function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <BR>Error: " . DB_error() . "", "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br>All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br>All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "1109" => "File type not allowed", "1110" => "You must define and select a category for the uploaded file", "9999" => "Unknown Error"); // determine the destination of this request $destination = COM_getCurrentURL(); // validate the destination is not blank and is part of our site... if ($destination == '') { $destination = $_CONF['site_url'] . '/filemgmt/index.php'; } if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { $destination = $_CONF['site_url'] . '/filemgmt/index.php'; } $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php'; $display = COM_siteHeader('menu'); $display .= '<table width="100%" class="plugin" border="0" cellspacing="0" cellpadding="1">'; $display .= '<tr><td class="pluginAlert" style="text-align:right;padding:5px;">File Management Plugin</td>'; $display .= "<td class=\"pluginAlert\" width=\"50%\" style=\"padding:5px 0px 5px 10px;\">Error Code: {$e_code}</td></tr>"; $display .= "<tr><td colspan=\"2\" class=\"pluginInfo\"><b>ERROR:</b> {$errmsg[$e_code]}</td></tr>"; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="' . $destination . '">Go Back</a> ]</td></tr></table>'; $display .= COM_siteFooter(); echo $display; die(""); }
function ZERO_alertMessage($alertText = '') { global $_CONF, $_ZZ_CONF, $LANG_ZZ00; $display = COM_siteHeader('menu', $LANG_ZZ00['title']); $T = new Template($_CONF['path'] . 'plugins/zero/templates/'); $T->set_file(array('message' => 'zero_alertmsg.thtml')); $T->set_var(array('alert_title' => $LANG_ZZ00['title'] . $LANG_ZZ00['error'], 'alert_text' => $alertText)); $T->parse('output', 'message'); $display .= $T->finish($T->get_var('output')); $display .= COM_siteFooter(); echo $display; return; }
function FF_siteFooter() { global $_FF_CONF; $retval = ''; if ($_FF_CONF['showblocks'] == 'noblocks' or $_FF_CONF['showblocks'] == 'leftblocks') { $retval .= COM_siteFooter(false); } elseif ($_FF_CONF['showblocks'] == 'rightblocks') { if ($_FF_CONF['usermenu'] == 'blockmenu') { $retval .= COM_siteFooter(true, array('forum_showBlocks', $_FF_CONF['leftblocks'])); } else { $retval .= COM_siteFooter(true); } } elseif ($_FF_CONF['showblocks'] == 'allblocks') { $retval .= COM_siteFooter(true); } else { $retval .= COM_siteFooter(); } return $retval; }
function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows"); $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF[path_html] . "filemgmt/include/header.php"; $display = ''; $display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">'; $display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>'; $display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>'; if (function_exists('COM_createHTMLDocument')) { $display = COM_createHTMLDocument($display); } else { $display = COM_siteHeader() . $display . COM_siteFooter(); } COM_output($display); die(""); }
/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function contactemail($uid, $author, $authoremail, $subject, $message) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail) && strpos($authoremail, '@') === false) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}"); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } $subject = COM_stripslashes($subject); $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter(); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $message = strip_tags($message) . $sig; if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; $sent = COM_mail($from, $subject, $ccmessage, $from); } COM_updateSpeedlimit('mail'); $retval .= COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85')); } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } return $retval; }
// | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ /** * @package Test */ require_once '../lib-common.php'; // take user back to the homepage if the plugin is not active if (!in_array('test', $_PLUGINS)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $display = ''; // MAIN $display .= COM_siteHeader('menu', $LANG_TEST_1['plugin_name']); $display .= COM_startBlock($LANG_TEST_1['plugin_name']); $display .= '<p>Welcome to the ' . $LANG_TEST_1['plugin_name'] . ' plugin, ' . $_USER['username'] . '!</p>'; $display .= COM_endBlock(); $display .= COM_siteFooter(); echo $display;
// | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../../../lib-common.php'; require_once $_CONF['path'] . '/plugins/calendar/autoinstall.php'; USES_lib_install(); if (!SEC_inGroup('Root')) { // Someone is trying to illegally access this page COM_errorLog("Someone has tried to illegally access the Calendar install/uninstall page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); $display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied']) . $LANG_ACCESS['plugin_access_denied_msg'] . COM_endBlock() . COM_siteFooter(); echo $display; exit; } /** * Main Function */ if (SEC_checkToken()) { $action = COM_applyFilter($_GET['action']); if ($action == 'install') { if (plugin_install_calendar()) { // Redirects to the plugin editor echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44'); exit; } else { echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=72');
$album_id = COM_applyFilter($_GET['aid'], true); $media_id = COM_applyFilter($_GET['mid']); $T = new Template(MG_getTemplatePath($album_id)); $T->set_file('page', 'view_image.thtml'); $T->set_var('header', $LANG_MG00['plugin']); $T->set_var('site_url', $_CONF['site_url']); $T->set_var('plugin', 'mediagallery'); // // -- Verify that image really does belong to this album // $sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'"; $result = DB_query($sql); if (DB_numRows($result) < 1) { die("ERROR #2"); } // Get Album Info... $sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id); $result = DB_query($sql); $row = DB_fetchArray($result); // Check access rights $access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); if ($access == 0) { $display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter(); echo $display; exit; } $sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">'; exit;
