/**
* Check if user is authorized
*
* @return boolean true if access granted, false if no access
*/
function auth()
{
// You can insert your own code over here to check if the user is authorized.
// If you use a session variable, you've got to start the session first (session_start())
global $_CONF;
return SEC_inGroup('Root') || !$_CONF['filemanager_disabled'] && (SEC_inGroup('Filemanager Admin') || SEC_hasRights('filemanager.admin'));
}
/**
* Prints the user submission lists at the top
*
* @param string $token CSRF token
* @return string HTML for the C&C block
*
*/
function usersubmissions($token)
{
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG29, $_IMAGE_TYPE;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
// writing the menu on top
$menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= COM_startBlock($LANG29[13], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG29['submissions_desc'], $_CONF['layout_url'] . '/images/icons/moderation.' . $_IMAGE_TYPE);
// IMPORTANT - If any of the below submission lists change, please
// update the function SEC_hasModerationAccess in lib-security.php to
// reflect the changes
if (SEC_hasRights('story.moderate')) {
$retval .= itemlist('story', $token);
}
if ($_CONF['listdraftstories'] == 1) {
if (SEC_hasRights('story.edit')) {
$retval .= itemlist('story_draft', $token);
}
}
if ($_CONF['commentsubmission'] == 1) {
if (SEC_hasRights('comment.moderate')) {
$retval .= itemlist('comment', $token);
}
}
if ($_CONF['usersubmission'] == 1) {
if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
$retval .= userlist($token);
}
}
$retval .= PLG_showModerationList($token);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function fncComment($id)
{
global $_CONF;
global $_TABLES;
//
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$mode = '';
if (isset($_REQUEST['mode'])) {
$mode = COM_applyFilter($_REQUEST['mode']);
}
$page = 1;
if (isset($_REQUEST['cpage'])) {
$page = COM_applyFilter($_REQUEST['cpage']);
}
//
$tbl = $_TABLES['USERBOX_base'];
//-----
$sql = "SELECT ";
$sql .= "commentcode ";
$sql .= ",owner_id";
$sql .= ",group_id";
$sql .= ",perm_owner";
$sql .= ",perm_group";
$sql .= ",perm_members";
$sql .= ",perm_anon";
$sql .= " FROM ";
$sql .= " {$tbl} AS t ";
//base
$sql .= " WHERE ";
$sql .= " id=" . $id;
$sql .= " AND t.draft_flag=0" . LB;
//アクセス権のないデータ はのぞく
$sql .= COM_getPermSql('AND');
//公開日以前のデータはのぞく
$sql .= " AND (released <= NOW())";
//公開終了日を過ぎたデータはのぞく
$sql .= " AND (expired=0 OR expired > NOW())";
//
$result = DB_query($sql);
$numrows = DB_numRows($result);
if ($numrows > 0) {
$A = DB_fetchArray($result);
$A = array_map('stripslashes', $A);
if ($A['commentcode'] >= 0) {
$delete_option = SEC_hasRights('userbox.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 ? true : false;
require_once $_CONF['path_system'] . 'lib-comment.php';
$retval .= CMT_userComments($id, $A['topic'], 'userbox', $order, $mode, 0, $page, false, $delete_option, $A['commentcode']);
}
}
return $retval;
}
/**
* Check for access rights
*/
public static function checkAccessRights()
{
global $MESSAGE, $_USER;
if (!SEC_hasRights('language.edit')) {
$content = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the language administration screen.");
COM_output($display);
exit;
}
}
function MG_navbar($selected = '', $album_id)
{
global $_CONF, $_MG_CONF, $LANG_MG01, $LANG_MG03;
include_once $_CONF['path'] . 'system/classes/navbar.class.php';
$navbar = new navbar();
$navbar->add_menuitem($LANG_MG01['swfupload_media'], $_MG_CONF['site_url'] . '/admin.php?mode=upload&album_id=' . $album_id);
$navbar->add_menuitem($LANG_MG01['browser_upload'], $_MG_CONF['site_url'] . '/admin.php?mode=browser&album_id=' . $album_id);
if (SEC_hasRights('mediagallery.admin')) {
$navbar->add_menuitem($LANG_MG01['ftp_media'], $_MG_CONF['site_url'] . '/admin.php?mode=import&album_id=' . $album_id);
}
$navbar->add_menuitem($LANG_MG01['remote_media'], $_MG_CONF['site_url'] . '/admin.php?mode=remote&album_id=' . $album_id);
$navbar->set_selected($selected);
$retval .= $navbar->generate();
return $retval;
}
/**
* Constructor.
* Reads in the specified class, if $id is set. If $id is zero,
* then a new entry is being created.
*
* @param integer $id Optional type ID
*/
public function __construct($id = 0)
{
global $_PP_CONF;
USES_paypal_class_currency();
$this->properties = array();
$this->isNew = true;
$this->currency = new ppCurrency($_PP_CONF['currency']);
$id = (int) $id;
if ($id < 1) {
$this->id = 0;
$this->name = '';
$this->cat_id = '';
$this->short_description = '';
$this->description = '';
$this->price = 0;
$this->prod_type = PP_PROD_VIRTUAL;
$this->weight = 0;
$this->file = '';
$this->expiration = $_PP_CONF['def_expiration'];
$this->enabled = $_PP_CONF['def_enabled'];
$this->featured = $_PP_CONF['def_featured'];
$this->taxable = $_PP_CONF['def_taxable'];
$this->dt_add = $_PP_CONF['now']->toMySQL();
$this->views = 0;
$this->rating = 0;
$this->votes = 0;
$this->shipping_type = 0;
$this->shipping_amt = 0;
$this->show_random = 1;
$this->show_popular = 1;
$this->keywords = '';
$this->comments_enabled = $_PP_CONF['ena_comments'] == 1 ? PP_COMMENTS_ENABLED : PP_COMMENTS_DISABLED;
$this->rating_enabled = $_PP_CONF['ena_ratings'] == 1 ? 1 : 0;
$this->track_onhand = $_PP_CONF['def_track_onhand'];
$this->oversell = $_PP_CONF['def_oversell'];
$this->qty_discounts = array();
$this->custom = '';
} else {
$this->id = $id;
if (!$this->Read()) {
$this->id = 0;
}
}
$this->isAdmin = SEC_hasRights('paypal.admin') ? 1 : 0;
}
/**
* Constructor.
