/** * Returns permissions for a page category. * @param string $cat Category code * @return array Permissions array with keys: 'auth_read', 'auth_write', 'isadmin', 'auth_download' * @todo Реализуй меня */ function cot_advboard_auth($cat = null) { if (empty($cat)) { $cat = 'any'; } $auth = array(); list($auth['auth_read'], $auth['auth_write'], $auth['isadmin'], $auth['auth_download']) = cot_auth('advboard', $cat, 'RWA1'); return $auth; }
public function indexAction() { global $structure; if (!cot_module_active('rss')) { cot_die_message(404, TRUE); } $c = cot_import('c', 'G', 'TXT'); if (!empty($c)) { if (!isset($structure['advboard'][$c])) { cot_die_message(404, TRUE); } list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin']) = cot_auth('advboard', $c); cot_block(cot::$usr['auth_read']); } $rss_title = cot::$L['advboard_rss_feed'] . cot::$cfg['maintitle']; $rss_link = cot::$cfg['mainurl']; $rss_description = cot::$cfg['subtitle']; $domain = cot::$sys['domain']; $condition = array(array('state', advboard_model_Advert::PUBLISHED), array('begin', cot::$sys['now'], '<='), array('SQL', "expire = 0 OR expire > " . cot::$sys['now'])); if (!empty($c)) { $rss_title = cot::$L['advboard_rss_feed'] . $structure['advboard'][$c]['title'] . ' - ' . cot::$cfg['maintitle']; $condition[] = array('category', $c); } $advertisement = advboard_model_Advert::find($condition, cot::$cfg['rss']['rss_maxitems'], 0, array(array('sort', 'desc'))); $t = new XTemplate(cot_tplfile('rss')); $now = cot::$sys['now']; $now += cot::$usr['timezone'] * 3600; $t->assign(array('RSS_ENCODING' => cot::$cfg['rss']['rss_charset'], 'RSS_TITLE' => htmlspecialchars($rss_title), 'RSS_LINK' => $rss_link, 'RSS_LANG' => cot::$cfg['defaultlang'], 'RSS_DESCRIPTION' => htmlspecialchars($rss_description), 'RSS_DATE' => $this->fixPubDate(date("r", $now)))); if (!empty($advertisement)) { foreach ($advertisement as $advert) { $url = $advert->url; if (!cot_url_check($url)) { $url = COT_ABSOLUTE_URL . $url; } $date = ''; if (!empty($advert->created)) { $date = strtotime($advert->created); $date += cot::$usr['timezone'] * 3600; $date = date('r', $date); $date = $this->fixPubDate($date); } $text = $advert->text; $textlength = intval(cot::$cfg['rss']['rss_pagemaxsymbols']); if ($textlength > 0 && mb_strlen($text) > $textlength) { $text = cot_string_truncate($text, $textlength, true, false, cot::$R['advboard_cuttext']); } $t->assign(array('RSS_ROW_TITLE' => htmlspecialchars($advert->title), 'RSS_ROW_DESCRIPTION' => $this->convertRelativeUrls($text), 'RSS_ROW_DATE' => $date, 'RSS_ROW_LINK' => $url)); $t->parse('MAIN.ITEM_ROW'); } } $t->parse('MAIN'); // ob_clean(); header('Content-type: text/xml; charset=UTF-8'); echo $t->text('MAIN'); exit; }
/** * Generates a link to PFS * * @global array $L * @global array $cfg * @global array $usr * @global array $cot_groups * @param int $id User ID * @param string $c1 Form name * @param string $c2 Input name * @param string $title Link title * @param string $parser Custom parser (otional) * @return string */ function cot_build_pfs($id, $c1, $c2, $title, $parser = '') { global $L, $cfg, $usr, $cot_groups; if ($id == 0) { $res = "<a href=\"javascript:pfs('0','" . $c1 . "','" . $c2 . "','" . $parser . "')\">" . $title . "</a>"; } elseif (cot_auth('pfs', 'a', 'R')) { $res = "<a href=\"javascript:pfs('" . $id . "','" . $c1 . "','" . $c2 . "','" . $parser . "')\">" . $title . "</a>"; } else { $res = ''; } return $res; }
function cot_generate_sbrtags($item_data, $tag_prefix = '', $admin_rights = null, $pagepath_home = false) { global $db, $cot_extrafields, $cfg, $L, $Ls, $R, $db_sbr, $db_sbr_stages, $sys; static $extp_first = null, $extp_main = null; if (is_null($extp_first)) { $extp_first = cot_getextplugins('sbrtags.first'); $extp_main = cot_getextplugins('sbrtags.main'); } /* === Hook === */ foreach ($extp_first as $pl) { include $pl; } /* ===== */ if (!is_array($item_data)) { $sql = $db->query("SELECT * FROM {$db_sbr} WHERE sbr_id = '" . (int) $item_data . "' LIMIT 1"); $item_data = $sql->fetch(); } if ($item_data['sbr_id'] > 0 && !empty($item_data['sbr_title'])) { if (is_null($admin_rights)) { $admin_rights = cot_auth('plug', 'sbr', 'A'); } $patharray[] = array(cot_url('sbr'), $L['sbr']); $patharray[] = array(cot_url('sbr', 'id=' . $item_data['sbr_id']), $item_data['sbr_title']); $itempath = cot_breadcrumbs($patharray, $pagepath_home, true); $temp_array = array('ID' => $item_data['sbr_id'], 'STATUS' => $item_data['sbr_status'], 'LOCALSTATUS' => $L['sbr_status_' . $item_data['sbr_status']], 'LABELSTATUS' => $R['sbr_labels'][$item_data['sbr_status']], 'URL' => cot_url('sbr', 'id=' . $item_data['sbr_id']), 'TITLE' => $itempath, 'SHORTTITLE' => $item_data['sbr_title'], 'CREATEDATE' => date('d.m.Y H:i', $item_data['sbr_create']), 'CREATEDATE_STAMP' => $item_data['sbr_create'], 'BEGINDATE' => date('d.m.Y H:i', $item_data['sbr_begin']), 'BEGINDATE_STAMP' => $item_data['sbr_begin'], 'DONEDATE' => date('d.m.Y H:i', $item_data['sbr_done']), 'DONEDATE_STAMP' => $item_data['sbr_done'], 'COST' => $item_data['sbr_cost'], 'TAX' => $item_data['sbr_tax'], 'TOTAL' => $item_data['sbr_cost'] + $item_data['sbr_tax'], 'USER_IS_ADMIN' => $admin_rights || $usr['id'] == $item_data['item_userid']); if ($admin_rights || $usr['id'] == $item_data['sbr_employer']) { $temp_array['ADMIN_EDIT'] = cot_rc_link(cot_url('sbr', 'm=edit&id=' . $item_data['sbr_id']), $L['Edit']); $temp_array['ADMIN_EDIT_URL'] = cot_url('sbr', 'm=edit&id=' . $item_data['sbr_id']); } // Extrafields if (isset($cot_extrafields[$db_sbr])) { foreach ($cot_extrafields[$db_sbr] as $exfld) { $tag = mb_strtoupper($exfld['field_name']); $temp_array[$tag . '_TITLE'] = isset($L['sbr_' . $exfld['field_name'] . '_title']) ? $L['sbr_' . $exfld['field_name'] . '_title'] : $exfld['field_description']; $temp_array[$tag] = cot_build_extrafields_data('sbr', $exfld, $item_data['item_' . $exfld['field_name']]); } } /* === Hook === */ foreach ($extp_main as $pl) { include $pl; } /* ===== */ } else { $temp_array = array('TITLE' => !empty($emptytitle) ? $emptytitle : $L['Deleted'], 'SHORTTITLE' => !empty($emptytitle) ? $emptytitle : $L['Deleted']); } $return_array = array(); foreach ($temp_array as $key => $val) { $return_array[$tag_prefix . $key] = $val; } return $return_array; }
