }
    $db->sql_freeresult($result);
    if (can_admin($module_name) || $row['submitter'] == $userinfo['user_id']) {
        // pagination
        $cur_page2 = isset($_GET['p_page']) && $_GET['p_page'] > 0 ? intval($_GET['p_page']) : 1;
        $limit2 = ($cur_page2 - 1) * $perpage;
        $result = $db->sql_query("SELECT r.id, r.uid, r.ip, r.title, r.comment, r.score, r.timestamp, u.username, COUNT(r.score) AS votes FROM " . $dl_prefix . "_ratings r\n\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = r.uid)\n\tWHERE r.lid='{$global_id}' AND r.comment!='' AND active=0 \n\tGROUP BY r.id DESC, r.uid, r.ip, r.title, r.comment, r.score, r.timestamp, u.username \n\tLIMIT {$perpage} OFFSET {$limit2}");
        list($pending) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $dl_prefix . "_ratings \n\tWHERE lid='{$global_id}' AND active=0");
        if ($db->sql_numrows($result)) {
            $cpgtpl->assign_vars(array('DL_P_REVIEW_PAGES' => ceil($pending / $perpage) > 1 ? gen_pagination($pending, $perpage, $cur_page2, '&amp;file=details&amp;id=' . $global_id, 'p_reviews', 'p_page') : false, 'DL_P_REVIEWS' => $pending));
            $i = 0;
            while (list($review_id, $review_uid, $review_ip, $review_title, $review_comment, $review_score, $review_timestamp, $review_uname, $review_votes) = $db->sql_fetchrow($result)) {
                $rating_info = get_rating($review_score, $review_votes);
                $cpgtpl->assign_block_vars('dl_p_review', array('ID' => $review_id, 'U_ID' => htmlprepare(URL::uri()) . '#r' . $review_id, 'RATING' => _DLP_REVIEW . ' #' . $review_id . ': ' . $rating_info['desc'], 'U_MEMBER' => URL::index('Your_Account&amp;profile=' . $review_uid), 'MEMBERNAME' => $review_uname, 'DATE' => generate_date($review_timestamp), 'U_DEL' => can_admin($module_name) || $row['submitter'] == $userinfo['user_id'] ? '<a href="' . URL::index('&amp;del_review=' . $review_id) . '">[' . strtolower(_DELETE) . ']</a>' : false, 'U_APPR' => can_admin($module_name) || $row['submitter'] == $userinfo['user_id'] ? '<a href="' . URL::index('&amp;approve_review=' . $review_id) . '">[' . strtolower(_DLP_APPROVE) . ']</a>' : false, 'TITLE' => $review_title, 'COMMENT' => decode_bb_all($review_comment), 'IP' => decode_ip($review_ip), 'IMG_RATE' => dl_image('stars/' . $rating_info['rating'] . '.png'), 'SPACER' => $i > 0));
                $i++;
            }
        } else {
            $cpgtpl->assign_var('DL_P_REVIEWS', false);
        }
        $db->sql_freeresult($result);
    } else {
        $cpgtpl->assign_var('DL_P_REVIEWS', false);
    }
}
if ($row['pick']) {
    $cpgtpl->assign_block_vars('dl_image', array('SRC' => dl_image('pick.png'), 'TITLE' => _DLP_EDPICK));
}
// custom fields: images
$result = $db->sql_query("SELECT field, img_path, img_alt FROM " . $dl_prefix . "_fields \n\tWHERE type=3 AND visible > 0");
Exemplo n.º 11
0
//Module::$custom[-5] = array('mid' => -5, 'name' => 'user_search', 'file' => CORE_PATH.'user_search.php', 'view' => 1);
$name = !empty($_POST['name']) ? $_POST['name'] : (!empty($_GET['name']) ? $_GET['name'] : $MAIN_CFG['global']['main_module']);
if (!preg_match('#^[a-zA-Z0-9_\\-]+$#', $name)) {
    trigger_error(sprintf(_ERROR_BAD_CHAR, strtolower(_MODULES)), E_USER_ERROR);
}
$file = isset($_POST['file']) ? $_POST['file'] : (isset($_GET['file']) ? $_GET['file'] : 'index');