* Reads in the specified class, if $id is set. If $id is zero,
* then a new entry is being created.
*
* @param integer $id Optional type ID
*/
public function __construct($id = 0)
{
global $_USER, $_VARS;
$this->properties = array();
$this->isNew = true;
$this->cat_id = $id;
$this->parent_id = 0;
$this->cat_name = '';
$this->description = '';
$this->grp_access = 2;
// All users have access by default
$this->image = '';
$this->enabled = 1;
if ($this->cat_id > 0) {
if (!$this->Read()) {
$this->cat_id = 0;
}
}
$this->isAdmin = SEC_hasRights('paypal.admin') ? 1 : 0;
}
function MG_navbar($selected = '', $album_id)
{
global $_CONF, $_MG_CONF, $LANG_MG01, $LANG_MG03, $glversion;
USES_class_navbar();
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file(array('upload' => 'upload.thtml'));
$T->set_var(array('lang_upload_media' => $LANG_MG03['upload_media']));
$T->parse('output', 'upload');
$retval = $T->finish($T->get_var('output'));
$navbar = new navbar();
$navbar->add_menuitem($LANG_MG01['html5upload_media'], $_MG_CONF['site_url'] . '/admin.php?mode=upload&album_id=' . $album_id);
$navbar->add_menuitem($LANG_MG01['browser_upload'], $_MG_CONF['site_url'] . '/admin.php?mode=browser&album_id=' . $album_id);
if (SEC_hasRights('mediagallery.admin')) {
$navbar->add_menuitem($LANG_MG01['ftp_media'], $_MG_CONF['site_url'] . '/admin.php?mode=import&album_id=' . $album_id);
}
$navbar->add_menuitem($LANG_MG01['remote_media'], $_MG_CONF['site_url'] . '/admin.php?mode=remote&album_id=' . $album_id);
$navbar->set_selected($selected);
$retval .= $navbar->generate();
$retval .= '<br />';
return $retval;
}
/**
* Constructor.
* Reads in the specified class, if $id is set. If $id is zero,
* then a new entry is being created.
*
* @param integer $id Attributeal type ID
*/
function __construct($id = 0)
{
$this->properties = array();
$this->isNew = true;
$id = (int) $id;
if ($id < 1) {
// New entry, set defaults
$this->attr_id = 0;
$this->attr_name = 0;
$this->attr_value = '';
$this->attr_price = 0;
$this->item_id = 0;
$this->enabled = 1;
$this->orderby = 9999;
} else {
$this->attr_id = $id;
if (!$this->Read()) {
$this->attr_id = 0;
}
}
$this->isAdmin = SEC_hasRights('paypal.admin') ? 1 : 0;
}
/**
* Constructor.
* Reads in the specified class, if $id is set. If $id is zero,
* then a new entry is being created.
*
* @param integer $id Optional type ID
*/
public function __construct($id = 0)
{
global $_USER, $_VARS;
$this->properties = array();
$this->isNew = true;
$this->cat_id = $id;
$this->parent_id = 0;
$this->cat_name = '';
$this->description = '';
$this->group_id = isset($_VARS['paypal_gid']) ? $_VARS['paypal_gid'] : 1;
$this->owner_id = $_USER['uid'];
$this->perm_owner = 3;
$this->perm_group = 3;
$this->perm_members = 2;
$this->perm_anon = 2;
$this->image = '';
$this->enabled = 1;
if ($this->cat_id > 0) {
if (!$this->Read()) {
$this->cat_id = 0;
}
}
$this->isAdmin = SEC_hasRights('paypal.admin') ? 1 : 0;
}
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '')
{
global $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_DB_dbms;
$album = new mgAlbum($album_id);
if ($actionURL == '') {
$actionURL = $_MG_CONF['site_url'] . '/index.php';
}
$retval = '';
$T = COM_newTemplate(MG_getTemplatePath($album_id));
$T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml'));
// pull the media information from the database...
$sql = "SELECT * FROM ";
if ($_DB_dbms == "mssql") {
$sql = "SELECT *,CAST(media_desc AS TEXT) AS media_desc FROM ";
}
$sql .= ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . addslashes($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($album->access != 3 && !SEC_inGroup($album->mod_group_id) && $row['media_user_id'] != $_USER['uid']) {
COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// Build Album List
$album_jumpbox = '<select name="albums" width="40">';
$root_album = new mgAlbum(0);
$root_album->buildJumpBox($album_jumpbox, $album_id);
$album_jumpbox .= '</select>';
// should check the above for errors, etc...
