/** * Add "root" category and fix categories * */ function links_update_set_categories() { global $_TABLES, $_LI_CONF; if (empty($_LI_CONF['root'])) { $_LI_CONF['root'] = 'site'; } $root = DB_escapeString($_LI_CONF['root']); DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)"); // get Links admin group number $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'"); // loop through adding to category table, then update links table with cids $result = DB_query("SELECT DISTINCT cid AS category FROM {$_TABLES['links']}"); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $category = DB_escapeString($A['category']); $cid = $category; DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW())", 1); if ($cid != $category) { // still experimenting ... DB_query("UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$category}'", 1); } if (DB_error()) { echo "Error inserting categories into linkcategories table"; return false; } } }
/** * Execute the SQL statement to perform a version upgrade. * An empty SQL parameter will return success. * * @param string $version Version being upgraded to * @param array $sql SQL statement to execute * @return integer Zero on success, One on failure. */ function EXP_upgrade_sql($version = 'Undefined', $sql = '') { global $_TABLES, $_CONF_EXP; // We control this, so it shouldn't happen, but just to be safe... if ($version == 'Undefined') { COM_errorLog("Error updating {$_CONF_EXP['pi_name']} - Undefined Version"); return 1; } // If no sql statements passed in, return success if (!is_array($sql)) { return 0; } // Execute SQL now to perform the upgrade COM_errorLOG("--Updating External Pages to version {$version}"); for ($i = 1; $i <= count($sql); $i++) { COM_errorLOG("External Pages Plugin {$version} update: Executing SQL => " . current($sql)); DB_query(current($sql), '1'); if (DB_error()) { COM_errorLog("SQL Error during External Pages plugin update", 1); return 1; break; } next($sql); } return 0; }
function update_150_to_151() { global $_TABLES, $_CONF, $_SP_CONF; $P_SQL = array(); $P_SQL[] = "ALTER TABLE {$_TABLES['staticpage']} ADD sp_search tinyint(4) NOT NULL default '1' AFTER postmode"; // allow searching on all existing static pages $P_SQL[] = "UPDATE {$_TABLES['staticpage']} SET sp_search = 1"; $P_SQL[] = "UPDATE {$_TABLES['plugins']} SET pi_version = '1.5.1', pi_gl_version = '1.1.0', pi_homepage='http://www.glfusion.org' WHERE pi_name = 'staticpages'"; foreach ($P_SQL as $sql) { $rst = DB_query($sql, 1); if (DB_error()) { COM_errorLog("StaticPage Update Error: Could not execute the following SQL: " . $sql); return false; } } $res = DB_query("SELECT * FROM {$_TABLES['vars']} WHERE name='sp_fix_01'"); if (DB_numRows($res) < 1) { $sql = "SELECT * FROM {$_TABLES['staticpage']}"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { $newcontent = stripslashes($A['sp_content']); $newcontent = mysql_real_escape_string($newcontent); DB_query("UPDATE {$_TABLES['staticpage']} SET sp_content='" . $newcontent . "' WHERE sp_id='" . $A['sp_id'] . "'"); } DB_query("INSERT INTO {$_TABLES['vars']} VALUES ('sp_fix_01', 1)", 1); } return true; }
/** * Disable incompatible plugins to prevent an error which will occur during * the upgrade process. * * @link http://code.google.com/p/geeklog-jp/wiki/manage151 */ function GEEKLOGJP_disablePlugins() { global $_TABLES; /** * Geeklog-1.5.xで動作確認の取れているプラグインのリスト。 * $allowed_plugins['プラグイン英語名'] = '動作する最低バージョン' のフォー * マット。Geeklogに同梱されているプラグインはチェック不要なので、バージョン * は '*' とする。 */ $allowed_plugins = array('staticpages' => '*', 'links' => '*', 'polls' => '*', 'calendar' => '*', 'autotags' => '1.01', 'calendarjp' => '1.1.6', 'captcha' => '3.5.5', 'custommenu' => '0.2.2', 'dataproxy' => '2.0.0', 'dbman' => '0.7.1', 'filemgmt' => '1.6.0.jp3', 'forum' => '2.9.0hg', 'japanize' => '2.1.0', 'mycaljp' => '2.0.5', 'nmoxtopicown' => '1.0.12', 'sitemap' => '1.1.2', 'themedit' => '1.2.1'); $sqls = array(); $sql = "SELECT pi_name, pi_version " . "FROM {$_TABLES['plugins']} " . "WHERE (pi_enabled = '1') "; $result = DB_query($sql); if (!DB_error()) { while (($A = DB_fetchArray($result)) !== false) { $pi_name = $A['pi_name']; $pi_version = $A['pi_version']; if (array_key_exists($pi_name, $allowed_plugins)) { if ($allowed_plugins[$pi_name] == '*' or version_compare($pi_version, $allowed_plugins[$pi_name]) >= 0) { continue; } } $sqls[] = "UPDATE {$_TABLES['plugins']} " . "SET pi_enabled = '0' " . "WHERE (pi_name = '" . addslashes($pi_name) . "') "; } if (count($sqls) > 0) { foreach ($sqls as $sql) { DB_query($sql); } } } }
function update_tables() { global $_TABLES; global $_CONF; //マスタのデータ $_SQL = array(); //=====SQL 定義 ココから // 更新が必要なところの条件を変更して使用してください if (1 === 0) { //カテゴリ定義に親カテゴリIDとグループID追加 $_SQL[] = "\n\t\tCREATE TABLE {$_TABLES['DATABOX_def_fieldset']} (\n\t\t`fieldset_id` int(11) NOT NULL,\n\t\t`name` varchar(64) NOT NULL,\n\t\t`description` mediumtext,\n\t\t`udatetime` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\t\t`uuid` mediumint(8) NOT NULL,\n\t\tPRIMARY KEY (`fieldset_id`)\n\t\t) ENGINE=MyISAM\n\t\t"; //属性セット関連 $_SQL[] = "\n\t\tCREATE TABLE {$_TABLES['DATABOX_def_fieldset_assignments']} (\n\t\t`seq` int(11) NOT NULL AUTO_INCREMENT,\n\t\t`fieldset_id` int(11) NOT NULL,\n\t\t`field_id` int(11) NOT NULL,\n\t\tPRIMARY KEY (`seq`),\n\t\tKEY `fieldset_id` (`fieldset_id`)\n\t\t) ENGINE=MyISAM\n\t\t"; $_SQL[] = "\n ALTER TABLE {$_TABLES['DATABOX_base']}\n\t\tADD `fieldset_id` int(11) NOT NULL default 0 AFTER `orderno`,\n "; } //=====SQL 定義 ココまで //------------------------------------------------------------------ for ($i = 1; $i <= count($_SQL); $i++) { $w = current($_SQL); DB_query(current($_SQL)); next($_SQL); } if (DB_error()) { COM_errorLog("error DataBox table update ", 1); return false; } COM_errorLog("Success - DataBox table update", 1); return "end"; }
function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <BR>Error: " . DB_error() . "", "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br>All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br>All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "1109" => "File type not allowed", "1110" => "You must define and select a category for the uploaded file", "9999" => "Unknown Error"); // determine the destination of this request $destination = COM_getCurrentURL(); // validate the destination is not blank and is part of our site... if ($destination == '') { $destination = $_CONF['site_url'] . '/filemgmt/index.php'; } if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { $destination = $_CONF['site_url'] . '/filemgmt/index.php'; } $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php'; $display = COM_siteHeader('menu'); $display .= '<table width="100%" class="plugin" border="0" cellspacing="0" cellpadding="1">'; $display .= '<tr><td class="pluginAlert" style="text-align:right;padding:5px;">File Management Plugin</td>'; $display .= "<td class=\"pluginAlert\" width=\"50%\" style=\"padding:5px 0px 5px 10px;\">Error Code: {$e_code}</td></tr>"; $display .= "<tr><td colspan=\"2\" class=\"pluginInfo\"><b>ERROR:</b> {$errmsg[$e_code]}</td></tr>"; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="' . $destination . '">Go Back</a> ]</td></tr></table>'; $display .= COM_siteFooter(); echo $display; die(""); }
function plugin_install_captcha() { global $pi_name, $pi_version, $gl_version, $pi_url, $NEWTABLE, $DEFVALUES, $NEWFEATURE; global $_TABLES, $_CONF, $LANG_CP00, $_DB_dbms; COM_errorLog("Attempting to install the {$pi_name} Plugin", 1); $_SQL['cp_config'] = "CREATE TABLE {$_TABLES['cp_config']} ( " . " `config_name` varchar(255) NOT NULL default '', " . " `config_value` varchar(255) NOT NULL default '', " . " PRIMARY KEY (`config_name`) " . " );"; $_SQL['cp_sessions'] = "CREATE TABLE {$_TABLES['cp_sessions']} ( " . " `session_id` varchar(40) NOT NULL default '', " . " `cptime` INT(11) NOT NULL default 0, " . " `validation` varchar(40) NOT NULL default '', " . " `counter` TINYINT(4) NOT NULL default 0, " . " PRIMARY KEY (`session_id`) " . " );"; foreach ($_SQL as $table => $sql) { COM_errorLog("Creating {$table} table", 1); DB_query($sql, 1); if (DB_error()) { COM_errorLog("Error Creating {$table} table", 1); plugin_uninstall_captcha(); return false; exit; } COM_errorLog("Success - Created {$table} table", 1); } $SQL_DEFAULTS = "INSERT INTO `{$_TABLES['cp_config']}` (`config_name`, `config_value`) VALUES " . " ('anonymous_only', '1'), " . " ('remoteusers','0'), " . " ('debug', '0'), " . " ('enable_comment', '0'), " . " ('enable_contact', '0'), " . " ('enable_emailstory', '0'), " . " ('enable_forum', '0'), " . " ('enable_registration', '0'), " . " ('enable_story', '0'), " . " ('gfxDriver', '2'), " . " ('gfxFormat', 'jpg'), " . " ('gfxPath', '');"; DB_query($SQL_DEFAULTS, 1); // Register the plugin with Geeklog COM_errorLog("Registering {$pi_name} plugin with Geeklog", 1); DB_delete($_TABLES['plugins'], 'pi_name', 'captcha'); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$pi_name}', '{$pi_version}', '{$gl_version}', '{$pi_url}', 1)"); if (DB_error()) { COM_errorLog("Failure registering plugin with Geeklog"); plugin_uninstall_captcha(); return false; exit; } // Create initial log entry CAPTCHA_errorLog("CAPTCHA Plugin Successfully Installed"); COM_errorLog("Successfully installed the {$pi_name} Plugin!", 1); return true; }