if (!preg_match('#^[a-zA-Z0-9_\\-]+$#', $file)) {
    trigger_error(sprintf(_ERROR_BAD_CHAR, strtolower(_BLOCKFILE2)), E_USER_ERROR);
}
$Module = new Module($name);
if (!is_file(BASEDIR . "modules/{$Module->name}/{$file}.php")) {
    trigger_error("Failed: is_file(modules/{$Module->name}/{$file}.php)", E_USER_WARNING);
    trigger_error(sprintf(_MODULENOEXIST, ''), E_USER_ERROR);
}
if (HTTPS_REQUIRED && 'https' !== DOMAIN_PROTOCOL && $Module->https) {
    URL::redirect('https://' . DOMAIN_NAME . URL::uri());
}
/* class setup */
Module::$file = $file;
// optional
Module::$path = BASEDIR . "modules/{$Module->path_name}/";
// optional
Module::$is_home = $Module->name === $MAIN_CFG['global']['main_module'];
/* finished instructing class */
# check for permissions
$Module->allow();
# get module custom language
get_lang($Module->name, -1);
# setup blocks, showblocks may be depreciated in the near future
Blocks::$showblocks = $Module->sides;
/* compatibility */
Exemplo n.º 12
0
 public function secure_download(&$error, $filename, $realname = '')
 {
     $chunksize = 2048;
     // how many bytes per chunk
     if (empty($realname)) {
         $realname = $filename;
     }
     if (strpos($filename, '://')) {
         // send remote file
         $rdf = parse_url($filename);
         if (!isset($rdf['host'])) {
             return false;
         }
         if (!isset($rdf['port'])) {
             $rdf['port'] = 80;
         }
         if (!isset($rdf['query'])) {
             $rdf['query'] = '';
         }
         $fp = fsockopen($rdf['host'], $rdf['port'], $errno, $errstr, 15);
         if ($fp === false) {
             $error = "{$errno}: {$errstr}";
             trigger_error($error, E_USER_WARNING);
             return false;
         }
         fputs($fp, 'GET ' . $rdf['path'] . $rdf['query'] . " HTTP/1.0\r\n");
         fputs($fp, 'User-Agent: Dragonfly Passthru (' . URL::index('credits', true, true) . ")\r\n");
         fputs($fp, 'Referer: ' . URL::uri() . "\r\n");
         fputs($fp, 'HOST: ' . $rdf['host'] . "\r\n\r\n");
         $data = rtrim(fgets($fp, 512));
         if (false === strpos($data, ' 200 OK')) {
             $error = $data;
             trigger_error($data, E_USER_WARNING);
             return false;
         }
         while (ob_end_clean()) {
         }
         // Read all headers
         while (!empty($data)) {
             $data = rtrim(fgets($fp, 300));
             // read lines
             if (preg_match('#(Content-Length|Content-Type|Last-Modified): #i', $data)) {
                 header($data);
             }
         }
     } else {
         if (preg_match('#\\.(\\.|php$)#', $filename)) {
             $error = "{$filename} isn't allowed to be downloaded";
             trigger_error($error, E_USER_WARNING);
             return false;
         }
         if (!($fp = fopen($filename, 'rb'))) {
             $error = "{$filename} could not be opened";
             trigger_error($error, E_USER_WARNING);
             return false;
         }
         while (ob_end_clean()) {
         }
         $mimetype = ($img = getimagesize($filename)) ? $img['mime'] : '';
         // send local file
         if (!strstr($mimetype, 'image')) {
             $ext = explode('.', $realname);
             $ext = strtolower(array_pop($ext));
             if ($ext == 'bz2') {
                 $mimetype = 'application/bzip2';
