/**
* Constructor, initializes the output buffering.
*/
public function __construct()
{
global $_CONF;
ob_start();
// buffer any output
$this->_charset = COM_getCharset();
$this->pageTemplate = new Template($_CONF['path_layout']);
$this->_rewriteEnabled = $_CONF['url_rewrite'];
$this->_displayExtraBlocks = $_CONF['show_right_blocks'];
}
public function __construct()
{
global $_CONF, $LANG_CHARSET;
$version = preg_replace("/[^0-9.]/", '', VERSION);
$this->_gl150 = version_compare($version, '1.5.0', '>=');
$this->_gl200 = version_compare($version, '2.0.0', '>=');
if (is_callable('COM_getCharset')) {
$charset = COM_getCharset();
} else {
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
}
$this->_charset = $charset;
}
/**
* Set the encoding of contents
*
* @access public
* @param string $encoding the encoding of contents
* @return void
*/
function setEncoding($encoding)
{
if ($encoding == '') {
$encoding = COM_getCharset();
}
if ($encoding == '') {
// This is very unlikely
$encoding = 'iso-8859-1';
}
$this->_encoding = $encoding;
}
function COM_emailNotification($msgData = array())
{
global $_CONF;
// define the maximum number of emails allowed per bcc
$maxEmailsPerSend = 10;
// ensure we have something to send...
if (!isset($msgData['htmlmessage']) && !isset($msgData['textmessage'])) {
COM_errorLog("COM_emailNotification() - No message data provided");
return false;
// no message defined
}
if (empty($msgData['htmlmessage']) && empty($msgData['textmessage'])) {
COM_errorLog("COM_emailNotification() - Empty message data provided");
return false;
// no text in either...
}
if (!isset($msgData['subject']) || empty($msgData['subject'])) {
COM_errorLog("COM_emailNotification() - No subject provided");
return false;
// must have a subject
}
$queued = 0;
$subject = substr($msgData['subject'], 0, strcspn($msgData['subject'], "\r\n"));
$subject = COM_emailEscape($subject);
require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php';
$mail = new PHPMailer();
$mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/');
$mail->CharSet = COM_getCharset();
if ($_CONF['mail_backend'] == 'smtp') {
$mail->IsSMTP();
$mail->Host = $_CONF['mail_smtp_host'];
$mail->Port = $_CONF['mail_smtp_port'];
if ($_CONF['mail_smtp_secure'] != 'none') {
$mail->SMTPSecure = $_CONF['mail_smtp_secure'];
}
if ($_CONF['mail_smtp_auth']) {
$mail->SMTPAuth = true;
$mail->Username = $_CONF['mail_smtp_username'];
$mail->Password = $_CONF['mail_smtp_password'];
}
$mail->Mailer = "smtp";
} elseif ($_CONF['mail_backend'] == 'sendmail') {
$mail->Mailer = "sendmail";
$mail->Sendmail = $_CONF['mail_sendmail_path'];
} else {
$mail->Mailer = "mail";
}
$mail->WordWrap = 76;
if (isset($msgData['htmlmessage']) && !empty($msgData['htmlmessage'])) {
$mail->IsHTML(true);
$mail->Body = $msgData['htmlmessage'];
if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) {
$mail->AltBody = $msgData['textmessage'];
}
} else {
$mail->IsHTML(false);
if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) {
$mail->Body = $msgData['textmessage'];
}
}
$mail->Subject = $subject;
if (isset($msgData['embeddedImage']) && is_array($msgData['embeddedImage'])) {
foreach ($msgData['embeddedImage'] as $embeddedImage) {
$mail->AddEmbeddedImage($embeddedImage['file'], $embeddedImage['name'], $embeddedImage['filename'], $embeddedImage['encoding'], $embeddedImage['mime']);
}
}
if (is_array($msgData['from'])) {
$mail->From = $msgData['from']['email'];
$mail->FromName = $msgData['from']['name'];
} else {
$mail->From = $msgData['from'];
$mail->FromName = $_CONF['site_name'];
}
$queued = 0;
if (is_array($msgData['to'])) {
foreach ($msgData['to'] as $to) {
if (is_array($to)) {
$mail->AddBCC($to['email'], $to['name']);
} else {
if (COM_isEmail($to)) {
$mail->AddBCC($to);
}
}
$queued++;
if ($queued >= $maxEmailsPerSend) {
if (!$mail->Send()) {
COM_errorLog("Email Error: " . $mail->ErrorInfo);
}
$queued = 0;
$mail->ClearBCCs();
}
}
}
if ($queued > 0) {
if (!@$mail->Send()) {
COM_errorLog("Email Error: " . $mail->ErrorInfo);
}
}
}
}
$row = DB_fetchArray($result);
$aid = $row['album_id'];
$album_data = MG_getAlbumData($aid, array('skin', 'display_skin', 'album_id', 'playback_type', 'allow_download', 'full_display'), true);
if ($album_data['access'] == 0) {
$display = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . '<br' . XHTML . '>' . $LANG_MG00['access_denied_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
$themeCSS = '';
if (!empty($album_data['skin'])) {
$skin = $album_data['skin'];
if (file_exists($_MG_CONF['path_html'] . 'themes/' . $skin . '/javascript.js')) {
$themeCSS .= '<script type="text/javascript" src="' . $_MG_CONF['site_url'] . '/themes/' . $skin . '/javascript.js"></script>' . LB;
}
if (file_exists($_MG_CONF['path_html'] . 'themes/' . $skin . '/style.css')) {
$themeCSS .= '<link rel="stylesheet" type="text/css" href="' . $_MG_CONF['site_url'] . '/themes/' . $skin . '/style.css"' . XHTML . '>' . LB;
}
}
$opt = array('playback_type' => 2, 'skin' => $album_data['skin'], 'display_skin' => $album_data['display_skin'], 'allow_download' => $album_data['allow_download'], 'full_display' => $album_data['full_display']);
$object = MG_buildContent($row, $opt);
$T = COM_newTemplate(MG_getTemplatePath($aid));
$T->set_file('video', 'view_window.thtml');
$T->set_var(array('site_url' => $_MG_CONF['site_url'], 'themeCSS' => $themeCSS, 'charset' => COM_getCharset(), 'object' => $object[0]));
if (!SEC_hasRights('mediagallery.admin')) {
$media_views = $row['media_views'] + 1;
DB_change($_TABLES['mg_media'], 'media_views', $media_views, 'media_id', addslashes($row['media_id']));
}
$display = $T->finish($T->parse('output', 'video'));
COM_output($display);
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '')
{
global $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_DB_dbms;
$album = new mgAlbum($album_id);
if ($actionURL == '') {
$actionURL = $_MG_CONF['site_url'] . '/index.php';
}
$retval = '';
$T = COM_newTemplate(MG_getTemplatePath($album_id));
$T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml'));
// pull the media information from the database...
$sql = "SELECT * FROM ";
if ($_DB_dbms == "mssql") {
$sql = "SELECT *,CAST(media_desc AS TEXT) AS media_desc FROM ";
}
$sql .= ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . addslashes($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($album->access != 3 && !SEC_inGroup($album->mod_group_id) && $row['media_user_id'] != $_USER['uid']) {
COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// Build Album List
$album_jumpbox = '<select name="albums" width="40">';
$root_album = new mgAlbum(0);
$root_album->buildJumpBox($album_jumpbox, $album_id);
$album_jumpbox .= '</select>';
// should check the above for errors, etc...