function karma_gadget($user_id, $user_karma, $location, $location_id, $module = false) { global $usr, $cfg, $karma_cache, $color; $color = explode(",", $cfg['plugin']['karma']['karma_color']); if (!$karma_cache[$user_id]) { $negative = !$cfg['plugin']['karma']['neg_rec'] && $usr['profile']['user_karma'] < 0 ? false : true; $k_add = cot_auth('plug', 'karma', 'W') && $usr['id'] > 0 && $location != 'self' ? true : ""; $karmat = new XTemplate(cot_tplfile(array('karma', 'gadget'), true)); $module = urlencode($module); $karmat->assign(array("PAGE_KARMA_D" => number_format($user_karma, '1', '.', ' '), "PAGE_KARMA_ADD" => $user_id != $usr['id'] && $k_add ? cot_url('plug', 'r=karma&act=change&lct=' . $location . '&value=add&fp=' . $location_id . '&mod=' . $module) : false, "PAGE_KARMA_DEL" => $user_id != $usr['id'] && $negative && $k_add ? cot_url('plug', 'r=karma&act=change&lct=' . $location . '&value=del&fp=' . $location_id . '&mod=' . $module) : false, "PAGE_KARMA_URL" => $k_add || $location == 'self' ? cot_url('plug', 'r=karma&act=show&fp=' . $user_id) : false, "PAGE_KARMA_MINI" => $cfg['plugin']['karma']['karma_com'] ? '' : 'karma_mini')); $karmat->parse('MAIN'); $karma_cache[$user_id] = $karmat->text('MAIN'); } return $karma_cache[$user_id]; }
function cot_ukarma_checkenablescore($userid, $area = '', $code = '') { global $db, $cfg, $sys, $usr, $db_ukarma; if (cot_auth('plug', 'ukarma', 'W')) { if ($usr['id'] == $userid) { return false; } if (!cot_auth('plug', 'ukarma', 'A') && $cfg['plugin']['ukarma']['karma_rate'] > 0 && cot_ukarma($usr['id'], '', '', true) < $cfg['plugin']['ukarma']['karma_rate']) { return false; } $where['ukarma_ownerid'] = "ukarma_ownerid=" . $usr['id']; $where['ukarma_userid'] = "ukarma_userid=" . $userid; if (!empty($area)) { $where['ukarma_area'] = "ukarma_area='" . $area . "'"; } if (!empty($code)) { $where['ukarma_code'] = "ukarma_code='" . $code . "'"; } $where = $where ? 'WHERE ' . implode(' AND ', $where) : ''; $score_isset = (bool) $db->query("SELECT ukarma_id FROM {$db_ukarma} {$where}")->fetch(); $score_enabled = !$score_isset ? true : false; if ($cfg['plugin']['ukarma']['karma_daylimit'] > 0 && !cot_auth('plug', 'ukarma', 'A')) { $lastdate = $sys['now'] - 24 * 60 * 60; $score_count = $db->query("SELECT COUNT(*) FROM {$db_ukarma} WHERE ukarma_ownerid=" . $usr['id'] . " AND ukarma_date >" . $lastdate)->fetchColumn(); if ($score_count >= $cfg['plugin']['ukarma']['karma_daylimit']) { $score_enabled = false; } } if ($cfg['plugin']['ukarma']['karma_personaldaylimit'] > 0 && !cot_auth('plug', 'ukarma', 'A')) { $lastdate = $sys['now'] - 24 * 60 * 60; $score_count = $db->query("SELECT COUNT(*) FROM {$db_ukarma} WHERE ukarma_ownerid=" . $usr['id'] . " AND ukarma_userid=" . $userid . " AND ukarma_date >" . $lastdate)->fetchColumn(); if ($score_count >= $cfg['plugin']['ukarma']['karma_personaldaylimit']) { $score_enabled = false; } } return $score_enabled; } }
<?php /* ==================== [BEGIN_COT_EXT] Hooks=search.page.catlist [END_COT_EXT] ==================== */ /** * Search in system cat. Adds `system` to form field * * @package search_system * @author Andrey Matsovkin * @copyright Copyright (c) 2011-2016 * @license Distributed under BSD license. */ defined('COT_CODE') or die('Wrong URL.'); $cat = 'system'; if (cot_auth('page', $cat, 'R')) { $x = $structure['page'][$cat]; $pages_cat_list[$cat] = $x['tpath']; $pag_catauth[] = $db->prep($cat); }
<?php /** * [BEGIN_COT_EXT] * Hooks=market.add.tags * [END_COT_EXT] */ /** * plugin tagslance for Cotonti Siena * * @package tagslance * @version 1.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD * */ defined('COT_CODE') or die('Wrong URL.'); if ($cfg['plugin']['tagslance']['market'] && cot_auth('plug', 'tags', 'W')) { require_once cot_incfile('tags', 'plug'); $t->assign(array('PRDADD_TOP_TAGS' => $L['Tags'], 'PRDADD_TOP_TAGS_HINT' => $L['tags_comma_separated'], 'PRDADD_FORM_TAGS' => cot_rc('tags_input_editpage', array('tags' => '')))); if (cot_get_caller() == 'i18n.market') { $t->assign(array('I18N_PRD_TAGS' => implode(', ', cot_tag_list($id)), 'I18N_IPRD_TAGS' => cot_rc('tags_input_editpage', array('tags' => '')))); } $t->parse('MAIN.TAGS'); }
* @package projects * @version 2.5.2 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL'); $id = cot_import('id', 'G', 'INT'); $r = cot_import('r', 'G', 'ALP'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', 'any', 'RWA'); cot_block($usr['auth_write']); $item = $db->query("SELECT p.*, u.* FROM {$db_projects} AS p LEFT JOIN {$db_users} AS u ON u.user_id=p.item_userid WHERE item_id=" . (int) $id)->fetch(); if ($item['item_id'] != (int) $id) { cot_die_message(404, TRUE); } list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', $item['item_cat']); cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']); /* === Hook === */ foreach (cot_getextplugins('projects.preview.first') as $pl) { include $pl; } /* ===== */ if ($a == 'save') { cot_check_xg(); /* === Hook === */ foreach (cot_getextplugins('projects.preview.save.first') as $pl) { include $pl; } /* ===== */ $prj = array(); if ($cfg['projects']['prevalidate'] && !$usr['isadmin']) {