$exif_info = '';
if ($row['media_type'] == 0) {
if (!function_exists('MG_readEXIF')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php';
}
$exif_info = MG_readEXIF($row['media_id'], 1, $mqueue);
if (empty($exif_info)) {
$exif_info = '';
}
}
$media_time_month = date("m", $row['media_time']);
$media_time_day = date("d", $row['media_time']);
$media_time_year = date("Y", $row['media_time']);
$media_time_hour = date("H", $row['media_time']);
$media_time_minute = date("i", $row['media_time']);
$month_select = '<select name="media_month">';
$month_select .= COM_getMonthFormOptions($media_time_month);
$month_select .= '</select>';
$day_select = '<select name="media_day">';
for ($i = 1; $i < 32; $i++) {
$day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$day_select .= '</select>';
$current_year = (int) date("Y");
$end_year = $current_year + 10;
$year_select = '<select name="media_year">';
for ($i = 1998; $i < $end_year; $i++) {
$year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$year_select .= '</select>';
$hour_select = '<select name="media_hour">';
for ($i = 0; $i < 24; $i++) {
$hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$hour_select .= '</select>';
$minute_select = '<select name="media_minute">';
for ($i = 0; $i < 60; $i++) {
$minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>';
}
$minute_select .= '</select>';
$media_time = MG_getUserDateTimeFormat($row['media_time']);
$tn_size = 1;
list($thumbnail, $pThumbnail, $size) = Media::getThumbInfo($row, $tn_size);
$attached_thumbnail = '';
if ($row['media_tn_attached'] == 1) {
$atnsize = '';
if ($size != false) {
list($newwidth, $newheight) = Media::getImageWH($size[0], $size[1], 150, 150);
$atnsize = 'width="' . $newwidth . '" height="' . $newheight . '"';
}
$attached_thumbnail = '<img src="' . $thumbnail . '" alt="" ' . $atnsize . XHTML . '>';
$tmpthumb = Media::getDefaultThumbnail($row, $tn_size);
$thumbnail = $_MG_CONF['mediaobjects_url'] . '/' . $tmpthumb;
$size = getimagesize($_MG_CONF['path_mediaobjects'] . $tmpthumb);
}
$preview = '';
$preview_end = '';
if ($row['media_type'] == 0 || $row['media_type'] == 1 || $row['media_type'] == 2) {
// image, video and music file
if ($row['media_type'] == 2) {
$win_width = 540;
$win_height = 320;
} elseif ($row['media_type'] == 1) {
$win_width = 660;
$win_height = 525;
} elseif ($row['media_type'] == 0) {
$path = Media::getFilePath('disp', $row['media_filename'], $row['media_mime_ext']);
$media_size_disp = @getimagesize($path);
$win_width = $media_size_disp[0] + 20;
$win_height = $media_size_disp[1] + 20;
} else {
$win_width = 800;
$win_height = 600;
}
$url = Media::getHref_showvideo($row['media_id'], $win_height, $win_width, $mqueue);
$preview = "<a href=\"" . $url . "\">";
$preview_end = "</a>";
}
$rotate_right = '';
$rotate_left = '';
if ($row['media_type'] == 0 && ($_CONF['image_lib'] != 'gdlib' || function_exists("imagerotate"))) {
$rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=right&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"' . XHTML . '></a>';
$rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=left&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"' . XHTML . '></a>';
}
$resolution = '';
$lang_resolution = '';
if ($row['media_type'] == 1) {
// video file
$resolution = 'unknown';
if ($row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0) {
$resolution = $row['media_resolution_x'] . 'x' . $row['media_resolution_y'];
}
$lang_resolution = $LANG_MG07['resolution'];
}
$sql = "SELECT * FROM {$_TABLES['mg_playback_options']} " . "WHERE media_id='" . addslashes($row['media_id']) . "'";
$poResult = DB_query($sql);
$poNumRows = DB_numRows($poResult);
// playback options, if needed...
if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['asf_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu'];
$playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit'];
$playback_options['uimode'] = $_MG_CONF['asf_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar'];
$playback_options['playcount'] = $_MG_CONF['asf_playcount'];
$playback_options['height'] = $_MG_CONF['asf_height'];
$playback_options['width'] = $_MG_CONF['asf_width'];
$playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_resolution' => $lang_resolution, 'resolution' => $resolution));
$T->parse('playback_options', 'asf_options');
}
if ($row['mime_type'] == 'audio/mpeg') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['mp3_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu'];
$playback_options['uimode'] = $_MG_CONF['mp3_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar'];
$playback_options['loop'] = $_MG_CONF['mp3_loop'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode']));
$T->parse('playback_options', 'mp3_options');
}
if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') {
// pull defaults, then override...
$playback_options['play'] = $_MG_CONF['swf_play'];
$playback_options['menu'] = $_MG_CONF['swf_menu'];
$playback_options['quality'] = $_MG_CONF['swf_quality'];
$playback_options['height'] = $_MG_CONF['swf_height'];
$playback_options['width'] = $_MG_CONF['swf_width'];
$playback_options['loop'] = $_MG_CONF['swf_loop'];
$playback_options['scale'] = $_MG_CONF['swf_scale'];
$playback_options['wmode'] = $_MG_CONF['swf_wmode'];
$playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess'];
$playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor'];
$playback_options['swf_version'] = $_MG_CONF['swf_version'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$quality_select = MG_optionlist(array('name' => 'quality', 'current' => $playback_options['quality'], 'values' => array('low' => $LANG_MG07['low'], 'high' => $LANG_MG07['high'])));
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('showall' => $LANG_MG07['showall'], 'noborder' => $LANG_MG07['noborder'], 'exactfit' => $LANG_MG07['exactfit'])));
$wmode_select = MG_optionlist(array('name' => 'wmode', 'current' => $playback_options['wmode'], 'values' => array('window' => $LANG_MG07['window'], 'opaque' => $LANG_MG07['opaque'], 'transparent' => $LANG_MG07['transparent'])));
$asa_select = MG_optionlist(array('name' => 'allowscriptaccess', 'current' => $playback_options['allowscriptaccess'], 'values' => array('always' => $LANG_MG07['always'], 'sameDomain' => $LANG_MG07['sameDomain'], 'never' => $LANG_MG07['never'])));
$T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version']));
if ($row['mime_type'] == 'application/x-shockwave-flash') {
$T->parse('playback_options', 'swf_options');
} else {
$T->parse('playback_options', 'flv_options');
}
}
if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') {
// pull defaults, then override...