function nexform_importForm($_SQL, $cntr) { global $CONF_FE, $_TABLES; DB_query($_SQL[0], '1'); if (DB_error()) { COM_errorLog("nexform SQL error importing form: {$_SQL[0]}"); } $newformid = DB_insertID(); /* Delete any previous imported form field definition records New field definition records will have a formid of '99999' assigned Insert the new records and then update to match the new form definition */ DB_query("DELETE FROM {$_TABLES['nxform_fields']} WHERE formid='{$cntr}'"); next($_SQL); // Increment to the field definition records for ($i = 1; $i < count($_SQL); $i++) { DB_query(current($_SQL), '1'); if (DB_error()) { COM_errorLog("executing " . current($_SQL)); COM_errorLog("Error executing SQL", 1); exit; } next($_SQL); } DB_query("UPDATE {$_TABLES['nxform_fields']} set formid='{$newformid}' WHERE formid='{$cntr}'"); // Need to cycle thru the fields now and update any fieldnames if auto fieldname used $query = DB_query("SELECT id,type FROM {$_TABLES['nxform_fields']} WHERE formid='{$newformid}' AND field_name LIKE '%_frm%'"); while (list($fieldid, $fieldtype) = DB_fetchArray($query)) { $fieldname = "{$CONF_FE['fieldtypes'][$fieldtype][0]}{$newformid}_{$fieldid}"; DB_query("UPDATE {$_TABLES['nxform_fields']} set field_name='{$fieldname}' WHERE id='{$fieldid}'"); } }
function doValidLogin($login) { global $_CONF, $_TABLES, $status, $uid; // Remote auth precludes usersubmission, // and integrates user activation, see?; $status = USER_ACCOUNT_ACTIVE; // PHP replaces "." with "_" $openid_identity = DB_escapeString($this->query['openid_identity']); $openid_nickname = ''; if (isset($this->query['openid_sreg_nickname'])) { $openid_nickname = $this->query['openid_sreg_nickname']; } // Check if that account is already registered. $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'"); $tmp = DB_error(); $nrows = DB_numRows($result); if (!($tmp == 0) || !($nrows == 1)) { // First time login with this OpenID, creating account... if ($_CONF['disable_new_user_registration']) { // not strictly correct - just to signal a failed login attempt $status = USER_ACCOUNT_DISABLED; $uid = 0; return; } if (empty($openid_nickname)) { $openid_nickname = $this->makeUsername($this->query['openid_identity']); } // we simply can't accept empty usernames ... if (empty($openid_nickname)) { COM_errorLog('Got an empty username for ' . $openid_identity); // not strictly correct - just to signal a failed login attempt $status = USER_ACCOUNT_DISABLED; $uid = 0; return; } // Ensure that remoteusername is unique locally. $openid_nickname = USER_uniqueUsername($openid_nickname); $openid_sreg_email = ''; if (isset($this->query['openid_sreg_email'])) { $openid_sreg_email = $this->query['openid_sreg_email']; } $openid_sreg_fullname = ''; if (isset($this->query['openid_sreg_fullname'])) { $openid_sreg_fullname = $this->query['openid_sreg_fullname']; } USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid'); $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'"); // Store full remote account name: DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}"); // Add to remote users: $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); } else { $result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'"); list($uid, $status) = DB_fetchArray($result); } }
/** * Returns DB server version */ function dbman_getDBVersion() { $rst = DB_query("SHOW VARIABLES"); if (!DB_error()) { while (($r = DB_fetchArray($rst)) !== FALSE) { if ($r['Variable_name'] === 'version') { return $r['Value']; } } } return 'unavailable'; }
function update_tables() { global $_TABLES; global $_CONF; //マスタのデータ $_SQL = array(); // 更新が必要なところの条件を変更して使用してください //20110208 if (1 === 0) { $_SQL[] = "\n ALTER TABLE {$_TABLES['USERBOX_base']}\n CHANGE `orderno` `orderno` INT( 2 ) NOT NULL DEFAULT '0'\n "; $_SQL[] = "\n ALTER TABLE {$_TABLES['USERBOX_base']}\n CHANGE `expired` `expired` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00'\n "; } //20110622 // userbox.edit (gl_feature) add if (1 === 0) { $_SQL[] = "\n INSERT INTO {$_TABLES['features']} (\n `ft_name` ,\n `ft_descr` ,\n `ft_gl_core`\n )\n VALUES (\n\t\t'userbox.edit', 'can edit profile to userbox plugin', '0'\n )\n\t\t"; $_SQL[] = "\n INSERT INTO {$_TABLES['features']} (\n `ft_name` ,\n `ft_descr` ,\n `ft_gl_core`\n )\n VALUES (\n\t\t'userbox.joingroup', 'can edit join group to userbox plugin', '0'\n )\n\t\t"; } //20110803 // group_id=0 add if (1 === 0) { $_SQL[] = "\n\t\tINSERT INTO {$_TABLES['USERBOX_def_group']} (\n\t\t`group_id` \n\t\t)\n\t\tVALUES (\n\t\t'0'\n\t\t);\n\t\t"; } //20110826 // group_id=0 add if (1 === 0) { $_SQL[] = "\n\t\tALTER TABLE {$_TABLES['USERBOX_base']}\n\t\tADD `eyechatchingimage` MEDIUMTEXT NULL AFTER `defaulttemplatesdirectory` \n\t\t"; } //20110915 // group_id=0 add if (1 === 1) { $_SQL[] = "\n INSERT INTO {$_TABLES['features']} (\n `ft_name` ,\n `ft_descr` ,\n `ft_gl_core`\n )\n VALUES (\n\t\t'userbox.user', 'Can register to UserBox', '0'\n )\n\t\t"; } //------------------------------------------------------------------ for ($i = 1; $i <= count($_SQL); $i++) { $w = current($_SQL); DB_query(current($_SQL)); next($_SQL); } if (DB_error()) { COM_errorLog("error UserBox table update ", 1); return false; } COM_errorLog("Success - UserBox table update", 1); return "end"; }
/** * Delete an ad and associated photos * * @param integer $ad_id Ad ID number * @param boolean $admin True if this is an administrator */ function adDelete($ad_id = '', $admin = false, $table = 'ad_ads') { global $_USER, $_TABLES, $_CONF_ADVT; $ad_id = COM_sanitizeID($ad_id); if ($ad_id == '') { return 1; } if ($table != 'ad_ads' && $table != 'ad_submission') { return 2; } // Check the user's access level. If this is an admin call, // force access to read-write. $myaccess = $admin ? 3 : CLASSIFIEDS_checkAccess($ad_id); if ($myaccess < 3) { return 3; } /* $selection = "ad_id = '$ad_id'"; if (!$admin) { $selection.= " AND uid={$_USER['uid']}"; } $ad = DB_getItem($_TABLES[$table], 'ad_id', $selection); if ($ad == '') return 5;*/ // If we've gotten this far, then the current user has access // to delete this ad. if ($table == 'ad_submission') { // Do the normal plugin rejection stuff plugin_moderationdelete_classifieds($ad_id); } else { // Do the extra cleanup manually if (deletePhotos($ad_id) != 0) { return 5; } } // After the cleanup stuff, delete the ad record itself. DB_delete($_TABLES[$table], 'ad_id', $ad_id); CLASSIFIEDS_auditLog("Ad {$ad_id} deleted."); if (DB_error()) { COM_errorLog(DB_error()); return 4; } else { return 0; } }
function MG_batchDeleteSession() { global $_MG_CONF, $_CONF, $_TABLES; if (!empty($_POST['sel'])) { $numItems = count($_POST['sel']); for ($i = 0; $i < $numItems; $i++) { DB_delete($_TABLES['mg_session_items'], 'session_id', $_POST['sel'][$i]); if (DB_error()) { COM_errorLog("Media Gallery Error: Error removing session items"); } DB_delete($_TABLES['mg_sessions'], 'session_id', $_POST['sel'][$i]); if (DB_error()) { COM_errorLog("Media Gallery Error: Error removing session"); } } } echo COM_refresh($_MG_CONF['admin_url'] . 'sessions.php'); exit; }
/** * Hook up pollquestions with polltopics * */ function polls_update_polltopics() { global $_TABLES; $move_sql = "SELECT pid, topic FROM {$_TABLES['polltopics']}"; $move_rst = DB_query($move_sql); $count_move = DB_numRows($move_rst); for ($i = 0; $i < $count_move; $i++) { $A = DB_fetchArray($move_rst); $A[1] = mysql_real_escape_string($A[1]); $P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');"; } foreach ($P_SQL as $sql) { $rst = DB_query($sql); if (DB_error()) { echo "There was an error upgrading the polls, SQL: {$sql}<br>"; return false; } } }
function MG_batchDeleteSession() { global $_MG_CONF, $_CONF, $_TABLES, $_POST; $numItems = count($_POST['sel']); for ($i = 0; $i < $numItems; $i++) { $sql = "DELETE FROM {$_TABLES['mg_session_items']} WHERE session_id='" . $_POST['sel'][$i] . "'"; $result = DB_query($sql); if (DB_error()) { COM_errorLog("Media Gallery Error: Error removing session items"); } $sql = "DELETE FROM {$_TABLES['mg_sessions']} WHERE session_id='" . $_POST['sel'][$i] . "'"; $result = DB_query($sql); if (DB_error()) { COM_errorLog("Media Gallery Error: Error removing session"); } } echo COM_refresh($_MG_CONF['admin_url'] . 'sessions.php'); exit; }