             } elseif ($ext == 'gz' || $ext == 'tgz') {
                 $mimetype = 'application/x-gzip';
             } elseif ($ext == 'gtar') {
                 $mimetype = 'application/x-gtar';
             } elseif ($ext == 'tar') {
                 $mimetype = 'application/x-tar';
             } elseif ($ext == 'zip') {
                 $mimetype = 'application/zip';
             } elseif ($ext == 'wma') {
                 $mimetype = 'audio/x-ms-wma';
             } elseif ($ext == 'wmv') {
                 $mimetype = 'video/x-ms-wmv';
             } else {
                 $mimetype = 'application/octet' . (preg_match('#(Opera|compatible; MSIE)#', $_SERVER['HTTP_USER_AGENT']) ? 'stream' : '-stream');
             }
         }
         //			header('Content-Type: "'.mime_content_type(basename($realname)).'"'); // PHP >= 4.3.0
         header('Content-Type: ' . $mimetype . '; name="' . basename($realname) . '"');
         header('Content-Length: ' . filesize($filename));
     }
     header('Content-Encoding:');
     //		header('Content-Disposition: inline; filename="'.basename($realname).'"');
     header('Content-Disposition: attachment; filename="' . basename($realname) . '"');
     set_time_limit(0);
     while (!feof($fp)) {
         print fread($fp, $chunksize);
     }
     return fclose($fp);
 }
Exemplo n.º 13
0
<?php

$LNG = array('_SECURITY_STATUS' => array(301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 500 => 'Internal Server Error', 503 => 'Service Unavailable', 800 => 'Bad IP', 801 => 'Spam url in referer header', 802 => 'Unknown user-agent', 803 => 'Flood Protection'), '_SECURITY_MSG' => array(301 => 'The URL that you requested, ' . URL::uri() . ', has been moved permanently to a new URI and any future references to this page SHOULD use the new URI.', 302 => 'The URL that you requested, ' . URL::uri() . ', has been moved temporarily to a new URI and any future references to this page SHOULD remain.', 400 => 'The URL that you requested, ' . URL::uri() . ', was a bad request.', 401 => 'The URL that you requested, ' . URL::uri() . ', requires preauthorization to access.', 402 => 'The URL that you requested, ' . URL::uri() . ', requires payment to access.', 403 => 'Access to the URL that you requested, ' . URL::uri() . ', is forbidden.', 404 => 'The URL that you requested, ' . URL::uri() . ', could not be found. Perhaps you either mistyped the URL or we have a broken link.<br /><br />We have logged this error and will correct the problem if it is a broken link.', 500 => 'The URL that you requested, ' . URL::uri() . ', resulted in a server configuration error. It is possible that the condition causing the problem will be gone by the time you finish reading this.<br /><br />We have logged this error and will correct the problem.', 503 => 'The URL that you requested, ' . URL::uri() . ', is temporarily unavailable.', 800 => 'You are banned from this site due to a bad ip.', 801 => 'You are banned from this site due to a spam url in the referer header.', 802 => 'You are banned from this site due to a unknown user-agent.', 803 => 'You are banned from this site due to ignoring our anti-flood warnings.', '_FLOOD' => 'You are not allowed to flood our system.<br />You may view our website again after %s seconds', 'Last_warning' => '<p>This is your last warning, next time you will be banned!</p>'));
Exemplo n.º 14
0
 public function write_close()
