Пример #1
0
 /**
  * Here we do the work
  */
 function execute($comment)
 {
     global $_CONF, $_USER, $_TABLES, $LANG_SX00;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     /**
      * Include Blacklist Data
      */
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'MTBlacklist'", 1);
     $nrows = DB_numRows($result);
     // named entities
     $comment = html_entity_decode($comment);
     // decimal notation
     $comment = preg_replace('/&#(\\d+);/me', "chr(\\1)", $comment);
     // hex notation
     $comment = preg_replace('/&#x([a-f0-9]+);/mei', "chr(0x\\1)", $comment);
     $ans = 0;
     // Found Flag
     for ($i = 1; $i <= $nrows; $i++) {
         list($val) = DB_fetchArray($result);
         if (@preg_match("#{$val}#i", $comment)) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['fsc'] . $val . $LANG_SX00['fsc1'] . $uid . $LANG_SX00['fsc2'] . $_SERVER['REMOTE_ADDR']);
             break;
         }
     }
     return $ans;
 }
Пример #2
0
 /**
  * Here we do the work
  *
  * @param  string $comment
  * @return int
  */
 public function execute($comment)
 {
     global $_TABLES, $_USER, $LANG_SX00, $LANG28;
     $uid = COM_isAnonUser() ? 1 : $_USER['uid'];
     // Get homepage URLs of all banned users
     $result = DB_query("SELECT DISTINCT homepage FROM {$_TABLES['users']} WHERE status = 0 AND homepage IS NOT NULL AND homepage <> ''");
     $numRows = DB_numRows($result);
     // named entities
     $comment = html_entity_decode($comment);
     // decimal notation
     $comment = preg_replace_callback('/&#(\\d+);/m', array($this, 'callbackDecimal'), $comment);
     // hex notation
     $comment = preg_replace_callback('/&#x([a-f0-9]+);/mi', array($this, 'callbackHex'), $comment);
     $ans = 0;
     for ($i = 0; $i < $numRows; $i++) {
         list($val) = DB_fetchArray($result);
         $val = str_replace('#', '\\#', $val);
         if (preg_match("#{$val}#i", $comment)) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['foundspam'] . $val . ' (' . $LANG28[42] . ')' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
             break;
         }
     }
     $this->result = $ans;
     return $ans;
 }
Пример #3
0
function draw_user_information($error)
{
    global $_USER, $_CONF, $LANG_ECOM;
    $res = get_user_row($_USER['uid']);
    #If it's users first time to enter there information will have to add them to database.
    if (DB_numRows($res) <= 0) {
        add_user_row($_USER['uid']);
        #Create the row to hold ecom_userinfo
        $res = get_user_row($_USER['uid']);
    }
    $user_info = DB_fetchArray($res);
    #load template for editing user
    $T = new Template($_CONF['path'] . 'plugins/ecommerce/templates');
    $T->set_file('text', 'user_info.thtml');
    $T->set_var('site_url', $PHP_SELF);
    $T->set_var('error', $error);
    $T->set_var('full_name', $user_info['fullname']);
    $T->set_var('email', $user_info['email']);
    $T->set_var('phone_number', $user_info['ecom_phone_number']);
    $T->set_var('dob_month', $user_info['ecom_dob_month']);
    $T->set_var('dob_day', $user_info['ecom_dob_day']);
    $T->set_var('dob_year', $user_info['ecom_dob_year']);
    $T->set_var('driver_license_number', $user_info['ecom_drivers_license_number']);
    $T->set_var('driver_license_state', $user_info['ecom_drivers_license_state']);
    $T->set_var('msg_1', $LANG_ECOM[1]);
    $T->set_var('msg_12', $LANG_ECOM[12]);
    $T->set_var('msg_146', $LANG_ECOM[146]);
    $T->set_var('msg_147', $LANG_ECOM[147]);
    $T->set_var('msg_148', $LANG_ECOM[148]);
    $T->set_var('msg_149', $LANG_ECOM[149]);
    $T->set_var('msg_150', $LANG_ECOM[150]);
    echo $T->parse('output', 'text');
}
Пример #4
0
function MG_selectUsers($page)
{
    global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01;
    $retval = '';
    $T = new Template($_MG_CONF['template_path'] . '/admin');
    $T->set_file('admin', 'createmembers.thtml');
    $T->set_var('site_url', $_CONF['site_url']);
    $T->set_var('site_admin_url', $_CONF['site_admin_url']);
    $T->set_block('admin', 'UserRow', 'uRow');
    $rowcounter = 0;
    $start = $page * 50;
    $end = 50;
    $tres = DB_query("SELECT COUNT(gl.uid) AS count FROM {$_TABLES['users']} AS gl LEFT JOIN {$_TABLES['mg_userprefs']} AS mg ON gl.uid=mg.uid WHERE gl.status = 3 AND gl.uid > 2 AND (mg.member_gallery IS NULL OR mg.member_gallery < 1)");
    $trow = DB_fetchArray($tres);
    $total_records = $trow['count'];
    $sql = "SELECT gl.uid,  gl.status, gl.username, gl.fullname, mg.member_gallery FROM {$_TABLES['users']} AS gl LEFT JOIN {$_TABLES['mg_userprefs']} AS mg ON gl.uid=mg.uid WHERE gl.status = 3 AND gl.uid > 2 AND (mg.member_gallery IS NULL OR mg.member_gallery < 1) ORDER BY gl.username ASC LIMIT {$start},{$end}";
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    for ($x = 0; $x < $nRows; $x++) {
        $row = DB_fetchArray($result);
        $uid = $row['uid'];
        $remote = SEC_inGroup("Remote Users", $uid) ? '(r)' : '';
        $username = $row['username'];
        $member_gallery = $row['member_gallery'];
        $T->set_var(array('uid' => $uid, 'username' => $username . ' ' . $remote . ' - ' . $row['fullname'], 'select' => '<input type="checkbox" name="user[]" value="' . $uid . '"/>'));
        $T->parse('uRow', 'UserRow', true);
        $rowcounter++;
    }
    $T->set_var(array('lang_userid' => $LANG_MG01['userid'], 'lang_username' => $LANG_MG01['username'], 'lang_select' => $LANG_MG01['select'], 'lang_checkall' => $LANG_MG01['check_all'], 'lang_uncheckall' => $LANG_MG01['uncheck_all'], 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_reset' => $LANG_MG01['reset'], 's_form_action' => $_MG_CONF['admin_url'] . '/createmembers.php', 'pagenav' => COM_printPageNavigation($_MG_CONF['admin_url'] . '/createmembers.php', $page + 1, ceil($total_records / 50))));