$q = cot_import('q', 'G', 'INT'); // topic id $p = cot_import('p', 'G', 'INT'); // post id list($pg, $d, $durl) = cot_import_pagenav('d', $cfg['forums']['maxpostsperpage']); /* === Hook === */ foreach (cot_getextplugins('forums.editpost.first') as $pl) { include $pl; } /* ===== */ cot_blockguests(); cot_check_xg(); isset($structure['forums'][$s]) || cot_die(); $sql_forums = $db->query("SELECT * FROM {$db_forum_posts} WHERE fp_id = ? and fp_topicid = ? and fp_cat = ?", array($p, $q, $s)); if ($rowpost = $sql_forums->fetch()) { list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('forums', $s); /* === Hook === */ foreach (cot_getextplugins('forums.editpost.rights') as $pl) { include $pl; } /* ===== */ if (!$usr['isadmin'] && ($rowpost['fp_posterid'] != $usr['id'] || $cfg['forums']['edittimeout'] != '0' && $sys['now'] - $rowpost['fp_creation'] > $cfg['forums']['edittimeout'] * 3600)) { cot_log('Attempt to edit a post without rights', 'sec'); cot_die(); } cot_block($usr['auth_read']); } else { cot_die(); } $is_first_post = $p == $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = ? ORDER BY fp_id ASC LIMIT 1", array($q))->fetchColumn(); $sql_forums = $db->query("SELECT ft_state, ft_mode, ft_title, ft_desc FROM {$db_forum_topics} WHERE ft_id = {$q} LIMIT 1");
$rs['pagsub'][] = 'all'; } /* === Hook === */ foreach (cot_getextplugins('search.page.catlist') as $pl) { include $pl; } /* ===== */ $t->assign(array('PLUGIN_PAGE_SEC_LIST' => cot_selectbox($rs['pagsub'], 'rs[pagsub][]', array_keys($pages_cat_list), array_values($pages_cat_list), false, 'multiple="multiple" style="width:50%"'), 'PLUGIN_PAGE_RES_SORT' => cot_selectbox($rs['pagsort'], 'rs[pagsort]', array('date', 'title', 'count', 'cat'), array($L['plu_pag_res_sort1'], $L['plu_pag_res_sort2'], $L['plu_pag_res_sort3'], $L['plu_pag_res_sort4']), false), 'PLUGIN_PAGE_RES_SORT_WAY' => cot_radiobox($rs['pagsort2'], 'rs[pagsort2]', array('DESC', 'ASC'), array($L['plu_sort_desc'], $L['plu_sort_asc'])), 'PLUGIN_PAGE_SEARCH_NAMES' => cot_checkbox($rs['pagtitle'] == 1 || count($rs['pagsub']) == 0, 'rs[pagtitle]', $L['plu_pag_search_names']), 'PLUGIN_PAGE_SEARCH_DESC' => cot_checkbox($rs['pagdesc'] == 1 || count($rs['pagsub']) == 0, 'rs[pagdesc]', $L['plu_pag_search_desc']), 'PLUGIN_PAGE_SEARCH_TEXT' => cot_checkbox($rs['pagtext'] == 1 || count($rs['pagsub']) == 0, 'rs[pagtext]', $L['plu_pag_search_text']), 'PLUGIN_PAGE_SEARCH_SUBCAT' => cot_checkbox($rs['pagsubcat'], 'rs[pagsubcat]', $L['plu_pag_set_subsec']), 'PLUGIN_PAGE_SEARCH_FILE' => cot_checkbox($rs['pagfile'] == 1, 'rs[pagfile]', $L['plu_pag_search_file']))); if ($tab == 'pag' || empty($tab) && $cfg['plugin']['search']['extrafilters']) { $t->parse('MAIN.PAGES_OPTIONS'); } } if (($tab == 'frm' || empty($tab)) && cot_module_active('forums') && $cfg['plugin']['search']['forumsearch']) { $forum_cat_list['all'] = $L['plu_allsections']; foreach ($structure['forums'] as $key => $val) { if (cot_auth('forums', $key, 'R')) { $forum_cat_list[$key] = $val['tpath']; $frm_catauth[] = $db->prep($key); } } if ($rs['frmsub'][0] == 'all' || !$rs['frmsub']) { $rs['frmsub'] = array(); $rs['frmsub'][] = 'all'; } $t->assign(array('PLUGIN_FORUM_SEC_LIST' => cot_selectbox($rs['frmsub'], 'rs[frmsub][]', array_keys($forum_cat_list), array_values($forum_cat_list), false, 'multiple="multiple" style="width:50%"'), 'PLUGIN_FORUM_RES_SORT' => cot_selectbox($rs['frmsort'], 'rs[frmsort]', array('updated', 'creationdate', 'title', 'postcount', 'viewcount', 'sectionid'), array($L['plu_frm_res_sort1'], $L['plu_frm_res_sort2'], $L['plu_frm_res_sort3'], $L['plu_frm_res_sort4'], $L['plu_frm_res_sort5'], $L['plu_frm_res_sort6']), false), 'PLUGIN_FORUM_RES_SORT_WAY' => cot_radiobox($rs['frmsort2'], 'rs[frmsort2]', array('DESC', 'ASC'), array($L['plu_sort_desc'], $L['plu_sort_asc'])), 'PLUGIN_FORUM_SEARCH_NAMES' => cot_checkbox($rs['frmtitle'] == 1 || count($rs['frmsub']) == 0, 'rs[frmtitle]', $L['plu_frm_search_names']), 'PLUGIN_FORUM_SEARCH_POST' => cot_checkbox($rs['frmtext'] == 1 || count($rs['frmsub']) == 0, 'rs[frmtext]', $L['plu_frm_search_post']), 'PLUGIN_FORUM_SEARCH_ANSW' => cot_checkbox($rs['frmreply'] == 1 || count($rs['frmsub']) == 0, 'rs[frmreply]', $L['plu_frm_search_answ']), 'PLUGIN_FORUM_SEARCH_SUBCAT' => cot_checkbox($rs['frmsubcat'], 'rs[frmsubcat]', $L['plu_frm_set_subsec']))); if ($tab == 'frm' || empty($tab) && $cfg['plugin']['search']['extrafilters']) { $t->parse('MAIN.FORUMS_OPTIONS'); } } if (!empty($sq)) { $words = explode(' ', preg_replace("'\\s+'", " ", $sq));
<?php /** * Payments module * * @package payments * @version 1.1.2 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL.'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('payments', 'any', 'RWA'); cot_block($usr['auth_write']); require_once cot_incfile('forms'); $n = cot_import('n', 'G', 'ALP'); $pid = cot_import('pid', 'G', 'INT'); $rsumm = cot_import('rsumm', 'G', 'NUM'); if (empty($n)) { $n = 'history'; } $t = new XTemplate(cot_tplfile('payments.balance', 'module')); $t->assign(array('BALANCE_SUMM' => cot_payments_getuserbalance($usr['id']), 'BALANCE_BILLING_URL' => cot_url('payments', 'm=balance&n=billing'), 'BALANCE_HISTORY_URL' => cot_url('payments', 'm=balance&n=history'), 'BALANCE_PAYOUT_URL' => cot_url('payments', 'm=balance&n=payouts'), 'BALANCE_TRANSFER_URL' => cot_url('payments', 'm=balance&n=transfer'))); if ($n == 'billing') { $pid = cot_import('pid', 'G', 'INT'); if ($a == 'buy') { $summ = cot_import('summ', 'P', 'NUM'); cot_check(empty($summ), 'payments_balance_billing_error_emptysumm'); cot_check(!empty($summ) && $summ < 0, 'payments_balance_billing_error_wrongsumm'); if (!cot_error_found()) { $options['desc'] = $L['payments_balance_billing_desc'];