$playback_options['autoref'] = $_MG_CONF['mov_autoref'];
$playback_options['autoplay'] = $_MG_CONF['mov_autoplay'];
$playback_options['controller'] = $_MG_CONF['mov_controller'];
$playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : '';
$playback_options['scale'] = $_MG_CONF['mov_scale'];
$playback_options['loop'] = $_MG_CONF['mov_loop'];
$playback_options['height'] = $_MG_CONF['mov_height'];
$playback_options['width'] = $_MG_CONF['mov_width'];
$playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('tofit' => $LANG_MG07['to_fit'], 'aspect' => $LANG_MG07['aspect'], '1' => $LANG_MG07['normal_size'])));
$T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor']));
$T->parse('playback_options', 'mov_options');
}
$remoteurl = $row['remote_url'];
$lang_remote_url = $row['remote_media'] == 1 ? $LANG_MG01['remote_url'] : $LANG_MG01['alternate_url'];
// user information
$username = '';
if (SEC_hasRights('mediagallery.admin')) {
$username = '******';
$sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC";
$result = DB_query($sql);
while ($userRow = DB_fetchArray($result)) {
$username .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB;
}
$username .= '</select>';
} else {
if ($row['media_user_id'] != '') {
$displayname = $_CONF['show_fullname'] ? 'fullname' : 'username';
$username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}");
}
}
$cat_select = '<select name="cat_id" id="cat_id">';
$cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>';
$result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC");
while ($catRow = DB_fetchArray($result)) {
$cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>';
}
$cat_select .= '</select>';
$T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'attached_thumbnail' => $attached_thumbnail, 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end, 'rpath' => htmlentities($back, ENT_QUOTES, COM_getCharset()), 'remoteurl' => $remoteurl, 'lang_remote_url' => $lang_remote_url, 'resolution' => $resolution, 'lang_resolution' => $lang_resolution, 'username' => $username, 'cat_select' => $cat_select, 'media_keywords' => $row['media_keywords'], 'artist' => $row['artist'], 'musicalbum' => $row['album'], 'genre' => $row['genre']));
// language items
$T->set_var(array('lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'lang_replacefile' => $LANG_MG01['replace_file'], 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album']));
$retval .= $T->finish($T->parse('output', 'admin'));
return $retval;
}
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
require_once $_CONF['path'] . 'plugins/downloads/include/functions.php';
if (!SEC_hasRights('downloads.edit')) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = DLM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the downloads temporary file.");
COM_output($display);
exit;
}
COM_setArgNames(array('id'));
$lid = addslashes(COM_applyFilter(COM_getArgument('id')));
$result = DB_query("SELECT url, date FROM {$_TABLES['downloadsubmission']} WHERE lid='{$lid}'");
list($url, $date) = DB_fetchArray($result);
$filepath = $_DLM_CONF['path_filestore'] . 'tmp' . date('YmdHis', $date) . DLM_createSafeFileName($url);
if (file_exists($filepath)) {
header('Content-Disposition: attachment; filename="' . $url . '"');
header('Content-Type: application/octet-stream');
header('Content-Description: File Transfer');
/**
* Displays the contact form
*
* @param int $uid User ID of article author
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string HTML for the contact form
*
*/
function contactform($uid, $subject = '', $message = '')
{
global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1)) {
$retval = COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('xhtml', XHTML);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('site_admin_url', $_CONF['site_admin_url']);
$login->set_var('layout_url', $_CONF['layout_url']);
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$retval .= $login->finish($login->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
$displayname = COM_getDisplayName($uid);
if ($P['emailfromadmin'] == 1 && $isAdmin || $P['emailfromuser'] == 1 && !$isAdmin) {
$retval = COM_startBlock($LANG08[10] . ' ' . $displayname);
$mail_template = new Template($_CONF['path_layout'] . 'profiles');
$mail_template->set_file('form', 'contactuserform.thtml');
$mail_template->set_var('xhtml', XHTML);
$mail_template->set_var('site_url', $_CONF['site_url']);
$mail_template->set_var('lang_description', $LANG08[26]);
$mail_template->set_var('lang_username', $LANG08[11]);
if (COM_isAnonUser()) {
$sender = '';
if (isset($_POST['author'])) {
$sender = strip_tags($_POST['author']);
$sender = substr($sender, 0, strcspn($sender, "\r\n"));
$sender = htmlspecialchars(trim($sender), ENT_QUOTES);
}
$mail_template->set_var('username', $sender);
} else {
$mail_template->set_var('username', COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']));
}
$mail_template->set_var('lang_useremail', $LANG08[12]);
if (COM_isAnonUser()) {
$email = '';
if (isset($_POST['authoremail'])) {
$email = strip_tags($_POST['authoremail']);
$email = substr($email, 0, strcspn($email, "\r\n"));
$email = htmlspecialchars(trim($email), ENT_QUOTES);
}
$mail_template->set_var('useremail', $email);
} else {
$mail_template->set_var('useremail', $_USER['email']);
}
$mail_template->set_var('lang_cc', $LANG08[36]);
$mail_template->set_var('lang_cc_description', $LANG08[37]);
$mail_template->set_var('lang_subject', $LANG08[13]);
$mail_template->set_var('subject', $subject);
$mail_template->set_var('lang_message', $LANG08[14]);
$mail_template->set_var('message', htmlspecialchars($message));
$mail_template->set_var('lang_nohtml', $LANG08[15]);
$mail_template->set_var('lang_submit', $LANG08[16]);
$mail_template->set_var('uid', $uid);
PLG_templateSetVars('contact', $mail_template);
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
$retval .= COM_endBlock();
} else {
$retval = COM_startBlock($LANG08[10] . ' ' . $displayname, '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG08[35];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
}
return $retval;
}
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
if (!SEC_hasRights('forum.edit')) {
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_GF00['access_denied']);
$display .= $LANG_GF00['admin_only'];
$display .= COM_endBlock();
$display .= COM_siteFooter(true);
echo $display;
exit;
}
USES_forum_functions();
USES_forum_format();
USES_forum_admin();
if (isset($_POST['migrate']) && $_POST['migrate'] == $LANG_GF01['MIGRATE_NOW'] and $_POST['selforum'] != "select" and !empty($_POST['cb_chkentry'])) {
$num_stories = 0;
$num_posts = 0;
$forum = COM_applyFilter($_POST['selforum']);
/**
* Show topic administration form
*
* @param string tid ID of topic to edit
* @return string HTML for the topic editor