    $T->parse('output', 'admin');
    $retval .= $T->finish($T->get_var('output'));
    return $retval;
}
Пример #5
0
 /**
  * Returns array of (
  *   'id'        => $id (string),
  *   'title'     => $title (string),
  *   'uri'       => $uri (string),
  *   'date'      => $date (int: Unix timestamp),
  *   'image_uri' => $image_uri (string),
  *   'raw_data'  => raw data of the item (stripslashed)
  * )
  */
 public function getItemById($id, $all_langs = FALSE)
 {
     global $_CONF, $_TABLES;
     $retval = array();
     $sql = "SELECT * " . "FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '" . addslashes($id) . "') ";
     if ($this->_isSP162) {
         $sql .= "AND (draft_flag = 0) ";
     }
     if (!Dataproxy::isRoot()) {
         $sql .= COM_getPermSql('AND', Dataproxy::uid());
     }
     $result = DB_query($sql);
     if (DB_error()) {
         return $retval;
     }
     if (DB_numRows($result) == 1) {
         $A = DB_fetchArray($result, FALSE);
         $A = array_map('stripslashes', $A);
         $retval['id'] = $id;
         $retval['title'] = $A['sp_title'];
         $retval['uri'] = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . rawurlencode($id));
         $retval['date'] = Dataproxy::$isGL170 ? strtotime($A['modified']) : strtotime($A['sp_date']);
         $retval['image_uri'] = FALSE;
         $retval['raw_data'] = $A;
     }
     return $retval;
 }
Пример #6
0
/**
 * Update array if need be with correct topic.
 *
 * @param    array  $A        Array of articles from db
 * @param    string $tid_list List of child topics of current topic
 */
function fixTopic(&$A, $tid_list)
{
    global $_TABLES, $topic;
    if (!empty($topic)) {
        // This case may happen if a article belongs to the current topic but the default topic for the article is a child  of the current topic.
        $sql = "SELECT t.topic, t.imageurl\n            FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta\n            WHERE t.tid = ta.tid\n            AND ta.type = 'article' AND ta.id = '{$A['sid']}' AND ta.tid = '{$topic}'\n            " . COM_getLangSQL('tid', 'AND', 't') . COM_getPermSQL('AND', 0, 2, 't');
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $B = DB_fetchArray($result);
            $A['topic'] = $B['topic'];
            $A['imageurl'] = $B['imageurl'];
        } else {
            // Does not belong to current topic so check inherited
            // Make sure sort order the same as in TOPIC_getTopic or articles with multiple topics might not display in the right topic when clicked
            $sql = "SELECT t.topic, t.imageurl\n                FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta\n                WHERE t.tid = ta.tid\n                AND ta.type = 'article' AND ta.id = '{$A['sid']}'\n                AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$topic}')))\n                " . COM_getLangSQL('tid', 'AND', 't') . COM_getPermSQL('AND', 0, 2, 't') . "\n                ORDER BY ta.tdefault DESC, ta.tid ASC";
            $result = DB_query($sql);
            $nrows = DB_numRows($result);
            if ($nrows > 0) {
                $B = DB_fetchArray($result);
                $A['topic'] = $B['topic'];
                $A['imageurl'] = $B['imageurl'];
            }
        }
    }
}
Пример #7
0
 function view()
 {
     global $_CONF, $_TABLES;
     $retval = '';
     $sql = "SELECT L.tag_id, L.tag, COUNT(m.tag_id) AS cnt, L.hits " . "FROM {$_TABLES['tag_list']} AS L " . "LEFT JOIN {$_TABLES['tag_map']} AS m " . "ON L.tag_id = m.tag_id " . "GROUP BY m.tag_id " . "ORDER BY cnt DESC, tag";
     $result = DB_query($sql);
     if (DB_error()) {
         return $retval . '<p>' . TAG_str('db_error') . '</p>';
     } else {
         if (DB_numRows($result) == 0) {
             return $retval . '<p>' . TAG_str('no_tag') . '</p>';
         }
     }
     $T = new Template($_CONF['path'] . 'plugins/tag/templates');
     $T->set_file('stats', 'admin_stats.thtml');
     $T->set_var('xhtml', XHTML);
     $T->set_var('this_script', COM_buildURL($_CONF['site_admin_url'] . '/plugins/tag/index.php'));
     $T->set_var('lang_desc_admin_stats', TAG_str('desc_admin_stats'));
     $T->set_var('lang_lbl_tag', TAG_str('lbl_tag'));
     $T->set_var('lang_lbl_count', TAG_str('lbl_count'));
     $T->set_var('lang_lbl_hit_count', TAG_str('lbl_hit_count'));
     $T->set_var('lang_delete_checked', TAG_str('delete_checked'));
     $T->set_var('lang_ban_checked', TAG_str('ban_checked'));
     $sw = 1;
     $body = '';
     while (($A = DB_fetchArray($result)) !== false) {
         $tag_id = $A['tag_id'];
         $body .= '<tr class="pluginRow' . $sw . '">' . '<td><input id="tag' . TAG_escape($tag_id) . '" name="tag_ids[]" ' . 'type="checkbox" value="' . TAG_escape($A['tag_id']) . '"' . XHTML . '><label for="tag' . TAG_escape($tag_id) . '">' . TAG_escape($A['tag']) . '</label></td>' . '<td style="text-align: right;">' . TAG_escape($A['cnt']) . '</td><td style="text-align: right;">' . TAG_escape($A['hits']) . '</td></tr>' . LB;
         $sw = $sw == 1 ? 2 : 1;
     }
     $T->set_var('body', $body);
     $T->parse('output', 'stats');
     $retval = $T->finish($T->get_var('output'));
     return $retval;
 }
Пример #8
0
function MG_displaySessions()
{
    global $_CONF, $_MG_CONF, $_TABLES, $LANG_MG01;
    $retval = '';
    $T = new Template($_MG_CONF['template_path']);
    $T->set_file('sessions', 'sessions.thtml');