/** * Return replacements for a given email address * * @param string $address * @return array */ public function getReplacementsFor($address) { global $_CONF, $_TABLES; $retval = array(); $address = DB_escapeString($address); $sql = <<<SQL SELECT u.*, i.location, i.lastgranted, i.lastlogin FROM {$_TABLES['users']} AS u LEFT JOIN {$_TABLES['userinfo']} AS i ON u.uid = i.uid WHERE u.email = '{$address}' SQL; $resultSet = DB_query($sql); if (!DB_error()) { $A = DB_fetchArray($resultSet, false); if (is_array($A) && count($A) > 0) { $retval = array('{uid}' => $A['uid'], '{username}' => $A['username'], '{fullname}' => $A['fullname'], '{email}' => $A['email'], '{homepage}' => $A['homepage'], '{theme}' => $A['theme'], '{language}' => $A['language'], '{location}' => $A['location'], '{lastgranted}' => $A['lastgranted'], '{lastlogin}' => $A['lastlogin'], '{site_url}' => $_CONF['site_url'], '{site_name}' => $_CONF['site_name'], '{site_slogan}' => $_CONF['site_slogan'], '{owner_name}' => $_CONF['owner_name'], '{copyrightyear}' => $_CONF['copyrightyear'], '{site_mail}' => $_CONF['site_mail'], '{noreply_mail}' => $_CONF['noreply_mail']); } } return $retval; }
function upgrade_StaticpagesPlugin() { global $_CONF, $_TABLES; $plugin_path = $_CONF['path'] . 'plugins/staticpages/'; $P_SQL = array(); $P_SQL[] = "ALTER TABLE {$_TABLES['staticpage']} ADD sp_search tinyint(4) NOT NULL default '1' AFTER postmode"; // allow searching on all existing static pages $P_SQL[] = "UPDATE {$_TABLES['staticpage']} SET sp_search = 1"; $P_SQL[] = "UPDATE {$_TABLES['plugins']} SET pi_version = '1.5.1', pi_gl_version = '1.1.0', pi_homepage='http://www.glfusion.org' WHERE pi_name = 'staticpages'"; foreach ($P_SQL as $sql) { $rst = DB_query($sql, 1); if (DB_error()) { echo "There was an error upgrading the Static Pages plugin, SQL: {$sql}<br>"; } } if (file_exists($plugin_path . 'config.php')) { // Rename the existing config.php as it's not needed any more $ren = @rename($plugin_path . 'config.php', $plugin_path . 'config-pre1.1.0.php'); } return true; }
/** * Returns the content of a given staticpage * * @author mystral-kk - geeklog AT mystral-kk DOT net * @license GPL v2 * @param $sp_id string an id of a staticpage * @return string the content of the staticpage */ function CUSTOM_getStaticpage($sp_id) { global $_TABLES, $_PLUGINS, $_SP_CONF, $LANG_STATIC; $retval = ''; if (!in_array('staticpages', $_PLUGINS)) { return $retval; } $sql = "SELECT sp_php, sp_content FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '" . addslashes($sp_id) . "') " . "AND " . SP_getPerms(); $result = DB_query($sql); if (DB_error() or DB_numRows($result) == 0) { return $retval; } else { $A = DB_fetchArray($result); $sp_php = $A['sp_php']; $sp_content = stripslashes($A['sp_content']); } if ($_SP_CONF['allow_php'] == 1) { // Check for type (i.e. html or php) if ($sp_php == 1) { $retval .= eval($sp_content); } else { if ($sp_php == 2) { ob_start(); eval($sp_content); $retval .= ob_get_contents(); ob_end_clean(); } else { $retval .= PLG_replacetags($sp_content); } } } else { if ($sp_php != 0) { COM_errorLog("PHP in static pages is disabled. Cannot display page '{$sp_id}'.", 1); $retval .= $LANG_STATIC['deny_msg']; } else { $retval .= $sp_content; } } return $retval; }
/** * Do the actual plugin auto install * * @param string $plugin Plugin name * @param array $inst_parms Installation parameters for the plugin * @param boolean $verbose true: enable verbose logging * @return boolean true on success, false otherwise * */ function plugin_do_autoinstall($plugin, $inst_parms, $verbose = true) { global $_CONF, $_TABLES, $_USER, $_DB_dbms, $_DB_table_prefix; $base_path = $_CONF['path'] . 'plugins/' . $plugin . '/'; if ($verbose) { COM_errorLog("Attempting to install the '{$plugin}' plugin", 1); } // sanity checks in $inst_parms if (isset($inst_parms['info'])) { $pi_name = $inst_parms['info']['pi_name']; $pi_version = $inst_parms['info']['pi_version']; $pi_gl_version = $inst_parms['info']['pi_gl_version']; $pi_homepage = $inst_parms['info']['pi_homepage']; } if (empty($pi_name) || $pi_name != $plugin || empty($pi_version) || empty($pi_gl_version) || empty($pi_homepage)) { COM_errorLog('Incomplete plugin info', 1); return false; } // add plugin tables, if any if (!empty($inst_parms['tables'])) { $tables = $inst_parms['tables']; foreach ($tables as $table) { $_TABLES[$table] = $_DB_table_prefix . $table; } } // Create the plugin's group(s), if any $groups = array(); $admin_group_id = 0; if (!empty($inst_parms['groups'])) { $groups = $inst_parms['groups']; foreach ($groups as $name => $desc) { if ($verbose) { COM_errorLog("Attempting to create '{$name}' group", 1); } $grp_name = addslashes($name); $grp_desc = addslashes($desc); $sql = array(); $sql['pgsql'] = "INSERT INTO {$_TABLES['groups']} (grp_id,grp_name, grp_descr) VALUES ((SELECT NEXTVAL('{$_TABLES['groups']}_grp_id_seq')),'{$grp_name}', '{$grp_desc}')"; $sql['mysql'] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) VALUES ('{$grp_name}', '{$grp_desc}')"; $sql['mssql'] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) VALUES ('{$grp_name}', '{$grp_desc}')"; DB_query($sql, 1); if (DB_error()) { COM_errorLog('Error creating plugin group', 1); PLG_uninstall($plugin); return false; } // keep the new group's ID for use in the mappings section (below) $groups[$name] = DB_insertId(); // assume that the first group is the plugin's Admin group if ($admin_group_id == 0) { $admin_group_id = $groups[$name]; } } } // Create the plugin's table(s) $_SQL = array(); $DEFVALUES = array(); if (file_exists($base_path . 'sql/' . $_DB_dbms . '_install.php')) { require_once $base_path . 'sql/' . $_DB_dbms . '_install.php'; } if (count($_SQL) > 0) { $use_innodb = false; if ($_DB_dbms == 'mysql' && DB_getItem($_TABLES['vars'], 'value', "name = 'database_engine'") == 'InnoDB') { $use_innodb = true; } foreach ($_SQL as $sql) { $sql = str_replace('#group#', $admin_group_id, $sql); if ($use_innodb) { $sql = str_replace('MyISAM', 'InnoDB', $sql); } DB_query($sql); if (DB_error()) { COM_errorLog('Error creating plugin table', 1); PLG_uninstall($plugin); return false; } } } // Add the plugin's features if ($verbose) { COM_errorLog("Attempting to add '{$plugin}' features", 1); } $features = array(); $mappings = array(); if (!empty($inst_parms['features'])) { $features = $inst_parms['features']; if (!empty($inst_parms['mappings'])) { $mappings = $inst_parms['mappings']; } foreach ($features as $feature => $desc) { $ft_name = addslashes($feature); $ft_desc = addslashes($desc); $sql = array(); $sql['pgsql'] = "INSERT INTO {$_TABLES['features']} (ft_id,ft_name, ft_descr)\n VALUES ((SELECT nextval('{$_TABLES['features']}_ft_id_seq')),'{$ft_name}', '{$ft_desc}')"; $sql['mysql'] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr)\n VALUES ('{$ft_name}', '{$ft_desc}')"; $sql['mysql'] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr)\n VALUES ('{$ft_name}', '{$ft_desc}')"; DB_query($sql, 1); if (DB_error()) { COM_errorLog('Error adding plugin feature', 1); PLG_uninstall($plugin); return false; } $feat_id = DB_insertId(); if (isset($mappings[$feature])) { foreach ($mappings[$feature] as $group) { if ($verbose) { COM_errorLog("Adding '{$feature}' feature to the '{$group}' group", 1); } DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$feat_id}, {$groups[$group]})"); if (DB_error()) { COM_errorLog('Error mapping plugin feature', 1); PLG_uninstall($plugin); return false; } } } } } // Add plugin's Admin group to the Root user group // (assumes that the Root group's ID is always 1) if (count($groups) > 0) { if ($verbose) { COM_errorLog("Attempting to give all users in the Root group access to the '{$plugin}' Admin group", 1); } foreach ($groups as $key => $value) { DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES " . "({$value}, NULL, 1)"); if (DB_error()) { COM_errorLog('Error adding plugin admin group to Root group', 1); PLG_uninstall($plugin); return false; } } } // Pre-populate tables or run any other SQL queries if (count($DEFVALUES) > 0) { if ($verbose) { COM_errorLog('Inserting default data', 1); } foreach ($DEFVALUES as $sql) { $sql = str_replace('#group#', $admin_group_id, $sql); DB_query($sql, 1); if (DB_error()) { COM_errorLog('Error adding plugin default data', 1); PLG_uninstall($plugin); return false; } } } // Load the online configuration records $load_config = 'plugin_load_configuration_' . $plugin; if (function_exists($load_config)) { if (!$load_config($plugin)) { COM_errorLog('Error loading plugin configuration', 1); PLG_uninstall($plugin); return false; } require_once $_CONF['path'] . 'system/classes/config.class.php'; $config =& config::get_instance(); $config->initConfig(); // force re-reading, including new plugin conf } // Finally, register the plugin with Geeklog if ($verbose) { COM_errorLog("Registering '{$plugin}' plugin", 1); } // silently delete an existing entry DB_delete($_TABLES['plugins'], 'pi_name', $plugin); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) VALUES " . "('{$plugin}', '{$pi_version}', '{$pi_gl_version}', '{$pi_homepage}', 1)"); if (DB_error()) { COM_errorLog('Failed to register plugin', 1); PLG_uninstall($plugin); return false; } // give the plugin a chance to perform any post-install operations $post_install = 'plugin_postinstall_' . $plugin; if (function_exists($post_install)) { if (!$post_install($plugin)) { COM_errorLog('Plugin postinstall failed', 1); PLG_uninstall($plugin); return false; } } if ($verbose) { COM_errorLog("Successfully installed the '{$plugin}' plugin!", 1); } // load plugin here already, for any plugins wanting to act on // PLG_pluginStateChange($plugin, 'installed') when we return from here require_once $_CONF['path'] . 'plugins/' . $plugin . '/functions.inc'; return true; }
