if (defined('COT_ADMIN')) {
require_once cot_langfile('admin', 'core');
}
/* ======== Theme / color scheme ======== */
// Resource control object
require_once $cfg['system_dir'] . '/resources.php';
if (empty($cfg['themes_dir'])) {
$cfg['themes_dir'] = 'themes';
}
$mtheme = "{$cfg['themes_dir']}/{$usr['theme']}/header.tpl";
if (!file_exists($mtheme)) {
$out['notices_array'][] = $L['com_themefail'];
$usr['theme'] = $cfg['defaulttheme'];
$mtheme = "{$cfg['themes_dir']}/{$usr['theme']}/header.tpl";
if (!file_exists($mtheme)) {
cot_diefatal($L['com_defthemefail']);
}
}
$usr['def_theme_lang'] = defined('COT_ADMIN') && !empty($cfg['admintheme']) ? "{$cfg['themes_dir']}/admin/{$cfg['admintheme']}/{$cfg['admintheme']}.en.lang.php" : "{$cfg['themes_dir']}/{$usr['theme']}/{$usr['theme']}.en.lang.php";
$usr['theme_lang'] = defined('COT_ADMIN') && !empty($cfg['admintheme']) ? "{$cfg['themes_dir']}/admin/{$cfg['admintheme']}/{$cfg['admintheme']}.{$usr['lang']}.lang.php" : "{$cfg['themes_dir']}/{$usr['theme']}/{$usr['theme']}.{$usr['lang']}.lang.php";
if ($usr['theme_lang'] != $usr['def_theme_lang'] && @file_exists($usr['theme_lang'])) {
require_once $usr['theme_lang'];
} elseif (@file_exists($usr['def_theme_lang'])) {
require_once $usr['def_theme_lang'];
}
$theme = $usr['theme'];
$scheme = $usr['scheme'];
// Resource strings
require_once $cfg['system_dir'] . '/resources.rc.php';
if (defined('COT_ADMIN')) {
require_once cot_incfile('admin', 'module', 'resources');
/**
* Imports data from the outer world
*
* @param string $name Variable name
* @param string $source Source type: G/GET, P/POST, C/COOKIE, R/REQUEST, PUT, DELETE or D/DIRECT (variable filtering)
* @param string $filter Filter type
* @param int $maxlen Length limit
* @param bool $dieonerror Die with fatal error on wrong input
* @param bool $buffer Try to load from input buffer (previously submitted) if current value is empty
* @return mixed
*/
function cot_import($name, $source, $filter, $maxlen = 0, $dieonerror = false, $buffer = false)
{
global $cot_import_filters, $_PUT, $_PATCH, $_DELETE;
if (isset($_SERVER['REQUEST_METHOD'])) {
if ($_SERVER['REQUEST_METHOD'] == 'PUT' && is_null($_PUT)) {
parse_str(file_get_contents('php://input'), $_PUT);
} elseif ($_SERVER['REQUEST_METHOD'] == 'PATCH' && is_null($_PATCH)) {
parse_str(file_get_contents('php://input'), $_PATCH);
} elseif ($_SERVER['REQUEST_METHOD'] == 'DELETE' && is_null($_DELETE)) {
parse_str(file_get_contents('php://input'), $_DELETE);
}
}
$v = NULL;
switch ($source) {
case 'G':
case 'GET':
$v = isset($_GET[$name]) ? $_GET[$name] : NULL;
$log = TRUE;
break;
case 'P':
case 'POST':
$v = isset($_POST[$name]) ? $_POST[$name] : NULL;
$log = TRUE;
break;
case 'PUT':
$v = isset($_PUT[$name]) ? $_PUT[$name] : NULL;
$log = TRUE;
break;
case 'PATCH':
$v = isset($_PATCH[$name]) ? $_PATCH[$name] : NULL;
$log = TRUE;
break;
case 'DELETE':
$v = isset($_DELETE[$name]) ? $_DELETE[$name] : NULL;
$log = TRUE;
break;
case 'R':
case 'REQUEST':
$v = isset($_REQUEST[$name]) ? $_REQUEST[$name] : NULL;
$log = TRUE;
break;
case 'C':
case 'COOKIE':
$v = isset($_COOKIE[$name]) ? $_COOKIE[$name] : NULL;
$log = TRUE;
break;
case 'D':
case 'DIRECT':
$v = $name;
$log = FALSE;
break;
default:
cot_diefatal('Unknown source for a variable : <br />Name = ' . $name . '<br />Source = ' . $source . ' ? (must be G, P, C or D)');
break;
}
if (is_array($v)) {
if ($filter == 'NOC') {
$filter = 'ARR';
}
if ($filter != 'ARR') {