    $T->set_var(array('site_url' => $_CONF['site_url'], 'xhtml' => XHTML, 's_form_action' => $_MG_CONF['admin_url'] . 'sessions.php', 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_select' => $LANG_MG01['select'], 'lang_checkall' => $LANG_MG01['check_all'], 'lang_uncheckall' => $LANG_MG01['uncheck_all'], 'lang_session_description' => $LANG_MG01['description'], 'lang_session_owner' => $LANG_MG01['owner'], 'lang_session_count' => $LANG_MG01['count'], 'lang_action' => $LANG_MG01['action']));
    $T->set_block('sessions', 'sessItems', 'sItems');
    $sql = "SELECT * FROM {$_TABLES['mg_sessions']} WHERE session_status=1";
    $result = DB_query($sql);
    $numRows = DB_numRows($result);
    $rowclass = 0;
    if ($numRows == 0) {
        // we have no active sessions
        $T->set_var('lang_no_sessions', $LANG_MG01['no_sessions']);
        $T->set_var('noitems', true);
        $T->set_var('sItems', '');
    } else {
        $totalSess = $numRows;
        $T->set_block('sessions', 'sessRow', 'sRow');
        for ($x = 0; $x < $numRows; $x++) {
            $row = DB_fetchArray($result);
            $res2 = DB_query("SELECT COUNT(id) FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . $row['session_id'] . "' AND status=0");
            list($count) = DB_fetchArray($res2);
            $T->set_var(array('row_class' => $rowclass % 2 ? '2' : '1', 'session_id' => $row['session_id'], 'session_owner' => DB_getItem($_TABLES['users'], 'username', "uid={$row['session_uid']}"), 'session_description' => $row['session_description'], 'session_continue' => $_MG_CONF['site_url'] . '/batch.php?mode=continue&amp;sid=' . $row['session_id'] . '&amp;limit=0', 'count' => $count));
            $T->parse('sRow', 'sessRow', true);
            $rowclass++;
        }
        $T->parse('sItems', 'sessItems');
    }
    $retval .= $T->finish($T->parse('output', 'sessions'));
    return $retval;
}
Пример #9
0
 /**
  * Here we do the work
  */
 public function execute($comment)
 {
     global $_CONF, $_TABLES, $_USER, $LANG_SX00;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     /**
      * Include Blacklist Data
      */
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='Personal'", 1);
     $nrows = DB_numRows($result);
     // named entities
     $comment = html_entity_decode($comment);
     // decimal notation
     $comment = preg_replace_callback('/&#(\\d+);/m', array($this, 'callbackDecimal'), $comment);
     // hex notation
     $comment = preg_replace_callback('/&#x([a-f0-9]+);/mi', array($this, 'callbackHex'), $comment);
     $ans = 0;
     for ($i = 1; $i <= $nrows; $i++) {
         list($val) = DB_fetchArray($result);
         $val = str_replace('#', '\\#', $val);
         if (preg_match("#{$val}#i", $comment)) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['foundspam'] . $val . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
             break;
         }
     }
     return $ans;
 }
Пример #10
0
/**
 * Plugin function to delete a comment
 * $cid    Comment to be deleted
 * $id     Item id to which $cid belongs
 *
 */
function _mg_deletecomment($cid, $id)
{
    global $_CONF, $_MG_CONF, $_TABLES, $MG_albums;
    // find the album that holds this peice of media
    $sql = "SELECT album_id FROM {$_TABLES['mg_media_albums']} WHERE media_id='" . DB_escapeString($id) . "'";
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        $row = DB_fetchArray($result);
        $aid = $row['album_id'];
        if ($MG_albums[0]->owner_id) {
            $access = 3;
        } else {
            $access = $MG_albums[$aid]->access;
        }
    } else {
        $access = 0;
    }
    if ($access == 3 || SEC_hasRights('mediagallery.admin')) {
        if (CMT_deleteComment($cid, $id, 'mediagallery') == 0) {
            //reduce count in media table
            $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery'));
            DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id));
            // Now redirect the program flow to the view of the file and its comments
            return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}");
        } else {
            return false;
        }
    } else {
        return false;
    }
}
Пример #11
0
 function view()
 {
     global $_CONF, $_TABLES;
     $body = '';
     $T = new Template($_CONF['path'] . 'plugins/tag/templates');
     $T->set_file('badword', 'admin_badword.thtml');
     $T->set_var('xhtml', XHTML);
     $T->set_var('this_script', COM_buildURL($_CONF['site_admin_url'] . '/plugins/tag/index.php'));
     $T->set_var('lang_desc_admin_badword', TAG_str('desc_admin_badword'));
     $T->set_var('lang_add', TAG_str('add'));
     $T->set_var('lang_lbl_tag', TAG_str('lbl_tag'));
     $T->set_var('lang_delete_checked', TAG_str('delete_checked'));
     $sql = "SELECT * FROM {$_TABLES['tag_badwords']}";
     $result = DB_query($sql);
     if (DB_error()) {
         return $retval . '<p>' . TAG_str('db_error') . '</p>';
     } else {
         if (DB_numRows($result) == 0) {
             $T->set_var('msg', '<p>' . TAG_str('no_badword') . '</p>');
         } else {
             $sw = 1;
             while (($A = DB_fetchArray($result)) !== false) {
                 $word = TAG_escape($A['badword']);
                 $body .= '<tr><td>' . '<input id="' . $word . '" name="words[]" type="checkbox" ' . 'value="' . $word . '"><label for="' . $word . '">' . $word . '</label></td></tr>' . LB;
                 $sw = $sw == 1 ? 2 : 1;
             }
         }
     }
     $T->set_var('body', $body);
     $T->parse('output', 'badword');
     $retval = $T->finish($T->get_var('output'));
     return $retval;
 }