*/
function edittopic($tid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG04, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
$retval = '';
if (empty($tid)) {
// new topic - set defaults
$A = array('tid' => '', 'topic' => '', 'sortnum' => 0, 'parent_id' => TOPIC_ROOT, 'inherit' => 1, 'hidden' => 0, 'limitnews' => '', 'is_default' => 0, 'archive_flag' => 0);
} else {
$result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 || $access == 2) {
$retval .= COM_showMessageText($LANG27[13], $LANG27[12]);
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
return $retval;
}
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
if (!is_array($A) || empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
// this is the one instance where we default the group
// most topics should belong to the Topic Admin group
if (isset($_GROUPS['Topic Admin'])) {
$A['group_id'] = $_GROUPS['Topic Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('topic.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
$access = 3;
}
$topic_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/topic');
$topic_templates->set_file('editor', 'topiceditor.thtml');
if (!empty($tid) && SEC_hasRights('topic.edit')) {
$delButton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsConfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$topic_templates->set_var('delete_option', sprintf($delButton, $jsConfirm));
$topic_templates->set_var('delete_option_no_confirmation', sprintf($delButton, ''));
$topic_templates->set_var('allow_delete', true);
$topic_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$topic_templates->set_var('confirm_message', $MESSAGE[76]);
$topic_templates->set_var('warning_msg', $LANG27[6]);
}
if ($_CONF['titletoid'] && empty($tid)) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$topic_templates->set_var('titletoid', true);
}
$topic_templates->set_var('lang_topicid', $LANG27[2]);
$topic_templates->set_var('topic_id', $A['tid']);
$topic_templates->set_var('lang_parent_id', $LANG27[32]);
$topic_templates->set_var('parent_id_options', TOPIC_getTopicListSelect($A['parent_id'], 1, false, $A['tid'], true));
$topic_templates->set_var('lang_inherit', $LANG27[33]);
$topic_templates->set_var('lang_inherit_info', $LANG27[34]);
if ($A['inherit'] == 1) {
$topic_templates->set_var('inherit_checked', 'checked="checked"');
} else {
$topic_templates->set_var('inherit_checked', '');
}
$topic_templates->set_var('lang_hidden', $LANG27[35]);
$topic_templates->set_var('lang_hidden_info', $LANG27[36]);
if ($A['hidden'] == 1) {
$topic_templates->set_var('hidden_checked', 'checked="checked"');
} else {
$topic_templates->set_var('hidden_checked', '');
}
$topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
$topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$topic_templates->set_var('owner_name', $ownername);
$topic_templates->set_var('owner', $ownername);
$topic_templates->set_var('owner_id', $A['owner_id']);
$topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
$topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
$topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
// show sort order only if they specified sortnum as the sort method
if ($_CONF['sortmethod'] !== 'alpha') {
$topic_templates->set_var('lang_sortorder', $LANG27[10]);
if ($A['sortnum'] == 0) {
$A['sortnum'] = '';
}
$topic_templates->set_var('sort_order', '<input type="text" size="5" maxlength="5" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
} else {
$topic_templates->set_var('lang_sortorder', $LANG27[14]);
$topic_templates->set_var('sort_order', $LANG27[15] . '<input type="hidden" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
}
$topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
if ($A['limitnews'] == 0) {
$topic_templates->set_var('story_limit', '');
} else {
$topic_templates->set_var('story_limit', $A['limitnews']);
}
$topic_templates->set_var('default_limit', $_CONF['limitnews']);
$topic_templates->set_var('lang_defaultis', $LANG27[16]);
$topic_templates->set_var('lang_topicname', $LANG27[3]);
$topic_templates->set_var('topic_name', htmlspecialchars(stripslashes($A['topic']), ENT_QUOTES, COM_getEncodingt()));
if (empty($A['tid'])) {
$A['imageurl'] = '/images/topics/';
}
$topic_templates->set_var('lang_topicimage', $LANG27[4]);
$topic_templates->set_var('lang_uploadimage', $LANG27[27]);
$topic_templates->set_var('lang_maxsize', $LANG27[28]);
$topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']);
$topic_templates->set_var('max_url_length', 255);
$topic_templates->set_var('image_url', $A['imageurl']);
if (empty($_CONF['image_lib'])) {
$scaling = $LANG04[162];
} else {
$scaling = $LANG04[161];
}
$topic_templates->set_var('icon_max_dimensions', sprintf($LANG04[160], $_CONF['max_topicicon_width'], $_CONF['max_topicicon_height'], $_CONF['max_topicicon_size'], $scaling));
$topic_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$topic_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($A['meta_description'])) {
$topic_templates->set_var('meta_description', $A['meta_description']);
}
if (!empty($A['meta_keywords'])) {
$topic_templates->set_var('meta_keywords', $A['meta_keywords']);
}
if ($_CONF['meta_tags'] > 0) {
$topic_templates->set_var('hide_meta', '');
} else {
$topic_templates->set_var('hide_meta', ' style="display:none;"');
}
$topic_templates->set_var('lang_defaulttopic', $LANG27[22]);
$topic_templates->set_var('lang_defaulttext', $LANG27[23]);
if ($A['is_default'] == 1) {
$topic_templates->set_var('default_checked', 'checked="checked"');
} else {
$topic_templates->set_var('default_checked', '');
}
$topic_templates->set_var('lang_archivetopic', $LANG27[25]);
$topic_templates->set_var('lang_archivetext', $LANG27[26]);
$topic_templates->set_var('archive_disabled', '');
if ($A['archive_flag'] == 1) {
$topic_templates->set_var('archive_checked', 'checked="checked"');
} else {
$topic_templates->set_var('archive_checked', '');
// Only 1 topic can be the archive topic - so check if there already is one
if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
$topic_templates->set_var('archive_disabled', 'disabled');
}
}
if (empty($tid)) {
$num_stories = $LANG_ADMIN['na'];
} else {
$nResult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND ta.tid = '" . DB_escapeString($tid) . "'" . COM_getPermSql('AND'));
$N = DB_fetchArray($nResult);
$num_stories = COM_numberFormat($N['count']);
}
$topic_templates->set_var('lang_num_stories', $LANG27[30]);
$topic_templates->set_var('num_stories', $num_stories);
$topic_templates->set_var('gltoken_name', CSRF_TOKEN);
$topic_templates->set_var('gltoken', $token);
$topic_templates->parse('output', 'editor');
$retval .= $topic_templates->finish($topic_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
// | databox_function 共通&navbarMenu設定 |