/** * Show main plugin screen: installed and uninstalled plugins, upload form * * @param string $message (optional) message to display * @param string $token an optional csrf token * @return string HTML for the plugin screen * */ function plugin_main($message = '', $token = '') { global $LANG32; $retval = ''; $retval .= COM_siteHeader('menu', $LANG32[5]); if (!empty($message)) { $retval .= COM_showMessageText($message); } else { $retval .= COM_showMessageFromParameter(); } if (empty($token)) { $token = SEC_createToken(); } $retval .= listplugins($token); if (SEC_hasRights('plugin.install')) { $retval .= show_newplugins($token); } // Show the upload form or an error message $retval .= plugin_show_uploadform($token); $retval .= COM_siteFooter(); return $retval; }
/** * Create the banner list depending on the category given * * @param array $message message(s) to display * @return string the banner page * */ function banner_list($message) { global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS; $cid = $_BAN_CONF['root']; $display = ''; if (isset($_GET['category'])) { $cid = strip_tags(COM_stripslashes($_GET['category'])); } elseif (isset($_POST['category'])) { $cid = strip_tags(COM_stripslashes($_POST['category'])); } $cat = addslashes($cid); $page = 0; if (isset($_GET['page'])) { $page = COM_applyFilter($_GET['page'], true); } if ($page == 0) { $page = 1; } if (empty($cid)) { if ($page > 1) { $page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page); } else { $page_title = $LANG_BANNER[114]; } } else { if ($cid == $_BAN_CONF['root']) { $category = $LANG_BANNER['root']; } else { $category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'"); } if ($page > 1) { $page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page); } else { $page_title = sprintf($LANG_BANNER[114] . ': %s', $category); } } // Check has access to this category if ($cid != $_BAN_CONF['root']) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'"); $A = DB_fetchArray($result); if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) { $display .= COM_siteHeader('menu', $page_title); $display .= COM_showMessage(5, 'banner'); $display .= COM_siteFooter(); echo $display; exit; } } $display .= COM_siteHeader('menu', $page_title); if (is_array($message) && !empty($message[0])) { $display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $message[1]; $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } else { if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'banner'); } } } $bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/'); $bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml')); $bannerlist->set_var('xhtml', XHTML); $bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114])); $bannerlist->set_var('layout_url', $_CONF['layout_url']); if ($_BAN_CONF['bannercols'] > 0) { // Create breadcrumb trail $bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid)); // Set dropdown for category jump $bannerlist->set_var('lang_go', $LANG_BANNER[124]); $bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid)); // Show categories $sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'"; $sql .= COM_getLangSQL('cid', 'AND'); $sql .= COM_getPermSQL('AND') . " ORDER BY category"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]); for ($i = 1; $i <= $nrows; $i++) { $C = DB_fetchArray($result); // Get number of child banner user can see in this category $ccid = addslashes($C['cid']); $result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND')); $D = DB_fetchArray($result1); // Get number of child categories user can see in this category $result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND')); $E = DB_fetchArray($result2); // Format numbers for display $display_count = ''; // don't show zeroes if ($E['count'] > 0) { $display_count = COM_numberFormat($E['count']); } if ($E['count'] > 0 && $D['count'] > 0) { $display_count .= ', '; } if ($D['count'] > 0) { $display_count .= COM_numberFormat($D['count']); } // add brackets if child items exist if ($display_count != '') { $display_count = '(' . $display_count . ')'; } $bannerlist->set_var('category_name', $C['category']); if ($_BAN_CONF['show_category_descriptions']) { $bannerlist->set_var('category_description', $C['description']); } else { $bannerlist->set_var('category_description', ''); } $bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid'])); $bannerlist->set_var('category_count', $display_count); $bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols'])); if (!empty($cid) && $cid == $C['cid']) { $bannerlist->parse('category_col', 'actcol', true); } else { $bannerlist->parse('category_col', 'catcol', true); } if ($i % $_BAN_CONF['bannercols'] == 0) { $bannerlist->parse('category_row', 'catrow', true); $bannerlist->set_var('category_col', ''); } } if ($nrows % $_BAN_CONF['bannercols'] != 0) { $bannerlist->parse('category_row', 'catrow', true); } $bannerlist->parse('category_navigation', 'catnav', true); } else { $bannerlist->set_var('category_navigation', ''); } } else { $bannerlist->set_var('category_navigation', ''); } if ($_BAN_CONF['bannercols'] == 0) { $bannerlist->set_var('category_dropdown', ''); } else { $bannerlist->parse('category_dropdown', 'catdrop', true); } $bannerlist->set_var('site_url', $_CONF['site_url']); $bannerlist->set_var('cid', $cid); $bannerlist->set_var('cid_plain', $cid); $bannerlist->set_var('cid_encoded', urlencode($cid)); $bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]); // Build SQL for banner $sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon'; $from_where = " FROM {$_TABLES['banner']}"; if ($_BAN_CONF['bannercols'] > 0) { if (!empty($cid)) { $from_where .