function MG_saveMediaEdit($album_id, $media_id, $actionURL) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03; $back = COM_applyFilter($_POST['rpath']); if ($back != '') { $actionURL = $back; } $queue = COM_applyFilter($_POST['queue'], true); $replacefile = 0; if (isset($_POST['replacefile'])) { $replacefile = COM_applyFilter($_POST['replacefile']); } if ($replacefile == 1) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $repfilename = $_FILES['repfilename']; $filename = $repfilename['name']; $file = $repfilename['tmp_name']; $opt = array('replace' => $media_id); list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt); COM_errorLog($msg); } // see if we had an attached thumbnail before... $thumb = $_FILES['attthumb']; $thumbnail = $thumb['tmp_name']; $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0; $attachtn = $att == 1 ? 1 : 0; $table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']; $old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"'); if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') { $attachtn = 0; } $remove_old_tn = 0; if ($old_attached_tn == 1 && $attachtn == 0) { $remove_old_tn = 1; } $remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"'); $remote_url = addslashes(COM_stripslashes($_POST['remoteurl'])); if ($_MG_CONF['htmlallowed']) { $media_title = COM_checkWords(COM_stripslashes($_POST['media_title'])); $media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc'])); } else { $media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title'])))); $media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc'])))); } $media_time_month = COM_applyFilter($_POST['media_month']); $media_time_day = COM_applyFilter($_POST['media_day']); $media_time_year = COM_applyFilter($_POST['media_year']); $media_time_hour = COM_applyFilter($_POST['media_hour']); $media_time_minute = COM_applyFilter($_POST['media_minute']); $original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename'])); if ($replacefile == 1) { $original_filename = $filename; } $cat_id = COM_applyFilter($_POST['cat_id'], true); $media_keywords = COM_stripslashes($_POST['media_keywords']); $media_keywords_safe = substr($media_keywords, 0, 254); $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe)))); $artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist']))); $musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum']))); $genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre']))); $media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1); $owner_sql = ''; if (isset($_POST['owner_name'])) { $owner_id = COM_applyFilter($_POST['owner_name'], true); $owner_sql = ',media_user_id=' . $owner_id . ' '; } $sql = "UPDATE " . $table . "\n SET media_title='" . addslashes($media_title) . "',\n media_desc='" . addslashes($media_desc) . "',\n media_original_filename='" . addslashes($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'"; DB_query($sql); if (DB_error() != 0) { echo COM_errorLog("Media Gallery: ERROR Updating image in media database"); } PLG_itemSaved($media_id, 'mediagallery'); // process playback options if any... if (isset($_POST['autostart'])) { // asf $opt['autostart'] = COM_applyFilter($_POST['autostart'], true); $opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true); $opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0; $opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true); $opt['uimode'] = COM_applyFilter($_POST['uimode']); $opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0; $opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0; $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0; $opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0; $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; if ($opt['playcount'] < 1) { $opt['playcount'] = 1; } MG_savePBOption($media_id, 'autostart', $opt['autostart'], true); MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true); if ($opt['stretchtofit'] != '') { MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true); } MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true); MG_savePBOption($media_id, 'uimode', $opt['uimode']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']); MG_savePBOption($media_id, 'playcount', $opt['playcount'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); } if (isset($_POST['play'])) { // swf $opt['play'] = COM_applyFilter($_POST['play'], true); $opt['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : 0; $opt['quality'] = isset($_POST['quality']) ? COM_applyFilter($_POST['quality']) : ''; $opt['flashvars'] = isset($_POST['flashvars']) ? COM_applyFilter($_POST['flashvars']) : ''; $opt['height'] = COM_applyFilter($_POST['height'], true); $opt['width'] = COM_applyFilter($_POST['width'], true); $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; $opt['scale'] = isset($_POST['scale']) ? COM_applyFilter($_POST['scale']) : ''; $opt['wmode'] = isset($_POST['wmode']) ? COM_applyFilter($_POST['wmode']) : ''; $opt['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? COM_applyFilter($_POST['allowscriptaccess']) : ''; $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : ''; $opt['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9; MG_savePBOption($media_id, 'play', $opt['play'], true); if ($opt['menu'] != '') { MG_savePBOption($media_id, 'menu', $opt['menu'], true); } MG_savePBOption($media_id, 'quality', $opt['quality']); MG_savePBOption($media_id, 'flashvars', $opt['flashvars']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); MG_savePBOption($media_id, 'scale', $opt['scale']); MG_savePBOption($media_id, 'wmode', $opt['wmode']); MG_savePBOption($media_id, 'allowscriptaccess', $opt['allowscriptaccess']); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']); MG_savePBOption($media_id, 'swf_version', $opt['swf_version'], true); } if (isset($_POST['autoplay'])) { // quicktime $opt['autoplay'] = COM_applyFilter($_POST['autoplay'], true); $opt['autoref'] = COM_applyFilter($_POST['autoref'], true); $opt['controller'] = COM_applyFilter($_POST['controller'], true); $opt['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true); $opt['scale'] = COM_applyFilter($_POST['scale']); $opt['height'] = COM_applyFilter($_POST['height'], true); $opt['width'] = COM_applyFilter($_POST['width'], true); $opt['bgcolor'] = COM_applyFilter($_POST['bgcolor']); $opt['loop'] = COM_applyFilter($_POST['loop'], true); MG_savePBOption($media_id, 'autoref', $opt['autoref'], true); MG_savePBOption($media_id, 'autoplay', $opt['autoplay'], true); MG_savePBOption($media_id, 'controller', $opt['controller'], true); MG_savePBOption($media_id, 'kioskmode', $opt['kioskmode'], true); MG_savePBOption($media_id, 'scale', $opt['scale']); MG_savePBOption($media_id, 'height', $opt['height'], true); MG_savePBOption($media_id, 'width', $opt['width'], true); MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor'], true); MG_savePBOption($media_id, 'loop', $opt['loop'], true); } if ($attachtn == 1 && $thumbnail != '') { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"'); $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $thumbFilename); } if ($remove_old_tn == 1) { $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"'); $tmpstr = 'tn/' . $media_filename[0] . '/tn_' . $media_filename; $ext = Media::getMediaExt($_MG_CONF['path_mediaobjects'] . $tmpstr); if (!empty($ext)) { @unlink($_MG_CONF['path_mediaobjects'] . $tmpstr . $ext); } } if ($queue) { echo COM_refresh($actionURL); } else { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildAlbumRSS($album_id); echo COM_refresh($actionURL); } exit; }