Пример #12
0
function MG_saveEnroll()
{
    global $_CONF, $_MG_CONF, $_MG_USERPREFS, $_TABLES, $_USER, $LANG_MG03;
    if ($_MG_CONF['member_albums'] != 1) {
        echo COM_refresh($_MG_CONF['site_url'] . '/index.php');
        exit;
    }
    if (!isset($_MG_CONF['member_quota'])) {
        $_MG_CONF['member_quota'] = 0;
    }
    $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE owner_id=" . (int) $_USER['uid'] . " AND album_parent=" . $_MG_CONF['member_album_root'];
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        $display = MG_siteHeader();
        $display .= COM_showMessageText($LANG_MG03['existing_member_album'], '', true);
        $display .= MG_siteFooter();
        echo $display;
        exit;
    }
    $uid = (int) $_USER['uid'];
    $aid = plugin_user_create_mediagallery($uid, 1);
    $result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1,quota=" . $_MG_CONF['member_quota'] . " WHERE uid=" . $uid, 1);
    $affected = DB_affectedRows($result);
    if (DB_error()) {
        $sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",1)";
        DB_query($sql, 1);
    }
    CACHE_remove_instance('menu');
    echo COM_refresh($_MG_CONF['site_url'] . '/album.php?aid=' . $aid);
    exit;
}
Пример #13
0
/**
* Add "root" category and fix categories
*
*/
function links_update_set_categories()
{
    global $_TABLES, $_LI_CONF;
    if (empty($_LI_CONF['root'])) {
        $_LI_CONF['root'] = 'site';
    }
    $root = DB_escapeString($_LI_CONF['root']);
    DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)");
    // get Links admin group number
    $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'");
    // loop through adding to category table, then update links table with cids
    $result = DB_query("SELECT DISTINCT cid AS category FROM {$_TABLES['links']}");
    $nrows = DB_numRows($result);
    for ($i = 0; $i < $nrows; $i++) {
        $A = DB_fetchArray($result);
        $category = DB_escapeString($A['category']);
        $cid = $category;
        DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW())", 1);
        if ($cid != $category) {
            // still experimenting ...
            DB_query("UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$category}'", 1);
        }
        if (DB_error()) {
            echo "Error inserting categories into linkcategories table";
            return false;
        }
    }
}
Пример #14
0
 /**
  * Here we do the work
  */
 public function execute($comment)
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $uid = $this->getUid();
     /**
      * Check for IP of url in blacklist
      */
     /*
      * regex to find urls $2 = fqd
      */
     $regx = '(ftp|http|file)://([^/\\s]+)';
     $num = preg_match_all("#{$regx}#", html_entity_decode($comment), $urls);
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='IPofUrl'", 1);
     $nrows = DB_numRows($result);
     $ans = PLG_SPAM_NOT_FOUND;
     for ($j = 1; $j <= $nrows; $j++) {
         list($val) = DB_fetchArray($result);
         for ($i = 0; $i < $num; $i++) {
             $ip = gethostbyname($urls[2][$i]);
             if ($val == $ip) {
                 $ans = PLG_SPAM_FOUND;
                 // quit on first positive match
                 $this->updateStat('IPofUrl', $val);
                 SPAMX_log($LANG_SX00['foundspam'] . $urls[2][$i] . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
                 break;
             }
         }
         if ($ans == PLG_SPAM_FOUND) {
             break;
         }
     }
     return $ans;
 }
Пример #15
0
function MG_adminEXIF()
{
    global $_TABLES, $_MG_CONF, $_CONF, $LANG_MG01, $LANG_MG04;
    $retval = '';
    $T = new Template($_MG_CONF['template_path'] . '/admin/');
    $T->set_file('admin', 'exif_tags.thtml');
    $T->set_var('site_url', $_CONF['site_url']);
    $T->set_var('site_admin_url', $_CONF['site_admin_url']);
    $T->set_block('admin', 'exifRow', 'eRow');
    $sql = "SELECT * FROM {$_TABLES['mg_exif_tags']}";
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    for ($i = 0; $i < $nRows; $i++) {
        $row = DB_fetchArray($result);
        $properties[] = $row['name'];
        $tag[$row['name']][] = $row['selected'];
    }
    $exifKeys = getExifKeys();
    $x = 0;
    foreach ($properties as $property) {
        $title = $exifKeys[$property][0];
        $T->set_var(array('exif_tag' => $title, 'selected' => $tag[$property][0] ? ' checked="checked"' : '', 'tag' => $property, 'rowcounter' => $x % 2));
        $T->parse('eRow', 'exifRow', true);
        $x++;
    }
    $T->set_var(array('lang_select' => $LANG_MG01['select'], 'lang_exiftag' => $LANG_MG01['exiftag'], 'lang_exif_admin_help' => $LANG_MG01['exif_admin_help'], 'lang_check_all' => $LANG_MG01['check_all'], 'lang_uncheck_all' => $LANG_MG01['uncheck_all'], 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 's_form_action' => $_MG_CONF['admin_url'] . 'exif_admin.php'));
    $T->parse('output', 'admin');
    $retval .= $T->finish($T->get_var('output'));
    return $retval;
}
Пример #16
0
function MG_saveEnroll()
{
    global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG03;
    if ($_MG_CONF['member_albums'] != 1) {
        echo COM_refresh($_MG_CONF['site_url'] . '/index.php');
        exit;
    }
    if (!isset($_MG_CONF['member_quota'])) {
        $_MG_CONF['member_quota'] = 0;
    }
    $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} " . "WHERE owner_id=" . intval($_USER['uid']) . " AND album_parent=" . intval($_MG_CONF['member_album_root']);
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        $display = COM_startBlock('', '', COM_getBlockTemplate('_msg_block', 'header'));