$t->parse('MAIN.BEFORE_AJAX'); $t->parse('MAIN.AFTER_AJAX'); } cot_display_messages($t); $title[] = array(cot_url('pm'), $L['Private_Messages']); $title[] = !$id ? $L['pmsend_title'] : $L['Edit'] . ' #' . $id; $url_newpm = cot_url('pm', 'm=send'); $url_inbox = cot_url('pm'); $url_sentbox = cot_url('pm', 'f=sentbox'); if (COT_AJAX) { // Attach rich text editors to AJAX loaded page $rc_tmp = $out['footer_rc']; $out['footer_rc'] = ''; if (is_array($cot_plugins['editor'])) { foreach ($cot_plugins['editor'] as $k) { if ($k['pl_code'] == $editor && cot_auth('plug', $k['pl_code'], 'R')) { include $cfg['plugins_dir'] . '/' . $k['pl_file']; break; } } } $text_editor_code = $out['footer_rc']; $out['footer_rc'] = $rc_tmp; } $t->assign(array('PMSEND_TITLE' => cot_breadcrumbs($title, $cfg['homebreadcrumb']), 'PMSEND_SENDNEWPM' => $usr['auth_write'] ? cot_rc_link($url_newpm, $L['pm_sendnew'], array('class' => $cfg['pm']['turnajax'] ? 'ajax' : '')) : '', 'PMSEND_SENDNEWPM_URL' => $usr['auth_write'] ? $url_newpm : '', 'PMSEND_INBOX' => cot_rc_link($url_inbox, $L['pm_inbox'], array('class' => $cfg['pm']['turnajax'] ? 'ajax' : '')), 'PMSEND_INBOX_URL' => $url_inbox, 'PMSEND_INBOX_COUNT' => $totalinbox, 'PMSEND_SENTBOX' => cot_rc_link($url_sentbox, $L['pm_sentbox'], array('class' => $cfg['pm']['turnajax'] ? 'ajax' : '')), 'PMSEND_SENTBOX_URL' => $url_sentbox, 'PMSEND_SENTBOX_COUNT' => $totalsentbox, 'PMSEND_FORM_SEND' => cot_url('pm', 'm=send&a=send' . $idurl), 'PMSEND_FORM_TITLE' => cot_inputbox('text', 'newpmtitle', htmlspecialchars($newpmtitle), 'size="56" maxlength="255"'), 'PMSEND_FORM_TEXT' => cot_textarea('newpmtext', $newpmtext, 8, 56, '', 'input_textarea_editor') . $text_editor_code, 'PMSEND_FORM_TOUSER' => cot_textarea('newpmrecipient', $touser, 3, 56, 'class="userinput"'), 'PMSEND_FORM_NOT_TO_SENTBOX' => cot_checkbox(false, 'fromstate', cot::$L['pm_notmovetosentbox'], '', '3'))); /* === Hook === */ foreach (cot_getextplugins('pm.send.tags') as $pl) { include $pl; } /* ===== */ if (!$id) {
$id = cot_import('id', 'G', 'INT'); $c = cot_import('c', 'G', 'TXT'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', 'any', 'RWA'); /* === Hook === */ foreach (cot_getextplugins('market.edit.first') as $pl) { include $pl; } /* ===== */ cot_block($usr['auth_read']); if (!$id || $id < 0) { cot_die_message(404); } $sql = $db->query("SELECT * FROM {$db_market} WHERE item_id='{$id}' LIMIT 1"); cot_die($sql->rowCount() == 0); $item = $sql->fetch(); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', $item['item_cat']); cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']); $sys['parser'] = $item['item_parser']; $parser_list = cot_get_parsers(); if ($a == 'update') { /* === Hook === */ foreach (cot_getextplugins('market.edit.update.first') as $pl) { include $pl; } /* ===== */ cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']); $ritem = cot_market_import('POST', $item, $usr); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $rdelete = cot_import('rdelete', 'P', 'BOL'); } else { $rdelete = cot_import('delete', 'G', 'BOL');
/** * Generates ratings display for a given item * * @param string $ext_name Module or plugin code * @param string $code Item identifier * @param string $cat Item category code (optional) * @param bool $readonly Display as read-only * @return array Rendered HTML output for ratings and average integer value as an array with 2 elements * @global CotDB $db */ function cot_ratings_display($ext_name, $code, $cat = '', $readonly = false) { global $db, $db_ratings, $db_rated, $db_users, $cfg, $usr, $sys, $L, $R; // Check permissions list($auth_read, $auth_write, $auth_admin) = cot_auth('plug', 'ratings'); $enabled = cot_ratings_enabled($ext_name, $cat, $code); if (!$auth_read || !$enabled && !$auth_admin) { return array('', 0); } // Get current rating value $sql = $db->query("SELECT r.*, (SELECT COUNT(*) FROM {$db_rated} WHERE rated_area = ? AND rated_code = ?) AS `cnt` FROM {$db_ratings} AS r\n\t\tWHERE rating_area = ? AND rating_code = ? LIMIT 1", array($ext_name, $code, $ext_name, $code)); if ($row = $sql->fetch()) { $rating_average = $row['rating_average']; $item_has_rating = true; if ($rating_average < 1) { $rating_average = 1; } elseif ($rating_average > 10) { $rating_average = 10; } $rating_cntround = round($rating_average, 0); $rating_raters_count = $row['cnt']; } else { $item_has_rating = false; $rating_average = 0; $rating_cntround = 0; $rating_raters_count = 0; } // Render read-only image $rating_fancy = cot_rc('icon_rating_stars', array('val' => $rating_cntround)); if (!$auth_write || $readonly) { return array($rating_fancy, $rating_cntround, $rating_raters_count); } // Check if the user has voted already for this item $already_voted = false; if ($usr['id'] > 0) { $sql1 = $db->query("SELECT rated_value FROM {$db_rated}\n\t\t\tWHERE rated_area = ? AND rated_code = ? AND rated_userid = ?", array($ext_name, $code, $usr['id'])); if ($rated_value = $sql1->fetchColumn()) { $already_voted = true; $rating_uservote = $L['rat_alreadyvoted'] . ' (' . $rated_value . ')'; } } if ($already_voted && !