function INSTALLER_install_block($step, &$vars) { global $_TABLES, $_CONF, $_USER; COM_errorLog("AutoInstall: Creating block {$step['name']}..."); $is_enabled = isset($step['is_enabled']) ? intval($step['is_enabled']) : 1; $rdflimit = isset($step['rdflimit']) ? intval($step['rdflimit']) : 0; $onleft = isset($step['onleft']) ? intval($step['onleft']) : 0; $allow_autotags = isset($step['allow_autotags']) ? intval($step['allow_autotags']) : 0; $name = isset($step['name']) ? DB_escapeString($step['name']) : ''; $title = isset($step['title']) ? DB_escapeString($step['title']) : ''; $type = isset($step['block_type']) ? DB_escapeString($step['block_type']) : 'unknown'; $phpblockfn = isset($step['phpblockfn']) ? DB_escapeString($step['phpblockfn']) : ''; $help = isset($step['help']) ? DB_escapeString($step['help']) : ''; $content = isset($step['content']) ? DB_escapeString($step['content']) : ''; $blockorder = isset($step['blockorder']) ? intval($step['blockorder']) : 9999; $owner_id = isset($_USER['uid']) ? $_USER['uid'] : 2; $group_id = isset($vars[$step['group_id']]) ? $vars[$step['group_id']] : 1; list($perm_owner, $perm_group, $perm_members, $perm_anon) = $_CONF['default_permissions_block']; DB_query("INSERT INTO {$_TABLES['blocks']} " . "(is_enabled,name,type,title,tid,blockorder,content,allow_autotags,rdflimit,onleft,phpblockfn,help,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon)" . " VALUES ({$is_enabled},'{$name}','{$type}','{$title}','all',{$blockorder},'{$content}',{$allow_autotags},{$rdflimit},{$onleft},'{$phpblockfn}','{$help}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon})", 1); if (DB_error()) { COM_errorLog("AutoInstall: Block creation failed!"); return 1; } $bid = DB_insertId(); if (isset($step['variable'])) { $vars[$step['variable']] = $bid; } return "DELETE FROM {$_TABLES['blocks']} WHERE bid = {$bid}"; }
/** * Saves user to the database * * @param int $uid user id * @param string $usernmae (short) username * @param string $fullname user's full name * @param string $email user's email address * @param string $regdate date the user registered with the site * @param string $homepage user's homepage URL * @param array $groups groups the user belongs to * @param string $delete_photo delete user's photo if == 'on' * @return string HTML redirect or error message * */ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering saveusers****", 1); COM_errorLog("group size at beginning = " . count($groups), 1); } $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); // If remote service then assume blank password if (!empty($service)) { $passwd = ''; $passwd_conf = ''; } $passwd_changed = true; if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') { $passwd_changed = false; } if ($passwd_changed && $passwd != $passwd_conf) { // passwords don't match return edituser($uid, 67); } $nameAndEmailOkay = true; if (empty($username)) { $nameAndEmailOkay = false; } elseif (empty($email)) { if (empty($uid)) { $nameAndEmailOkay = false; // new users need an email address } else { if (empty($service)) { $nameAndEmailOkay = false; // not a remote user - needs email } } } if ($nameAndEmailOkay) { if (!empty($email) && !COM_isEmail($email)) { return edituser($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { if (!empty($service)) { $uservice = DB_escapeString($service); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return edituser($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return edituser($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return edituser($uid, $ret['number']); } } if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = SEC_generateRandomPassword(); } $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage); if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } } else { $fullname = DB_escapeString($fullname); $homepage = DB_escapeString($homepage); $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}"); if (!empty($curphoto) && $delete_photo == 'on') { USER_deletePhoto($curphoto); $curphoto = ''; } if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); return $retval; } $curphoto = $newphoto; } } $curphoto = DB_escapeString($curphoto); DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}"); if ($passwd_changed && !empty($passwd)) { SEC_updateUserPassword($passwd, $uid); } if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; } // check that the user is allowed to change group assignments if (is_array($groups) && SEC_hasRights('group.assign')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } if ($userChanged) { PLG_userInfoChanged($uid); } $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php'); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); echo $retval; exit; } } else { $retval .= COM_showMessageText($LANG28[10]); if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= edituser($uid); } else { $retval .= edituser(); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1])); COM_output($retval); exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving saveusers*****************", 1); } return $retval; }
/** * Puts the datastructures for this plugin into the Geeklog database * */ function plugin_install_gus() { global $pi_version, $gl_version, $pi_url, $_FEATURE, $_TABLES, $_CONF, $LANG_GUS00, $LANG_GUS_wo, $_GUS_VARS; COM_errorLog('Installing the GUS plugin', 1); // DB_setdebug( true ); // Create the Plugin Tables GUS_createDatabaseStructures(); // Create the plugin admin security group $group_id = DB_getItem($_TABLES['groups'], 'grp_id ', "grp_name = 'GUS Admin'"); if ($group_id == '') { COM_errorLog('Creating GUS admin group', 1); DB_query("INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr)\n\t\t\t\t\tVALUES ('GUS Admin', 'Users in this group can administer the GUS plugin')", 1); if (DB_error()) { return FALSE; } $result = DB_query("SELECT LAST_INSERT_ID() AS group_id"); if (DB_error()) { return FALSE; } $row = DB_fetchArray($result, FALSE); $group_id = $row['group_id']; } else { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core = 0 WHERE grp_id = {$group_id}", 1); } COM_errorLog(" GUS group ID is {$group_id}", 1); // Save the group id for later uninstall COM_errorLog('Saving group_id to vars table for use during uninstall', 1); $sql = "INSERT INTO {$_TABLES['vars']} VALUES ('gus_group_id', {$group_id})"; // ON DUPLICATE KEY UPDATE only exists on MySQL >= 4.1 // See: http://dev.mysql.com/doc/mysql/en/insert.html if ($_GUS_VARS['sql_version']['major'] >= 4 && $_GUS_VARS['sql_version']['minor'] >= 1) { $sql .= " ON DUPLICATE KEY UPDATE value={$group_id} "; } DB_query($sql, 1); if (DB_error()) { return FALSE; } // Add plugin Features foreach ($_FEATURE as $feature => $desc) { $feat_id = DB_getItem($_TABLES['features'], 'ft_id ', "ft_name = '{$feature}'"); if ($feat_id == '') { COM_errorLog("Adding {$feature} feature", 1); DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) \n\t\t\t\t\t\tVALUES ('{$feature}','{$desc}')", 1); if (DB_error()) { COM_errorLog("Failure adding {$feature} feature", 1); return FALSE; } $result = DB_query("SELECT LAST_INSERT_ID() AS feat_id "); if (DB_error()) { return FALSE; } $row = DB_fetchArray($result, FALSE); $feat_id = $row['feat_id']; } else { DB_query("UPDATE {$_TABLES['features']} SET ft_gl_core = 0 WHERE ft_id = {$feat_id}", 1); } COM_errorLog("Feature '{$feature}' has ID {$feat_id}", 1); COM_errorLog("Adding {$feature} feature to admin group", 1); DB_query("INSERT IGNORE INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id)\n\t\t\tVALUES ({$feat_id}, {$group_id})"); // In case the previous INSERT was IGNORED, we update the group id for the feature DB_query("UPDATE {$_TABLES['access']} SET acc_grp_id = {$group_id} WHERE acc_ft_id = {$feat_id}", 1); if (DB_error()) { COM_errorLog("Failure adding {$feature} feature to admin group", 1); return FALSE; } } // add the block /* COM_errorLog('Adding Who\'s Online block', 1); $block_id = DB_getItem($_TABLES['blocks'], 'bid ', "phpblockfn = 'phpblock_gusstats'"); if ($block_id == '') { $block_title = addslashes($LANG_GUS_wo['title']); $sql = "INSERT INTO {$_TABLES['blocks']} ( is_enabled, name, type, title, blockorder, onleft, phpblockfn, group_id, owner_id ) VALUES( 1, 'gus_block', 'phpblock', '{$block_title}', 10, 0, 'phpblock_gusstats', {$group_id}, 2 ) "; DB_query($sql, 1); if (DB_error()) { return FALSE; } } else { DB_query("UPDATE {$_TABLES['blocks']} SET group_id = {$group_id} WHERE bid = {$block_id} LIMIT 1", 1); } */ // OK, now give Root users access to this plugin now! NOTE: Root group should always be 1 COM_errorLog("Giving all users in Root group access to GUS admin group", 1); DB_query("INSERT IGNORE INTO {$_TABLES['group_assignments']} VALUES ({$group_id}, NULL, 1)"); if (DB_error()) { return FALSE; } // Register the plugin with Geeklog COM_errorLog("Registering GUS plugin with Geeklog", 1); DB_query("DELETE FROM {$_TABLES['plugins']} WHERE pi_name = 'gus'"); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled)\n\t\t\t\tVALUES ('gus', '{$pi_version}', '{$gl_version}', '{$pi_url}', 1)"); if (DB_error()) { return FALSE; } COM_errorLog("Succesfully installed the GUS Plugin!", 1); return TRUE; }