 {
     if (!$this->started) {
         return;
     }
     global $CPG_SESS, $module_name;
     $_SESSION['SECURITY']['page'] = $module_name;
     $CPG_SESS['admin']['page'] = isset($_GET['op']) ? $_GET['op'] : (isset($_POST['op']) ? $_POST['op'] : '');
     $CPG_SESS['user']['page'] = $module_name;
     $CPG_SESS['user']['file'] = isset($_GET['file']) ? $_GET['file'] : (isset($_POST['file']) ? $_POST['file'] : '');
     $CPG_SESS['user']['uri'] = URL::uri();
     if (isset($CPG_SESS['user']['redirect']) && $CPG_SESS['user']['redirect'] != $CPG_SESS['user']['uri'] && $module_name != 'Your_Account') {
         unset($CPG_SESS['user']['redirect']);
     }
     $_SESSION['CPG_SESS'] = $CPG_SESS;
     session_write_close();
     if (CAN_MOD_INI) {
         ini_set('session.save_handler', $this->old_handler);
     }
     $this->started = false;
 }
Exemplo n.º 15
0
function userinfo($username)
{
    global $db, $prefix, $user_prefix, $currentlang, $pagetitle, $MAIN_CFG, $CPG_SESS, $CLASS, $cpgtpl;
    $owninfo = is_user() && ($username == is_user() || strtolower($username) == strtolower($CLASS['member']->members[is_user()]['username']));
    if ($owninfo) {
        $userinfo =& $CLASS['member']->members[is_user()];
        global $Blocks;
        $block = array('bid' => 10000, 'view' => 1, 'side' => 'l', 'title' => _TB_BLOCK, 'content' => member_block());
        $Blocks->custom($block);
        $block = NULL;
    } else {
        if (!is_user() && $username != 'Anonymous') {
            URL::redirect(URL::index('&amp;profile=Anonymous'));
        } else {
            if (!($userinfo = getusrdata($username)) || $userinfo['user_level'] < 1) {
                require_once 'header.php';
                OpenTable();
                echo _NOINFOFOR . ' <strong>' . htmlspecialchars($username) . '</strong>';
                if (!$userinfo) {
                    echo '<br /><br /><em>' . _MA_USERNOEXIST . '</em>';
                } elseif ($userinfo['user_level'] == 0) {
                    echo '<br /><br /><em>' . _ACCSUSPENDED . '</em>';
                } elseif ($userinfo['user_level'] == -1) {
                    echo '<br /><br /><em>' . _ACCDELETED . '</em>';
                }
                CloseTable();
                return;
            }
        }
    }
    $username = $userinfo['username'];
    $imgpath = 'themes/' . $CPG_SESS['theme'] . '/images/forums/lang_';
    $imgpath .= file_exists($imgpath . $currentlang . '/icon_email.gif') ? $currentlang : 'english';
    if ($owninfo) {
        $pagetitle .= ' ' . _BC_DELIM . ' ' . $username . ', ' . _THISISYOURPAGE;
    } else {
        $pagetitle .= ' ' . _BC_DELIM . ' ' . _PERSONALINFO . ' ' . _BC_DELIM . ' ' . $username;
    }
    require_once 'header.php';
    require_once CORE_PATH . 'nbbcode.php';
    if ($userinfo['user_avatar_type'] == 1) {
        $avatar = $MAIN_CFG['avatar']['path'] . '/' . $userinfo['user_avatar'];
    } else {
        if ($userinfo['user_avatar_type'] == 2) {
            $avatar = $userinfo['user_avatar'];
        } else {
            if ($userinfo['user_avatar_type'] == 3 && !empty($userinfo['user_avatar'])) {
                $avatar = $MAIN_CFG['avatar']['gallery_path'] . '/' . $userinfo['user_avatar'];
            } else {
                $avatar = $MAIN_CFG['avatar']['gallery_path'] . '/' . $MAIN_CFG['avatar']['default'];
            }