$exif_info = '';
if ($row['media_type'] == 0) {
if (!function_exists('MG_readEXIF')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php';
}
$exif_info = MG_readEXIF($row['media_id'], 1, $mqueue);
if (empty($exif_info)) {
$exif_info = '';
}
}
$media_time_month = date("m", $row['media_time']);
$media_time_day = date("d", $row['media_time']);
$media_time_year = date("Y", $row['media_time']);
$media_time_hour = date("H", $row['media_time']);
$media_time_minute = date("i", $row['media_time']);
$month_select = '<select name="media_month">';
$month_select .= COM_getMonthFormOptions($media_time_month);
$month_select .= '</select>';
$day_select = '<select name="media_day">';
for ($i = 1; $i < 32; $i++) {
$day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$day_select .= '</select>';
$current_year = (int) date("Y");
$end_year = $current_year + 10;
$year_select = '<select name="media_year">';
for ($i = 1998; $i < $end_year; $i++) {
$year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$year_select .= '</select>';
$hour_select = '<select name="media_hour">';
for ($i = 0; $i < 24; $i++) {
$hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$hour_select .= '</select>';
$minute_select = '<select name="media_minute">';
for ($i = 0; $i < 60; $i++) {
$minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>';
}
$minute_select .= '</select>';
$media_time = MG_getUserDateTimeFormat($row['media_time']);
$tn_size = 1;
list($thumbnail, $pThumbnail, $size) = Media::getThumbInfo($row, $tn_size);
$attached_thumbnail = '';
if ($row['media_tn_attached'] == 1) {
$atnsize = '';
if ($size != false) {
list($newwidth, $newheight) = Media::getImageWH($size[0], $size[1], 150, 150);
$atnsize = 'width="' . $newwidth . '" height="' . $newheight . '"';
}
$attached_thumbnail = '<img src="' . $thumbnail . '" alt="" ' . $atnsize . XHTML . '>';
$tmpthumb = Media::getDefaultThumbnail($row, $tn_size);
$thumbnail = $_MG_CONF['mediaobjects_url'] . '/' . $tmpthumb;
$size = getimagesize($_MG_CONF['path_mediaobjects'] . $tmpthumb);
}
$preview = '';
$preview_end = '';
if ($row['media_type'] == 0 || $row['media_type'] == 1 || $row['media_type'] == 2) {
// image, video and music file
if ($row['media_type'] == 2) {
$win_width = 540;
$win_height = 320;
} elseif ($row['media_type'] == 1) {
$win_width = 660;
$win_height = 525;
} elseif ($row['media_type'] == 0) {
$path = Media::getFilePath('disp', $row['media_filename'], $row['media_mime_ext']);
$media_size_disp = @getimagesize($path);
$win_width = $media_size_disp[0] + 20;
$win_height = $media_size_disp[1] + 20;
} else {
$win_width = 800;
$win_height = 600;
}
$url = Media::getHref_showvideo($row['media_id'], $win_height, $win_width, $mqueue);
$preview = "<a href=\"" . $url . "\">";
$preview_end = "</a>";
}
$rotate_right = '';
$rotate_left = '';
if ($row['media_type'] == 0 && ($_CONF['image_lib'] != 'gdlib' || function_exists("imagerotate"))) {
$rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=right&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"' . XHTML . '></a>';
$rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=left&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"' . XHTML . '></a>';
}
$resolution = '';
$lang_resolution = '';
if ($row['media_type'] == 1) {
// video file
$resolution = 'unknown';
if ($row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0) {
$resolution = $row['media_resolution_x'] . 'x' . $row['media_resolution_y'];
}
$lang_resolution = $LANG_MG07['resolution'];
}
$sql = "SELECT * FROM {$_TABLES['mg_playback_options']} " . "WHERE media_id='" . addslashes($row['media_id']) . "'";
$poResult = DB_query($sql);
$poNumRows = DB_numRows($poResult);
// playback options, if needed...
if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['asf_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu'];
$playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit'];
$playback_options['uimode'] = $_MG_CONF['asf_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar'];
$playback_options['playcount'] = $_MG_CONF['asf_playcount'];
$playback_options['height'] = $_MG_CONF['asf_height'];
$playback_options['width'] = $_MG_CONF['asf_width'];
$playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_resolution' => $lang_resolution, 'resolution' => $resolution));
$T->parse('playback_options', 'asf_options');
}
if ($row['mime_type'] == 'audio/mpeg') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['mp3_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu'];
$playback_options['uimode'] = $_MG_CONF['mp3_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar'];
$playback_options['loop'] = $_MG_CONF['mp3_loop'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode']));
$T->parse('playback_options', 'mp3_options');
}
if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') {
// pull defaults, then override...
$playback_options['play'] = $_MG_CONF['swf_play'];
$playback_options['menu'] = $_MG_CONF['swf_menu'];
$playback_options['quality'] = $_MG_CONF['swf_quality'];
$playback_options['height'] = $_MG_CONF['swf_height'];
$playback_options['width'] = $_MG_CONF['swf_width'];
$playback_options['loop'] = $_MG_CONF['swf_loop'];
$playback_options['scale'] = $_MG_CONF['swf_scale'];
$playback_options['wmode'] = $_MG_CONF['swf_wmode'];
$playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess'];
$playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor'];
$playback_options['swf_version'] = $_MG_CONF['swf_version'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$quality_select = MG_optionlist(array('name' => 'quality', 'current' => $playback_options['quality'], 'values' => array('low' => $LANG_MG07['low'], 'high' => $LANG_MG07['high'])));
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('showall' => $LANG_MG07['showall'], 'noborder' => $LANG_MG07['noborder'], 'exactfit' => $LANG_MG07['exactfit'])));
$wmode_select = MG_optionlist(array('name' => 'wmode', 'current' => $playback_options['wmode'], 'values' => array('window' => $LANG_MG07['window'], 'opaque' => $LANG_MG07['opaque'], 'transparent' => $LANG_MG07['transparent'])));
$asa_select = MG_optionlist(array('name' => 'allowscriptaccess', 'current' => $playback_options['allowscriptaccess'], 'values' => array('always' => $LANG_MG07['always'], 'sameDomain' => $LANG_MG07['sameDomain'], 'never' => $LANG_MG07['never'])));
$T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version']));
if ($row['mime_type'] == 'application/x-shockwave-flash') {
$T->parse('playback_options', 'swf_options');
} else {
$T->parse('playback_options', 'flv_options');
}
}
if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') {
// pull defaults, then override...
$playback_options['autoref'] = $_MG_CONF['mov_autoref'];
$playback_options['autoplay'] = $_MG_CONF['mov_autoplay'];
$playback_options['controller'] = $_MG_CONF['mov_controller'];
$playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : '';
$playback_options['scale'] = $_MG_CONF['mov_scale'];
$playback_options['loop'] = $_MG_CONF['mov_loop'];
$playback_options['height'] = $_MG_CONF['mov_height'];
$playback_options['width'] = $_MG_CONF['mov_width'];
$playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('tofit' => $LANG_MG07['to_fit'], 'aspect' => $LANG_MG07['aspect'], '1' => $LANG_MG07['normal_size'])));
$T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor']));
$T->parse('playback_options', 'mov_options');
}
$remoteurl = $row['remote_url'];
$lang_remote_url = $row['remote_media'] == 1 ? $LANG_MG01['remote_url'] : $LANG_MG01['alternate_url'];
// user information
$username = '';
if (SEC_hasRights('mediagallery.admin')) {
$username = '******';
$sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC";
$result = DB_query($sql);
while ($userRow = DB_fetchArray($result)) {
$username .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB;
}
$username .= '</select>';
} else {
if ($row['media_user_id'] != '') {
$displayname = $_CONF['show_fullname'] ? 'fullname' : 'username';
$username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}");
}
}
$cat_select = '<select name="cat_id" id="cat_id">';
$cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>';
$result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC");
while ($catRow = DB_fetchArray($result)) {
$cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>';
}
$cat_select .= '</select>';
$T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'attached_thumbnail' => $attached_thumbnail, 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end, 'rpath' => htmlentities($back, ENT_QUOTES, COM_getCharset()), 'remoteurl' => $remoteurl, 'lang_remote_url' => $lang_remote_url, 'resolution' => $resolution, 'lang_resolution' => $lang_resolution, 'username' => $username, 'cat_select' => $cat_select, 'media_keywords' => $row['media_keywords'], 'artist' => $row['artist'], 'musicalbum' => $row['album'], 'genre' => $row['genre']));
// language items
$T->set_var(array('lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'lang_replacefile' => $LANG_MG01['replace_file'], 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album']));
$retval .= $T->finish($T->parse('output', 'admin'));
return $retval;
}
/**
* Convert wiki-formatted text to (X)HTML
*
* @param string $wikitext wiki-formatted text
* @return string XHTML formatted text
*
*/
public static function renderWikiText($wikitext)
{
global $_CONF;
if (!$_CONF['wikitext_editor']) {
return $wikitext;
}
require_once 'Text/Wiki.php';
$wiki = new Text_Wiki();
$wiki->setFormatConf('Xhtml', 'translate', HTML_SPECIALCHARS);
$wiki->setRenderConf('Xhtml', 'charset', COM_getCharset());
$wiki->disableRule('wikilink');
$wiki->disableRule('freelink');
$wiki->disableRule('interwiki');
return $wiki->transform($wikitext, 'Xhtml');
}
/**
* Fix the character set of a default feed file which is hard-coded as 'iso-8859-1'.
*
* @param int $fid feed id
*/
function SYND_fixCharset($fid)
{
global $_CONF, $_TABLES, $_SYND_DEBUG;
$sql = "SELECT COUNT(filename) AS cnt " . "FROM {$_TABLES['syndication']} " . "WHERE (fid = {$fid}) AND (filename = 'geeklog.rss') " . "AND (charset = 'iso-8859-1')";
$result = DB_query($sql);
if ($result !== false) {
list($cnt) = DB_fetchArray($result);
if ($cnt == 1) {
$fileName = SYND_getFeedPath('geeklog.rss');
clearstatcache();
if (@filesize($fileName) === 0) {
$charset = DB_escapeString(COM_getCharset());
$sql = "UPDATE {$_TABLES['syndication']} " . "SET charset = '{$charset}' " . "WHERE (fid = {$fid})";
DB_query($sql);
}
}
}
}
/**
* Handle a pingback for an entry.
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param string $id ID of entry that got pinged
* @param string $type type of that entry ('article' for stories, etc.)