$cfg['plugin']['ratings']['ratings_allowchange']) { return array($rating_fancy, $rating_cntround, $rating_raters_count); } $t = new XTemplate(cot_tplfile('ratings', 'plug')); /* == Hook for the plugins == */ foreach (cot_getextplugins('ratings.main') as $pl) { include $pl; } /* ===== */ // Get some extra information about votes if ($item_has_rating) { $sql = $db->query("SELECT COUNT(*) FROM {$db_rated}\n\t\t\tWHERE rated_area = ? AND rated_code = ?", array($ext_name, $code)); $rating_voters = $sql->fetchColumn(); $rating_since = $L['rat_since'] . ' ' . cot_date('datetime_medium', $row['rating_creationdate']); $rating_since_stamp = $row['rating_creationdate']; $rating_averageimg = cot_rc('icon_rating_stars', array('val' => $rating_cntround)); } else { $rating_voters = 0; $rating_since = ''; $rating_since_stamp = ''; $rating_averageimg = ''; } // Assign tags $t->assign(array('RATINGS_CODE' => $code, 'RATINGS_AVERAGE' => round($rating_average), 'RATINGS_AVERAGEIMG' => $rating_averageimg, 'RATINGS_VOTERS' => $rating_voters, 'RATINGS_SINCE' => $rating_since, 'RATINGS_SINCE_STAMP' => $rating_since_stamp, 'RATINGS_FANCYIMG' => $rating_fancy, 'RATINGS_USERVOTE' => $rating_uservote)); /* == Hook for the plugins == */ foreach (cot_getextplugins('ratings.tags') as $pl) { include $pl; } /* ===== */ // Render voting form $vote_block = $auth_write && (!$already_voted || $cfg['plugin']['ratings']['ratings_allowchange']) ? 'NOTVOTED.' : 'VOTED.'; for ($i = 1; $i <= 10; $i++) { $checked = $i <= $rating_cntround ? 'checked="checked"' : ''; $t->assign(array('RATINGS_ROW_VALUE' => $i, 'RATINGS_ROW_TITLE' => $L['rat_choice' . $i], 'RATINGS_ROW_CHECKED' => $checked)); $t->parse('RATINGS.' . $vote_block . 'RATINGS_ROW'); } if ($vote_block == 'NOTVOTED.') { // 'r=ratings&area=' . $ext_name . '&code=' . $code.'&inr=send' $t->assign('RATINGS_FORM_SEND', cot_url('plug', array('r' => 'ratings', 'inr' => 'send', 'area' => $ext_name, 'code' => $code, 'cat' => $cat))); $t->parse('RATINGS.NOTVOTED'); } else { $t->parse('RATINGS.VOTED'); } // Parse and return $t->parse('RATINGS'); $res = $t->text('RATINGS'); return array($res, round($rating_cntround), $rating_raters_count); }
/** * [BEGIN_COT_EXT] * Hooks=ajax * [END_COT_EXT] */ /** * Reviews plugin * * @package reviews * @version 2.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') && defined('COT_PLUG') or die('Wrong URL'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'reviews', 'RWA'); $touser = cot_import('touser', 'G', 'INT'); $itemid = cot_import('itemid', 'G', 'INT'); $area = cot_import('area', 'G', 'TXT'); $code = cot_import('code', 'P', 'TXT'); $redirect = cot_import('redirect', 'G', 'TXT'); $area = empty($area) ? 'users' : $area; if ($cfg['pligin']['reviews']['checkprojects'] && cot_module_active('projects') && $usr['id'] > 0 && $touser > 0 && $usr['id'] != $touser && $usr['auth_write']) { require_once cot_incfile('projects', 'module'); global $db_projects_offers, $db_projects; $bothprj = $db->query("SELECT COUNT(*) FROM {$db_projects_offers} AS o\n\t\tLEFT JOIN {$db_projects} AS p ON p.item_id=o.offer_pid\n\t\tWHERE (p.item_userid = '" . $touser . "' AND o.offer_userid='" . $usr['id'] . "' OR p.item_userid = '" . $usr['id'] . "' AND o.offer_userid='" . $touser . "') AND o.offer_choise='performer'")->fetchColumn(); $usr['auth_write'] = (int) $bothprj == 0 ? false : $usr['auth_write']; } cot_block($usr['auth_write']); if ($a == 'add') { cot_shield_protect();
<?php /** * Stage info of sbr. * * @package sbr * @version 1.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL'); require_once cot_incfile('forms'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'sbr'); /* === Hook === */ foreach (cot_getextplugins('sbr.stage.first') as $pl) { include $pl; } /* ===== */ if (!empty($num)) { $sql = $db->query("SELECT * FROM {$db_sbr_stages} WHERE stage_sid=" . $id . " AND stage_num=" . $num . " LIMIT 1"); $stage = $sql->fetch(); } $t->assign(array('STAGE_NUM' => $stage['stage_num'], 'STAGE_ID' => $stage['stage_id'], 'STAGE_TITLE' => $stage['stage_title'], 'STAGE_TEXT' => $stage['stage_text'], 'STAGE_COST' => $stage['stage_cost'], 'STAGE_DAYS' => $stage['stage_days'], 'STAGE_STATUS' => $stage['stage_status'], 'STAGE_BEGIN' => $stage['stage_begin'], 'STAGE_DONE' => $stage['stage_done'], 'STAGE_EXPIRE' => $stage['stage_expire'], 'STAGE_EXPIREDATE' => $stage['stage_begin'] + $stage['stage_days'] * 24 * 60 * 60, 'STAGE_EXPIREDAYS' => cot_build_timegap($sys['now'], $stage['stage_begin'] + $stage['stage_days'] * 24 * 60 * 60), 'STAGE_DONE_URL' => cot_url('sbr', 'id=' . $id . '&num=' . $stage['stage_num'] . '&action=done'), 'STAGE_CLAIM_URL' => cot_url('sbr', 'id=' . $id . '&num=' . $stage['stage_num'] . '&action=claim'), 'STAGE_DECISION_URL' => cot_url('sbr', 'id=' . $id . '&num=' . $stage['stage_num'] . '&action=decision'))); $stagefiles = $db->query("SELECT * FROM {$db_sbr_files} WHERE file_sid=" . $id . " AND file_area='stage' AND file_code='" . $stage['stage_num'] . "' ORDER BY file_id ASC")->fetchAll(); if (count($stagefiles) > 0) { foreach ($stagefiles as $file) { $t->assign(array('FILE_ROW_ID' => $file['file_id'], 'FILE_ROW_URL' => $file['file_url'], 'FILE_ROW_TITLE' => $file['file_title'], 'FILE_ROW_EXT' => $file['file_ext'], 'FILE_ROW_SIZE' => $file['file_size'])); $t->parse('MAIN.SBR.STAGE.FILES.FILE_ROW'); } $t->parse('MAIN.SBR.STAGE.FILES');