// +---------------------------------------------------------------------------+
// $Id: databox_function.php
// public_html/admin/plugins/databox/databox_function.php
// 20100924 tsuchitani AT ivywe DOT co DOT jp
// 20120509 fieldset add
define('THIS_PLUGIN', 'databox');
require_once '../../../lib-common.php';
if (!in_array('databox', $_PLUGINS)) {
COM_handle404();
exit;
}
require_once $_CONF['path'] . 'plugins/databox/lib/ppNavbar.php';
$edt_flg = FALSE;
// 権限チェック
if (SEC_hasRights('databox.admin')) {
} else {
$information = array();
$information['pagetitle'] = $MESSAGE[30];
$display = "";
$display .= COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $MESSAGE[35];
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally access the databox administration screen.");
$display = DATABOX_displaypage($pi_name, '_admin', $display, $information);
COM_output($display);
exit;
}
$adminurl = $_CONF['site_admin_url'] . '/plugins/' . THIS_PLUGIN . "/";
$navbarMenu = array();
$navbarMenu[$LANG_DATABOX_admin_menu['1']] = $adminurl . 'information.php';
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
if (!in_array('mediagallery', $_PLUGINS)) {
COM_404();
exit;
}
// Check user has rights to access this page
if (!SEC_hasRights('mediagallery.view', 'mediagallery.admin', 'OR')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the Media Gallery page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_MG00['access_denied']);
$display .= $LANG_MG00['access_denied_msg'];
$display .= COM_endBlock();
$display .= COM_siteFooter(true);
echo $display;
exit;
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/init.php';
/*
* Main Function
*/
MG_initAlbums();
/**
* Show main plugin screen: installed and uninstalled plugins, upload form
*
* @param string $message (optional) message to display
* @param string $token an optional csrf token
* @return string HTML for the plugin screen
*
*/
function plugin_main($message = '', $token = '')
{
global $LANG32;
$retval = '';
$retval .= COM_siteHeader('menu', $LANG32[5]);
if (!empty($message)) {
$retval .= COM_showMessageText($message);
} else {
$retval .= COM_showMessageFromParameter();
}
if (empty($token)) {
$token = SEC_createToken();
}
$retval .= listplugins($token);
if (SEC_hasRights('plugin.install')) {
$retval .= show_newplugins($token);
}
// Show the upload form or an error message
$retval .= plugin_show_uploadform($token);
$retval .= COM_siteFooter();
return $retval;
}
/**
* Delete an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN;
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
$sp_id = $args['sp_id'];
if (!SEC_hasRights('staticpages.delete')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
if (!COM_isAnonUser()) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
PLG_itemDeleted($sp_id, 'staticpages');
$output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
return PLG_RET_OK;
}
/**
* Plugin function to display a specific comment thread
* $id Unique idenifier for item comment belongs to
* $cid Comment id to display (possibly including sub-comments)
* $title Page/comment title
* $order 'ASC' or 'DSC' or blank
* $format 'threaded', 'nested', or 'flat'
* $page Page number of comments to display
* $view True to view comment (by cid), false to display (by $pid)
*/
function _mg_displaycomment($id, $commentid, $title, $order, $format, $page, $view)
{
global $_CONF, $_USER, $_MG_CONF, $LANG_LOGIN;
if (COM_isAnonUser() && $_MG_CONF['loginrequired']) {
echo SEC_loginRequiredForm();
exit;
}
$retval = '';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-media.php';
list($ptitle, $retval, $themeCSS, $album_id) = MG_displayMediaImage($id, 0, 0, 0);
$retval = $themeCSS . $retval;
if (SEC_hasRights('mediagallery.admin')) {
$delete_option = true;
} else {
$delete_option = false;
}
$view = $view == 1 ? true : false;
$retval .= CMT_userComments($id, $title, 'mediagallery', $order, $format, $commentid, $page, $view, $delete_option);
return $retval;
}
<table width="100%">';
$answerQuery = DB_query("SELECT id,answer,aorder FROM {$_TABLES['quiz_answers']} WHERE qid={$qid} ORDER BY aorder");
$answercnt = 1;
while (list($id, $answer, $aorder) = DB_fetchARRAY($answerQuery)) {
if ($id == $quizResultAnsID) {
if ($id == $qanswer) {
echo '<tr><td style="color:green;padding-left:5px;">';
} else {
echo '<tr><td style="color:red;padding-left:5px;">';
}
} else {
echo '<tr><td style="color:black;padding-left:5px;">';
}
echo $answercnt . ') ';
echo '<input type="radio"';
if ($id == $qanswer and SEC_hasRights('quiz.edit')) {
echo " checked";
}
echo '>';
echo ' ' . $answer . '</td></tr>';
$answercnt++;
}
echo '<tr><td colspan="2"><hr></td></tr>';
echo '</table></td></tr></table><br>';
}
echo '</td></tr><tr><td align="center"></tr></table>';
}
echo COM_endBlock();
echo COM_siteFooter();
} else {
echo "<br>Need to add a error message here.. Trying to access result for another user";
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
require_once '../lib-common.php';
if (!in_array('custommenu', $_PLUGINS)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
// Check user has rights to access this page
if (!SEC_hasRights('custommenu.edit,custommenu.view,custommenu.admin', 'OR')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the custommenu page. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
$display = COM_startBlock($LANG_MCONF['access_denied']);
$display .= $LANG_MCONF['access_denied_msg'];
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display);
COM_output($display);
exit;
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
function MB_saveNewMenuElement()
{
global $_CONF, $_TABLES, $_GROUPS, $MenuElementAllowedHTML;
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
// build post vars
$E['menu_id'] = COM_applyFilter($_POST['menu'], true);
$E['pid'] = COM_applyFilter($_POST['pid'], true);
$E['element_label'] = $filter->filterHTML($_POST['menulabel']);
$E['element_type'] = COM_applyFilter($_POST['menutype'], true);
$E['element_target'] = isset($_POST['urltarget']) ? COM_applyFilter($_POST['urltarget']) : '';
$afterElementID = COM_applyFilter($_POST['menuorder'], true);
$E['element_active'] = COM_applyFilter($_POST['menuactive'], true);
$E['element_url'] = isset($_POST['menuurl']) ? trim(COM_applyFilter($_POST['menuurl'])) : '';
$E['group_id'] = COM_applyFilter($_POST['group'], true);
$menu = menu::getInstance($E['menu_id']);
switch ($E['element_type']) {
case 2:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['glfunction']));
break;
case 3:
$E['element_subtype'] = COM_applyFilter($_POST['gltype'], true);
break;
case 4:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['pluginname']));
break;
case 5:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['spname']));
break;
case 6:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['menuurl']));
/*
* check URL if it needs http:// appended...