        }
    }
    if ($avatar) {
        $avatar = '<img src="' . $avatar . '" alt="" />';
    }
    if ($userinfo['user_website']) {
        if (false === strpos($userinfo['user_website'], '://')) {
            $userinfo['user_website'] = "http://{$userinfo['user_website']}";
        }
    }
    if (!preg_match('#^(http[s]?\\:\\/\\/)?([a-z0-9\\-\\.]+)?[a-z0-9\\-]+\\.[a-z]{2,4}$#i', $userinfo['user_website'])) {
        $userinfo['user_website'] = '';
    }
    if ($userinfo['user_rank']) {
        $sql = 'rank_id = ' . $userinfo['user_rank'] . ' AND rank_special = 1';
    } else {
        $sql = 'rank_min <= ' . intval($userinfo['user_posts']) . ' AND rank_special = 0 ORDER BY rank_min DESC';
    }
    list($poster_rank, $rank_image) = $db->sql_ufetchrow('SELECT rank_title, rank_image FROM ' . $prefix . '_bbranks WHERE ' . $sql, SQL_NUM);
    $poster_rank = $rank_image ? '<img src="' . $rank_image . '" alt="' . $poster_rank . '" title="' . $poster_rank . '" />' : $poster_rank;
    if (can_admin('members') || $owninfo) {
        $result = $db->sql_query("SELECT field, langdef, type FROM " . $user_prefix . "_users_fields WHERE section = 2 OR section = 3");
    } else {
        $result = $db->sql_query("SELECT field, langdef, type FROM " . $user_prefix . "_users_fields WHERE section = 2");
    }
    if ($db->sql_numrows($result) > 0) {
        while ($row = $db->sql_fetchrow($result)) {
            if ($row['type'] == 1) {
                $value = $userinfo[$row['field']] ? _YES : _NO;
            } else {
                $value = $userinfo[$row['field']];
            }
            if (defined($row['langdef'])) {
                $row['langdef'] = constant($row['langdef']);
            }
            $cpgtpl->assign_block_vars('custom_field', array('NAME' => $row['langdef'], 'VALUE' => $value));
        }
    }
    $blog_url = 0;
    if (is_active('Blogs')) {
        list($num_blogs) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $prefix . "_blogs \n\t\tWHERE aid='{$username}' AND private=0");
        if ($num_blogs > 0) {
            $blog_url = 1;
        }
    }
    $show_email = 0;
    if ($userinfo['user_viewemail'] && is_user() || $owninfo || is_admin() && !$CLASS['member']->demo) {
        $email = $userinfo['user_email'];
    } else {
        if ($userinfo['femail']) {
            $email = $userinfo['femail'];
        }
    }
    if (isset($email) && Security::check_email($email)) {
        $email = 'mailto:' . $email;
        if (!$owninfo && is_user()) {
            define('IN_PHPBB', true);
            define('PHPBB_INSTALLED', true);
            $phpbb_root_path = "./modules/Forums/";
            require_once $phpbb_root_path . 'common.php';
            global $board_config;
            if ($board_config['board_email_form']) {
                $email = URL::index('Forums&amp;file=profile&amp;mode=email&amp;u=' . $userinfo['user_id']);
            }
        }
        $show_email = 1;
    }
    $show_pm = 0;
    if (!$owninfo && is_user() && is_active('Private_Messages')) {
        $show_pm = 1;
    }
    $show_gallery = 0;
    if (is_active('coppermine')) {
        $user_gallery = 10000 + $userinfo['user_id'];
        $ugall_result = $db->sql_query("SELECT p.pid FROM " . $prefix . "_cpg_pictures AS p, " . $prefix . "_cpg_albums AS a WHERE a.aid = p.aid AND a.category = {$user_gallery}");