* @param string $url URL of the page that pinged us
* @param string $oururl URL that got pinged on our site
* @return object XML-RPC response
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
global $_CONF, $_TABLES, $PNB_ERROR;
require_once 'HTTP/Request.php';
if (!isset($_CONF['check_trackback_link'])) {
$_CONF['check_trackback_link'] = 2;
}
// handle pingbacks to articles on our own site
$skip_speedlimit = false;
if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
if (!isset($_CONF['pingback_self'])) {
$_CONF['pingback_self'] = 0;
// default: skip self-pingbacks
}
if ($_CONF['pingback_self'] == 0) {
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
} elseif ($_CONF['pingback_self'] == 2) {
$skip_speedlimit = true;
}
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
if (!$skip_speedlimit) {
$last = COM_checkSpeedlimit('pingback');
if ($last > 0) {
return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
}
}
// update speed limit in any case
COM_updateSpeedlimit('pingback');
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
if ($_CONF['check_trackback_link'] & 4) {
$parts = parse_url($url);
if (empty($parts['host'])) {
TRB_logRejected('Pingback: No valid URL', $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
} else {
$ip = gethostbyname($parts['host']);
if ($ip != $_SERVER['REMOTE_ADDR']) {
TRB_logRejected('Pingback: IP address mismatch', $url);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
}
}
// See if we can read the page linking to us and extract at least
// the page's title out of it ...
$title = '';
$excerpt = '';
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
$http->debug = 0;
$http->html_debug = 0;
$http->user_agent = 'glFusion/' . GVERSION;
$error = $http->GetRequestArguments($url, $arguments);
$error = $http->Open($arguments);
$error = $http->SendRequest($arguments);
if ($error == "") {
$http->ReadReplyHeaders($headers);
if ($http->response_status == 200) {
$error = $http->ReadWholeReplyBody($body);
if ($error == "" || strlen($body) > 0) {
if ($_CONF['check_trackback_link'] & 3) {
if (!TRB_containsBacklink($body, $oururl)) {
TRB_logRejected('Pingback: No link to us', $url);
$comment = TRB_formatComment($url);
PLG_spamAction($comment, $_CONF['spamx']);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
preg_match(':<title>(.*)</title>:i', $body, $content);
if (empty($content[1])) {
$title = '';
// no title found
} else {
$title = trim(COM_undoSpecialChars($content[1]));
}
if ($_CONF['pingback_excerpt']) {
// Check which character set the site that sent the Pingback
// is using
$charset = 'ISO-8859-1';
// default, see RFC 2616, 3.7.1
$ctype = $headers['content-type'];
$c = explode(';', $ctype);
foreach ($c as $ct) {
$ch = explode('=', trim($ct));
if (count($ch) === 2) {
if (trim($ch[0]) === 'charset') {
$charset = trim($ch[1]);
break;
}
}
}
if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
if (function_exists('mb_convert_encoding')) {
$body = @mb_convert_encoding($body, COM_getCharset(), $charset);
} elseif (function_exists('iconv')) {
$body = @iconv($charset, COM_getCharset(), $body);
}
}
$excerpt = PNB_makeExcerpt($body, $oururl);
}
// we could also run the rest of the other site's page
// through the spam filter here ...
} else {
COM_errorLog("Pingback verification: unable to retrieve response body");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
} else {
COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
} else {
COM_errorLog("Pingback verification: " . $error . " when requesting " . $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
// check for spam first
$saved = TRB_checkForSpam($url, $title, '', $excerpt);
if ($saved == TRB_SAVE_SPAM) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
// save as a trackback comment
$saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
if ($saved == TRB_SAVE_REJECT) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
}
if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
TRB_sendNotificationEmail($saved, 'pingback');
}
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
/**
* Escape a string for displaying in HTML
*/
function DLM_htmlspecialchars($text)
{
$text = str_replace(array('<', '>', '&', '"', '''), array('<', '>', '&', '"', "'"), $text);
return htmlspecialchars($text, ENT_QUOTES, COM_getCharset());
}
/**
* Send a trackback ping
*
* Based on a code snippet by Jannis Hermanns,
* http://www.jannis.to/programming/trackback.html
*
* @param string $targeturl URL to ping
* @param string $url URL of our entry
* @param string $title title of our entry
* @param string $excerpt text excerpt from our entry
* @param string $blog name of our Geeklog site
* @return mixed true = success, otherwise: error message
*
*/
function TRB_sendTrackbackPing($targeturl, $url, $title, $excerpt, $blog = '')
{
global $_CONF, $LANG_TRB;
if (empty($blog)) {
$blog = $_CONF['site_name'];
}
$target = parse_url($targeturl);
if (!isset($target['query'])) {
$target['query'] = '';
} else {
if (!empty($target['query'])) {
$target['query'] = '?' . $target['query'];
}
}
if (!isset($target['port']) || !is_numeric($target['port'])) {
$target['port'] = 80;
}
$sock = fsockopen($target['host'], $target['port']);
if (!is_resource($sock)) {
COM_errorLog('Trackback: Could not connect to ' . $targeturl);
return $LANG_TRB['error_socket'];
}
$toSend = 'url=' . rawurlencode($url) . '&title=' . rawurlencode($title) . '&blog_name=' . rawurlencode($blog) . '&excerpt=' . rawurlencode($excerpt);
$charset = COM_getCharset();
fputs($sock, 'POST ' . $target['path'] . $target['query'] . " HTTP/1.0\r\n");
fputs($sock, 'Host: ' . $target['host'] . "\r\n");
fputs($sock, 'Content-type: application/x-www-form-urlencoded; charset=' . $charset . "\r\n");
fputs($sock, 'Content-length: ' . MBYTE_strlen($toSend) . "\r\n");
fputs($sock, 'User-Agent: Geeklog/' . VERSION . "\r\n");
fputs($sock, "Connection: close\r\n\r\n");
fputs($sock, $toSend);
$res = '';
while (!feof($sock)) {
$res .= fgets($sock, 128);
}
fclose($sock);
// firing up the XML parser for this would be overkill ...
$r1 = strpos($res, '<error>');
$r2 = strpos($res, '</error>');
if ($r1 === false || $r2 === false) {
return $LANG_TRB['error_response'];
}
$r1 += strlen('<error>');
$e = trim(substr($res, $r1, $r2 - $r1));
if ($e != 0) {
$r1 = strpos($res, '<message>');
$r2 = strpos($res, '</message>');
$r1 += strlen('<message>');
if ($r1 === false || $r2 === false) {
return $LANG_TRB['error_unspecified'];
}
$m = trim(substr($res, $r1, $r2 - $r1));
return $m;
}
return true;
}
}
if (!$iframe) {
$pageTitle = strip_tags(COM_checkWords($subject));
$canonical = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $showtopic;
if ($page > 1) {
$canonical .= '&page=' . $page;
}
$headercode = '<link rel="canonical" href="' . $canonical . '" />';
$display .= FF_siteHeader($pageTitle, $headercode);
$display .= FF_ForumHeader($forum, $showtopic);
} else {
list($cacheFile, $cacheURL) = COM_getStyleCacheLocation();
$csslink = $cacheURL;
$topicTemplate->set_var('csslink', $csslink);
$outputHandle = outputHandler::getInstance();
$topicTemplate->set_var(array('meta-header' => $outputHandle->renderHeader('meta'), 'css-header' => $outputHandle->renderHeader('style'), 'js-header' => $outputHandle->renderHeader('script'), 'raw-header' => $outputHandle->renderHeader('raw'), 'charset' => COM_getCharset()));
}
if (isset($_GET['lastpost']) && $_GET['lastpost']) {
if ($page == 0) {
$page = $numpages;
}
if (isset($_GET['onlytopic']) && $_GET['onlytopic'] == 1) {
$order = $_FF_CONF['showtopic_review_order'];
$page = 1;
} else {
$order = $FF_userprefs['topic_order'];
//'ASC';
}
if ($page > 1) {
$offset = ($page - 1) * $show;
} else {
/**
* Escapes a string for HTML output
*/
function MG_escape($str)
{
static $charset = NULL;
if ($charset == NULL) {
$charset = COM_getCharset();
}
$str = str_replace(array('<', '>', '&', '"', '''), array('<', '>', '&', '"', "'"), $str);
return htmlspecialchars($str, ENT_QUOTES, $charset);
}
/**
* Get a valid encoding for htmlspecialchars()
*
* @return string character set, e.g. 'utf-8'
*
*/
function COM_getEncodingt()
{
static $encoding;
if ($encoding === null) {