*/
if (trim($E['element_subtype']) != '') {
if (strpos($E['element_subtype'], "http") !== 0 && strpos($E['element_subtype'], "%site") === false && rtrim($E['element_subtype']) != '') {
$E['element_subtype'] = 'http://' . $E['element_subtype'];
}
}
break;
case 7:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['phpfunction']));
break;
case 9:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['topicname']));
break;
default:
$E['element_subtype'] = '';
break;
}
// check if URL needs the http:// added
if (trim($E['element_url']) != '') {
if (strpos($E['element_url'], "http") !== 0 && strpos($E['element_url'], "%site") === false && $E['element_url'][0] != '#' && rtrim($E['element_url']) != '') {
$E['element_url'] = 'http://' . $E['element_url'];
}
}
/*
* Pull some constants..
*/
$meadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
$groups = $_GROUPS;
/* set element order */
if ($afterElementID == 0) {
$aorder = 0;
} else {
$aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $afterElementID);
}
$E['element_order'] = $aorder + 1;
/*
* build our class
*/
$element = new menuElement();
$element->constructor($E, $meadmin, $root, $groups, 1);
$element->id = $element->createElementID($E['menu_id']);
$element->saveElement();
$pid = $E['pid'];
$menu_id = $E['menu_id'];
$menu->reorderMenu($pid);
CACHE_remove_instance('menu');
}
$reclaim_html .= '<input type="hidden" name="projectid" value="' . $project_id . '">' . LB;
$reclaim_html .= '<input type="hidden" name="taskuser" value="' . $usermodeUID . '">' . LB;
$reclaim_html .= '<input type="submit" value="Re-Initiate" ' . $onclick_action . '></form>';
$p->set_var('special_status_action', $reclaim_html);
} elseif ($PD['status'] == 7 and SEC_inGroup('nexflow Admin')) {
// Project in On-Hold State
$onclick_action = 'onClick="return confirm(\'Are you sure you want to Restart this Project?\');"';
$reclaim_html = '<form action="' . $_CONF['site_url'] . '/nexflow/reclnfproject.php" method="post" style="display:inline;margin:0px;">' . LB;
$reclaim_html .= '<input type="hidden" name="projectid" value="' . $project_id . '">' . LB;
$reclaim_html .= '<input type="hidden" name="taskuser" value="' . $usermodeUID . '">' . LB;
$reclaim_html .= '<input type="submit" value="Re-Initiate" ' . $onclick_action . '></form>';
$p->set_var('special_status_action', $reclaim_html);
} else {
$p->set_var('special_status_action', '');
}
if ($source != 'mytasks' and SEC_hasRights('nexflow.admin')) {
$deleteProjectLink = '<a href="#" onClick="ajaxUpdateDeleteProject(' . $project_id . ',' . $rowid . ');return false;">Delete Project</a>';
$p->set_var('delete_project_action', $deleteProjectLink);
} else {
$p->set_var('show_editgatedates', 'none');
$p->set_var('delete_project_action', '');
}
// Determine if this process' template has an application Flow group associated with it
// if so, run any custom function for display here
$sql = "SELECT c.AppGroup from {$_TABLES['nf_template']} a ";
$sql .= "INNER JOIN {$_TABLES['nf_process']} b on a.id=b.nf_templateID ";
$sql .= "INNER JOIN {$_TABLES['nf_appgroups']} c on a.AppGroup=c.id";
$sql .= " where b.id={$PD['wf_process_id']}";
$rs = DB_query($sql);
list($appGroup) = DB_fetchArray($rs);
$appGroup = 'nf_AppGroupDisplay_' . str_replace(' ', '', $appGroup);
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
require_once '../../../lib-common.php';
// Only let users with nexflow.edit rights to access this page
if (!SEC_hasRights('nexflow.edit')) {
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_NF00['access_denied']);
$display .= $LANG_NF00['admin_access_error'];
$display .= COM_endBlock();
$display .= COM_siteFooter(true);
echo $display;
exit;
}
require_once $_CONF['path'] . 'plugins/nexflow/config.php';
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
if (isset($_USER['uid'])) {
$userid = $_USER['uid'];
} else {
$userid = 1;
}
/**
* Prepare a banner item for rendering
*
* @param array $A banner details
* @param ref $template reference of the banner template
*
*/
function prepare_banner_item($A, &$template)
{
global $_CONF, $_USER, $LANG_ADMIN, $LANG_BANNER, $_IMAGE_TYPE, $LANG_DIRECTION;
$url = COM_buildUrl($_CONF['site_url'] . '/banner/portal.php?what=banner&item=' . $A['bid']);
$template->set_var('banner_url', $url);
$template->set_var('banner_actual_url', $A['url']);
$template->set_var('banner_actual_url_encoded', urlencode($A['url']));
$template->set_var('banner_name', stripslashes($A['title']));
$template->set_var('banner_name_encoded', urlencode($A['title']));
$template->set_var('banner_hits', COM_numberFormat($A['hits']));
$content = stripslashes($A['title']);
$template->set_var('banner_html', $content);
if (!COM_isAnonUser() && !SEC_hasRights('banner.edit')) {
$reporturl = $_CONF['site_url'] . '/banner/index.php?mode=report&bid=' . $A['bid'];
$template->set_var('banner_broken', COM_createLink($LANG_BANNER[117], $reporturl, array('class' => 'pluginSmallText', 'rel' => 'nofollow')));
} else {
$template->set_var('banner_broken', '');
}
$bannerimg = nl2br(stripslashes($A['description']));
$flg_link = empty($A['url']) ? false : true;
$banner = banner_buildBanner($A['bid'], $content, $bannerimg, $flg_link);
$template->set_var('banner_description', $banner);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && SEC_hasRights('banner.edit')) {
$editurl = $_CONF['site_admin_url'] . '/plugins/banner/index.php?mode=edit&bid=' . $A['bid'];
$template->set_var('banner_edit', COM_createLink($LANG_ADMIN['edit'], $editurl));
$edit_icon = "<img src=\"{$_CONF['layout_url']}/images/edit.{$_IMAGE_TYPE}\" " . "alt=\"{$LANG_ADMIN['edit']}\" title=\"{$LANG_ADMIN['edit']}\"" . XHTML . ">";
$attr = array('class' => 'editlink');
$template->set_var('edit_icon', COM_createLink($edit_icon, $editurl, $attr));
} else {
$template->set_var('banner_edit', '');
$template->set_var('edit_icon', '');
}
}
private static function _htmLawed($str, $permissions)
{
global $_CONF, $_USER;
require_once $_CONF['path_system'] . 'classes/htmlawed/htmLawed.php';
// Sets config options for htmLawed. See http://www.bioinformatics.org/