        if ($db->sql_numrows($ugall_result) > 0) {
            $show_gallery = 1;
        }
    }
    $cpgtpl->assign_vars(array('ABOUT_USER' => _ABOUT_USER . $username, 'AVATAR' => $avatar, 'JOINED_DATE' => formatDateTime($userinfo['user_regdate'], _DATESTRING3), 'USER_RANK' => $poster_rank, 'USER_LOCATION' => decode_bb_all($userinfo['user_from']), 'USER_WEBSITE' => $userinfo['user_website'], 'USER_OCCUPATION' => decode_bb_all($userinfo['user_occ']), 'USER_INTERESTS' => decode_bb_all($userinfo['user_interests']), 'USER_SIGNATURE' => $userinfo['user_sig'] ? decode_bb_all($userinfo['user_sig'], 1, false) : false, 'USER_EXTRA_INFO' => $userinfo['bio'] ? decode_bb_all($userinfo['bio'], 1, false) : false, 'BLOG_URL' => $blog_url ? URL::index('Blogs&amp;mode=user&amp;nick=' . $username) : false, 'EMAIL_ADDRESS' => $show_email ? $email : false, 'IMG_PATH' => $imgpath, 'U_PM' => $show_pm ? URL::index("Private_Messages&amp;mode=post&amp;u={$userinfo['user_id']}") : false, 'USER_MSNM' => $userinfo['user_msnm'], 'USER_YIM' => $userinfo['user_yim'], 'USER_AIM' => $userinfo['user_aim'], 'USER_ICQ' => $userinfo['user_icq'], 'USER_SKYPE' => $userinfo['user_skype'], 'USER_GALLERY' => $show_gallery ? URL::index('coppermine&amp;cat=' . (10000 + $userinfo['user_id'])) : false, 'OWN_OR_CAN_ADMIN' => $owninfo || can_admin('members'), 'OWN_INFO' => $owninfo, 'SUBSCRIBED' => $userinfo['newsletter'], 'CAN_ADMIN_MEMBERS' => can_admin('members'), 'U_EDIT_USER' => URL::admin('users&amp;mode=edit&amp;edit=profile&amp;id=' . $userinfo['user_id']), 'U_SUSPEND_USER' => URL::admin('users&amp;mode=edit&amp;edit=admin&amp;id=' . $userinfo['user_id']), 'HEADLINES_ALLOWED' => $owninfo && $MAIN_CFG['member']['my_headlines'], 'URL_URI' => URL::uri(), 'SHOW_RSS' => false));
    if ($owninfo && $MAIN_CFG['member']['my_headlines']) {
        $hid = isset($_POST['hid']) ? intval($_POST['hid']) : 0;
        $url = isset($_POST['url']) ? $_POST['url'] : '';
        $sql4 = 'SELECT hid, sitename FROM ' . $prefix . '_headlines ORDER BY sitename';
        $headl = $db->sql_query($sql4);
        while (list($nhid, $hsitename) = $db->sql_fetchrow($headl)) {
            $sel = $hid == $nhid ? ' selected="selected"' : '';
            $cpgtpl->assign_block_vars('feed_option', array('VALUE' => $nhid, 'SELECTED' => $sel, 'NAME' => $hsitename));
        }
        if ($hid > 0 || $hid == 0 && strlen($url) > 10) {
            if ($hid > 0) {
                $sql5 = 'SELECT sitename, headlinesurl FROM ' . $prefix . "_headlines WHERE hid='{$hid}'";
                $result5 = $db->sql_query($sql5);
                list($title, $url) = $db->sql_fetchrow($result5);
                $siteurl = str_ireplace('http://', '', $url);
                $siteurl = explode('/', $siteurl);
            } else {
                if (false === strpos($url, '://')) {
                    $url = 'http://' . $url;
                }
                $siteurl = str_ireplace('http://', '', $url);
                $siteurl = explode('/', $siteurl);
                $title = 'http://' . $siteurl[0];
            }
            include_once CORE_PATH . 'classes/rss.php';
            $content = CPG_RSS::display($url);
            $cpgtpl->assign_vars(array('SHOW_RSS' => true, 'RSS_CONTENT' => $content, 'RSS_URL' => $siteurl[0], 'RSS_TITLE' => $title));
        }
    }
    $cpgtpl->set_handle('userinfo', 'your_account/userinfo.html');