/** * Check to see if we can authenticate this user with a remote server * A user has not managed to login localy, but has an @ in their user * name and we have enabled distributed authentication. Firstly, try to * see if we have cached the module that we used to authenticate them * when they signed up (i.e. they've actualy changed their password * elsewhere and we need to synch.) If not, then try to authenticate * them with /every/ authentication module. If this suceeds, create * a user for them. * * @param string $loginname Their username * @param string $passwd The password entered * @param string $service The service portion of $username * @param string $uid OUTPUT parameter, pass it by ref to get uid back. * @return int user status, -1 for fail. */ function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid) { global $_CONF, $_TABLES; /* First try a local cached login */ $remoteusername = DB_escapeString($loginname); $remoteservice = DB_escapeString($service); $result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='******' AND remoteservice='{$remoteservice}'"); $tmp = DB_error(); $nrows = DB_numRows($result); if ($tmp == 0 && $nrows == 1) { $U = DB_fetchArray($result); $uid = $U['uid']; $mypass = $U['passwd']; // also used to see if the user existed later. if ($mypass == SEC_encryptPassword($passwd)) { /* Valid password for cached user, return status */ return $U['status']; } } $service = COM_sanitizeFilename($service); $servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service . '.auth.class.php'; if (file_exists($servicefile)) { require_once $servicefile; $authmodule = new $service(); if ($authmodule->authenticate($loginname, $passwd)) { /* check to see if they have logged in before: */ if (empty($mypass)) { // no such user, create them // Check to see if their remoteusername is unique locally $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'"); if (!empty($checkName)) { // no, call custom function. if (function_exists('CUSTOM_uniqueRemoteUsername')) { $loginname = CUSTOM_uniqueRemoteUsername($loginname, $service); } } USER_createAccount($loginname, $authmodule->email, $passwd, $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice); $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$remoteservice}'"); // Store full remote account name: DB_query("UPDATE {$_TABLES['users']} SET remoteusername='******', remoteservice='{$remoteservice}', status=3 WHERE uid='{$uid}'"); // Add to remote users: $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$remote_grp}, {$uid})"); return 3; // Remote auth precludes usersubmission, // and integrates user activation, see? } else { // user existed, update local password: DB_change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername', 'remoteservice'), array($remoteusername, $remoteservice)); // and return their status return DB_getItem($_TABLES['users'], 'status', "remoteusername='******' AND remoteservice='{$remoteservice}'"); } } else { return -1; } } else { return -1; } }
/** * Save a route into database * * @param int $rid * @param int $method * @param string $rule * @param string $route * @param int $priority * @return string */ function saveRoute($rid, $method, $rule, $route, $priority) { global $_CONF, $_TABLES, $MESSAGE, $LANG_ROUTER; $messageText = ''; $rid = intval($rid, 10); $method = intval($method, 10); $rule = trim($rule); $route = trim($route); $priority = intval($priority, 10); if ($method < Router::HTTP_REQUEST_GET || $method > Router::HTTP_REQUEST_HEAD) { $messageText = $LANG_ROUTER[12]; } elseif ($rule === '') { $messageText = $LANG_ROUTER[13]; } elseif ($route === '') { $messageText = $LANG_ROUTER[14]; } elseif (substr_count($rule, '@') !== substr_count($route, '@')) { $messageText = $LANG_ROUTER[15]; } // If a rule doesn't begin with a slash, then add one silently if (strpos($rule, '/') !== 0) { $rule = '/' . $rule; } // If a rule starts with "/index.php", then remove it silently if (stripos($rule, '/index.php') === 0) { $rule = preg_replace('|^/index\\.php|i', '', $rule); } // If a route doesn't begin with a slash, then add one silently if (strpos($route, '/') !== 0) { $route = '/' . $route; } // If a route starts with "/index.php/", then make it an error to prevent the script // from going an infinite loop if (stripos($route, '/index.php/') === 0) { $messageText = $LANG_ROUTER[16]; } // Replace & with & $rule = str_ireplace('&', '&', $rule); $route = str_ireplace('&', '&', $route); // Check if placeholders are the same $numPlaceHoldersInRule = preg_match_all(Router::PLACEHOLDER_MATCH, $rule, $matchesRule, PREG_SET_ORDER); $numPlaceHoldersInRoute = preg_match_all(Router::PLACEHOLDER_MATCH, $route, $matchesRoute, PREG_SET_ORDER); if ($numPlaceHoldersInRule === $numPlaceHoldersInRoute) { if ($numPlaceHoldersInRule > 0) { array_shift($matchesRule); array_shift($matchesRoute); foreach ($matchesRule as $r) { if (!in_array($r, $matchesRoute)) { $messageText = $LANG_ROUTER[15]; break; } } } } else { $messageText = $LANG_ROUTER[15]; } // If priority is out of range, then fix it silently if ($priority < 1 || $priority > 65535) { $priority = Router::DEFAULT_PRIORITY; } if ($messageText !== '') { $content = COM_showMessageText($messageText, $MESSAGE[122]) . getRouteEditor($rid); $retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122])); return $retval; } // Save data into database $rid = DB_escapeString($rid); $method = DB_escapeString($method); $rule = DB_escapeString($rule); $route = DB_escapeString($route); $priority = DB_escapeString($priority); $count = intval(DB_count($_TABLES['routes'], 'rid', $rid), 10); if ($count === 0) { $sql = "INSERT INTO {$_TABLES['routes']} (rid, method, rule, route, priority) " . "VALUES (NULL, {$method}, '{$rule}', '{$route}', {$priority})"; } else { $sql = "UPDATE {$_TABLES['routes']} " . "SET method = {$method}, rule = '{$rule}', route = '{$route}', priority = {$priority} " . "WHERE rid = {$rid} "; } for ($i = 0; $i < 5; $i++) { DB_query($sql); if (!DB_error()) { reorderRoutes(); return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=121'); } // Retry } $content = COM_showMessageText($LANG_ROUTER[17], DB_error()) . getRouteEditor($rid); $retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122])); return $retval; }
function setAcknowledgedModified($startStamp, $endStamp, $uid) { $sql = "UPDATE {$this->fulltablename} SET ack_modified=1 WHERE uid={$uid} AND (datestamp>={$startStamp} OR datestamp>=({$startStamp}-3600)) AND (datestamp<={$endStamp} OR datestamp<=({$endStamp}+3600) )"; DB_query($sql); if (DB_error()) { return false; } else { return true; } }
/** * Returns an array of ( * 'id' => $id (string), * 'title' => $title (string), * 'uri' => $uri (string), * 'date' => $date (int: Unix timestamp), * 'image_uri' => $image_uri (string) * ) */ public function getItemsByDate($category = '', $all_langs = FALSE) { global $_CONF, $_TABLES; $entries = array(); if (empty(Dataproxy::$startDate) or empty(Dataproxy::$endDate)) { return $entries; } $sql_date = "AND (UNIX_TIMESTAMP(date) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') "; if (Dataproxy::$isGL150) { if (Dataproxy::$isGL170) { $sql = "SELECT pid, topic, UNIX_TIMESTAMP(modified) AS day " . " FROM {$_TABLES['polltopics']} " . "WHERE (UNIX_TIMESTAMP(modified) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') "; } else { $sql = "SELECT pid, topic, UNIX_TIMESTAMP(date) AS day " . " FROM {$_TABLES['polltopics']} " . "WHERE (1 = 1) " . $sql_date; } if (!Dataproxy::isRoot()) { $sql .= COM_getPermSQL('AND', Dataproxy::uid()); } $sql .= " ORDER BY pid"; $result = DB_query($sql); if (DB_error()) { return $entries; } while (($A = DB_fetchArray($result, FALSE)) !== FALSE) { $entry = array(); $entry['id'] = $A['pid']; $entry['title'] = stripslashes($A['topic']); $entry['uri'] = $_CONF['site_url'] . '/polls/index.php?pid=' . urlencode($entry['id']); $entry['date'] = $A['day']; $entry['image_uri'] = FALSE; $entries[] = $entry; } } else { $sql = "SELECT qid, question, UNIX_TIMESTAMP(date) AS day " . "FROM {$_TABLES['pollquestions']} " . "WHERE (1 = 1) " . $sql_date; if (!Dataproxy::isRoot()) { $sql .= COM_getPermSQL('AND', Dataproxy::uid()); } $sql .= " ORDER BY qid"; $result = DB_query($sql); if (DB_error()) { return $entries; } while (($A = DB_fetchArray($result, FALSE)) !== FALSE) { $entry = array(); $entry['id'] = $A['qid']; $entry['title'] = stripslashes($A['question']); $entry['uri'] = $_CONF['site_url'] . '/polls/index.php?qid=' . urlencode($entry['id']) . '&aid=-1'; $entry['date'] = $A['day']; $entry['image_uri'] = FALSE; $entries[] = $entry; } } return $entries; }