/** * [BEGIN_COT_EXT] * Hooks=projects.edit.update.done * [END_COT_EXT] */ /** * plugin tagslance for Cotonti Siena * * @package tagslance * @version 1.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD * */ defined('COT_CODE') or die('Wrong URL.'); if ($cfg['plugin']['tagslance']['projects'] && cot_auth('plug', 'tags', 'W')) { require_once cot_incfile('tags', 'plug'); // I18n if (cot_get_caller() == 'i18n.projects') { global $i18n_locale; $tags_extra = array('tag_locale' => $i18n_locale); } else { $tags_extra = null; } $rtags = cot_import('rtags', 'P', 'TXT'); $tags = cot_tag_parse($rtags); $old_tags = cot_tag_list($id, 'projects', $tags_extra); $kept_tags = array(); $new_tags = array(); // Find new tags, count old tags that have been left $cnt = 0;
/** * Select market cat for search from * * @global array $structure * @param type $check * @param type $name * @param type $subcat * @param type $hideprivate * @param type $is_module * @return type */ function cot_market_selectcat($check, $name, $subcat = '', $hideprivate = true) { global $structure; $structure['market'] = is_array($structure['market']) ? $structure['market'] : array(); $result_array = array(); foreach ($structure['market'] as $i => $x) { $display = $hideprivate ? cot_auth('market', $i, 'R') : true; if (!empty($subcat) && isset($structure['market'][$subcat])) { $mtch = $structure['market'][$subcat]['path'] . "."; $mtchlen = mb_strlen($mtch); $display = mb_substr($x['path'], 0, $mtchlen) == $mtch || $i === $subcat; } if ((!$is_module || cot_auth('market', $i, 'R')) && $i != 'all' && $display) { $result_array[$i] = $x['tpath']; } } $result = cot_selectbox($check, $name, array_keys($result_array), array_values($result_array), true); return $result; }
unset($cot_cfg); /* === Hook === */ foreach (cot_getextplugins('input') as $pl) { include $pl; } /* ======================== */ /* ======== Maintenance mode ======== */ if ($cfg['maintenance'] && !defined('COT_INSTALL')) { $sqll = $db->query("SELECT grp_maintenance FROM {$db_groups} WHERE grp_id='" . $usr['maingrp'] . "' "); $roow = $sqll->fetch(); if (!$roow['grp_maintenance'] && !defined('COT_AUTH')) { cot_redirect(cot_url('login')); } } /* ======== Anti-hammering =========*/ if ($cfg['shieldenabled'] && ($usr['id'] == 0 || !cot_auth('admin', 'a', 'A') || $cfg['shield_force'])) { $shield_limit = $_SESSION['online_shield']; $shield_action = $_SESSION['online_action']; $shield_hammer = cot_shield_hammer($_SESSION['online_hammer'], $shield_action, $_SESSION['online_lastseen']); $sys['online_hammer'] = $shield_hammer; $_SESSION['online_lastseen'] = (int) $sys['now']; } /* ======== Zone variables ======== */ $m = cot_import('m', 'G', 'ALP', 24); $n = cot_import('n', 'G', 'ALP', 24); $a = cot_import('a', 'G', 'ALP', 24); $b = cot_import('b', 'G', 'ALP', 24); /* ======== Language ======== */ require_once cot_langfile('main', 'core'); require_once cot_langfile('users', 'core'); if (defined('COT_ADMIN')) {
} if ($cfg['projects']['notif_admin_moderate']) { $nbody = cot_rc($L['project_notif_admin_moderate_mail_body'], array('user_name' => $usr['profile']['user_name'], 'prj_name' => $ritem['item_title'], 'sitename' => $cfg['maintitle'], 'link' => COT_ABSOLUTE_URL . $r_url)); cot_mail($cfg['adminemail'], $L['project_notif_admin_moderate_mail_subj'], $nbody); } break; } cot_redirect($r_url); exit; } else { cot_redirect(cot_url('projects', 'm=add&c=' . $c . '&type=' . $type, '', true)); } } if (empty($ritem['item_cat']) && !empty($c)) { $ritem['item_cat'] = $c; $usr['isadmin'] = cot_auth('projects', $ritem['item_cat'], 'A'); } if (empty($ritem['item_type']) && !empty($type)) { $ritem['item_type'] = $type; } $out['subtitle'] = $L['projects_add_project_title']; $out['head'] .= $R['code_noindex']; $sys['sublocation'] = $structure['projects'][$c]['title']; $mskin = cot_tplfile(array('projects', 'add', $structure['projects'][$ritem['item_cat']]['tpl'])); /* === Hook === */ foreach (cot_getextplugins('projects.add.main') as $pl) { include $pl; } /* ===== */ $t = new XTemplate($mskin); // Error and message handling
<?php /* ==================== [BEGIN_COT_EXT] * Hooks=standalone [END_COT_EXT] ==================== */ defined('COT_CODE') && defined('COT_PLUG') or die('Wrong URL'); require_once cot_incfile('paytop', 'plug'); $pt_cfg = cot_cfg_paytop(); if (empty($m)) { $area = cot_import('area', 'G', 'ALP'); if (empty($pt_cfg[$area]) || empty($pt_cfg[$area]['cost'])) { cot_block(); } list($auth_read, $auth_write, $auth_admin) = cot_auth('plug', 'paytop'); cot_block($auth_write); if ($a == 'buy') { if (!cot_error_found()) { $options['desc'] = $L['paytop_buytop_paydesc'] . ' (' . $pt_cfg[$area]['name'] . ')'; $options['time'] = !empty($pt_cfg[$area]['period']) ? $pt_cfg[$area]['period'] : 2592000; if ($db->fieldExists($db_payments, "pay_redirect")) { $options['redirect'] = $cfg['mainurl'] . '/' . cot_url('payments', 'm=balance', '', true); } cot_payments_create_order('paytop.' . $area, $pt_cfg[$area]['cost'], $options); } } $t = new XTemplate(cot_tplfile(array('paytop', $area), 'plug')); cot_display_messages($t); $t->assign(array('TOP_FORM_ACTION' => cot_url('plug', 'e=paytop&a=buy&area=' . $area), 'TOP_FORM_COST' => $pt_cfg[$area]['cost'], 'TOP_FORM_AREA_NAME' => $pt_cfg[$area]['name'])); } elseif ($m == 'my') {