return null;
}
} else {
if ($filter == 'ARR') {
return array();
}
}
if (MQGPC && ($source == 'G' || $source == 'P' || $source == 'C') && $v != NULL && $filter != 'ARR') {
$v = stripslashes($v);
}
if (($v === '' || $v === NULL || $filter == 'ARR') && $buffer) {
$v = cot_import_buffered($name, $v, null);
return $v;
}
if ($v === null) {
return null;
}
if ($maxlen > 0) {
$v = mb_substr($v, 0, $maxlen);
}
$pass = FALSE;
$defret = NULL;
// Custom filter support
if (is_array($cot_import_filters[$filter])) {
foreach ($cot_import_filters[$filter] as $func) {
$v = $func($v, $name);
}
return $v;
}
switch ($filter) {
case 'INT':
if (is_numeric($v) && floor($v) == $v) {
$pass = TRUE;
$v = (int) $v;
}
break;
case 'NUM':
if (is_numeric($v)) {
$pass = TRUE;
$v = (double) $v;
}
break;
case 'TXT':
$v = trim($v);
if (mb_strpos($v, '<') === FALSE) {
$pass = TRUE;
} else {
$defret = str_replace('<', '<', $v);
}
break;
case 'ALP':
$v = trim($v);
$f = cot_alphaonly($v);
if ($v == $f) {
$pass = TRUE;
} else {
$defret = $f;
}
break;
case 'PSW':
$v = trim($v);
$f = preg_replace('#[\'"&<>]#', '', $v);
$f = mb_substr($f, 0, 32);
if ($v == $f) {
$pass = TRUE;
} else {
$defret = $f;
}
break;
case 'HTM':
$v = trim($v);
$pass = TRUE;
break;
case 'ARR':
$pass = TRUE;
break;
case 'BOL':
if ($v == '1' || $v == 'on') {
$pass = TRUE;
$v = TRUE;
} elseif ($v == '0' || $v == 'off') {
$pass = TRUE;
$v = FALSE;
} else {
$defret = FALSE;
}
break;
case 'NOC':
$pass = TRUE;
break;
default:
cot_diefatal('Unknown filter for a variable : <br />Var = ' . $v . '<br />Filter = "' . $filter . '" ?');
break;
}
if (!$pass || !in_array($filter, array('INT', 'NUM', 'BOL', 'ARR'))) {
$v = preg_replace('/(&#\\d+)(?![\\d;])/', '$1;', $v);
}
if ($pass) {
return $v;
} else {
if ($log) {
cot_log_import($source, $filter, $name, $v);
}
if ($dieonerror) {
cot_diefatal('Wrong input.');
} else {
return $defret;
}
}
}
}
if ($lct_pg == 'com') {
$alname = $db->query("SELECT k.page_alias,k.page_cat FROM {$db_pages} k LEFT JOIN {$db_com} c ON (c.com_id = {$fp} AND c.com_area = 'page') WHERE k.page_id = c.com_code LIMIT 1")->fetch();
$alname = $alname['page_alias'] . ":" . $alname['page_cat'] . ":" . urldecode($mod);
}
// SQL-injection protection
$reason = $db->prep($reason);
$ts = time();
$sql = $db->query("INSERT cot_karma VALUES ('', '{$recipient}', '{$usr['id']}', '{$value}', '{$reason}', '{$fp}','{$lct_pg}','{$ts}','{$alname}')");
//Update user_karma
$sql_injection = $db->query("UPDATE {$db_users} SET user_karma=user_karma + " . $value . " WHERE user_id={$recipient}");
$popup_body .= karma_error('karma_ms_ok', $L['karma_changed_ok'], $cfg['plugin']['karma']['close_win']);
break;
case 'moderate':
if (!cot_auth('plug', 'karma', 'A')) {
cot_diefatal($L['low_level']);
}
$karma_userid = $db->query("SELECT u.user_id,k.karma_value FROM cot_karma k LEFT JOIN {$db_users} u ON (u.user_id = k.karma_recipient) WHERE k.karma_id = {$fp} LIMIT 1 ")->fetch();
$db->query("DELETE FROM cot_karma WHERE karma_id = {$fp} LIMIT 1");
$db->query("UPDATE {$db_users} SET user_karma = user_karma -{$karma_userid['karma_value']} WHERE user_id = {$karma_userid['user_id']}");
$ku = cot_import('ku', 'G', 'INT');
$popup_body .= karma_error('karma_ms_ok', $L['karma_del_ok'], true);
break;
case 'show':
default:
list($pg, $kn) = cot_import_pagenav('kn', $cfg['plugin']['karma']['karma_maxpage']);
$tmp = $db->query("SELECT COUNT(*),SUM(karma_value) AS karma FROM cot_karma WHERE karma_recipient = {$fp}")->fetch();