$encoding = strtolower(COM_getCharset());
$valid_charsets = array('iso-8859-1', 'iso-8859-15', 'utf-8', 'cp866', 'cp1251', 'cp1252', 'koi8-r', 'big5', 'gb2312', 'big5-hkscs', 'shift_jis', 'sjis', 'euc-jp');
if (!in_array($encoding, $valid_charsets)) {
$encoding = 'iso-8859-1';
}
}
return $encoding;
}
die('This file cannot be used on its own.');
}
// Prepares locale data
$locale = array();
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$locale['ja'] = array('locale' => 'C', 'date' => '%Y年%m月%d日 %H:%M', 'daytime' => '%m月%d日 %H:%M', 'shortdate' => '%d', 'dateonly' => '%m%d', 'timeonly' => '%H:%M');
} else {
$locale['ja'] = array('locale' => strtoupper(substr(PHP_OS, 0, 7)) === 'FREEBSD' ? 'ja_JP' : 'ja_JP.UTF-8', 'date' => '%Y年%B%e日(%a) %H:%M %Z', 'daytime' => '%m/%d %H:%M %Z', 'shortdate' => '%Y年%B%e日', 'dateonly' => '%B%e日', 'timeonly' => '%H:%M %Z');
}
$locale['en'] = array('locale' => 'en_GB', 'date' => '%A, %B %d %Y @ %I:%M %p %Z', 'daytime' => '%m/%d %I:%M%p', 'shortdate' => '%x', 'dateonly' => '%d-%b', 'timeonly' => '%I:%M %p %Z');
$htmlfilter = array();
$htmlfilter['ja'] = array('user' => array('a' => array('href' => 1, 'title' => 1, 'rel' => 1), 'b' => array(), 'blockquote' => array(), 'br' => array('clear' => 1), 'code' => array(), 'div' => array('class' => 1), 'em' => array(), 'font' => array('color' => 1), 'h' => array(), 'hr' => array(), 'i' => array(), 'li' => array(), 'ol' => array(), 'p' => array('lang' => 1), 'pre' => array(), 'strong' => array(), 'tt' => array(), 'ul' => array()), 'admin' => array('a' => array('href' => 1, 'title' => 1, 'id' => 1, 'lang' => 1, 'name' => 1, 'type' => 1, 'rel' => 1), 'br' => array('clear' => 1, 'style' => 1), 'caption' => array('style' => 1), 'div' => array('class' => 1, 'id' => 1, 'style' => 1), 'embed' => array('src' => 1, 'loop' => 1, 'quality' => 1, 'width' => 1, 'height' => 1, 'type' => 1, 'pluginspage' => 1, 'align' => 1), 'h1' => array('class' => 1, 'id' => 1, 'style' => 1), 'h2' => array('class' => 1, 'id' => 1, 'style' => 1), 'h3' => array('class' => 1, 'id' => 1, 'style' => 1), 'h4' => array('class' => 1, 'id' => 1, 'style' => 1), 'h5' => array('class' => 1, 'id' => 1, 'style' => 1), 'h6' => array('class' => 1, 'id' => 1, 'style' => 1), 'hr' => array('class' => 1, 'id' => 1, 'align' => 1), 'img' => array('src' => 1, 'width' => 1, 'height' => 1, 'vspace' => 1, 'hspace' => 1, 'dir' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'lang' => 1, 'longdesc' => 1, 'title' => 1, 'id' => 1, 'alt' => 1, 'style' => 1), 'noscript' => array(), 'object' => array('type' => 1, 'data' => 1, 'classid' => 1, 'codebase' => 1, 'width' => 1, 'height' => 1, 'align' => 1), 'ol' => array('class' => 1, 'style' => 1), 'p' => array('class' => 1, 'id' => 1, 'align' => 1, 'lang' => 1), 'param' => array('name' => 1, 'value' => 1), 'script' => array('src' => 1, 'language' => 1, 'type' => 1), 'span' => array('class' => 1, 'id' => 1, 'lang' => 1), 'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1, 'cellspacing' => 1, 'cellpadding' => 1), 'tbody' => array(), 'td' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1), 'th' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1), 'tr' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1), 'ul' => array('class' => 1, 'style' => 1)));
$htmlfilter['en'] = array('user' => array('p' => array(), 'b' => array(), 'strong' => array(), 'i' => array(), 'a' => array('href' => 1, 'title' => 1, 'rel' => 1), 'em' => array(), 'br' => array(), 'tt' => array(), 'hr' => array(), 'li' => array(), 'ol' => array(), 'ul' => array(), 'code' => array(), 'pre' => array()), 'admin' => array('p' => array('class' => 1, 'id' => 1, 'align' => 1), 'div' => array('class' => 1, 'id' => 1), 'span' => array('class' => 1, 'id' => 1), 'table' => array('class' => 1, 'id' => 1, 'width' => 1, 'border' => 1, 'cellspacing' => 1, 'cellpadding' => 1), 'tr' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1), 'th' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1), 'td' => array('class' => 1, 'id' => 1, 'align' => 1, 'valign' => 1, 'colspan' => 1, 'rowspan' => 1)));
$_JAPANIZE_DATA = array();
// 1. テーブル構造とデータを変更する
$_JAPANIZE_DATA[1] = array(array('ja' => "ALTER TABLE {$_TABLES['syndication']} " . "MODIFY language VARCHAR(20) NOT NULL DEFAULT 'ja' ", 'en' => "ALTER TABLE {$_TABLES['syndication']} " . "MODIFY language VARCHAR(20) NOT NULL DEFAULT 'en-gb' "), array('ja' => "UPDATE {$_TABLES['syndication']} " . "SET language = 'ja' ", 'en' => "UPDATE {$_TABLES['syndication']} " . "SET language = 'en-gb' "), array('ja' => "UPDATE {$_TABLES['syndication']} " . "SET charset = 'utf-8' ", 'en' => "UPDATE {$_TABLES['syndication']} " . "SET charset = '" . COM_getCharset() . "' "), array('ja' => "ALTER TABLE {$_TABLES['users']} " . "MODIFY username VARCHAR(108) NOT NULL DEFAULT '' ", 'en' => "ALTER TABLE {$_TABLES['users']} " . "MODIFY username VARCHAR(16) NOT NULL DEFAULT '' "), array('ja' => "UPDATE {$_TABLES['users']} " . "SET username = '******'ゲストユーザー') . "', " . " fullname = '" . DB_escapeString('ゲストユーザー') . "' " . "WHERE (uid = 1) ", 'en' => "UPDATE {$_TABLES['users']} " . "SET username = '******', fullname = 'Anonymous' " . "WHERE (uid = 1) "), array('ja' => "UPDATE {$_TABLES['users']} " . "SET fullname= '" . DB_escapeString('サイト管理者') . "', homepage='" . DB_escapeString($_CONF['site_url']) . "' " . "WHERE (uid = 2) ", 'en' => "UPDATE {$_TABLES['users']} " . "SET fullname= 'Geeklog SuperUser', homepage='http://www.geeklog.net/' " . "WHERE (uid = 2) "), array('ja' => "UPDATE {$_TABLES['stories']} " . "SET title = '" . DB_escapeString('Geeklogへようこそ!') . "', " . "introtext = '" . DB_escapeString("<p>無事インストールが完了したようですね。おめでとうございます。できれば、<a href=\"docs/japanese/index.html\">docs ディレクトリ</a>のすべての文書に一通り目を通しておいてください。Geeklogはユーザーを中心としたセキュリティモデルを実装しています。Geeklogを管理・運用するにはこの仕組みを理解する必要があります。</p>\n<p>サイトにログインするには、次のアカウントを使用してください:</p>\n<p>ユーザー名: <strong>Admin</strong><br />\nパスワード: <strong>password</strong></p><p><strong>ログインしたら、忘れずに<a href=\"{$_CONF['site_url']}/usersettings.php?mode=edit\">パスワードを変更</a>してください。</strong></p><p>Geeklogのサポートは、<a href=\"http://www.geeklog.jp\">Geeklog Japanese</a>へ。追加ドキュメントは <a href=\"http://wiki.geeklog.jp\">Geeklog Wiki ドキュメント</a>をどうぞ。</p>") . "' " . "WHERE (sid = 'welcome') ", 'en' => "UPDATE {$_TABLES['stories']} " . "SET title = 'Welcome to Geeklog!', " . "introtext = '" . DB_escapeString("<p>Welcome and let me be the first to congratulate you on installing Geeklog. Please take the time to read everything in the <a href=\"docs/english/index.html\">docs directory</a>. Geeklog now has enhanced, user-based security. You should thoroughly understand how these work before you run a production Geeklog Site.</p>\n<p>To log into your new Geeklog site, please use this account:</p>\n<p>Username: <b>Admin</b><br />\nPassword: <b>password</b></p><p><b>And don't forget to <a href=\"{$_CONF['site_url']}/usersettings.php?mode=edit\">change your password</a> after logging in!</b></p>") . "' " . "WHERE (sid = 'welcome') "), array('ja' => "UPDATE {$_TABLES['storysubmission']} " . "SET title = '" . DB_escapeString('セキュリティを確認してください。') . "', " . "introtext = '" . DB_escapeString("<p>インストールが終了したら、次のことを実行してセキュリティを高めてください。</p><ol>\n<li>Adminアカウントのパスワードを変更する。</li>\n<li>installディレクトリを削除する(もう必要ありません)。</li>\n</ol>") . "' " . "WHERE (sid = 'security-reminder') ", 'en' => "UPDATE {$_TABLES['storysubmission']} " . "SET title = 'Are you secure?', " . "introtext = '" . DB_escapeString("<p>This is a reminder to secure your site once you have Geeklog up and running. What you should do:</p>\n\n<ol>\n<li>Change the default password for the Admin account.</li>\n<li>Remove the install directory (you won't need it any more).</li>\n</ol>") . "' " . "WHERE (sid = 'security-reminder') "), array('ja' => "UPDATE {$_TABLES['topics']} " . "SET topic = '" . DB_escapeString('おしらせ') . "' " . "WHERE (tid = 'General') ", 'en' => "UPDATE {$_TABLES['topics']} " . "SET topic = '" . DB_escapeString('General News') . "' " . "WHERE (tid = 'General') "));
if (DB_checkTableExists('events')) {
// イベントの郵便番号を16桁に
$_JAPANIZE_DATA[1][] = array('ja' => "ALTER TABLE {$_TABLES['events']} MODIFY zipcode VARCHAR(16)", 'en' => "SELECT 1");