$al = $db->prep(cot_import('al', 'G', 'TXT')); $c = cot_import('c', 'G', 'TXT'); /* === Hook === */ foreach (cot_getextplugins('folio.first') as $pl) { include $pl; } /* ===== */ if ($id > 0 || !empty($al)) { $where = !empty($al) ? "item_alias='" . $al . "'" : 'item_id=' . $id; $sql = $db->query("SELECT f.*, u.* FROM {$db_folio} AS f \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=f.item_userid WHERE {$where} LIMIT 1"); } if (!$id && empty($al) || !$sql || $sql->rowCount() == 0) { cot_die_message(404, TRUE); } $item = $sql->fetch(); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', $item['item_cat'], 'RWA'); cot_block($usr['auth_read']); if ($item['item_state'] != 0 && !$usr['isadmin'] && $usr['id'] != $item['item_userid']) { cot_log("Attempt to directly access an un-validated", 'sec'); cot_redirect(cot_url('message', "msg=930", '', true)); exit; } if ($usr['id'] != $item['item_userid'] && (!$usr['isadmin'] || $cfg['folio']['count_admin'])) { $item['item_count']++; $db->update($db_folio, array('item_count' => $item['item_count']), "item_id=" . (int) $item['item_id']); } $title_params = array('TITLE' => empty($item['item_metatitle']) ? $item['item_title'] : $item['item_metatitle'], 'CATEGORY' => $structure['folio'][$item['item_cat']]['title']); $out['subtitle'] = cot_title($cfg['folio']['title_folio'], $title_params); $out['desc'] = !empty($item['item_metadesc']) ? $item['item_metadesc'] : cot_cutstring(strip_tags(cot_parse($item['item_text'], $cfg['folio']['markup'], $item['item_parser'])), 160); $out['meta_keywords'] = !empty($item['item_keywords']) ? $item['item_keywords'] : $structure['folio'][$item['item_cat']]['keywords']; // Building the canonical URL
/* ==================== [BEGIN_COT_EXT] Hooks=header.main [END_COT_EXT] ==================== */ /** * Ads board module for Cotonti Siena * * @package Advboard * @author Kalnov Alexey <*****@*****.**> * @copyright (c) 2015 Portal30 Studio http://portal30.ru */ defined('COT_CODE') or die('Wrong URL'); if (!defined('COT_ADMIN') && cot::$cfg['advboard']['rssToHeader'] == 1 && cot_module_active('rss')) { require_once cot_incfile('advboard', 'module'); // Получить все категории if (!empty($structure['advboard'])) { foreach ($structure['advboard'] as $adv_rssCode => $adv_rssCat) { if ($adv_rssCat['count'] == 0 || !cot_auth('advboard', $adv_rssCode, 'R')) { continue; } $advCatTitle = htmlspecialchars($adv_rssCat['title']); $adv_rssUrl = cot_url('advboard', array('m' => 'rss', 'c' => $adv_rssCode)); if (!cot_url_check($adv_rssUrl)) { $adv_rssUrl = COT_ABSOLUTE_URL . $adv_rssUrl; } cot::$out['head_head'] .= "\n" . '<link rel="alternate" type="application/rss+xml" title="' . cot::$L['advboard_rss_feed'] . $advCatTitle . '" href="' . $adv_rssUrl . '" />'; } } }
<?php /** * market module * * @package market * @version 2.5.2 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', 'any', 'RWA'); cot_block($usr['auth_read']); $sort = cot_import('sort', 'G', 'ALP'); $c = cot_import('c', 'G', 'ALP'); $sq = cot_import('sq', 'G', 'TXT'); $sq = $db->prep($sq); $maxrowsperpage = $cfg['market']['cat_' . $c]['maxrowsperpage'] ? $cfg['market']['cat_' . $c]['maxrowsperpage'] : $cfg['market']['cat___default']['maxrowsperpage']; list($pn, $d, $d_url) = cot_import_pagenav('d', $maxrowsperpage); /* === Hook === */ foreach (cot_getextplugins('market.list.first') as $pl) { include $pl; } /* ===== */ if (!empty($c)) { $out['subtitle'] = !empty($cfg['market']['cat_' . $c]['metatitle']) ? $cfg['market']['cat_' . $c]['metatitle'] : $cfg['market']['cat___default']['metatitle']; $out['subtitle'] = !empty($out['subtitle']) ? $out['subtitle'] : $L['market']; $out['desc'] = !empty($cfg['market']['cat_' . $c]['metadesc']) ? $cfg['market']['cat_' . $c]['metadesc'] : $cfg['market']['cat___default']['metadesc']; $out['keywords'] = !empty($cfg['market']['cat_' . $c]['keywords']) ? $cfg['market']['cat_' . $c]['keywords'] : $cfg['market']['cat___default']['keywords']; } else { $out['subtitle'] = !empty($cfg['market']['cat___default']['metatitle']) ? $cfg['market']['cat___default']['metatitle'] : $L['market'];
/** * Imports page data from request parameters. * @param string $source Source request method for parameters * @param array $rpage Existing page data from database * @param array $auth Permissions array * @return array Page data */ function cot_page_import($source = 'POST', $rpage = array(), $auth = array()) { global $cfg, $db_pages, $cot_extrafields, $usr, $sys; if (count($auth) == 0) { $auth = cot_page_auth($rpage['page_cat']); } if ($source == 'D' || $source == 'DIRECT') { // A trick so we don't have to affect every line below global $_PATCH; $_PATCH = $rpage; $source = 'PATCH'; } $rpage['page_cat'] = cot_import('rpagecat', $source, 'TXT'); $rpage['page_keywords'] = cot_import('rpagekeywords', $source, 'TXT'); $rpage['page_alias'] = cot_import('rpagealias', $source, 'TXT'); $rpage['page_title'] = cot_import('rpagetitle', $source, 'TXT'); $rpage['page_desc'] = cot_import('rpagedesc', $source, 'TXT'); $rpage['page_text'] = cot_import('rpagetext', $source, 'HTM'); $rpage['page_parser'] = cot_import('rpageparser', $source, 'ALP'); $rpage['page_author'] = cot_import('rpageauthor', $source, 'TXT'); $rpage['page_file'] = intval(cot_import('rpagefile', $source, 'INT')); $rpage['page_url'] = cot_import('rpageurl', $source, 'TXT'); $rpage['page_size'] = (int) cot_import('rpagesize', $source, 'INT'); $rpage['page_file'] = $rpage['page_file'] == 0 && !empty($rpage['page_url']) ? 1 : $rpage['page_file']; $rpagedatenow = cot_import('rpagedatenow', $source, 'BOL'); $rpage['page_date'] = cot_import_date('rpagedate', true, false, $source); $rpage['page_date'] = $rpagedatenow || is_null($rpage['page_date']) ? $sys['now'] : (int) $rpage['page_date']; $rpage['page_begin'] = (int) cot_import_date('rpagebegin'); $rpage['page_expire'] = (int) cot_import_date('rpageexpire'); $rpage['page_expire'] = $rpage['page_expire'] <= $rpage['page_begin'] ? 