    $cpgtpl->display('userinfo');
    $blocksdir = dir('modules/Your_Account/blocks');
    while ($func = $blocksdir->read()) {
        if (substr($func, -3) == 'php') {
            $blockslist[] = $func;
        }
    }
    closedir($blocksdir->handle);
    natcasesort($blockslist);
    for ($i = 0; $i < sizeof($blockslist); $i++) {
        require_once 'modules/Your_Account/blocks/' . $blockslist[$i];
    }
}
Exemplo n.º 16
0
		<a href="' . URL::index() . '">' . _MAIN . '</a> | <a href="' . URL::index('&amp;file=search&amp;cat=' . $id_cat) . '">' . _SEARCH . '</a><br /><br />
		<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline">
		<tr><td align="center" class="catleft" colspan="2"><b><span class="gen">' . _QUESTION . '</span></b></td></tr>
		<tr><td align="center" class="row1" colspan="2">' . _SORT . ': ' . (isset($_GET['sort']) && $_GET['sort'] == 'asc' ? '<b>' . _ASCENDING . '</b>' : '<a href="' . URL::index('&amp;cat=' . $id_cat . '&amp;sort=asc') . '">' . _ASCENDING . '</a>') . '
		 / ' . (isset($_GET['sort']) && $_GET['sort'] == 'desc' ? '<b>' . _DESCENDING . '</b>' : '<a href="' . URL::index('&amp;cat=' . $id_cat . '&amp;sort=desc') . '">' . _DESCENDING . '</a>') . '
		</td></tr>';
        foreach ($result as $row) {
            echo '<tr><td class="row1" colspan="2"><span class="gen"><a href="' . htmlprepare(URL::uri()) . '#' . $row['id'] . '">' . $row['question'] . '</a></span></td></tr>';
        }
        echo '</table><br />
		<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline" align="center">
		<tr><td align="center" class="catleft" colspan="2"><b><span class="gen">' . _ANSWER . '</span></b></td></tr>';
        foreach ($result as $row) {
            echo '<tr><td align="justify" class="row1" colspan="2"><a id="' . $row['id'] . '"></a><b><span class="gen">' . $row['question'] . '</span></b><br /><br />
			<span class="gen">' . decode_bbcode($row['answer'], 1) . '</span><br /><br />
			<div style="float:left;"><a href="' . htmlprepare(URL::uri()) . '#top">' . _BACKTOTOP . '</a></div>';
            if (can_admin('faq')) {
                echo '<div style="float:right;"><a href="' . URL::admin('&amp;mode=edit&amp;faq=' . $row['id']) . '">' . _EDIT . '</a> | <a href="' . URL::admin('&amp;mode=delete&amp;faq=' . $row['id']) . '">' . _DELETE . '</a></div>';
            }
            echo '</tr><tr><td class="spaceRow" style="height:1px;"><img src="images/spacer.gif" alt="" width="1" height="1" /></td></tr>';
        }
        echo '</table>';
    } else {
        echo '<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline" align="center">
		<tr><td align="center" class="row1" colspan="2" style="height:22px;">' . sprintf(_ERROR_NONE_TO_DISPLAY, strtolower(_FAQ2)) . '<br /><br /><a href="' . URL::index() . '">' . _BACKTOFAQINDEX . '</a></td></tr>
		</table>';
    }
} else {
    $order = isset($_GET['sort']) && $_GET['sort'] == 'desc' ? 'categories DESC' : (isset($_GET['sort']) ? 'categories ASC' : 'id ASC');
    $querylang = $multilingual ? 'WHERE (flanguage=\'' . $currentlang . '\' OR flanguage= \'\') ' : '';
    $cats = $db->sql_ufetchrowset("SELECT c.id_cat, c.categories, COUNT(a.id_cat) AS faqs FROM " . $prefix . "_faqcategories c \n\t\tLEFT JOIN " . $prefix . "_faqanswer a ON (a.id_cat = c.id_cat) {$querylang} \n\t\tGROUP BY c.categories, c.id_cat \n\t\tORDER BY {$order}", SQL_BOTH, __FILE__, __LINE__);