        $display .= $LANG_MG03['existing_member_album'];
        $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $display = MG_createHTMLDocument($display);
        COM_output($display);
        exit;
    }
    $uid = $_USER['uid'];
    $aid = plugin_user_create_mediagallery($uid, 1);
    DB_change($_TABLES['mg_userprefs'], 'member_gallery', 1, 'uid', $uid);
    DB_change($_TABLES['mg_userprefs'], 'quota', intval($_MG_CONF['member_quota']), 'uid', $uid);
    if (DB_error()) {
        $sql = "INSERT INTO {$_TABLES['mg_userprefs']} " . "(uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) " . "VALUES (" . $uid . ",1,0,0,-1,-1,-1," . intval($_MG_CONF['member_quota']) . ",1)";
        DB_query($sql, 1);
    }
    echo COM_refresh($_MG_CONF['site_url'] . '/album.php?aid=' . $aid);
    exit;
}
Пример #17
0
function forum_admin_list()
{
    global $_TABLES, $LANG_ADMIN, $LANG_GF00, $LANG_GF91, $LANG_GF06, $_CONF, $_FF_CONF;
    USES_lib_admin();
    $retval = '';
    $selected = '';
    $menu_arr = array();
    $admin_list = new Template($_CONF['path'] . 'plugins/forum/templates/admin/');
    $admin_list->set_file('admin-list', 'index.thtml');
    $admin_list->set_var('block_start', COM_startBlock($LANG_GF91['gfstats']));
    $menu_arr = FF_adminNav($LANG_GF06['1']);
    $admin_list->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG_GF00['instructions'], $_CONF['site_url'] . '/forum/images/forum.png'));
    // CATEGORIES
    $numcats = DB_query("SELECT id FROM {$_TABLES['ff_categories']}");
    $totalcats = DB_numRows($numcats);
    // FORUMS
    $numforums = DB_query("SELECT forum_id FROM {$_TABLES['ff_forums']}");
    $totalforums = DB_numRows($numforums);
    // TOPICS
    $numtopics = DB_query("SELECT id FROM {$_TABLES['ff_topic']} WHERE pid = 0");
    $totaltopics = DB_numRows($numtopics);
    // POSTS
    $numposts = DB_query("SELECT id FROM {$_TABLES['ff_topic']}");
    $totalposts = DB_numRows($numposts);
    // VIEWS
    $numviews = DB_query("SELECT SUM(views) AS TOTAL FROM {$_TABLES['ff_topic']}");
    $totalviews = DB_fetchArray($numviews);
    // AVERAGE POSTS
    if ($totalposts != 0) {
        $avgcposts = $totalposts / $totalcats;
        $avgcposts = round($avgcposts);
        $avgfposts = $totalposts / $totalforums;
        $avgfposts = round($avgfposts);
        $avgtposts = $totalposts / $totaltopics;
        $avgtposts = round($avgtposts);
    } else {
        $avgcposts = 0;
        $avgfposts = 0;
        $avgtposts = 0;
    }
    // AVERAGE VIEWS
    if ($totalviews['TOTAL'] != 0) {
        $avgcviews = $totalviews['TOTAL'] / $totalcats;
        $avgcviews = round($avgcviews);
        $avgfviews = $totalviews['TOTAL'] / $totalforums;
        $avgfviews = round($avgfviews);
        $avgtviews = $totalviews['TOTAL'] / $totaltopics;
        $avgtviews = round($avgtviews);
    } else {
        $avgcviews = 0;
        $avgfviews = 0;
        $avgtviews = 0;
    }
    $admin_list->set_var(array('statsmsg' => $LANG_GF91['statsmsg'], 'totalcatsmsg' => $LANG_GF91['totalcats'], 'totalcats' => $totalcats, 'totalforumsmsg' => $LANG_GF91['totalforums'], 'totalforums' => $totalforums, 'totaltopicsmsg' => $LANG_GF91['totaltopics'], 'totaltopics' => $totaltopics, 'totalpostsmsg' => $LANG_GF91['totalposts'], 'totalposts' => $totalposts, 'totalviewsmsg' => $LANG_GF91['totalviews'], 'totalviews' => $totalviews['TOTAL'], 'category' => $LANG_GF91['category'], 'forum' => $LANG_GF91['forum'], 'topic' => $LANG_GF91['topic'], 'avgpmsg' => $LANG_GF91['avgpmsg'], 'avgcposts' => $avgcposts, 'avgfposts' => $avgfposts, 'avgtposts' => $avgtposts, 'avgvmsg' => $LANG_GF91['avgvmsg'], 'avgcviews' => $avgcviews, 'avgfviews' => $avgfviews, 'avgtviews' => $avgtviews));
    $admin_list->set_var('block_end', COM_endBlock());
    $admin_list->parse('output', 'admin-list');
    $retval .= $admin_list->finish($admin_list->get_var('output'));
    return $retval;
}
Пример #18
0
function MG_getItems($mode = 'sv')
{
    global $MG_albums, $_TABLES, $_MG_CONF;
    $retval = '';
    $aid = 0;
    if (isset($_REQUEST['aid'])) {
        $aid = COM_applyFilter($_REQUEST['aid'], true);
    }
    $src = 'disp';
    if (isset($_REQUEST['src'])) {
        $src = COM_applyFilter($_REQUEST['src']);
    }
    $type = 'mini';
    if (isset($_REQUEST['type'])) {
        $type = COM_applyFilter($_REQUEST['type']);
    }
    if ($src != 'disp' && $src != 'orig') {
        $src = 'tn';
    }
    if ($type != 'full' || $type != 'mini') {
        $type = 'mini';
    }
    if (isset($MG_albums[$aid]->id)) {
        if ($MG_albums[$aid]->access >= 1) {
            $orderBy = MG_getSortOrder($aid, 0);
            $sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma INNER JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE ma.album_id=" . (int) $aid . " AND m.include_ss=1 " . $orderBy;
            $result = DB_query($sql);
            $nRows = DB_numRows($result);
            $mediaRows = 0;
            if ($nRows > 0) {
                while ($row = DB_fetchArray($result)) {
                    if ($row['media_type'] == 0) {
                        foreach ($_MG_CONF['validExtensions'] as $ext) {
                            if (file_exists($_MG_CONF['path_mediaobjects'] . $src . '/' . $row['media_filename'][0] . '/' . $row['media_filename'] . $ext)) {
                                $PhotoURL = $_MG_CONF['mediaobjects_url'] . '/' . $src . '/' . $row['media_filename'][0] . '/' . $row['media_filename'] . $ext;
                                $PhotoPath = $_MG_CONF['path_mediaobjects'] . $src . '/' . $row['media_filename'][0] . '/' . $row['media_filename'] . $ext;