$_JAPANIZE_DATA[1][] = array('ja' => "ALTER TABLE {$_TABLES['eventsubmission']} MODIFY zipcode VARCHAR(16)", 'en' => "SELECT 1");
$_JAPANIZE_DATA[1][] = array('ja' => "ALTER TABLE {$_TABLES['personal_events']} MODIFY zipcode VARCHAR(16)", 'en' => "SELECT 1");
}
if (DB_checkTableExists('linkcategories')) {
$_JAPANIZE_DATA[1][] = array('ja' => "UPDATE {$_TABLES['linkcategories']} " . "SET description = '" . DB_escapeString('Geeklog関係のサイト') . "' " . "WHERE (cid = '" . DB_escapeString('geeklog-sites') . "') ", 'en' => "UPDATE {$_TABLES['linkcategories']} " . "SET description = '" . DB_escapeString('Sites using or related to the Geeklog CMS') . "' " . "WHERE (cid = '" . DB_escapeString('geeklog-sites') . "') ");
}
if (DB_checkTableExists('links')) {
if (DB_count($_TABLES['links'], 'lid', 'geeklog.jp') == 0) {
$group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'");
$_JAPANIZE_DATA[1][] = array('ja' => "INSERT INTO {$_TABLES['links']} " . "(lid, cid, url, description, title, hits, date, " . "owner_id, group_id, perm_owner, perm_group, " . "perm_members, perm_anon) " . "VALUES ('geeklog.jp', 'geeklog-sites', 'http://www.geeklog.jp/', " . "'" . DB_escapeString('Geeklog日本公式サイト') . "', '" . DB_escapeString('Geeklog Japanese') . "', 0, NOW(), 1, {$group_id}, " . "3, 3, 2, 2) ", 'en' => "DELETE FROM {$_TABLES['links']} " . "WHERE (lid = 'geeklog.jp')");
} else {
$_JAPANIZE_DATA[1][] = array('ja' => "SELECT 1", 'en' => "DELETE FROM {$_TABLES['links']} " . "WHERE (lid = 'geeklog.jp')");
/**
* this searches for pages matching the user query and returns an array of
* for the header and table rows back to search.php where it will be formated and
* printed
*
* @query string Keywords user is looking for
* @datestart date/time Start date to get results for
* @dateend date/time End date to get results for
* @topic string The topic they were searching in
* @type string Type of items they are searching
* @author string Get all results by this author
*
*/
function MG_search($id, $page, $searchinfo = '')
{
global $_USER, $_TABLES, $_CONF, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
$columns_per_page = $_MG_CONF['search_columns'];
$rows_per_page = $_MG_CONF['search_rows'];
if (!empty($searchinfo['numresults'])) {
$rows_per_page = intval($searchinfo['numresults'] / $columns_per_page);
}
$media_per_page = $columns_per_page * $rows_per_page;
$current_print_page = $page;
// $alertmsg = '<div class="pluginAlert">' . $LANG_MG03['no_search_found'] . '</div>';
// pull the query from the search database...
$result = DB_query("SELECT * FROM {$_TABLES['mg_sort']} WHERE sort_id='" . addslashes($id) . "'");
// $nrows = DB_numRows($result);
// if ($nrows < 1) {
// return $alertmsg;
// }
$S = DB_fetchArray($result);
if (!isset($_USER['uid']) || $_USER['uid'] < 2) {
$sort_user = 1;
} else {
$sort_user = $_USER['uid'];
}
// if ($sort_user != $S['sort_user'] && $S['sort_user'] != 1) {
// return $alertmsg;
// }
$page = $page - 1;
$begin = $media_per_page * $page;
$end = $media_per_page;
$root_album_owner_id = SEC_hasRights('mediagallery.admin');
$permsql = COM_getPermSQL('AND', $sort_user, 2, 'a');
$hiddensql = !$root_album_owner_id ? "AND a.hidden=0 " : '';
$sql = "SELECT DISTINCT count(*) AS c FROM {$_TABLES['mg_media']} AS m, " . $_TABLES['mg_media_albums'] . " AS ma, " . $_TABLES['mg_albums'] . " AS a " . $S['sort_query'] . " AND m.media_id=ma.media_id AND ma.album_id=a.album_id " . $hiddensql . $permsql;
$result = DB_query($sql);
$row = DB_fetchArray($result);
$total_media = $row['c'];
// if ($total_media < 1) {
// return $alertmsg;
// }
$sql = "SELECT DISTINCT m.*,a.album_id FROM {$_TABLES['mg_media']} AS m, " . $_TABLES['mg_media_albums'] . " AS ma, " . $_TABLES['mg_albums'] . " AS a " . $S['sort_query'] . " AND m.media_id=ma.media_id AND ma.album_id=a.album_id " . $hiddensql . $permsql . " ORDER BY m.media_time DESC" . " LIMIT " . $begin . "," . intval($begin + $end);
$result = DB_query($sql);
$media_array = array();
while ($row = DB_fetchArray($result)) {
$media_array[] = $row;
}
$total_print_pages = ceil($total_media / $media_per_page);
$pagination = COM_printPageNavigation($_MG_CONF['site_url'] . '/search.php?id=' . $id, $page + 1, $total_print_pages, 'page=');
$page_number = sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages);
$return_url = $S['referer'] == '' ? $_MG_CONF['site_url'] : htmlentities($S['referer'], ENT_QUOTES, COM_getCharset());
// new stuff
$T = COM_newTemplate(MG_getTemplatePath_byName());
$T->set_file('page', 'search_page.thtml');
$T->set_var(array('site_url' => $_MG_CONF['site_url'], 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => $pagination, 'bottom_pagination' => $pagination, 'page_number' => $page_number, 'lang_search_results' => $LANG_MG03['search_results'], 'lang_return_to_index' => $LANG_MG03['return_to_index'], 'return_url' => $return_url, 'search_keywords' => $searchinfo['keywords'] == '*' ? '*' : $S['keywords'], 'lang_search' => $LANG_MG01['search']));
MG_buildSearchBox($T, $searchinfo);
$howmany = $total_media - $page * $media_per_page;
if ($howmany > $total_media) {
$howmany = $total_media;
}
if ($howmany > 0) {
$k = 0;
$col = 0;
$opt = array('sortOrder' => 0, 'searchmode' => 1);
$T->set_block('page', 'ImageColumn', 'IColumn');
$T->set_block('page', 'ImageRow', 'IRow');
for ($i = 0; $i < $media_per_page; $i += $columns_per_page) {
$next_columns = $i + $columns_per_page;
for ($j = $i; $j < $next_columns; $j++) {
if ($j >= $total_media) {
$T->parse('IRow', 'ImageRow', true);
$T->set_var('IColumn', '');
break 2;
}
if ($j + $begin >= $total_media) {
continue;
}
$media = new Media($media_array[$j], $media_array[$j]['album_id']);
$celldisplay = $media->displayThumb($opt);
if ($media->type == 1) {
$PhotoURL = MG_getFileUrl('disp', $media->filename);
$T->set_var('URL', $PhotoURL);
}
$T->set_var('clear_float', '');
if ($col == $columns_per_page) {
$T->set_var('clear_float', ' clear:both;');
$col = 0;
}
$T->set_var('CELL_DISPLAY_IMAGE', $celldisplay);
$T->parse('IColumn', 'ImageColumn', true);
$col++;
}
$T->parse('IRow', 'ImageRow', true);
$T->set_var('IColumn', '');
}
$T->set_var('album_body', 1);
} else {
$T->set_var('lang_no_image', $LANG_MG03['no_media_objects']);
}
return $T->finish($T->parse('output', 'page'));
}
$msg = COM_applyFilter($_GET['msg'], true);
if ($msg <= 0) {
$msg = 0;
}
}
// Handle just template staticpage security here, rest done in services.
// Cannot view template staticpages directly. If template staticpage bail here
// if user doesn't have edit rights.
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) {
if (SEC_hasRights('staticpages.edit')) {
$perms = SP_getPerms('', '3');
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') {
COM_handle404();
exit;
}
} else {
COM_handle404();
exit;
}
}
$retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);
if ($display_mode == 'print') {
header('Content-Type: text/html; charset=' . COM_getCharset());
if (!empty($_CONF['frame_options'])) {
header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']);
}
}
COM_output($retval);
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
include '../../lib-common.php';
include '../library.php';
$mytimer = new timerobject();
$mytimer->startTimer();
$charset = COM_getCharset();
// Code added to handle the issue with the default $_COOKIE array being sent by the Flash Image uploader
// We can sent the cookies in the post form data and then extract and filter the data to rebuild the COOKIE array
// Also now need this to support Geeklog 1.6.1 that enables HTTP only cookie support.
// Javascript no longer has access to the gl_session id in the cookie - issue only apparent in the YUI upload form
if (!isset($_USER['uid']) and isset($_POST['cookie_session'])) {
$_COOKIE[$_CONF['cookie_session']] = COM_applyFilter($_POST['cookie_session']);
// Have a valid session id now from the COOKIE - ReInitialize the session data
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$_USER = SESS_sessionCheck();
if ($_USER['uid'] > 0) {
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
}
}
/**
* Send an email.
