/** * Invokes the whole application. */ public function invoke() { $this->_pageKey = getGetValue('page', 'accounts'); $this->_subKey = getGetValue('sub'); $sessionLang = jpWotSession::get('active_language'); if (empty($sessionLang)) { jpWotSession::set('active_language', strtolower(trim(jpWotConfig::$lang))); } $changeLang = getPostValue('lang'); if (isset($changeLang['current'], $changeLang['new']) && $changeLang['current'] != $changeLang['new']) { jpWotSession::set('active_language', $changeLang['new']); $langKey = $changeLang['new']; } else { $langKey = jpWotSession::get('active_language'); } $langKey = $this->getIniLanguageKey($langKey); $language = jpWotLanguage::getInstance(); $language->load('main', BPATH, $langKey); $language->load('filter', BPATH, $langKey); $language->load($this->_pageKey, BPATH, $langKey); $controller = $this->getControllerInstance(); $page = getPostValue('request'); if (!empty($page)) { $controller->setRequestData($page); } $controller->index(); }
<?php // Include common functions and declarations require_once "../../include/common.php"; // Create page object $pageObject = new Page(getGetValue("pageId")); // Determine if user has permission to edit page if (!$pageObject->hasEditPermission()) { $login->printLoginForm(); exit; } // Delete page if (!empty($_POST["deletePage"])) { // Delete page $pageObject->deletePage($pageObject->id); // Redirect to page index redirect(scriptUrl . "/" . folderPage . "/" . filePageIndex); } else { if (!empty($_GET["save"])) { $errors = $pageObject->savePage(); // Redirect to page index if referer is empty if (!$errors->hasErrors()) { $referer = getPostValue("referer"); redirect(!empty($referer) ? $referer : $pageObject->getPageLink()); } } } // Add navigation links $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderPage, $lPageIndex["Header"]); if (!empty($pageObject->id)) {
$MAX_HEIGHT = $MAX_WIDTH = 600; $DEFAULTS = array('color1' => 'ccc', 'color2' => 'eee', 'colors' => 32, 'direction' => 90, 'height' => 50, 'percent' => 15, 'width' => 50); if (empty($PHP_SELF) && !empty($_SERVER) && !empty($_SERVER['PHP_SELF'])) { $PHP_SELF = $_SERVER['PHP_SELF']; } // are we calling this file directly with GET parameters if (!empty($_GET) && !empty($PHP_SELF) && preg_match("/\\/includes\\/gradient.php/", $PHP_SELF)) { if (function_exists('getGetValue')) { $base = getGetValue('base'); $color1 = getGetValue('color1'); $color2 = getGetValue('color2'); $direction = getGetValue('direction'); $height = getGetValue('height'); $numcolors = getGetValue('colors'); $percent = getGetValue('percent'); $width = getGetValue('width'); } else { $base = !empty($_GET['base']) ? $_GET['base'] : ''; $color1 = !empty($_GET['color1']) ? $_GET['color1'] : ''; $color2 = !empty($_GET['color2']) ? $_GET['color2'] : ''; $direction = !empty($_GET['direction']) ? $_GET['direction'] : ''; $height = !empty($_GET['height']) ? $_GET['height'] : ''; $numcolors = !empty($_GET['colors']) ? $_GET['colors'] : ''; $percent = !empty($_GET['percent']) ? $_GET['percent'] : ''; $width = !empty($_GET['width']) ? $_GET['width'] : ''; } create_image('', $base, $height, $percent, $width, $direction, $numcolors, $color1, $color2); } /* Turn an HTML color (like 'AABBCC') into an array of decimal RGB values. * * Parameters:
if (!empty($last_login)) { $login = ''; } if (empty($webcalendar_login)) { $webcalendar_login = ''; } if ($REMEMBER_LAST_LOGIN == 'Y' && empty($login)) { $last_login = $login = $webcalendar_login; } load_user_preferences('guest'); $WebCalendar->setLanguage(); $cookie_path = str_replace('login.php', '', $PHP_SELF); //echo "Cookie path: $cookie_path\n"; // Look for action=logout $logout = false; $action = getGetValue('action'); if (!empty($action) && $action == 'logout') { $logout = true; $return_path = ''; SetCookie('webcalendar_login', '', 0, $cookie_path); SetCookie('webcalendar_last_view', '', 0, $cookie_path); } else { if (empty($return_path)) { // see if a return path was set $return_path = get_last_view(false); } } if (!empty($return_path)) { $return_path = clean_whitespace($return_path); $url = $return_path; } else {