                                break;
                            }
                        }
                        if ($row['remote_url'] != '') {
                            $viewURL = $row['remote_url'];
                        } else {
                            $viewURL = $_MG_CONF['site_url'] . "/media.php?s=" . $row['media_id'];
                        }
                        $imgsize = @getimagesize($PhotoPath);
                        if ($imgsize == false && $row['remote_media'] != 1) {
                            continue;
                        }
                        if ($row['remote_media'] == 1) {
                            $PhotoURL = $row['remote_url'];
                        }
                        $retval .= '<slide src="' . $PhotoURL . '" caption="' . htmlentities(strip_tags($row['media_title']), ENT_QUOTES, COM_getEncodingt()) . '"/>' . "\n";
                    }
                }
            }
        }
        return $retval;
    }
}
Пример #19
0
function subscribe_topic()
{
    global $_CONF, $_FF_CONF, $_TABLES, $_USER, $LANG_GF01, $LANG_GF02;
    $retval = '';
    if (COM_isAnonUser()) {
        $retval['statusMessage'] = 'Invalid Request';
        $retval['errorCode'] = 1;
        $return["json"] = json_encode($retval);
        echo json_encode($return);
        exit;
    }
    $forum = COM_applyFilter($_POST['id'], true);
    $topic = COM_applyFilter($_POST['topic_id'], true);
    $notify_id = COM_applyFilter($_POST['notify_id'], true);
    $sql = "SELECT * FROM {$_TABLES['subscriptions']}\n            WHERE ((type='forum' AND id=" . (int) $topic . ") AND (uid=" . (int) $_USER['uid'] . ")\n            OR ";
    $sql .= "((type='forum' AND category=" . (int) $forum . ") AND (id=0) and (uid=" . (int) $_USER['uid'] . ")))";
    $notifyquery = DB_query("{$sql}");
    $pid = DB_getItem($_TABLES['ff_topic'], 'pid', "id=" . (int) $topic);
    if ($pid == 0) {
        $pid = $topic;
    }
    $ntopic = -$topic;
    if (DB_numRows($notifyquery) > 0) {
        $A = DB_fetchArray($notifyquery);
        if ($A['id'] == 0) {
            // User has subscribed to complete forum
            // Check and see if user has a non-subscribe record for this topic id
            $query = DB_query("SELECT sub_id FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $_USER['uid'] . " AND category=" . (int) $forum . " AND id = " . $ntopic);
            if (DB_numRows($query) > 0) {
                list($watchrec) = DB_fetchArray($query);
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $watchrec);
                $retval['statusMessage'] = $LANG_GF02['msg142'];
            } else {
                $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
                $topic_name = DB_getItem($_TABLES['ff_topic'], 'subject', 'id=' . (int) $pid);
                DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum'," . (int) $forum . ",'" . DB_escapeString($forum_name) . "'," . (int) $pid . ",'" . DB_escapeString($topic_name) . "'," . (int) $_USER['uid'] . ",now() )");
                $retval['statusMessage'] = $LANG_GF02['msg142'];
            }
        } else {
            $retval['statusMessage'] = $LANG_GF02['msg40'];
        }
    } else {
        $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
        $topic_name = DB_getItem($_TABLES['ff_topic'], 'subject', 'id=' . (int) $pid);
        DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum'," . (int) $forum . ",'" . DB_escapeString($forum_name) . "'," . (int) $pid . ",'" . DB_escapeString($topic_name) . "'," . (int) $_USER['uid'] . ",now() )");
        $nid = -$notify_id;
        DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $_USER['uid'] . " AND category=" . (int) $forum . " AND id = " . $nid);
        $retval['statusMessage'] = $LANG_GF02['msg142'];
    }
    $retval['errorCode'] = 0;
    $retval['icon'] = 'uk-icon-bookmark';
    $retval['subOption'] = 'unsubscribe_topic';
    $retval['label'] = $LANG_GF01['unSubscribeLink'];
    $return["json"] = json_encode($retval);
    echo json_encode($return);
    exit;
}
Пример #20
0
 function doValidLogin($login)
 {
     global $_CONF, $_TABLES, $status, $uid;
     // Remote auth precludes usersubmission,
     // and integrates user activation, see?;
     $status = USER_ACCOUNT_ACTIVE;
     // PHP replaces "." with "_"
     $openid_identity = DB_escapeString($this->query['openid_identity']);
     $openid_nickname = '';
     if (isset($this->query['openid_sreg_nickname'])) {
         $openid_nickname = $this->query['openid_sreg_nickname'];
     }
     // Check if that account is already registered.
     $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
     $tmp = DB_error();
     $nrows = DB_numRows($result);
     if (!($tmp == 0) || !($nrows == 1)) {
         // First time login with this OpenID, creating account...
         if ($_CONF['disable_new_user_registration']) {
             // not strictly correct - just to signal a failed login attempt
             $status = USER_ACCOUNT_DISABLED;
             $uid = 0;
             return;
         }
         if (empty($openid_nickname)) {
             $openid_nickname = $this->makeUsername($this->query['openid_identity']);
         }
         // we simply can't accept empty usernames ...
         if (empty($openid_nickname)) {
             COM_errorLog('Got an empty username for ' . $openid_identity);
             // not strictly correct - just to signal a failed login attempt
             $status = USER_ACCOUNT_DISABLED;
             $uid = 0;
             return;
         }
         // Ensure that remoteusername is unique locally.