* All emails sent by Geeklog are sent through this function.
* NOTE: Please note that using CC: will expose the email addresses of
* all recipients. Use with care.
*
* @param string $to recipients name and email address
* @param string $subject subject of the email
* @param string $body the text of the email
* @param string $from (optional) sender of the the email
* @param bool $html (optional) true if to be sent as HTML email
* @param int $priority (optional) add X-Priority header, if > 0
* @param mixed $optional (optional) other headers or CC:
* @param array $attachments (optional) attachment files
* @return bool true if successful, otherwise false
*/
public static function send($to, $subject, $body, $from = '', $html = false, $priority = 0, $optional = null, array $attachments = array())
{
global $_CONF;
if (empty($to)) {
COM_errorLog("Invalid To address '{$to}' sent to COM_Mail.", 1);
return false;
}
// Remove new lines
$to = self::stripNewLine($to);
$from = self::stripNewLine($from);
$subject = self::stripNewLine($subject);
// Set up transport
switch ($_CONF['mail_settings']['backend']) {
case 'sendmail':
$arg = $_CONF['mail_settings']['sendmail_path'] . ' ' . $_CONF['mail_settings']['sendmail_args'];
$transport = \Swift_SendmailTransport::newInstance($arg);
break;
case 'smtp':
$transport = \Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port']);
if (!empty($_CONF['mail_settings']['auth'])) {
$transport->setUsername($_CONF['mail_settings']['username']);
$transport->setPassword($_CONF['mail_settings']['password']);
}
break;
case 'mail':
default:
$transport = \Swift_MailTransport::newInstance();
break;
}
$mailer = \Swift_Mailer::newInstance($transport);
// Set up replacements
$decorator = new \Swift_Plugins_DecoratorPlugin(new MailReplacements());
$mailer->registerPlugin($decorator);
// Create a message
$message = \Swift_Message::newInstance();
if (!empty($_CONF['mail_charset'])) {
$message->setCharset($_CONF['mail_charset']);
} else {
$message->setCharset(COM_getCharset());
}
// Set subject
$message->setSubject($subject);
// Set from
if (empty($from)) {
$message->setFrom(array($_CONF['site_mail'] => $_CONF['site_name']));
} else {
$message->setFrom($from);
}
// Set to
try {
$message->setTo($to);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "to" ' . $to);
return false;
}
if ($optional != null && !is_array($optional)) {
$optional = self::stripNewLine($optional);
}
if ($optional != null && !is_array($optional) && !empty($optional)) {
// assume old (optional) CC: header
try {
$message->setCc($optional);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "Cc" ' . $optional);
return false;
}
}
// Set body
$message->setBody($body);
if ($html) {
$message->setContentType('text/html');
$message->addPart($body, 'text/plain');
} else {
$message->setContentType('text/plain');
}
// Set priority
if ($priority > 0) {
$message->setPriority($priority);
}
// Add additional headers
$headers = $message->getHeaders();
$headers->addTextHeader('X-Mailer', 'Geeklog ' . VERSION);
if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
$url = COM_getCurrentURL();
if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) {
$headers->addTextHeader('X-Originating-IP', $_SERVER['REMOTE_ADDR']);
}
}
if (is_array($optional) && count($optional) > 0) {
foreach ($optional as $h => $v) {
if (strcasecmp($h, 'Cc') === 0) {
try {
$message->setCc($v);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "Cc" ' . $v);
return false;
}
} elseif (strcasecmp($h, 'Bcc') === 0) {
try {
$message->setBcc($v);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "Bcc" ' . $v);
return false;
}
} else {
$headers->addTextHeader($h, $v);
}
}
}
// Set attachments
if (count($attachments) > 0) {
foreach ($attachments as $attachment) {
$message->attach(\Swift_Attachment::fromPath($attachment));
}
}
// Send a message
$numSent = $mailer->send($message, $failures);
if ($numSent != 1) {
COM_errorLog(__METHOD__ . ': failed to send an email to ' . @$failures[0]);
}
return $numSent == 1;
}
/**
* Escapes a string so as to be safely displayed
*
* @param string $str
* @return string
*/
public function escape($str)
{
static $charset = null;
if ($charset === null) {
$charset = COM_getCharset();
}
return htmlspecialchars($str, ENT_QUOTES, $charset);
}
$msql['mysql'] = "SELECT STRAIGHT_JOIN s.title " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT 0, 1";
$msql['mssql'] = "SELECT STRAIGHT_JOIN s.title " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT 0, 1";
$result = DB_query($msql);
if ($A = DB_fetchArray($result)) {
$pagetitle = $_CONF['microsummary_short'] . $A['title'];
} else {
if (empty($pagetitle)) {
if (empty($topic)) {
$pagetitle = $_CONF['site_slogan'];
} else {
$pagetitle = stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$topic}'"));
}
}
$pagetitle = $_CONF['site_name'] . ' - ' . $pagetitle;
}
header('Content-Type: text/plain; charset=' . COM_getCharset());
die($pagetitle);
}
$page = 1;
if (isset($_GET['page'])) {
$page = COM_applyFilter($_GET['page'], true);
if ($page == 0) {
$page = 1;
}
}
$display = '';
if (!$newstories && !$displayall) {
// give plugins a chance to replace this page entirely
$newcontent = PLG_showCenterblock(0, $page, $topic);
if (!empty($newcontent)) {
COM_output($newcontent);
$src = isset($_REQUEST['src']) ? COM_applyFilter($_REQUEST['src']) : 'disp';
if ($src != 'disp' && $src != 'orig') {
$src = 'tn';
}
$album_data = MG_getAlbumData($aid, array('album_id'), true);
$xml = '';
$xml .= "<slides>\n";
if (isset($album_data['album_id']) && $album_data['access'] >= 1) {
$sql = MG_buildMediaSql(array('album_id' => $aid, 'fields' => array('media_type', 'media_filename', 'remote_media', 'remote_url', 'media_title'), 'where' => 'm.include_ss = 1'));
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
if ($A['media_type'] != 0) {
continue;
}
$PhotoPath = MG_getFilePath($src, $A['media_filename']);
$ext = pathinfo($PhotoPath, PATHINFO_EXTENSION);
$PhotoURL = MG_getFileUrl($src, $A['media_filename'], $ext);
$imgsize = @getimagesize($PhotoPath);
if ($imgsize == false && $A['remote_media'] != 1) {
continue;
}
if ($A['remote_media'] == 1) {
$PhotoURL = $A['remote_url'];
}
$caption = htmlentities(strip_tags($A['media_title']), ENT_QUOTES, COM_getCharset());
$xml .= '<slide src="' . $PhotoURL . '" caption="' . $caption . '"/>' . "\n";
}
}
$xml .= "</slides>\n";
header("Content-type: text/xml; charset=" . COM_getCharset());
echo $xml;
/**
* This function is called from COM_siteHeader and other places where meta tags
* are being built and will return additional meta tags.
*
* @param string $type item type of the caller, e.g. 'article', 'staticpages'
* @param string $id id of the current item of the caller
* @param string $myTags meta tags the caller wants to add (optional)
* @return string all meta tags
* @since Geeklog 2.1.0
*
*/
function PLG_getMetaTags($type, $id, array $myTags = array())
{
global $_CONF, $_PLUGINS;
$type = strtolower(trim($type));
$id = trim($id);
require_once $_CONF['path_system'] . 'classes/metatags.class.php';
$charset = COM_getCharset();
$htmlVersion = $_CONF['doctype'] === 'xhtml5' ? 5 : 4;
$isXhtml = stripos($_CONF['doctype'], 'xhtml') === 0;
$obj = new Metatags($charset, $htmlVersion, $isXhtml);
// $obj->setLog($_CONF['path'] . 'logs/error.log');
// First, adds meta tags plugins want to add (the lowest priority)
foreach ($_PLUGINS as $pi_name) {
$function = 'plugin_getmetatags_' . $pi_name;
if ($type !== $pi_name && function_exists($function)) {
$metatags = $function($type, $id);
if (is_array($metatags) && count($metatags) > 0) {
foreach ($metatags as $tag) {
$obj->addTag($tag);
}
}
}
}
// Then, adds meta tags the custom function wants to add
$function = 'CUSTOM_getmetatags';
if (function_exists($function)) {
$metatags = $function($type, $id);
if (is_array($metatags) && count($metatags) > 0) {
foreach ($metatags as $tag) {
$obj->addTag($tag);
}
}
}
// Finally, adds meta tags the caller itself wants to add (the highest priority)
if (count($myTags) > 0) {
foreach ($myTags as $tag) {
$obj->addTag($tag);
}
}
return $obj->build();
}
/**
* Constructor
*
* @param int $uid 0 (= Root), 1(= anon), user id
* @param string $encoding encoding of the content
* @param array $options
*/
private function __construct($uid = 1, $encoding = 'utf-8', $options = array())
{
global $_CONF, $_PLUGINS, $_DPXY_CONF;
if (count($options) === 0) {
$options = $_DPXY_CONF;
}
if (empty($encoding)) {
$encoding = COM_getCharset();
}
// Initializes settings
self::$_uid = (int) $uid;
self::$_encoding = $encoding;
self::$_options = $options;
$gl_version = preg_replace("/[^0-9.]/", '', VERSION);
self::$isGL150 = version_compare($gl_version, '1.5.0') >= 0;
self::$isGL170 = version_compare($gl_version, '1.7.0') >= 0;
self::$isGL200 = version_compare($gl_version, '2.0.0') >= 0;
// Loads drivers whose driver exists and plugin is enabled
$base_path = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'drivers';
$enabled_plugins = array_merge($_PLUGINS, array('article', 'comments', 'trackback'));
foreach (self::$_supported_drivers as $driver) {
$file = $driver;
if ($file === 'article' and self::$isGL200) {
$file = 'article2';
}
$path = $base_path . DIRECTORY_SEPARATOR . $file . '.class.php';
if (is_file($path) and in_array($driver, $enabled_plugins)) {
require_once $path;
$class_name = 'dpxyDriver_' . ucfirst($driver);
self::$_loaded_drivers[$driver] = new $class_name(self::$_options);
}
}
}
/**
* Send an email with attachments.