= " WHERE cid='" . addslashes($cid) . "'"; } else { $from_where .= " WHERE cid=''"; } $from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())'; $from_where .= COM_getPermSQL('AND'); } else { $from_where .= COM_getPermSQL(); } $order = ' ORDER BY cid ASC,title'; $limit = ''; if ($_BAN_CONF['bannerperpage'] > 0) { if ($page < 1) { $start = 0; } else { $start = ($page - 1) * $_BAN_CONF['bannerperpage']; } $limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage']; } $result = DB_query($sql . $from_where . $order . $limit); $nrows = DB_numRows($result); if ($nrows == 0) { if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) { $result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10"); $nrows = DB_numRows($result); if ($nrows > 0) { $bannerlist->set_var('banner_details', ''); $bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); prepare_banner_item($A, $bannerlist); $bannerlist->parse('banner_details', 'banner', true); } $bannerlist->parse('category_banner', 'catbanner', true); } } $bannerlist->set_var('page_navigation', ''); } else { $currentcid = ''; for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); if (strcasecmp($A['cid'], $currentcid) != 0) { // print the category and banner if ($i > 0) { $bannerlist->parse('category_banner', 'catbanner', true); $bannerlist->set_var('banner_details', ''); } $currentcid = $A['cid']; $currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'"); $bannerlist->set_var('banner_category', $currentcategory); } prepare_banner_item($A, $bannerlist); $bannerlist->parse('banner_details', 'banner', true); } $bannerlist->parse('category_banner', 'catbanner', true); $result = DB_query('SELECT COUNT(*) AS count ' . $from_where); list($numbanner) = DB_fetchArray($result); $pages = 0; if ($_BAN_CONF['bannerperpage'] > 0) { $pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']); if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) { $pages++; } } if ($pages > 0) { if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) { $catbanner = '?category=' . urlencode($currentcid); } else { $catbanner = ''; } $bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages)); } else { $bannerlist->set_var('page_navigation', ''); } } $bannerlist->set_var('blockfooter', COM_endBlock()); $bannerlist->parse('output', 'bannerlist'); $display .= $bannerlist->finish($bannerlist->get_var('output')); return $display; }
function CLASSIFIEDS_saveImage($ad, $FILES, $clid) { global $_CONF, $_CLASSIFIEDS_CONF, $_TABLES, $LANG24; $args =& $ad; // Handle Magic GPC Garbage: while (list($key, $value) = each($args)) { if (!is_array($value)) { $args[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $pi_filename = DB_getItem($_TABLES['cl_pic'], 'pi_filename', 'pi_pid = ' . $clid . ' AND pi_img_num = ' . key($args['delete'])); CLASSIFIEDS_deleteImage($pi_filename); DB_query("DELETE FROM {$_TABLES['cl_pic']} WHERE pi_pid = " . $clid . " AND pi_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the ad if (DB_count($_TABLES['cl_pic'], 'pi_pid', $clid) > 0) { $index_start = DB_getItem($_TABLES['cl_pic'], 'max(pi_img_num)', "pi_pid = '" . $clid . "'") + 1; } else { $index_start = 1; } if (count($FILES) > 0 and $_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CLASSIFIEDS_CONF['max_images_per_ad']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); $upload->keepOriginalImage(false); if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CLASSIFIEDS_CONF['path_images'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CLASSIFIEDS_CONF['max_image_width'], $_CLASSIFIEDS_CONF['max_image_height']); $upload->setMaxFileSize($_CLASSIFIEDS_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $clid . '_' . $z . '.' . $fextension; } next($FILES); } $upload->setFileNames($filenames); reset($FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['cl_pic']} (pi_pid, pi_img_num, pi_filename) VALUES ('" . $clid . "', {$z}, '" . current($filenames) . "')"); next($filenames); } } return true; }
/** * Shows a profile for a user * * This grabs the user profile for a given user and displays it * * @param int $user User ID of profile to get * @param int $msg Message to display (if != 0) * @return string HTML for user profile page * */ function userprofile($user, $msg = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN; $retval = ''; if (empty($_USER['username']) && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) { $retval .= COM_siteHeader('menu'); $retval .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header')); $login = new Template($_CONF['path_layout'] . 'submit'); $login->set_file(array('login' => 'submitloginrequired.thtml')); $login->set_var('xhtml', XHTML); $login->set_var('login_message', $LANG_LOGIN[2]); $login->set_var('site_url', $_CONF['site_url']); $login->set_var('site_admin_url', $_CONF['site_admin_url']); $login->set_var('layout_url', $_CONF['layout_url']); $login->set_var('lang_login', $LANG_LOGIN[3]); $login->set_var('lang_newuser', $LANG_LOGIN[4]); $login->parse('output', 'login'); $retval .= $login->finish($login->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$user}"); $nrows = DB_numRows($result); if ($nrows == 0) { // no such user return COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); $display_name = COM_getDisplayName($user, $A['username'], $A['fullname']); // format date/time to user preference $curtime = COM_getUserDateTimeFormat($A['regdate']); $A['regdate'] = $curtime[0]; $user_templates = new Template($_CONF['path_layout'] . 'users'); $user_templates->set_file(array('profile' => 'profile.