<?php /* $Id: usersel.php,v 1.34.2.3 2008/10/15 03:05:11 cknudsen Exp $ */ include_once 'includes/init.php'; // input args in URL // users: list of comma-separated users // form: name of form on parent page // listid: element id of user selection object in form // ... to be used like form.elements[$listid] $users = getGetValue('users'); $form = getGetValue('form'); $listid = getGetValue('listid'); $progErrStr = translate('Program Error No XXX specified!'); if (empty($form)) { echo str_replace('XXX', translate('form'), $progErrStr); exit; } if (empty($listid)) { echo str_replace('XXX', translate('listid'), $progErrStr); exit; } // Parse $users. $exp = split(',', $users); $groups = $selected = $sql_params = array(); for ($i = 0, $cnt = count($exp); $i < $cnt; $i++) { $selected[$exp[$i]] = 1; } $owner = $is_nonuser_admin || $is_assistant ? $user : $login; // Load list of groups. $sql = 'SELECT wg.cal_group_id, wg.cal_name FROM webcal_group wg'; if ($USER_SEES_ONLY_HIS_GROUPS == 'Y') {
// translate ( 'Program Error' ) translate ( 'No XXX specified!' ) $noXStr = translate('Program Error No XXX specified!'); if (empty($users)) { echo str_replace('XXX', translate('user'), $noXStr); exit; } elseif (empty($year)) { echo str_replace('XXX', translate('year'), $noXStr); exit; } elseif (empty($month)) { echo str_replace('XXX', translate('month'), $noXStr); exit; } elseif (empty($day)) { echo str_replace('XXX', translate('day'), $noXStr); exit; } print_header(array('js/availability.php/false/' . "{$month}/{$day}/{$year}/" . getGetValue('form')), '', 'onload="focus();"', true, false, true); $next_url = $prev_url = '?users=' . $users; $time = mktime(0, 0, 0, $month, $day, $year); $date = date('Ymd', $time); $next_url .= strftime('&year=%Y&month=%m&day=%d', $time + 86400); $prev_url .= strftime('&year=%Y&month=%m&day=%d', $time - 86400); $span = ($WORK_DAY_END_HOUR - $WORK_DAY_START_HOUR) * 3 + 1; $users = explode(',', $users); $nextStr = translate('Next'); $prevStr = translate('Previous'); echo ' <div style="width:99%;"> <a title="' . $prevStr . '" class="prev" href="' . $prev_url . '"><img src="images/leftarrow.gif" class="prev" alt="' . $prevStr . '" /></a> <a title="' . $nextStr . '" class="next" href="' . $next_url . '"><img src="images/rightarrow.gif" class="next" alt="' . $nextStr . '" /></a> <div class="title"> <span class="date">';
<?php // Include common functions and declarations require_once "include/common.php"; // Get values $id = getGetValue("pageId"); // If id is empty attempt to fetch sectionId (for backwards compatibility) if (empty($id)) { $id = getGetValue("sectionId"); } // Get parameters for readable URLs $parameters = getURLParameters(filePage); // Create Page object $page = new Page(); if (!empty($id)) { $page->init($id); } else { if (sizeof($parameters) > 0) { if (!empty($parameters[0])) { $page->init(!empty($parameters[1]) ? $parameters[1] : 0, $parameters[0]); if (empty($page->id) && !empty($parameters[1])) { $page->init($parameters[1]); } } } } // If page not set create default page if (empty($page->id)) { if (constant("pageDefaultPage") != 0) { $page->init(pageDefaultPage); } else {