/** * Returns an array of ( * 'id' => $id (string), * 'title' => $title (string), * 'uri' => $uri (string), * 'date' => $date (int: Unix timestamp), * 'image_uri' => $image_uri (string) * ) */ public function getItemsByDate($tid = '', $all_langs = FALSE) { global $_CONF, $_TABLES; $entries = array(); if (empty(Dataproxy::$startDate) or empty(Dataproxy::$endDate)) { return $entries; } $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) AS day " . " FROM {$_TABLES['stories']} " . "WHERE (draft_flag = 0) AND (date <= NOW()) " . " AND (UNIX_TIMESTAMP(date) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') "; if (!empty($tid)) { $sql .= "AND (tid = '" . addslashes($tid) . "') "; } if (!Dataproxy::isRoot()) { $sql .= COM_getTopicSql('AND', Dataproxy::uid()) . COM_getPermSql('AND', Dataproxy::uid()); if (function_exists('COM_getLangSQL') and $all_langs === FALSE) { $sql .= COM_getLangSQL('sid', 'AND'); } } $result = DB_query($sql); if (DB_error()) { return $entries; } while (($A = DB_fetchArray($result, FALSE)) !== FALSE) { $entry = array(); $entry['id'] = stripslashes($A['sid']); $entry['title'] = stripslashes($A['title']); $entry['uri'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . stripslashes($A['sid'])); $entry['date'] = $A['day']; $entry['imageurl'] = FALSE; $entries[] = $entry; } return $entries; }
/** * Perform database upgrades * * @param string $currentGlVersion Current Geeklog version * @return bool True if successful */ private function doDatabaseUpgrades($currentGlVersion) { global $_TABLES, $_CONF, $_SP_CONF, $_DB, $_DB_dbms, $_DB_table_prefix; $_DB->setDisplayError(true); // Because the upgrade sql syntax can vary from dbms-to-dbms we are // leaving that up to each Geeklog database driver $done = false; $progress = ''; $_SQL = array(); while (!$done) { switch ($currentGlVersion) { case '1.2.5-1': // Get DMBS-specific update sql require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.2.5-1_to_1.3.php'; $this->updateDB($_SQL, $progress); // OK, now we need to add all users except anonymous to the All Users group and Logged in users group // I can hard-code these group numbers because the group table was JUST created with these numbers $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE uid <> 1"); $numRows = DB_numRows($result); for ($i = 1; $i <= $numRows; $i++) { $U = DB_fetchArray($result); DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (2, {$U['uid']}, NULL)"); DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (13, {$U['uid']}, NULL)"); } // Now take care of any orphans off the user table...and let me curse MySQL lack for supporting foreign // keys at this time ;-) $result = DB_query("SELECT MAX(uid) FROM {$_TABLES['users']}"); $ITEM = DB_fetchArray($result); $max_uid = $ITEM[0]; if (!empty($max_uid) && $max_uid != 0) { DB_query("DELETE FROM {$_TABLES['userindex']} WHERE uid > {$max_uid}"); DB_query("DELETE FROM {$_TABLES['userinfo']} WHERE uid > {$max_uid}"); DB_query("DELETE FROM {$_TABLES['userprefs']} WHERE uid > {$max_uid}"); DB_query("DELETE FROM {$_TABLES['usercomment']} WHERE uid > {$max_uid}"); } $currentGlVersion = '1.3'; $_SQL = array(); break; case '1.3': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3_to_1.3.1.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.1'; $_SQL = array(); break; case '1.3.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.1_to_1.3.2.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.2-1'; $_SQL = array(); break; case '1.3.2': case '1.3.2-1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.2-1_to_1.3.3.php'; $this->updateDB($_SQL, $progress); // Now we need to switch how user blocks are stored. Right now we only store the blocks the // user wants. This will switch it to store the ones they don't want which allows us to add // new blocks and ensure they are shown to the user. $result = DB_query("SELECT {$_TABLES['users']}.uid,boxes FROM {$_TABLES['users']},{$_TABLES['userindex']} WHERE boxes IS NOT NULL AND boxes <> '' AND {$_TABLES['users']}.uid = {$_TABLES['userindex']}.uid"); $numRows = DB_numRows($result); for ($i = 1; $i <= $numRows; $i++) { $row = DB_fetchArray($result); $uBlocks = str_replace(' ', ',', $row['boxes']); $result2 = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$uBlocks})"); $newBlocks = ''; for ($x = 1; $x <= DB_numRows($result2); $x++) { $currentBlock = DB_fetchArray($result2); if ($currentBlock['name'] !== 'user_block' && $currentBlock['name'] !== 'admin_block' && $currentBlock['name'] !== 'section_block') { $newBlocks .= $currentBlock['bid']; if ($x != DB_numRows($result2)) { $newBlocks .= ' '; } } } DB_query("UPDATE {$_TABLES['userindex']} SET boxes = '{$newBlocks}' WHERE uid = {$row['uid']}"); } $currentGlVersion = '1.3.3'; $_SQL = array(); break; case '1.3.3': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.3_to_1.3.4.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.4'; $_SQL = array(); break; case '1.3.4': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.4_to_1.3.5.php'; $this->updateDB($_SQL, $progress); $result = DB_query("SELECT ft_id FROM {$_TABLES['features']} WHERE ft_name = 'user.mail'"); $row = DB_fetchArray($result); $mail_ft = $row['ft_id']; $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = 'Mail Admin'"); $row = DB_fetchArray($result); $group_id = $row['grp_id']; DB_query("INSERT INTO {$_TABLES['access']} (acc_grp_id, acc_ft_id) VALUES ({$group_id}, {$mail_ft})"); $currentGlVersion = '1.3.5'; $_SQL = array(); break; case '1.3.5': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.5_to_1.3.6.php'; $this->updateDB($_SQL, $progress); if (!empty($_DB_table_prefix)) { DB_query("RENAME TABLE staticpage TO {$_TABLES['staticpage']}"); } $currentGlVersion = '1.3.6'; $_SQL = array(); break; case '1.3.6': // fix wrong permissions value DB_query("UPDATE {$_TABLES['topics']} SET perm_anon = 2 WHERE perm_anon = 3"); // check for existence of 'date' field in gl_links table DB_query("SELECT date FROM {$_TABLES['links']}", 1); if (strpos(DB_error(), 'date') > 0) { DB_query("ALTER TABLE {$_TABLES['links']} ADD date datetime default NULL"); } // Fix primary key so that more than one user can add an event // to his/her personal calendar. DB_query("ALTER TABLE {$_TABLES['personal_events']} DROP PRIMARY KEY, ADD PRIMARY KEY (eid,uid)"); $currentGlVersion = '1.3.7'; $_SQL = array(); break; case '1.3.7': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.7_to_1.3.8.php'; $this->updateDB($_SQL, $progress); // upgrade Static Pages plugin $spVersion = $this->getStaticPagesVersion(); if ($spVersion == 1) { // original version DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "ADD COLUMN group_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN owner_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN perm_owner tinyint(1) unsigned DEFAULT '3'," . "ADD COLUMN perm_group tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_members tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_anon tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN sp_php tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'"); DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) VALUES ('staticpages.PHP','Ability to use PHP in static pages')"); $php_id = DB_insertId(); $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'"); DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$php_id}, {$group_id})"); } elseif ($spVersion == 2) { // extended version by Phill or Tom DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "DROP COLUMN sp_pos," . "DROP COLUMN sp_search_keywords," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'"); } if ($spVersion > 0) { // update plugin version number DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.3', pi_gl_version = '1.3.8' WHERE pi_name = 'staticpages'"); // remove Static Pages 'lock' flag DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'staticpages'"); // remove Static Pages Admin group id DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'sp_group_id'"); if ($spVersion == 1) { $result = DB_query("SELECT DISTINCT sp_uid FROM {$_TABLES['staticpage']}"); $authors = DB_numRows($result); for ($i = 0; $i < $authors; $i++) { $A = DB_fetchArray($result); DB_query("UPDATE {$_TABLES['staticpage']} SET owner_id = '{$A['sp_uid']}' WHERE sp_uid = '{$A['sp_uid']}'"); } } $result = DB_query("SELECT sp_label FROM {$_TABLES['staticpage']} WHERE sp_title = 'Frontpage'"); if (DB_numRows($result) > 0) { $A = DB_fetchArray($result); if ($A['sp_label'] == 'nonews') { DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_where = 0 WHERE sp_title = 'Frontpage'"); } elseif (!empty($A['sp_label'])) { DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_title = '{$A['sp_label']}' WHERE sp_title = 'Frontpage'"); } else { DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1 WHERE sp_title = 'Frontpage'"); } } } $currentGlVersion = '1.3.8'; $_SQL = array(); break; case '1.3.8': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.8_to_1.3.9.php'; $this->updateDB($_SQL, $progress); $pos = strrpos($_CONF['rdf_file'], '/'); $filename = substr($_CONF['rdf_file'], $pos + 1); $siteName = DB_escapeString($_CONF['site_name']); $siteSlogan = DB_escapeString($_CONF['site_slogan']); DB_query("INSERT INTO {$_TABLES['syndication']} (title, description, limits, content_length, filename, charset, language, is_enabled, updated, update_info) VALUES ('{$siteName}', '{$siteSlogan}', '{$_CONF['rdf_limit']}', {$_CONF['rdf_storytext']}, '{$filename}', '{$_CONF['default_charset']}', '{$_CONF['rdf_language']}', {$_CONF['backend']}, CURRENT_TIMESTAMP, NULL)"); // upgrade static pages plugin $spVersion = $this->getStaticPagesVersion(); if ($spVersion > 0) { if ($spVersion < 4) { if (!isset($_SP_CONF['in_block'])) { $_SP_CONF['in_block'] = 1; } elseif ($_SP_CONF['in_block'] > 1) { $_SP_CONF['in_block'] = 1; } elseif ($_SP_CONF['in_block'] < 0) { $_SP_CONF['in_block'] = 0; } DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD COLUMN sp_inblock tinyint(1) unsigned DEFAULT '{$_SP_CONF['in_block']}'"); } DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4', pi_gl_version = '1.3.9' WHERE pi_name = 'staticpages'"); } // recreate 'date' field for old links $result = DB_query("SELECT lid FROM {$_TABLES['links']} WHERE date IS NULL"); $num = DB_numRows($result); if ($num > 0) { for ($i = 0; $i < $num; $i++) { $A = DB_fetchArray($result); $myYear = substr($A['lid'], 0, 4); $myMonth = substr($A['lid'], 4, 2); $myDay = substr($A['lid'], 6, 2); $myHour = substr($A['lid'], 8, 2); $myMin = substr($A['lid'], 10, 2); $mySec = substr($A['lid'], 12, 2); $mTime = mktime($myHour, $myMin, $mySec, $myMonth, $myDay, $myYear); $date = date('Y-m-d H:i:s', $mTime); DB_query("UPDATE {$_TABLES['links']} SET date = '{$date}' WHERE lid = '{$A['lid']}'"); } } // remove unused entries left over from deleted groups $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']}"); $num = DB_numRows($result); $groups = array(); for ($i = 0; $i < $num; $i++) { $A = DB_fetchArray($result); $groups[] = $A['grp_id']; } $groupList = '(' . implode(',', $groups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_main_grp_id NOT IN {$groupList}) OR (ug_grp_id NOT IN {$groupList})"); $currentGlVersion = '1.3.9'; $_SQL = array(); break; case '1.3.9': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.9_to_1.3.10.php'; $this->updateDB($_SQL, $progress); commentsToPreorderTree(); $result = DB_query("SELECT sid,introtext,bodytext FROM {$_TABLES['stories']}"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); $related = DB_escapeString(implode("\n", UPDATE_extractLinks($A['introtext'] . ' ' . $A['bodytext']))); if (empty($related)) { DB_query("UPDATE {$_TABLES['stories']} SET related = NULL WHERE sid = '{$A['sid']}'"); } else { DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'"); } } $spVersion = $this->getStaticPagesVersion(); if ($spVersion > 0) { // no database changes this time, but set new version number DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.1', pi_gl_version = '1.3.10' WHERE pi_name = 'staticpages'"); } // install SpamX plugin // (also handles updates from version 1.0) install_spamx_plugin(); $currentGlVersion = '1.3.10'; $_SQL = array(); break; case '1.3.10': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.10_to_1.3.11.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.11'; $_SQL = array(); break; case '1.3.11': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.11_to_1.4.0.php'; $this->updateDB($_SQL, $progress); upgrade_addFeature(); upgrade_uniqueGroupNames(); $currentGlVersion = '1.4.0'; $_SQL = array(); break; case '1.4.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.0_to_1.4.1.php'; $this->updateDB($_SQL, $progress); upgrade_addSyndicationFeature(); upgrade_ensureLastScheduledRunFlag(); upgrade_plugins_141(); $currentGlVersion = '1.4.1'; $_SQL = array(); break; case '1.4.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.1_to_1.5.0.php'; $this->updateDB($_SQL, $progress); upgrade_addWebservicesFeature(); create_ConfValues(); require_once $_CONF['path_system'] . 'classes/config.class.php'; $config = config::get_instance(); if (file_exists($_CONF['path'] . 'config.php')) { // Read the values from config.php and use them to populate conf_values $tempPath = $_CONF['path']; // We'll need this to remember what the correct path is. // Including config.php will overwrite all our $_CONF values. require $tempPath . 'config.php'; // Load some important values from config.php into conf_values foreach ($_CONF as $key => $val) { $config->set($key, $val); } if (!$this->setDefaultCharset($this->env['siteconfig_path'], $_CONF['default_charset'])) { exit($this->LANG['INSTALL'][26] . ' ' . $this->env['siteconfig_path'] . $this->LANG['INSTALL'][58]); } require $this->env['siteconfig_path']; require $this->env['dbconfig_path']; } // Update the GL configuration with the correct paths. $config->set('path_html', $this->env['html_path']); $config->set('path_log', $_CONF['path'] . 'logs/'); $config->set('path_language', $_CONF['path'] . 'language/'); $config->set('backup_path', $_CONF['path'] . 'backups/'); $config->set('path_data', $_CONF['path'] . 'data/'); $config->set('path_images', $this->env['html_path'] . 'images/'); $config->set('path_themes', $this->env['html_path'] . 'layout/'); $config->set('path_editors', $this->env['html_path'] . 'editors/'); $config->set('rdf_file', $this->env['html_path'] . 'backend/geeklog.rss'); $config->set('path_pear', $_CONF['path_system'] . 'pear/'); // core plugin updates are done in the plugins themselves $currentGlVersion = '1.5.0'; $_SQL = array(); break; case '1.5.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.0_to_1.5.1.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.5.1'; $_SQL = array(); break; case '1.5.1': // there were no core database changes in 1.5.2 $currentGlVersion = '1.5.2'; $_SQL = array(); break; case '1.5.2': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.2_to_1.6.0.php'; $this->updateDB($_SQL, $progress); update_ConfValues(); upgrade_addNewPermissions(); upgrade_addIsoFormat(); $this->fixOptionalConfig(); $currentGlVersion = '1.6.0'; $_SQL = array(); break; case '1.6.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.0_to_1.6.1.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor161(); $currentGlVersion = '1.6.1'; $_SQL = array(); break; case '1.6.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.1_to_1.7.0.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor170(); $currentGlVersion = '1.7.0'; $_SQL = array(); break; case '1.7.0': $currentGlVersion = '1.7.2'; // skip ahead $_SQL = array(); break; case '1.7.1': // there were no database changes in 1.7.1 // there were no database changes in 1.7.1 case '1.7.2': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.7.2_to_1.8.0.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor180(); update_ConfigSecurityFor180(); update_UsersFor180(); $currentGlVersion = '1.8.0'; $_SQL = array(); break; case '1.8.0': case '1.8.1': case '1.8.2': // there were no database changes in 1.8.x require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.8.2_to_2.0.0.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor200(); update_BlockTopicAssignmentsFor200(); update_StoryTopicAssignmentsFor200(); $currentGlVersion = '2.0.0'; $_SQL = array(); break; case '2.0.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.0.0_to_2.1.0.php'; $this->updateDB($_SQL, $progress); update_addFilemanager(); update_ConfValuesFor210(); $currentGlVersion = '2.1.0'; $_SQL = array(); break; case '2.1.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.1.1_to_2.1.2.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor212(); $currentGlVersion = '2.1.2'; $_SQL = array(); break; default: $done = true; } } $this->setVersion($this->env['siteconfig_path']); // delete the security check flag on every update to force the user // to run admin/sectest.php again DB_delete($_TABLES['vars'], 'name', 'security_check'); return true; }
if ($users > 0) { $sqltmp .= " AND m.media_user_id=" . $users; } $sqltmp = DB_escapeString($sqltmp); $sort_id = COM_makesid(); if (COM_isAnonUser()) { $sort_user = 1; } else { $sort_user = $_USER['uid']; } $sort_datetime = time(); $referer = DB_escapeString($referer); $keywords = DB_escapeString($keywords); $sql = "INSERT INTO {$_TABLES['mg_sort']} (sort_id,sort_user,sort_query,sort_results,sort_datetime,referer,keywords)\n VALUES ('{$sort_id}',{$sort_user},'{$sqltmp}',{$numresults},{$sort_datetime},'{$referer}','{$keywords}')"; $result = DB_query($sql); if (DB_error()) { COM_errorLog("Media Gallery: Error placing sort query into database"); } $sort_purge = time() - 3660; // 43200; DB_query("DELETE FROM {$_TABLES['mg_sort']} WHERE sort_datetime < " . $sort_purge); $pageBody .= MG_search($sort_id, 1); } elseif ($mode == $LANG_MG01['cancel']) { echo COM_refresh($_MG_CONF['site_url'] . '/index.php'); exit; } elseif (isset($_GET['id'])) { $id = COM_applyFilter($_GET['id']); $page = COM_applyFilter($_GET['page'], true); if ($page < 1) { $page = 1; }