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml')); $user_templates->set_var('xhtml', XHTML); $user_templates->set_var('site_url', $_CONF['site_url']); $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name)); $user_templates->set_var('end_block', COM_endBlock()); $user_templates->set_var('lang_username', $LANG04[2]); if ($_CONF['show_fullname'] == 1) { $user_templates->set_var('username', $A['fullname']); $user_templates->set_var('user_fullname', $A['username']); } else { $user_templates->set_var('username', $A['username']); $user_templates->set_var('user_fullname', $A['fullname']); } if (SEC_hasRights('user.edit')) { global $_IMAGE_TYPE, $LANG_ADMIN; $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>'; $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}"); $user_templates->set_var('edit_link', $edit_link_url); } $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1); $user_templates->set_var('user_photo', $photo); $user_templates->set_var('lang_membersince', $LANG04[67]); $user_templates->set_var('user_regdate', $A['regdate']); $user_templates->set_var('lang_email', $LANG04[5]); $user_templates->set_var('user_id', $user); $user_templates->set_var('lang_sendemail', $LANG04[81]); $user_templates->set_var('lang_homepage', $LANG04[6]); $user_templates->set_var('user_homepage', COM_killJS($A['homepage'])); $user_templates->set_var('lang_location', $LANG04[106]); $user_templates->set_var('user_location', strip_tags($A['location'])); $user_templates->set_var('lang_bio', $LANG04[7]); $user_templates->set_var('user_bio', nl2br(stripslashes($A['about']))); $user_templates->set_var('lang_pgpkey', $LANG04[8]); $user_templates->set_var('user_pgp', nl2br($A['pgpkey'])); $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name)); $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name)); $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name)); $user_templates->set_var('lang_title', $LANG09[16]); $user_templates->set_var('lang_date', $LANG09[17]); // for alternative layouts: use these as headlines instead of block titles $user_templates->set_var('headline_last10stories', $LANG04[82]); $user_templates->set_var('headline_last10comments', $LANG04[10]); $user_templates->set_var('headline_postingstats', $LANG04[83]); $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL()); $nrows = DB_numRows($result); $tids = array(); for ($i = 0; $i < $nrows; $i++) { $T = DB_fetchArray($result); $tids[] = $T['tid']; } $topics = "'" . implode("','", $tids) . "'"; // list of last 10 stories by this user if (count($tids) > 0) { $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND'); $sql .= " ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); } else { $nrows = 0; } if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']); $user_templates->set_var('article_url', $articleUrl); $C['title'] = str_replace('$', '$', $C['title']); $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b'))); $storytime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('story_date', $storytime[0]); $user_templates->parse('story_row', 'strow', true); } } else { $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>'); } // list of last 10 comments by this user $sidArray = array(); if (count($tids) > 0) { // first, get a list of all stories the current visitor has access to $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND'); $result = DB_query($sql); $numsids = DB_numRows($result); for ($i = 1; $i <= $numsids; $i++) { $S = DB_fetchArray($result); $sidArray[] = $S['sid']; } } $sidList = implode("', '", $sidArray); $sidList = "'{$sidList}'"; // then, find all comments by the user in those stories $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = {$user}) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)"; // SQL NOTE: Using a HAVING clause is usually faster than a where if the // field is part of the select // if (!empty ($sidList)) { // $sql .= " AND (sid in ($sidList))"; // } if (!empty($sidList)) { $sql .= " HAVING sid in ({$sidList})"; } $sql .= " ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid']; $C['title'] = str_replace('$', '$', $C['title']); $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b'))); $commenttime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('comment_date', $commenttime[0]); $user_templates->parse('comment_row', 'row', true); } } else { $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>'); } // posting stats for this user $user_templates->set_var('lang_number_stories', $LANG04[84]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'); $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_stories', COM_numberFormat($N['count'])); $user_templates->set_var('lang_number_comments', $LANG04[85]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$user})"; if (!empty($sidList)) { $sql .= " AND (sid in ({$sidList}))"; } $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_comments', COM_numberFormat($N['count'])); $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name); // Call custom registration function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) { $user_templates->set_var('customfields', CUSTOM_userDisplay($user)); } PLG_profileVariablesDisplay($user, $user_templates); $user_templates->parse('output', 'profile'); $retval .= $user_templates->finish($user_templates->get_var('output')); $retval .= PLG_profileBlocksDisplay($user); return $retval; }
function filemgmt_comments($firstcomment) { global $_USER, $_CONF; $comment_id = "filemgmt-" . intval($_GET['lid']); $file = $_GET['filename']; if ($firstcomment) { $story = $comment_id; $pid = 0; $type = "filemgmt"; echo COM_refresh($_CONF['site_url'] . "/comment.php?sid={$story}&pid={$pid}&type={$type}"); } else { $display = COM_siteHeader() . COM_userComments($comment_id, $file, 'filemgmt', '', 'nested'); $display .= COM_siteFooter(); } echo $display; exit; }