* This is a verbatim copy of COM_mail(), but with the $attachments
* paramater added and 3 extra lines of code near the end.
*
* @param string $to Receiver's email address
* @param string $from Sender's email address
* @param string $subject Message Subject
* @param string $message Message Body
* @param boolean $html True for HTML message, False for Text
* @param integer $priority Message priority value
* @param string $cc Other recipients
* @param string $altBody Alt. body (text)
* @param array $attachments Array of attachments
* @return boolean True on success, False on Failure
*/
private function SendMail($to, $subject, $message, $from = '', $html = false, $priority = 0, $cc = '', $altBody = '', $attachments = array())
{
global $_CONF;
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = COM_emailEscape($subject);
require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php';
$mail = new PHPMailer();
$mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/');
$mail->CharSet = COM_getCharset();
if ($_CONF['mail_backend'] == 'smtp') {
$mail->IsSMTP();
$mail->Host = $_CONF['mail_smtp_host'];
$mail->Port = $_CONF['mail_smtp_port'];
if ($_CONF['mail_smtp_secure'] != 'none') {
$mail->SMTPSecure = $_CONF['mail_smtp_secure'];
}
if ($_CONF['mail_smtp_auth']) {
$mail->SMTPAuth = true;
$mail->Username = $_CONF['mail_smtp_username'];
$mail->Password = $_CONF['mail_smtp_password'];
}
$mail->Mailer = "smtp";
} elseif ($_CONF['mail_backend'] == 'sendmail') {
$mail->Mailer = "sendmail";
$mail->Sendmail = $_CONF['mail_sendmail_path'];
} else {
$mail->Mailer = "mail";
}
$mail->WordWrap = 76;
$mail->IsHTML($html);
if ($html) {
$mail->Body = COM_filterHTML($message);
} else {
$mail->Body = $message;
}
if ($altBody != '') {
$mail->AltBody = $altBody;
}
$mail->Subject = $subject;
if (is_array($from) && isset($from[0]) && $from[0] != '') {
if ($_CONF['use_from_site_mail'] == 1) {
$mail->From = $_CONF['site_mail'];
$mail->AddReplyTo($from[0]);
} else {
$mail->From = $from[0];
}
} else {
$mail->From = $_CONF['site_mail'];
}
if (is_array($from) && isset($from[1]) && $from[1] != '') {
$mail->FromName = $from[1];
} else {
$mail->FromName = $_CONF['site_name'];
}
if (is_array($to) && isset($to[0]) && $to[0] != '') {
if (isset($to[1]) && $to[1] != '') {
$mail->AddAddress($to[0], $to[1]);
} else {
$mail->AddAddress($to[0]);
}
} else {
// assume old style....
$mail->AddAddress($to);
}
if (isset($cc[0]) && $cc[0] != '') {
if (isset($cc[1]) && $cc[1] != '') {
$mail->AddCC($cc[0], $cc[1]);
} else {
$mail->AddCC($cc[0]);
}
} else {
// assume old style....
if (isset($cc) && $cc != '') {
$mail->AddCC($cc);
}
}
if ($priority) {
$mail->Priority = 1;
}
// Add attachments
foreach ($attachments as $key => $value) {
$mail->AddAttachment($value);
}
if (!$mail->Send()) {
COM_errorLog("Email Error: " . $mail->ErrorInfo);
return false;
}
return true;
}
function MG_notifyModerators($aid)
{
global $LANG_DIRECTION, $_USER, $_MG_CONF, $_CONF, $_TABLES, $LANG_MG01;
$sql = "SELECT moderate, album_title, mod_group_id " . "FROM {$_TABLES['mg_albums']} WHERE album_id = " . intval($aid);
$result = DB_query($sql);
$A = DB_fetchArray($result);
if ($A['moderate'] != 1 || SEC_hasRights('mediagallery.admin')) {
return true;
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib/phpmailer/class.phpmailer.php';
$media_user_id = $_USER['uid'];
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
$charset = COM_getCharset();
COM_clearSpeedlimit(600, 'mgnotify');
$last = COM_checkSpeedlimit('mgnotify');
if ($last == 0) {
$mail = new PHPMailer();
$mail->CharSet = $charset;
if ($_CONF['mail_settings']['backend'] == 'smtp') {
$mail->Host = $_CONF['mail_settings']['host'] . ':' . $_CONF['mail_settings']['port'];
$mail->SMTPAuth = $_CONF['mail_settings']['auth'];
$mail->Username = $_CONF['mail_settings']['username'];
$mail->Password = $_CONF['mail_settings']['password'];
$mail->Mailer = "smtp";
} elseif ($_CONF['mail_settings']['backend'] == 'sendmail') {
$mail->Mailer = "sendmail";
$mail->Sendmail = $_CONF['mail_settings']['sendmail_path'];
} else {
$mail->Mailer = "mail";
}
$mail->WordWrap = 76;
$mail->IsHTML(true);
$mail->Subject = $LANG_MG01['new_upload_subject'] . $_CONF['site_name'];
if (!isset($_USER['uid']) || $_USER['uid'] < 2) {
$uname = 'Anonymous';
} else {
$uname = DB_getItem($_TABLES['users'], 'username', 'uid=' . intval($media_user_id));
}
// build the template...
$T = COM_newTemplate(MG_getTemplatePath($aid));
$T->set_file('email', 'modemail.thtml');
$T->set_var(array('direction' => $direction, 'charset' => $charset, 'lang_new_upload' => $LANG_MG01['new_upload_body'], 'lang_details' => $LANG_MG01['details'], 'lang_album_title' => 'Album', 'lang_uploaded_by' => $LANG_MG01['uploaded_by'], 'username' => $uname, 'album_title' => strip_tags($A['title']), 'url_moderate' => '<a href="' . $_MG_CONF['site_url'] . '/admin.php?album_id=' . $aid . '&mode=moderate">Click here to view</a>', 'site_name' => $_CONF['site_name'] . ' - ' . $_CONF['site_slogan'], 'site_url' => $_CONF['site_url']));
$body .= $T->finish($T->parse('output', 'email'));
$mail->Body = $body;
$altbody = $LANG_MG01['new_upload_body'] . $A['title'];
$altbody .= "\n\r\n\r";
$altbody .= $LANG_MG01['details'];
$altbody .= "\n\r";
$altbody .= $LANG_MG01['uploaded_by'] . ' ' . $uname . "\n\r";
$altbody .= "\n\r\n\r";
$altbody .= $_CONF['site_name'] . "\n\r";
$altbody .= $_CONF['site_url'] . "\n\r";
$mail->AltBody = $altbody;
$mail->From = $_CONF['site_mail'];
$mail->FromName = $_CONF['site_name'];
$groups = MG_getGroupList($A['mod_group_id']);
$groupList = implode(',', $groups);
$sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email " . "FROM {$_TABLES['group_assignments']},{$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid > 1 " . "AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid " . "AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))";
$result = DB_query($sql);
$nRows = DB_numRows($result);
$toCount = 0;
for ($i = 0; $i < $nRows; $i++) {
$row = DB_fetchArray($result);
if ($row['email'] != '') {
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Sending notification email to: " . $row['email'] . " - " . $row['username']);
}
$toCount++;
$mail->AddAddress($row['email'], $row['username']);
}
}
if ($toCount > 0) {
if (!$mail->Send()) {
COM_errorLog("MG Upload: Unable to send moderation email - error:" . $mail->ErrorInfo);
}
} else {
COM_errorLog("MG Upload: Error - Did not find any moderators to email");
}
COM_updateSpeedlimit('mgnotify');
}
return true;
}
/**
* Handle a pingback for an entry.
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param string $id ID of entry that got pinged
* @param string $type type of that entry ('article' for stories, etc.)