0 : $rpage['page_expire']; $rpage['page_updated'] = $sys['now']; $rpage['page_keywords'] = cot_import('rpagekeywords', $source, 'TXT'); $rpage['page_metatitle'] = cot_import('rpagemetatitle', $source, 'TXT'); $rpage['page_metadesc'] = cot_import('rpagemetadesc', $source, 'TXT'); $rpublish = cot_import('rpublish', $source, 'ALP'); // For backwards compatibility $rpage['page_state'] = $rpublish == 'OK' ? 0 : cot_import('rpagestate', $source, 'INT'); if ($auth['isadmin'] && isset($rpage['page_ownerid'])) { $rpage['page_count'] = cot_import('rpagecount', $source, 'INT'); $rpage['page_ownerid'] = cot_import('rpageownerid', $source, 'INT'); $rpage['page_filecount'] = cot_import('rpagefilecount', $source, 'INT'); } else { $rpage['page_ownerid'] = $usr['id']; } $parser_list = cot_get_parsers(); if (empty($rpage['page_parser']) || !in_array($rpage['page_parser'], $parser_list) || $rpage['page_parser'] != 'none' && !cot_auth('plug', $rpage['page_parser'], 'W')) { $rpage['page_parser'] = isset($sys['parser']) ? $sys['parser'] : $cfg['page']['parser']; } // Extra fields foreach ($cot_extrafields[$db_pages] as $exfld) { $rpage['page_' . $exfld['field_name']] = cot_import_extrafields('rpage' . $exfld['field_name'], $exfld, $source, $rpage['page_' . $exfld['field_name']]); } return $rpage; }
<?php /* ==================== [BEGIN_COT_EXT] Hooks=tools [END_COT_EXT] ==================== */ /** * Trashcan interface * * @package TrashCan * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'trashcan'); cot_block($usr['isadmin']); require_once cot_incfile('users', 'module'); cot_module_active('page') && (require_once cot_incfile('page', 'module')); cot_module_active('forums') && (require_once cot_incfile('forums', 'module')); $cfg['comments'] && (require_once cot_incfile('comments', 'plug')); require_once cot_incfile('trashcan', 'plug'); require_once cot_langfile('trashcan', 'plug'); $adminhelp = $L['adm_help_trashcan']; $adminsubtitle = $L['Trashcan']; $id = cot_import('id', 'G', 'INT'); $maxperpage = $cfg['maxrowsperpage'] && is_numeric($cfg['maxrowsperpage']) && $cfg['maxrowsperpage'] > 0 ? $cfg['maxrowsperpage'] : 15; list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage); $info = $a == 'info' ? 1 : 0; /* === Hook === */ foreach (cot_getextplugins('trashcan.admin.first') as $pl) {
<?php /** * marketorders plugin * * @package marketorders * @version 1.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL'); $id = cot_import('id', 'G', 'INT'); $key = cot_import('key', 'G', 'TXT'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'marketorders'); cot_block($usr['auth_read']); if ($id > 0) { $sql = $db->query("SELECT * FROM {$db_market_orders} AS o\n\t\tLEFT JOIN {$db_market} AS m ON m.item_id=o.order_pid\n\t\tWHERE order_status!='new' AND order_id=" . $id . " LIMIT 1"); } if (!$id || !$sql || $sql->rowCount() == 0) { cot_die_message(404, TRUE); } $marketorder = $sql->fetch(); cot_block($usr['isadmin'] || $usr['id'] == $marketorder['order_userid'] || $usr['id'] == $marketorder['order_seller'] || !empty($key) && $usr['id'] == 0); if ($usr['id'] == 0) { $hash = sha1($marketorder['order_email'] . '&' . $marketorder['order_id']); cot_block($key == $hash); } /* === Hook === */ $extp = cot_getextplugins('marketorders.order.first'); foreach ($extp as $pl) {
<?php /** * Administration panel - PHP Infos * * @package Cotonti * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('admin', 'a'); cot_block($usr['auth_read']); $t = new XTemplate(cot_tplfile('admin.infos', 'core')); $adminpath[] = array(cot_url('admin', 'm=other'), $L['Other']); $adminpath[] = array(cot_url('admin', 'm=infos'), $L['adm_infos']); $adminhelp = $L['adm_help_versions']; $adminsubtitle = $L['adm_infos']; /* === Hook === */ foreach (cot_getextplugins('admin.infos.first') as $pl) { include $pl; } /* ===== */ @error_reporting(0); $t->assign(array('ADMIN_INFOS_PHPVER' => function_exists('phpversion') ? phpversion() : $L['adm_help_config'], 'ADMIN_INFOS_ZENDVER' => function_exists('zend_version') ? zend_version() : $L['adm_help_config'], 'ADMIN_INFOS_INTERFACE' => function_exists('php_sapi_name') ? php_sapi_name() : $L['adm_help_config'], 'ADMIN_INFOS_CACHEDRIVERS' => is_array($cot_cache_drivers) ? implode(', ', $cot_cache_drivers) : '', 'ADMIN_INFOS_OS' => function_exists('php_uname') ? php_uname() : $L['adm_help_config'], 'ADMIN_INFOS_DATE' => cot_date('datetime_medium', $sys['now'], false), 'ADMIN_INFOS_GMDATE' => gmdate('Y-m-d H:i'), 'ADMIN_INFOS_GMTTIME' => $usr['gmttime'], 'ADMIN_INFOS_USRTIME' => $usr['localtime'], 'ADMIN_INFOS_TIMETEXT' => $usr['timetext'])); /* === Hook === */ foreach (cot_getextplugins('admin.infos.tags') as $pl) { include $pl; } /* ===== */ $t->parse('MAIN'); $adminmain = $t->text('MAIN');
<?php /* ==================== [BEGIN_COT_EXT] Hooks=tools [END_COT_EXT] ==================== */ /** * Administration panel - Referers manager * * @package Referers * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'referers'); cot_block($usr['auth_read']); $tt = new XTemplate(cot_tplfile('referers.admin', 'plug', true)); cot::$db->registerTable('referers'); require_once cot_langfile('referers', 'plug'); $adminhelp = $L['adm_help_referers']; $adminsubtitle = $L['Referers']; $maxperpage = $cfg['maxrowsperpage'] && is_numeric($cfg['maxrowsperpage']) && $cfg['maxrowsperpage'] > 0 ? $cfg['maxrowsperpage'] : 15; list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage); /* === Hook === */ foreach (cot_getextplugins('referers.admin.first') as $pl) { include $pl; } /* ===== */ if ($a == 'prune' && $usr['isadmin']) { $db->query("TRUNCATE {$db_referers}") ? cot_message('adm_ref_prune') : cot_message('Error');