/** * Default data */ $DEFVALUES = array(); /** * Security Feature(s) to add */ $NEWFEATURE = array(); $NEWFEATURE['dataproxy.admin'] = 'dataproxy Admin'; /** * Only let Root users access this page */ if (!SEC_inGroup('Root')) { // Someone is trying to illegally access this page COM_errorLog("Someone has tried to illegally access the dataproxy install/uninstall page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1); $display = COM_siteHeader() . COM_startBlock(DPXY_str('access_denied')) . DPXY_str('access_denied_msg') . COM_endBlock() . COM_siteFooter(); echo $display; exit; } /** * Puts the datastructures for this plugin into the Geeklog database * * Note: Corresponding uninstall routine is in functions.inc * * @return boolean True if successful False otherwise */ function plugin_install_dataproxy() { global $pi_name, $pi_version, $gl_version, $pi_url, $NEWTABLE, $DEFVALUES, $NEWFEATURE, $_TABLES, $_CONF; COM_errorLog("Attempting to install the {$pi_name} Plugin", 1); // Create the Plugins Tables
/** * Check a security token. * * Checks the POST and GET data for a security token, if one exists, validates * that it's for this user and URL. If the token is not valid, it asks the user * to re-authenticate and resends the request if authentication was successful. * * @return boolean true if the token is valid; does not return if not! * */ function SEC_checkToken() { global $_CONF, $LANG20, $LANG_ADMIN; if (_sec_checkToken()) { SEC_createToken(-1); return true; } // determine the destination of this request $destination = COM_getCurrentURL(); // validate the destination is not blank and is part of our site... if ($destination == '') { $destination = $_CONF['site_url'] . '/index.php'; } if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { $destination = $_CONF['site_url'] . '/index.php'; } $method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST'; $postdata = serialize($_POST); $getdata = serialize($_GET); $filedata = ''; if (!empty($_FILES)) { foreach ($_FILES as $key => $file) { if (is_array($file['name'])) { foreach ($file['name'] as $offset => $filename) { if (!empty($file['name'][$offset])) { $filename = basename($file['tmp_name'][$offset]); move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename); $_FILES[$key]['tmp_name'][$offset] = $filename; } } } else { if (!empty($file['name']) && !empty($file['tmp_name'])) { $filename = basename($file['tmp_name']); move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename); $_FILES[$key]['tmp_name'] = $filename; } } } $filedata = serialize($_FILES); } SESS_setVar('glfusion.auth.method', $method); SESS_setVar('glfusion.auth.dest', $destination); SESS_setVar('glfusion.auth.post', $postdata); SESS_setVar('glfusion.auth.get', $getdata); if (!empty($filedata)) { SESS_setVar('glfusion.auth.file', $filedata); } $display = COM_siteHeader(); $display .= SEC_tokenreauthForm('', $destination); $display .= COM_siteFooter(); echo $display; exit; }
$templates->set_var('start_ip_lookup_anchortag', ''); $templates->set_var('end_ip_lookup_anchortag', ''); } $templates->parse('output', 'entry'); $retval .= $templates->finish($templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } // MAIN $rightblocks = false; $display .= COM_siteHeader('menu', $LANG_BAD_BEHAVIOR['page_title']); if (isset($_GET['mode'])) { $mode = COM_applyFilter($_GET['mode']); } else { $mode = 'list'; } if ($mode == 'list') { $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0; $display .= _bb_listEntries($page); } else { if ($mode == 'view') { $id = isset($_GET['id']) ? COM_applyFilter($_GET['id'], true) : 0; $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0; $display .= _bb_viewEntry($id, $page); } else { $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0; $display .= _bb_listEntries($page); } } $display .= COM_siteFooter($rightblocks); echo $display;
$row = DB_fetchArray($result, FALSE); $pages += $row['num_pages']; $T->set_var('pages', $row['num_pages']); $date_compare = GUS_get_date_comparison('date', $year, $month, $day); $result = DB_query("SELECT COUNT(*) AS num_stories FROM {$_TABLES['stories']} WHERE {$date_compare}"); $row = DB_fetchArray($result, FALSE); $stories += $row['num_stories']; $T->set_var('stories', $row['num_stories']); $result = DB_query("SELECT COUNT(*) AS num_comments FROM {$_TABLES['comments']} WHERE {$date_compare}"); $row = DB_fetchArray($result, FALSE); $comments += $row['num_comments']; $T->set_var('comments', $row['num_comments']); $result = DB_query("SELECT COUNT(*) AS num_links FROM {$temp_table['name']}\n\t\t\t\t\t\t\t\tWHERE page LIKE '%portal.php' AND query_string <> '' AND DAYOFMONTH( date ) = {$day}"); $row = DB_fetchArray($result, FALSE); $linksf += $row['num_links']; $T->set_var('linksf', $row['num_links']); $T->Parse('ABlock', 'ROW', TRUE); } } $T->set_var(array('period' => $LANG_GUS00['total'], 'anon' => $anon, 'reg' => $reg, 'pages' => $pages, 'stories' => $stories, 'comments' => $comments, 'linksf' => $linksf, 'google_paging' => $navlinks)); $title = date('F Y - ', mktime(0, 0, 0, $month, 1, $year)) . $LANG_GUS00['daily_title']; $display = GUS_template_finish($T, $title); if ($_GUS_cache and date('Yn') !== $year . $month) { GUS_writecache($display); } GUS_remove_temp_table($temp_table); } echo COM_siteHeader($_GUS_CONF['show_left_blocks']); echo $display; echo COM_siteFooter($_GUS_CONF['show_right_blocks']);
/** * Upload new topic icon, replaces previous icon if one exists * * @param string tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) * */ function handleIconUpload($tid) { global $_CONF, $_TABLES, $LANG27; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = ''; // see if user wants to upload a (new) icon $newicon = $_FILES['newicon']; if (!empty($newicon['name'])) { $pos = strrpos($newicon['name'], '.') + 1; $fextension = substr($newicon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fextension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = '/images/topics/' . $filename; } return $filename; }
// | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // require_once '../../../lib-common.php'; if (!SEC_hasRights('forum.edit')) { echo COM_siteHeader(); echo COM_startBlock($LANG_GF00['access_denied']); echo $LANG_GF00['admin_only']; echo COM_endBlock(); echo adminfooter(); echo COM_siteFooter(true); exit; } $navbarMenu = array($LANG_GF06['1'] => $_CONF['site_admin_url'] . '/plugins/forum/index.php', $LANG_GF06['2'] => $_CONF['site_admin_url'] . '/plugins/forum/settings.php', $LANG_GF06['3'] => $_CONF['site_admin_url'] . '/plugins/forum/boards.php', $LANG_GF06['4'] => $_CONF['site_admin_url'] . '/plugins/forum/mods.php', $LANG_GF06['5'] => $_CONF['site_admin_url'] . '/plugins/forum/migrate.php', $LANG_GF06['6'] => $_CONF['site_admin_url'] . '/plugins/forum/messages.php', $LANG_GF06['7'] => $_CONF['site_admin_url'] . '/plugins/forum/ips.php'); // Site admin can add common footer code here function adminfooter() { global $_CONF, $LANG_GF01; $footertemplate = new Template($_CONF['path_layout'] . 'forum/layout/admin'); $footertemplate->set_file(array('footertemplate' => 'footer.thtml')); $footertemplate->set_var('forumname', $LANG_GF01['forumname']); $footertemplate->parse('output', 'footertemplate'); echo $footertemplate->finish($footertemplate->get_var('output')); } function gf_resyncforum($id) {
case 'blankpage': $header = new Template($_CONF['path_layout'] . 'nexcontent'); $header->set_file(array('header' => 'header.thtml')); $header->set_var('page_title', $heading); $header->set_var('css_url', $_CONF['layout_url'] . '/style.css'); $header->set_var('theme', $_CONF['theme']); $header->parse('output', 'header'); $siteheader = $header->finish($header->get_var('output')); $footer = new Template($_CONF['path_layout'] . 'nexcontent'); $footer->set_file(array('footer' => 'footer.thtml')); $footer->parse('output', 'footer'); $sitefooter = $footer->finish($footer->get_var('output')); break; default: $siteheader = COM_siteHeader('none', $pagetitle); $sitefooter = COM_siteFooter(); break; } if ($editperms and $_GET['preview'] != 1) { if ($type == 'category') { $editlink = '<a href="' . $_CONF['site_admin_url'] . '/plugins/nexcontent/index.php?op=editCategory&mode=edit&pageid=' . $page . '">[Edit]</a>'; } else { $editlink = '<a href="' . $_CONF['site_admin_url'] . '/plugins/nexcontent/index.php?op=editPage&mode=edit&pageid=' . $page . '">[Edit]</a>'; } $pageview->set_var('edit_link', '<span style="padding-left:10px;">' . $editlink . '</span>'); $pageview->set_var('top_editlink', '<td width="7%" nowrap>' . $editlink . '</td>'); $pageview->parse('bottom_editlink', 'editlink'); } else { $pageview->set_var('top_editlink', ''); $pageview->set_var('bottom_editlink', ''); }
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } $sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); // WE ASSUME $output doesn't have any confidential fields if ($mode !== 'autotag') { $_CONF['pagetitle'] = $output['sp_title']; } } else { // an error occured (page not found, access denied, ...) if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'"); } if ($failflg) { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output .= COM_siteFooter(); } } else { if ($mode !== 'autotag') { COM_404(); } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['sp_date'])); $output['updated'] = date('c', strtotime($output['sp_date'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['category'] = array($output['sp_tid']); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']); $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY sp_date DESC"; $sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count += 1; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['sp_date'])); $output_item['updated'] = date('c', strtotime($output_item['sp_date'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['category'] = array($output_item['sp_tid']); $output_item['content'] = $output_item['sp_content']; $output_item['content_type'] = 'html'; $output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']); } $output[] = $output_item; } } return PLG_RET_OK; }
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_siteHeader('menu', $LANG25[5]); $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[2]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if (empty($voters)) { $voters = 0; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = addslashes($topic); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's $v = 0; // re-count votes sine they might have been changed // first dimension of array are the questions $num_questions = count($Q); for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); if (strlen($Q[$i]) > 0) { // only insert questions that exist $Q[$i] = addslashes($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = addslashes($A[$i][$j]); $R[$i][$j] = addslashes($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $v = $v + $V[$i][$j]; } } $k++; } } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls')); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