* @param string $url URL of the page that pinged us
* @param string $oururl URL that got pinged on our site
* @return object XML-RPC response
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
global $_CONF, $_TABLES, $PNB_ERROR;
require_once 'HTTP/Request.php';
if (!isset($_CONF['check_trackback_link'])) {
$_CONF['check_trackback_link'] = 2;
}
// handle pingbacks to articles on our own site
$skip_speedlimit = false;
if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
if (!isset($_CONF['pingback_self'])) {
$_CONF['pingback_self'] = 0;
// default: skip self-pingbacks
}
if ($_CONF['pingback_self'] == 0) {
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
} elseif ($_CONF['pingback_self'] == 2) {
$skip_speedlimit = true;
}
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
if (!$skip_speedlimit) {
$last = COM_checkSpeedlimit('pingback');
if ($last > 0) {
return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
}
}
// update speed limit in any case
COM_updateSpeedlimit('pingback');
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
if ($_CONF['check_trackback_link'] & 4) {
$parts = parse_url($url);
if (empty($parts['host'])) {
TRB_logRejected('Pingback: No valid URL', $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
} else {
$ip = gethostbyname($parts['host']);
if ($ip != $_SERVER['REMOTE_ADDR']) {
TRB_logRejected('Pingback: IP address mismatch', $url);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
}
}
// See if we can read the page linking to us and extract at least
// the page's title out of it ...
$title = '';
$excerpt = '';
$req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET);
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
$body = $response->getBody();
if ($_CONF['check_trackback_link'] & 3) {
if (!TRB_containsBacklink($body, $oururl)) {
TRB_logRejected('Pingback: No link to us', $url);
$comment = TRB_formatComment($url);
PLG_spamAction($comment, $_CONF['spamx']);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
preg_match(':<title>(.*)</title>:i', $body, $content);
if (empty($content[1])) {
$title = '';
// no title found
} else {
$title = trim(COM_undoSpecialChars($content[1]));
}
if ($_CONF['pingback_excerpt']) {
// Check which character set the site that sent the Pingback
// is using
$charset = 'ISO-8859-1';
// default, see RFC 2616, 3.7.1
$ctype = $response->getHeader('content-type');
$c = explode(';', $ctype);
foreach ($c as $ct) {
$ch = explode('=', trim($ct));
if (count($ch) === 2) {
if (trim($ch[0]) === 'charset') {
$charset = trim($ch[1]);
break;
}
}
}
if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
if (function_exists('mb_convert_encoding')) {
$body = @mb_convert_encoding($body, COM_getCharset(), $charset);
} elseif (function_exists('iconv')) {
$body = @iconv($charset, COM_getCharset(), $body);
}
// else: tough luck ...
}
$excerpt = PNB_makeExcerpt($body, $oururl);
}
// we could also run the rest of the other site's page
// through the spam filter here ...
} elseif ($_CONF['check_trackback_link'] & 3) {
COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
} catch (HTTP_Request2_Exception $e) {
if ($_CONF['check_trackback_link'] & 3) {
// we were supposed to check for backlinks but didn't get the page
COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
}
// check for spam first
$saved = TRB_checkForSpam($url, $title, '', $excerpt);
if ($saved == TRB_SAVE_SPAM) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
// save as a trackback comment
$saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
if ($saved == TRB_SAVE_REJECT) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
}
if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
TRB_sendNotificationEmail($saved, 'pingback');
}
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/common.php';
function MG_getThumbCropPath($path)
{
$p = pathinfo($path);
return $p['dirname'] . '/' . $p['filename'] . '_150x150.' . $p['extension'];
}
$aid = isset($_REQUEST['aid']) ? COM_applyFilter($_REQUEST['aid'], true) : 0;
$src = isset($_REQUEST['src']) ? COM_applyFilter($_REQUEST['src']) : 'disp';
if ($src != 'disp' && $src != 'orig') {
$src = 'tn';
}
$album_data = MG_getAlbumData($aid, array('album_id'), true);
$xml = "<album>\n";
if (isset($album_data['album_id']) && $album_data['access'] >= 1) {
$encoding = COM_getCharset();
$sql = MG_buildMediaSql(array('album_id' => $aid, 'fields' => array('media_type', 'media_filename', 'remote_media', 'remote_url', 'media_id', 'media_title', 'media_desc'), 'where' => 'm.include_ss = 1'));
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
if ($A['media_type'] == 0) {
$PhotoPath = MG_getFilePath($src, $A['media_filename']);
$ext = pathinfo($PhotoPath, PATHINFO_EXTENSION);
$PhotoURL = MG_getFileUrl($src, $A['media_filename'], $ext);
$TnURL = MG_getFileUrl('tn', $A['media_filename'], $ext);
$TnCropURL = MG_getThumbCropPath($TnURL);
$imgsize = @getimagesize($PhotoPath);
if ($imgsize == false && $A['remote_media'] != 1) {
continue;
}
if ($A['remote_media'] == 1) {
$PhotoURL = $A['remote_url'];
/**
* Constructor
*
* Sets up private search variables
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* @access public
*
*/
function Search()
{
global $_CONF, $_TABLES;
// Set search criteria
if (isset($_GET['query'])) {
$this->_query = strip_tags($_GET['query']);
} else {
if (isset($_POST['query'])) {
$this->_query = strip_tags($_POST['query']);
} else {
$this->_query = '';
}
}
$this->_query = preg_replace('/\\s\\s+/', ' ', $this->_query);
if (isset($_GET['topic'])) {
$this->_topic = COM_applyFilter($_GET['topic']);
} else {
if (isset($_POST['topic'])) {
$this->_topic = COM_applyFilter($_POST['topic']);
} else {
$this->_topic = '';
}
}
if (isset($_GET['datestart'])) {
$this->_dateStart = COM_applyFilter($_GET['datestart']);
} else {
if (isset($_POST['datestart'])) {
$this->_dateStart = COM_applyFilter($_POST['datestart']);
} else {
$this->_dateStart = '';
}
}
if ($this->_validateDate($this->_dateStart) == false) {
$this->_dateStart = '';
}
if (isset($_GET['dateend'])) {
$this->_dateEnd = COM_applyFilter($_GET['dateend']);
} else {
if (isset($_POST['dateend'])) {
$this->_dateEnd = COM_applyFilter($_POST['dateend']);
} else {
$this->_dateEnd = '';
}
}
if ($this->_validateDate($this->_dateEnd) == false) {
$this->_dateEnd = '';
}
if (isset($_GET['st'])) {
$st = COM_applyFilter($_GET['st'], true);
$this->_searchDays = $st;
if ($st != 0) {
$this->_dateEnd = date('Y-m-d');
$this->_dateStart = date('Y-m-d', time() - $st * 24 * 60 * 60);
}
}
if (isset($_GET['author'])) {
$this->_author = COM_applyFilter($_GET['author']);
} else {
if (isset($_POST['author'])) {
$this->_author = COM_applyFilter($_POST['author']);
} else {
$this->_author = '';
}
}
if ($this->_author != '') {
// In case we got a username instead of uid, convert it. This should
// make custom themes for search page easier.
if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
$this->_author = DB_getItem($_TABLES['users'], 'uid', "username='******'");
}
if ($this->_author < 1) {
$this->_author = '';
}
}
if (isset($_GET['type'])) {
$this->_type = COM_applyFilter($_GET['type']);
} else {
if (isset($_POST['type'])) {
$this->_type = COM_applyFilter($_POST['type']);
} else {
$this->_type = 'all';
}
}
if (isset($_GET['keyType'])) {
$this->_keyType = COM_applyFilter($_GET['keyType']);
} else {
if (isset($_POST['keyType'])) {
$this->_keyType = COM_applyFilter($_POST['keyType']);
} else {
$this->_keyType = $_CONF['search_def_keytype'];
}
}
if (isset($_GET['results'])) {
$this->_results = COM_applyFilter($_GET['results'], true);
} else {
if (isset($_POST['results'])) {
$this->_results = COM_applyFilter($_POST['results']);
} else {
$this->_results = $_CONF['num_search_results'];
}
}
$this->_charset = COM_getCharset();
}
$display .= COM_siteHeader();
if (SEC_hasRights('paypal.user', 'paypal.admin')) {
$display .= paypal_user_menu();
} else {
$display .= paypal_viewer_menu();
}
$display .= COM_startBlock($LANG_PAYPAL_1['access_reserved']);
$display .= $LANG_PAYPAL_1['you_must_log_in'];
$display .= COM_endBlock();
$display .= COM_siteFooter();
COM_output($display);
exit;
}
//Content
$transaction->set_var('site_url', $_PAY_CONF['site_url']);
$transaction->set_var('charset', COM_getCharset());
$transaction->set_var('br', '<br' . XHTML . '>');
if ($_REQUEST['mode'] == 'print') {
$transaction->set_var('print', '');
} else {
$transaction->set_var('print', ' <small>(<a href="' . $_PAY_CONF['site_url'] . '/transaction.php?type=' . $type . '&id=' . $pid . '&mode=print" target="_blank">' . $LANG_PAYPAL_1['print'] . '</a>)</small>');
}
//shop details
$transaction->set_var('shop_name', $_PAY_CONF['shop_name']);
$transaction->set_var('shop_street1', $_PAY_CONF['shop_street1']);
if ($_PAY_CONF['shop_street2'] != '') {
$transaction->set_var('shop_street2', $_PAY_CONF['shop_street2'] . '<br' . XHTML . '>');
} else {
$transaction->set_var('shop_street2', '');
}
$transaction->set_var('shop_postal', $_PAY_CONF['shop_postal']);