<?php /* $Id: datesel.php,v 1.31 2005/03/11 13:59:51 cknudsen Exp $ */ include_once $gfplugins . 'webcalendar/www/includes/init.php'; // month and year are being overwritten so we will copy vars to fix. // this will make datesel.php still work where ever it is called from. // The values $fday, $fmonth and $fyear hold the form variable names // to update when the user selects a date. (This is needed in // the js/datesel.php file that gets included below.) $fday = getGetValue("fday"); $fmonth = getGetValue("fmonth"); $fyear = getGetValue("fyear"); $INC = array('js/datesel.php'); print_header($INC, '', '', true); if (strlen($date) > 0) { $thisyear = substr($date, 0, 4); $thismonth = substr($date, 4, 2); } else { $thismonth = date("m"); $thisyear = date("Y"); } $next = mktime(3, 0, 0, $thismonth + 1, 1, $thisyear); $nextyear = date("Y", $next); $nextmonth = date("m", $next); $nextdate = date("Ym", $next) . "01"; $prev = mktime(3, 0, 0, $thismonth - 1, 1, $thisyear); $prevyear = date("Y", $prev); $prevmonth = date("m", $prev); $prevdate = date("Ym", $prev) . "01"; ?>
$mimetype = $doc->getMimeType(); $owner = $doc->getLogin(); $size = $doc->getSize(); $type = $doc->getType(); } dbi_free_result($res); } // Make sure this user is allowed to look at this file. // If the blob is associated with an event, then the user must be able // to view the event in order to access this file. // TODO: move all this code (and code in view_entry.php) to a common // function named can_view_event or something similar. $can_view = false; $is_my_event = false; $is_private = $is_confidential = false; $log = getGetValue('log'); $show_log = !empty($log); if (empty($id)) { $can_view = true; } // not associated with an event if (!empty($id) && empty($error)) { if ($is_admin || $is_nonuser_admin || $is_assistant) { $can_view = true; } if (empty($id) || $id <= 0 || !is_numeric($id)) { $error = str_replace('XXX', $id, $invalidIDStr); } if (empty($error)) { // is this user a participant or the creator of the event? $res = dbi_execute('SELECT we.cal_id FROM webcal_entry we,
} // Delete groups $deleteGroups = getValue("deleteGroups"); if (!empty($deleteGroups)) { $groups = getValue("groups"); for ($i = 0; $i < sizeof($groups); $i++) { $group = new Group($groups[$i]); $group->deleteGroup(); } // Redirect to group index redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderGroups . "/" . fileGroupIndex); } // Set number of groups to display per page $groupLimit = 30; // Get page number $page = getGetValue("page"); if (!empty($page)) { $page = $page - 1; } // Get search parameters $search_string = getValue("searchString"); // Add navigation links $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderGroups . "/" . fileGroupIndex, $lGroupIndex["Header"]); // Print common header $site->printHeader(); // Print page description echo "<p>" . $lGroupIndex["HeaderText"] . "</p>"; // Fetch groups $result = $dbi->query("SELECT id FROM `" . groupTableName . "`" . (!empty($search_string) ? " WHERE name LIKE " . $dbi->quote($search_string . "%") . " OR description LIKE " . $dbi->quote($search_string . "%") : "") . " ORDER BY name LIMIT " . $page * $groupLimit . "," . $groupLimit); if ($result->rows() || !empty($search_string)) {
<?php // Include common functions and declarations require_once "../../include/common.php"; // Get content type and content identifier $moduleContentTypeId = getGetValue("moduleContentTypeId"); $moduleContentId = getGetValue("moduleContentId"); $revisionNumber = getValue("revisionNumber"); $textfieldIndex = getGetValue("textfieldIndex"); if (!empty($moduleContentTypeId) && !empty($moduleContentId)) { if (!$login->hasEditPermission($moduleContentTypeId, $moduleContentId)) { $login->printLoginForm(); exit; } // Get info on module type $moduleId = 0; $title = ""; $result = $dbi->query("SELECT moduleId, title FROM " . moduleContentTypeTableName . " WHERE id=" . $dbi->quote($moduleContentTypeId)); if ($result->rows()) { list($moduleId, $title) = $result->fetchrow_array(); } // Get module content type object $moduleContentTypeObject = $module->getModuleContentTypeObject($moduleContentTypeId); // Revert to previous revision if (!empty($_POST["revert"])) { if (method_exists($moduleContentTypeObject, "restoreRevision")) { $moduleContentTypeObject->restoreRevision($moduleContentId, $revisionNumber); } else { if (method_exists($moduleContentTypeObject, "setText")) { $text = method_exists($moduleContentTypeObject, "getText") ? $moduleContentTypeObject->getText($moduleContentId, $textfieldIndex) : ""; if (!empty($revisionNumber)) {