} /* * Main Function */ $display = COM_siteHeader() . COM_startBlock($LANG_GUS00['install_header']); $action = isset($_GET['action']) ? COM_applyFilter($_GET['action']) : ''; if ($action === 'install') { if (plugin_install_gus()) { $img_url = $_CONF['site_url'] . '/gus/images/' . $_GUS_IMG_name; $blockManager = $_CONF['site_admin_url'] . '/block.php'; $admin_url = $_CONF['site_admin_url'] . '/plugins/gus/index.php'; $import_url = $_CONF['site_admin_url'] . '/plugins/gus/import.php'; $readme_url = $_CONF['site_admin_url'] . '/plugins/gus/readme.html'; $display .= "<img align=left src=\"{$img_url}\" alt='GUS Icon' width=48 height=48>" . '<p>I have created all the necessary tables and activated the Who\'s Online block. ' . "If you do not want to use it, then you may disable it by changing the GUS config.php file located in the plugins/gus directory. " . "<p>To configure GUS, go to the <a href=\"{$admin_url}\">admin page</a>.\n\t\t\tInformation about the various configuration options\tmay be found in the \n\t\t\t<a href=\"{$readme_url}#config\">README file</a>." . "<p>If you would like to support development of this plugin, there are some suggestions in the \n\t\t\t<a href=\"{$readme_url}#you\">README file</a>."; // check for old stats to see if we should add an import link if ($_ST_plugin_name != '') { $stats_version = DB_getItem($_TABLES['plugins'], 'pi_version', "pi_name = '{$_ST_plugin_name}'"); $display .= "<hr>I notice you have the stats plugin version {$stats_version} installed as '{$_ST_plugin_name}'. "; if ($stats_version !== '1.3') { $display .= "<p>If you had version 1.3 installed, I could import its data. \n\t\t\t\t\tIf you update this in the future, you can import its data from \n\t\t\t\t\tthe <a href=\"{$admin_url}\">admin page</a>."; } else { $display .= "<p>You may import its data into GUS using the <a href=\"{$import_url}\">import page</a>."; } } } else { plugin_uninstall_gus(); $display .= 'For some reason, installation failed. Check your error logs.'; } } $display .= COM_endBlock() . COM_siteFooter(TRUE); echo $display;
$lid = COM_applyFilter($_GET['lid'], true); } $display = ''; $display .= COM_startBlock("<b>" . _MD_RATEFILETITLE . "</b>"); $result = DB_query("SELECT title FROM {$_FM_TABLES['filemgmt_filedetail']} WHERE lid='{$lid}'"); list($title) = DB_fetchArray($result); $title = $myts->makeTboxData4Show($title); $display .= '<table border="0" cellpadding="1" cellspacing="0" width="80%" class="plugin"><tr>'; $display .= '<td class="pluginHeader">' . _MD_FILE . ': ' . $title . '</td></tr>'; $display .= '<tr><td style="padding:10px;"><ul>'; $display .= '<li>' . _MD_VOTEONCE . '</li>'; $display .= '<li>' . _MD_RATINGSCALE . '</li>'; $display .= '<li>' . _MD_BEOBJECTIVE . '</li>'; $display .= '<li>' . _MD_DONOTVOTE . '</li>'; $display .= "\n </ul></td></tr><tr><td style=\"text-align:center;\">\n <form method=\"post\" action=\"ratefile.php\"><div>\n <input type=\"hidden\" name=\"lid\" value=\"{$lid}\"" . XHTML . ">\n <select name=\"rating\"><option>--</option>"; for ($i = 10; $i > 0; $i--) { $display .= "<option value=\"" . $i . "\">" . $i . "</option>\n"; } $display .= "</select><br" . XHTML . "><br" . XHTML . ">"; $display .= "<input type=\"submit\" name=\"submit\" value=\"" . _MD_RATEIT . "\"" . XHTML . ">\n"; $display .= " <input type=\"button\" value=\"" . _MD_CANCEL; $display .= "\" onclick=\"javascript:history.go(-1)\"" . XHTML . ">\n"; $display .= "</div></form></td></tr></table>"; $display .= COM_endBlock(); if (function_exists('COM_createHTMLDocument')) { $display = COM_createHTMLDocument($display); } else { $display = COM_siteHeader() . $display . COM_siteFooter(); } COM_output($display); }
} else { $logical_taskid = getnextlid($templateID); $p->set_var('logical_task_id', $logical_taskid); $p->set_var('steptype_options', COM_optionList($_TABLES['nf_steptype'], 'id,stepType', '', 0)); $p->set_var('form_options', COM_optionList($_TABLES['nxform_definitions'], 'id,name')); $p->set_var('task_handler_selection', nf_makeDropDown("id", "handler", $_TABLES['nf_handlers'])); $p->set_var('next_tasks', ''); $userOptions = COM_optionList($_TABLES['users'], 'uid,fullname', '', 1, "fullname <> '' AND uid > 1"); $p->set_var('available_userOptions', $userOptions); $variableOptions = nf_makeDropDownWithSelected("id", "variableName", $_TABLES['nf_templatevariables'], $taskRec['dynamicFormVariableID'], '', 1); $p->set_var('available_variablesOptions', $variableOptions); $sql = "{$_TABLES['nf_templatevariables']} ifTask WHERE ifTask.nf_templateID='{$templateID}'"; $p->set_var('if_task_variables', nf_makeDropDownSql("ifTask.id", "ifTask.variableName", $sql, 1)); $sql = "{$_TABLES['nf_ifprocessarguments']} ifTask "; $p->set_var('if_task_option', nf_makeDropDownSql("ifTask.id", "ifTask.label", $sql, 1)); $sql = "{$_TABLES['nf_ifoperators']} ifTask "; $p->set_var('if_task_operator', nf_makeDropDownSql("ifTask.id", "ifTask.operator", $sql, 1)); $options = ''; for ($i = 1; $i <= 31; $i++) { $options .= "<option value=\"{$i}\">{$i}</option>"; } $p->set_var('notifyIntervalOptions', $options); $p->set_var('notifyInterval2Options', $options); } $p->parse('output', 'page'); echo $p->finish($p->get_var('output')); } else { echo "You must choose a template to edit first...<BR><BR><BR>"; } $retval .= COM_siteFooter(false); echo $retval;
/** * This will save a submission * * @param string $type Type of submission we are dealing with * @param array $A Data for that submission * */ function savesubmission($type, $A) { global $_CONF, $_TABLES, $_USER, $LANG12; $retval = COM_siteHeader(); COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[30] . $last . $LANG12[31] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . COM_siteFooter(); return $retval; } if (!empty($type) && $type != 'story') { // Update the submitspeedlimit for user - assuming Plugin approves // submission record COM_updateSpeedlimit('submit'); // see if this is a submission that needs to be handled by a plugin // and should include its own redirect $retval = PLG_saveSubmission($type, $A); if ($retval === false) { COM_errorLog("Could not save your submission. Bad type: {$type}"); } elseif (empty($retval)) { // plugin should include its own redirect - but in case handle // it here and redirect to the main page return COM_refresh($_CONF['site_url'] . '/index.php'); } else { return $retval; } } if (!empty($A['title']) && !empty($A['introtext'])) { $retval = savestory($A); } else { $retval .= COM_startBlock($LANG12[22], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[23] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . submissionform($type) . COM_siteFooter(); } return $retval; }