$total_p = $tmp['COUNT(*)'];
if (cot_plugin_active('comments')) {
$sql = $db->query("SELECT u.*, k.*,c.com_code,c.com_id FROM cot_karma k LEFT JOIN {$db_users} u ON (u.user_id=k.karma_rater) LEFT JOIN {$db_com} c ON (c.com_id=k.karma_fp) WHERE k.karma_recipient = {$fp} ORDER BY k.karma_id DESC LIMIT {$kn}, " . $cfg['plugin']['karma']['karma_maxpage'] . "");
} else {
/**
* @package Install
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') or die('Wrong URL');
define('COT_UPDATE', true);
cot_sendheaders();
if (!file_exists("./setup/{$branch}")) {
cot_diefatal($L['install_dir_not_found']);
}
// include $file['config'];
$mskin = cot_tplfile('install.update');
if (!file_exists($mskin)) {
cot_diefatal($L['install_update_template_not_found']);
}
$t = new XTemplate($mskin);
// Check for new config options
if (is_writable($file['config']) && file_exists($file['config_sample'])) {
list($old_cfg, $old_db) = cot_get_config($file['config']);
list($new_cfg, $new_db) = cot_get_config($file['config_sample']);
if (count(array_diff($new_cfg, $old_cfg)) > 0 || count(array_diff($new_db, $old_db)) > 0) {
// Add new config options
$delta = '';
if (count(array_diff($new_cfg, $old_cfg)) > 0) {
foreach ($new_cfg as $key => $val) {
if (!isset($old_cfg[$key])) {
if ($key == 'new_install') {
$val = false;
} elseif ($key == 'site_id' || $key == 'secret_key') {
/**
* Performs SQL UPDATE with simple data array. Array keys must match table keys, optionally you can specify
* key prefix as fourth parameter. Strings get quoted and escaped automatically.
* Ints and floats must be typecasted.
* You can use special values in the array:
* - PHP NULL => SQL NULL
* - 'NOW()' => SQL NOW()
*
* @param string $table_name Table name
* @param array $data Associative array containing data for update
* @param string $condition Body of SQL WHERE clause
* @param array $parameters Array of statement input parameters, see http://www.php.net/manual/en/pdostatement.execute.php
* @param bool $update_null Nullify cells which have null values in the array. By default they are skipped
* @return int The number of affected records or FALSE on error
*/
public function update($table_name, $data, $condition = '', $parameters = array(), $update_null = false)
{
if (!is_array($data)) {
return 0;
}
$upd = '';
if (!is_array($parameters)) {
$parameters = array($parameters);
}
if ($this->_prepare_itself && !empty($condition) && count($parameters) > 0) {
$condition = $this->_prepare($condition, $parameters);
$parameters = array();
}
$condition = empty($condition) ? '' : 'WHERE ' . $condition;
foreach ($data as $key => $val) {
if (is_null($val) && !$update_null) {
continue;
}
$upd .= "`{$key}`=";
if (is_null($val)) {
$upd .= 'NULL,';
} elseif ($val === 'NOW()') {
$upd .= 'NOW(),';
} elseif (is_int($val) || is_float($val)) {
$upd .= $val . ',';
} else {
$upd .= $this->quote($val) . ',';
}
}
if (!empty($upd)) {
$upd = mb_substr($upd, 0, -1);
$query = "UPDATE `{$table_name}` SET {$upd} {$condition}";
$this->_startTimer();
try {
if (count($parameters) > 0) {
$stmt = $this->prepare($query);
$this->_bindParams($stmt, $parameters);
$stmt->execute();
$res = $stmt->rowCount();
} else {
$res = $this->exec($query);
}
} catch (PDOException $err) {
if ($this->_parseError($err, $err_code, $err_message)) {
cot_diefatal('SQL error ' . $err_code . ': ' . $err_message);
}
}
$this->_stopTimer($query);
return $res;
}
return 0;
}