// phplabware/internal_utilities/htmLawed/htmLawed_README.htm
$config = array('balance' => 1, 'comment' => 3, 'css_expression' => 1, 'keep_bad' => 0, 'tidy' => 0, 'unique_ids' => 1, 'valid_xhtml' => 1);
if (isset($_CONF['allowed_protocols']) && is_array($_CONF['allowed_protocols']) && count($_CONF['allowed_protocols']) > 0) {
$schemes = $_CONF['allowed_protocols'];
} else {
$schemes = array('http:', 'https:', 'ftp:');
}
$schemes = str_replace(':', '', implode(', ', $schemes));
$config['schemes'] = 'href: ' . $schemes . '; *: ' . $schemes;
if (empty($permissions) || !SEC_hasRights($permissions) || empty($_CONF['admin_html'])) {
$html = $_CONF['user_html'];
} else {
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$html = array_merge_recursive($_CONF['user_html'], $_CONF['admin_html'], $_CONF['advanced_html']);
} else {
$html = array_merge_recursive($_CONF['user_html'], $_CONF['admin_html']);
}
}
foreach ($html as $tag => $attr) {
if (is_array($attr) && count($attr) > 0) {
$spec[] = $tag . '=' . implode(', ', array_keys($attr));
} else {
$spec[] = $tag . '=-*';
}
$elements[] = $tag;
}
$config['elements'] = implode(', ', $elements);
$spec = implode('; ', $spec);
$str = htmLawed($str, $config, $spec);
return $str;
}
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($mid) . "'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
$filename = $A['media_original_filename'];
if (empty($filename)) {
$filename = $A['media_filename'] . '.' . $A['media_mime_ext'];
}
$mime_type = $A['mime_type'];
if ($mime_type == 'application/octet-stream' && strtolower($A['media_mime_ext']) == 'pdf') {
$mime_type = 'application/pdf';
}
if (!SEC_hasRights('mediagallery.admin')) {
$media_views = $A['media_views'] + 1;
DB_change($_TABLES['mg_media'], 'media_views', $media_views, 'media_id', addslashes($mid));
}
$path = MG_getFilePath('orig', $A['media_filename'], $A['media_mime_ext']);
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0,pre-check=0");
header("Cache-Control: private", false);
header("Content-type:" . $mime_type);
header("Content-Disposition: attachment; filename=\"" . $filename . "\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($path));
$fp = fopen($path, 'r');
if ($fp != NULL) {
while (!feof($fp)) {
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
//
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
// Only let admin users access this page
if (!SEC_hasRights('mediagallery.config')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the Media Gallery Configuration page. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
$display = COM_startBlock($LANG_MG00['access_denied']);
$display .= $LANG_MG00['access_denied_msg'];
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display);
COM_output($display);
exit;
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/common.php';
require_once $_MG_CONF['path_admin'] . 'navigation.php';
function MG_selectUsers($page)
{
global $glversion, $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01;
$retval = '';
/**
* Saves user to the database
*
* @param int $uid user id
* @param string $usernmae (short) username
* @param string $fullname user's full name
* @param string $email user's email address
* @param string $regdate date the user registered with the site
* @param string $homepage user's homepage URL
* @param array $groups groups the user belongs to
* @param string $delete_photo delete user's photo if == 'on'
* @return string HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering saveusers****", 1);
COM_errorLog("group size at beginning = " . count($groups), 1);
}
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
// If remote service then assume blank password
if (!empty($service)) {
$passwd = '';
$passwd_conf = '';
}
$passwd_changed = true;
if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
$passwd_changed = false;
}
if ($passwd_changed && $passwd != $passwd_conf) {
// passwords don't match
return edituser($uid, 67);
}
$nameAndEmailOkay = true;
if (empty($username)) {
$nameAndEmailOkay = false;
} elseif (empty($email)) {
if (empty($uid)) {
$nameAndEmailOkay = false;
// new users need an email address
} else {
if (empty($service)) {
$nameAndEmailOkay = false;
// not a remote user - needs email
}
}
}
if ($nameAndEmailOkay) {
if (!empty($email) && !COM_isEmail($email)) {
return edituser($uid, 52);
}
$uname = DB_escapeString($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
if (!empty($service)) {
$uservice = DB_escapeString($service);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return edituser($uid, 51);
}
$emailaddr = DB_escapeString($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return edituser($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return edituser($uid, $ret['number']);
}
}
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = SEC_generateRandomPassword();
}
$uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
} else {
$fullname = DB_escapeString($fullname);
$homepage = DB_escapeString($homepage);
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
if (!empty($curphoto) && $delete_photo == 'on') {
USER_deletePhoto($curphoto);
$curphoto = '';
}
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
return $retval;
}
$curphoto = $newphoto;
}
}
$curphoto = DB_escapeString($curphoto);
DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
if ($passwd_changed && !empty($passwd)) {
SEC_updateUserPassword($passwd, $uid);
}
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
}
// check that the user is allowed to change group assignments
if (is_array($groups) && SEC_hasRights('group.assign')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
echo $retval;
exit;
}
} else {
$retval .= COM_showMessageText($LANG28[10]);
if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= edituser($uid);
} else {
$retval .= edituser();
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
COM_output($retval);
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving saveusers*****************", 1);
}
return $retval;
}