         $openid_nickname = USER_uniqueUsername($openid_nickname);
         $openid_sreg_email = '';
         if (isset($this->query['openid_sreg_email'])) {
             $openid_sreg_email = $this->query['openid_sreg_email'];
         }
         $openid_sreg_fullname = '';
         if (isset($this->query['openid_sreg_fullname'])) {
             $openid_sreg_fullname = $this->query['openid_sreg_fullname'];
         }
         USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid');
         $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'");
         // Store full remote account name:
         DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}");
         // Add to remote users:
         $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
         DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
     } else {
         $result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
         list($uid, $status) = DB_fetchArray($result);
     }
 }
Пример #21
0
function MG_getUserActive($uid)
{
    global $_TABLES;
    $result = DB_query("SELECT active FROM {$_TABLES['mg_userprefs']} WHERE uid=" . (int) $uid);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        $row = DB_fetchArray($result);
        return $row['active'];
    }
    return 0;
}
Пример #22
0
function fncComment($id)
{
    global $_CONF;
    global $_TABLES;
    //
    $order = '';
    if (isset($_REQUEST['order'])) {
        $order = COM_applyFilter($_REQUEST['order']);
    }
    $mode = '';
    if (isset($_REQUEST['mode'])) {
        $mode = COM_applyFilter($_REQUEST['mode']);
    }
    $page = 1;
    if (isset($_REQUEST['cpage'])) {
        $page = COM_applyFilter($_REQUEST['cpage']);
    }
    //
    $tbl = $_TABLES['USERBOX_base'];
    //-----
    $sql = "SELECT ";
    $sql .= "commentcode ";
    $sql .= ",owner_id";
    $sql .= ",group_id";
    $sql .= ",perm_owner";
    $sql .= ",perm_group";
    $sql .= ",perm_members";
    $sql .= ",perm_anon";
    $sql .= " FROM ";
    $sql .= " {$tbl} AS t ";
    //base
    $sql .= " WHERE ";
    $sql .= " id=" . $id;
    $sql .= " AND t.draft_flag=0" . LB;
    //アクセス権のないデータ はのぞく
    $sql .= COM_getPermSql('AND');
    //公開日以前のデータはのぞく
    $sql .= " AND (released <= NOW())";
    //公開終了日を過ぎたデータはのぞく
    $sql .= " AND (expired=0 OR expired > NOW())";
    //
    $result = DB_query($sql);
    $numrows = DB_numRows($result);
    if ($numrows > 0) {
        $A = DB_fetchArray($result);
        $A = array_map('stripslashes', $A);
        if ($A['commentcode'] >= 0) {
            $delete_option = SEC_hasRights('userbox.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 ? true : false;
            require_once $_CONF['path_system'] . 'lib-comment.php';
            $retval .= CMT_userComments($id, $A['topic'], 'userbox', $order, $mode, 0, $page, false, $delete_option, $A['commentcode']);
        }
    }
    return $retval;
}
Пример #23
0
 /**
  * Constructor
  */
 function display()
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $action = '';
     if (isset($_GET['action'])) {
         $action = $_GET['action'];
     } elseif (isset($_POST['paction'])) {
         $action = $_POST['paction'];
     }
     if ($action == 'delete' && SEC_checkToken()) {
         $entry = $_GET['entry'];
         if (!empty($entry)) {
             $dbentry = addslashes($entry);
             DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
         }
     } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
         $entry = '';
         $name = COM_applyFilter($_REQUEST['header-name']);
         $n = explode(':', $name);
         $name = $n[0];
         $value = $_REQUEST['header-value'];
         if (!empty($name) && !empty($value)) {
             $entry = $name . ': ' . $value;
         }
         $dbentry = addslashes($entry);
         if (!empty($entry)) {
             $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
         }
     }
     $token = SEC_createToken();
     $display = '<hr' . XHTML . '>' . LB . '<p><b>';
     $display .= $LANG_SX00['headerblack'];
     $display .= '</b></p>' . LB . '<ul>' . LB;
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
     $nrows = DB_numRows($result);
     for ($i = 0; $i < $nrows; $i++) {
         list($e) = DB_fetchArray($result);
         $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&amp;action=delete&amp;entry=' . urlencode($e) . '&amp;' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
     }
     $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
     $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
     $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
     $display .= '<table border="0" width="100%">' . LB;
     $display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
     $display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
     $display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
     $display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
     $display .= '</table>' . LB;
     $display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>';
     $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></p>' . LB;
     $display .= '</form>' . LB;
     return $display;
 }
Пример #24
0
function MG_rebuildThumb()
{
    global $_MG_CONF, $LANG_MG01;
    $sql = MG_buildMediaSql(array('where' => "m.media_type = 0", 'sortorder' => -1));
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        $actionURL = $_MG_CONF['admin_url'] . 'index.php';
        $session_description = $LANG_MG01['rebuild_thumb'];
        $session_id = MG_beginSession('rebuildthumb', $actionURL, $session_description);
        for ($x = 0; $x < $nRows; $x++) {
            $row = DB_fetchArray($result);
            $srcImage = '';
            $imageDisplay = '';
            $mfn = $row['media_filename'][0] . '/' . $row['media_filename'];
            if ($_MG_CONF['discard_original'] == 1) {
                $ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn);
                if (!empty($ext)) {
                    $srcImage = $_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn . $ext;
                    $imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext;
                    $row['mime_type'] = '';
                }
            } else {
                $ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'orig/' . $mfn);
                if (!empty($ext)) {
                    $srcImage = $_MG_CONF['path_mediaobjects'] . 'orig/' . $mfn . $ext;
                    $imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext;
                }
            }
            if ($srcImage == '' || !file_exists($srcImage)) {
                $ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn);
                if (!empty($ext)) {
                    $srcImage = $_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn . $ext;
                    $imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext;
                    $row['mime_type'] = '';
                    $row['media_mime_ext'] = $ext;
                }
            }
            if ($srcImage == '') {
                continue;
            }
            MG_registerSession(array('session_id' => $session_id, 'mid' => $row['mime_type'], 'aid' => $row['album_id'], 'data' => $srcImage, 'data2' => $imageDisplay, 'data3' => $row['media_mime_ext']));
        }
        $display = MG_continueSession($session_id, 0, $_MG_CONF['def_refresh_rate']);
        $display = COM_createHTMLDocument($display);
        COM_output($display);
        exit;
    } else {
        echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=7');
        exit;
    }
}
Пример #25
0
 /**
  * Constructor
  */
 function display()
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $action = '';
     if (isset($_GET['action'])) {
         $action = $_GET['action'];
     } elseif (isset($_POST['paction'])) {
         $action = $_POST['paction'];
     }
     $entry = '';
     if (isset($_GET['entry'])) {
         $entry = COM_stripslashes($_GET['entry']);
     } elseif (isset($_POST['pentry'])) {
         $entry = COM_stripslashes($_POST['pentry']);
     }
     if ($action == 'delete' && SEC_checkToken()) {
         $entry = DB_escapeString($entry);
         DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
     } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
         if (!empty($entry)) {
             $entry = DB_escapeString($entry);
             $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
         }
     } elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
         foreach ($_CONF['censorlist'] as $entry) {
             $entry = DB_escapeString($entry);
             $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
         }
     }
     $token = SEC_createToken();
     $display = '<hr' . XHTML . '>' . LB . '<p><b>';
     $display .= $LANG_SX00['pblack'];
     $display .= '</b></p>' . LB . '<ul>' . LB;
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
     $nrows = DB_numRows($result);
     for ($i = 0; $i < $nrows; $i++) {
         $A = DB_fetchArray($result);
         $e = $A['value'];
         $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&amp;action=delete&amp;entry=' . urlencode($e) . '&amp;' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
     }
     $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
     $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
     $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
     $display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '>&nbsp;&nbsp;&nbsp;';
     $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
     $display .= '<p>' . $LANG_SX00['e3'] . '</p>&nbsp;&nbsp;&nbsp;';
     $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
     $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
     $display .= '</div></form>' . LB;
     return $display;
 }
Пример #26
0
/**
* Automatic uninstall function for plugins
*
* @return   array
*
* This code is automatically uninstalling the plugin.