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; if (!SEC_hasRights('forum.edit')) { $display = COM_siteHeader(); $display .= COM_startBlock($LANG_GF00['access_denied']); $display .= $LANG_GF00['admin_only']; $display .= COM_endBlock(); $display .= COM_siteFooter(true); echo $display; exit; } USES_forum_functions(); USES_forum_format(); USES_forum_admin(); if (isset($_POST['migrate']) && $_POST['migrate'] == $LANG_GF01['MIGRATE_NOW'] and $_POST['selforum'] != "select" and !empty($_POST['cb_chkentry'])) { $num_stories = 0; $num_posts = 0; $forum = COM_applyFilter($_POST['selforum']); foreach ($_POST['cb_chkentry'] as $sid) { if ($_POST['seltopic'] == 'submissions') { $topic = DB_getItem($_TABLES['storysubmission'], "tid", "sid='" . DB_escapeString($sid) . "'"); $sql = DB_query("SELECT sid,tid,date,uid,title,introtext from {$_TABLES['storysubmission']} WHERE sid='" . DB_escapeString($sid) . "'"); list($sid, $tid, $storydate, $uid, $subject, $introtext) = DB_fetchArray($sql);
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!SEC_hasRights('staticpages.edit')) { if (!empty($perms)) { $perms .= ' AND'; } $perms .= '(draft_flag = 0)'; } if (!empty($perms)) { $perms = ' AND ' . $perms; } $sql = array(); $sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms; $sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms; $sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); // WE ASSUME $output doesn't have any confidential fields if ($output['template_id'] != '') { $retval = ''; $mode = ''; $xmlObject = simplexml_load_string($output['sp_content']); // create array of XML data $tag = array(); foreach ($xmlObject->variable as $variable) { $key = $variable["name"] . ''; $value = $variable->data; $tag[$key] = $value; } // Loop through variables to replace any autotags first foreach ($tag as &$value) { $value = PLG_replaceTags($value); } $args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => ''); $svc_msg = array(); if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) { $retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']); $output['sp_content'] = $retval['sp_content']; } } } else { // an error occured (page not found, access denied, ...) /** * if the user has edit permissions and the page does not exist, * send them to the editor so they can create it "wiki style" */ $create_page = false; if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) { // check again without permissions if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) { $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21'; $output = COM_refresh($url); $create_page = true; } } if (!$create_page) { if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'"); } if ($failflg) { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output .= COM_siteFooter(true); } } else { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['deny_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); if ($mode !== 'autotag') { $output .= COM_siteFooter(true); } } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['created'])); $output['updated'] = date('c', strtotime($output['modified'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['page_title'] = $output['sp_page_title']; $output['category'] = array($output['sp_tid']); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output['owner_id']); $output['author_name'] = $owner_data['username']; $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' WHERE ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY modified DESC"; $sql = array(); $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count += 1; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['created'])); $output_item['updated'] = date('c', strtotime($output_item['modified'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['page_title'] = $output_item['sp_page_title']; $output_item['category'] = array($output_item['sp_tid']); $output_item['content'] = $output_item['sp_content']; $output_item['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output_item['owner_id']); $output_item['author_name'] = $owner_data['username']; } $output[] = $output_item; } } return PLG_RET_OK; }
$theforum = ''; } if ($op == '') { $bannedsql = DB_query("SELECT * FROM {$_TABLES['gf_banned_ip']} ORDER BY host_ip DESC"); $bannum = DB_numRows($bannedsql); $p = new Template($_CONF['path_layout'] . 'forum/layout/admin'); $p->set_file(array('page' => 'banip_mgmt.thtml', 'records' => 'ip_records.thtml')); if ($bannum == 0) { $p->set_var('alertmessage', $LANG_GF96['noips']); $p->set_var('showalert', ''); } else { $p->set_var('showalert', 'none'); } $p->set_var('phpself', $_CONF['site_admin_url'] . '/plugins/forum/ips.php'); $p->set_var('LANG_IP', $LANG_GF96['ipbanned']); $p->set_var('LANG_Actions', $LANG_GF01['ACTIONS']); $i = 1; while ($A = DB_fetchArray($bannedsql)) { $p->set_var('ip', $A['host_ip']); $p->set_var('unban', $LANG_GF96['unban']); $p->set_var('csscode', $i); $p->parse('ip_records', 'records', true); $i = $i == 1 ? 2 : 1; } $p->parse('output', 'page'); echo $p->finish($p->get_var('output')); } echo COM_endBlock(); echo adminfooter(); echo COM_siteFooter();
/** * Display message after a login error * * @param int $msg message number for custom handler * @param string $message_title title for the message box * @param string $message_text text of the message box * @return void function does not return! * */ function displayLoginErrorAndAbort($msg, $message_title, $message_text) { global $_CONF; if ($_CONF['custom_registration'] && function_exists('CUSTOM_loginErrorHandler')) { // Typically this will be used if you have a custom main site page // and need to control the login process CUSTOM_loginErrorHandler($msg); } else { @header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); @header('Status: 403 Forbidden'); $retval = COM_siteHeader('menu', $message_title) . COM_showMessageText($message_text, $message_title, false, 'error') . COM_siteFooter(); echo $retval; } // don't return exit; }