<?php /* $Id: del_layer.php,v 1.20.2.2 2012/02/28 02:07:45 cknudsen Exp $ */ include_once 'includes/init.php'; require_valide_referring_url(); $id = getGetValue('id'); if ($ALLOW_VIEW_OTHER != 'Y' || empty($id)) { print_header(); echo print_not_auth(7) . print_trailer(); exit; } $id = getGetValue('id'); $updating_public = false; if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') { $updating_public = true; $layer_user = '******'; } else { $layer_user = $login; } load_user_layers($layer_user, 1); if (strlen($layers[$id]['cal_layeruser']) > 0 && ($is_admin || $readonly == 'N')) { $layeruser = $layers[$id]['cal_layeruser']; dbi_execute('DELETE FROM webcal_user_layers WHERE cal_login = ? AND cal_layeruser = ?', array($layer_user, $layeruser)); } do_redirect('layers.php' . ($updating_public ? '?public=1' : ''));
//end if ($c) //test db_cachedir directory for write permissions if (strlen($db_cachedir) > 0) { if (!@is_dir($db_cachedir)) { $response_msg2 = $failureStr . $cachedirStr . ' ' . translate('does not exist'); } else { if (!@is_writable($db_cachedir)) { $response_msg2 = $failureStr . $cachedirStr . ' ' . translate('is not writable'); } else { } } } } // Is this a Timezone Convert? //Manual tzoffset input in URL $tzoffset = getGetValue('tzoffset'); if (!empty($tzoffset)) { $action = 'tz_convert'; } // If so, run it if (!empty($action) && $action == 'tz_convert' && !empty($_SESSION['validuser'])) { $cutoffdate = getIntValue('cutoffdate'); $db_persistent = false; $db_type = $settings['db_type']; $db_host = $settings['db_host']; $db_database = $settings['db_database']; $db_login = $settings['db_login']; $db_password = $settings['db_password']; $db_cachedir = getPostValue('form_db_cachedir'); // Avoid false visibilty of single user login $onload = 'auth_handler();';
<?php // Include common functions and declarations include "../include/common.lite.php"; // Get file id $id = !empty($_GET["fileId"]) ? $_GET["fileId"] : ""; if (!empty($id)) { $extension = getDatabaseFileExtension($id); if (!empty($extension)) { $file = filePath . "/" . $id . "." . $extension; if (file_exists($file)) { // Determine whether to generate a thumbnail $imageWidth = getGetValue("imageWidth"); if (!empty($imageWidth)) { // Generate cached thumbnail $imageUrl = $cache->generateThumbnail("", str_replace(scriptPath . "/", "", $file), "file_" . $id, $imageWidth); if (!empty($imageUrl)) { redirect($imageUrl); } } // If file is outside web root get contents if (false) { // Make file stay in cache for 30 days. header("Expires: " . date("D, j M Y H:i:s", time() + 86400 * 30) . " UTC"); header("Cache-Control: Public"); header("Pragma: Public"); // File not cached or cache outdated, we respond '200 OK' and output the file header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($file)) . ' GMT', true, 200); header('Content-Length: ' . filesize($file)); header('Content-Type: ' . $fileObject->type); header('Content-Disposition: attachment; filename="' . basename($fileObject->name) . '"');