* It passes an array to the core code function that removes
* tables, groups, features and php blocks from the tables.
* Additionally, this code can perform special actions that cannot be
* foreseen by the core code (interactions with other plugins for example)
*
*/
function plugin_autouninstall_nexfile()
{
    global $_TABLES, $_CONF;
    require_once $_CONF['path_system'] . 'nexpro/classes/tagcloud.class.php';
    $query = DB_query("SELECT itemid FROM {$_TABLES['tagworditems']} WHERE type = 'nexfile'");
    if (DB_numRows($query) > 0) {
        $tagcloud = new nexfileTagCloud();
        while ($A = DB_fetchArray($query)) {
            $tagcloud->clear_tags($A['itemid']);
        }
    }
    $out = array('tables' => array('nxfile_access', 'nxfile_categories', 'nxfile_files', 'nxfile_filedetail', 'nxfile_fileversions', 'nxfile_notifications', 'nxfile_filesubmissions', 'auditlog', 'nxfile_favorites', 'nxfile_recentfolders', 'nxfile_downloads', 'nxfile_usersettings', 'nxfile_notificationlog', 'nxfile_import_queue', 'nxfile_export_queue'), 'groups' => array('nexfile Admin'), 'features' => array('nexfile.admin', 'nexfile.edit', 'nexfile.user'), 'php_blocks' => array('phpblock_nexfile_latestfiles'), 'vars' => array('nexfile_admin'));
    return $out;
}
Пример #27
0
/**
 * Add passwords for OAuth and OpenID users
 *
 */
function update_UsersFor180()
{
    global $_CONF, $_TABLES;
    require_once $_CONF['path_system'] . 'lib-security.php';
    require_once $_CONF['path_system'] . 'lib-user.php';
    $passwords = array();
    $sql = "SELECT uid FROM {$_TABLES['users']} WHERE (remoteservice IS NOT NULL OR remoteservice != '') AND passwd = ''";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    for ($i = 0; $i < $nrows; $i++) {
        $A = DB_fetchArray($result);
        $passwords = USER_createPassword($A['uid']);
    }
}
Пример #28
0
function updaterating($sel_id)
{
    global $_FM_TABLES;
    $sel_id = intval($sel_id);
    $voteresult = DB_query("SELECT rating FROM {$_FM_TABLES['filemgmt_votedata']} WHERE lid = '{$sel_id}'");
    $votesDB = DB_numRows($voteresult);
    $totalrating = 0;
    if ($votesDB > 0) {
        while (list($rating) = DB_fetchArray($voteresult)) {
            $totalrating += $rating;
        }
        $finalrating = $totalrating / $votesDB;
    }
    $finalrating = number_format($finalrating, 4);
    DB_query("UPDATE {$_FM_TABLES['filemgmt_filedetail']} SET rating='{$finalrating}', votes='{$votesDB}' WHERE lid = '{$sel_id}'");
}
Пример #29
0
function DLM_updaterating($sel_id)
{
    global $_TABLES;
    $sel_id = addslashes($sel_id);
    $voteresult = DB_query("SELECT rating FROM {$_TABLES['downloadvotes']} " . "WHERE lid = '{$sel_id}'");
    $votesDB = DB_numRows($voteresult);
    $totalrating = 0;
    if ($votesDB > 0) {
        while (list($rating) = DB_fetchArray($voteresult)) {
            $totalrating += $rating;
        }
        $finalrating = $totalrating / $votesDB;
    }
    $finalrating = number_format($finalrating, 4);
    DB_query("UPDATE {$_TABLES['downloads']} " . "SET rating='{$finalrating}', votes='{$votesDB}' " . "WHERE lid = '{$sel_id}'");
}
Пример #30
0
function MG_saveUser()
{
    global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $_POST;
    $uid = COM_applyFilter($_POST['uid'], true);
    $quota = COM_applyFilter($_POST['quota'], true) * 1048576;
    $active = COM_applyFilter($_POST['active'], true);
    $result = DB_query("SELECT uid FROM {$_TABLES['mg_userprefs']} WHERE uid=" . $uid);
    $nRows = DB_numRows($result);
    if ($nRows > 0) {
        DB_query("UPDATE {$_TABLES['mg_userprefs']} SET quota=" . $quota . ",active=" . $active . " WHERE uid=" . $uid, 1);
    } else {
        DB_query("INSERT INTO {$_TABLES['mg_userprefs']} SET uid=" . $uid . ", quota=" . $quota . ",active=" . $active, 1);
    }
    echo COM_refresh($_MG_CONF['admin_url'] . 'quotareport.php');
    exit;
}