/** * Print blog index. * @param $categoryId Identifier of category. */ function printBlog($categoryId = -1) { global $dbi, $login, $site; if (!empty($this->id)) { if ($this->hasReadPermission()) { // Include language include scriptPath . "/" . folderBlog . "/include/language/" . $this->language . "/general.php"; if (!empty($this->id)) { // Get get values $day = getGetValue("day"); $month = getGetValue("month"); $year = getGetValue("year"); // Add meta links if ($this->hasAdministerPermission()) { $site->addMetaLink(scriptUrl . "/" . folderBlog . "/" . fileBlogEdit . "?blogId=" . $this->id, $lBlog["EditBlog"], "edit"); $site->addMetaLink(scriptUrl . "/" . folderUsers . "/" . fileEditPermissions . "?moduleContentTypeId=" . blogContentId . "&moduleContentId=" . $this->id, $lBlog["EditPermissions"], "permission"); } $site->addMetaLink($this->getBlogLink(), "", "direct"); $site->addMetaLink($this->getBlogLink() . "&print=1", "", "print"); $site->addMetaLink(scriptUrl . "/" . fileSendToFriend . "?url=" . urlencode($this->getBlogLink()) . "&title=" . urlencode($this->title) . "&summary=" . urlencode(validateTextLength($this->description, 100)), "", "recommend"); // Add navigation links $site->addNavigationLink(scriptUrl . "/" . folderBlog . "/" . fileBlogIndex, $lBlogIndex["Header"]); $site->addNavigationLink($this->getBlogLink(), $this->title); if ($categoryId != -1) { $category = new Category($categoryId); $site->addNavigationLink(scriptUrl . "/" . folderBlog . "/" . fileBlog . "?blogId=" . $this->id . "&categoryId=" . $categoryId, $categoryId == 0 ? $lBlogPost["Uncategorized"] : $category->title); } else { if (!empty($month) && !empty($year)) { $site->addNavigationLink(scriptUrl . "/" . folderBlog . "/" . fileBlog . "?blogId=" . $this->id . "&month=" . $month . "&year=" . $year, intToMonth($month) . " " . $year); } } // Register rss feeds $site->registerRSSFeed(scriptUrl . "/" . folderBlog . "/" . fileBlogPostRSS . "?blogId=" . $this->id, $this->title); $site->registerRSSFeed(scriptUrl . "/" . folderBlog . "/" . fileBlogCommentRSS . "?blogId=" . $this->id, $this->title . " - " . $lBlogPost["Comments"]); // Set website path $site->setPath(folderBlog); // Print common header $site->printHeader(); // Print blog body $this->printBlogBody($categoryId); // Print common footer $site->printFooter(); } } else { $login->printLoginForm(); exit; } } else { redirect(scriptUrl . "/" . folderBlog . "/" . fileBlogIndex); } }
// Is this user owner or participant? $is_confidential = $is_private = $rss_view = false; $error = $eType = $event_status = ''; $log = getGetValue('log'); $show_log = !empty($log); $can_email = 'Y'; $areYouSureStr = str_replace('XXX', translate('entry'), translate('Are you sure you want to delete this XXX?')); $pri[1] = translate('High'); $pri[2] = translate('Medium'); $pri[3] = translate('Low'); if (empty($id) || $id <= 0 || !is_numeric($id)) { $error = translate('Invalid entry id.'); } $hide_details = $login == '__public__' && !empty($OVERRIDE_PUBLIC) && $OVERRIDE_PUBLIC == 'Y'; // Check if we can display basic info for RSS FEED $rssuser = getGetValue('rssuser'); if (!empty($rssuser)) { $user_rss_enabled = get_pref_setting($rssuser, 'USER_RSS_ENABLED'); $user_remote_access = get_pref_setting($rssuser, 'USER_REMOTE_ACCESS'); $user_rss_timezone = get_pref_setting($rssuser, 'TIMEZONE'); $rss_view = $RSS_ENABLED == 'Y' && $user_rss_enabled == 'Y' && $friendly == 1 && !empty($rssuser) && isset($user_remote_access); if ($rss_view == true) { if ($login == '__public__') { $user = $rssuser; } $hide_details = false; // Make sure the displayed time is accurate. set_env('TZ', $user_rss_timezone); } } // Is this user a participant or the creator of the event?
<?php // Include common functions and declarations require_once "../../include/common.php"; // Create folder object $folder = new Folder(getGetValue("folderId")); // Check if user has permission to view page if (!$login->isAdmin()) { $login->printLoginForm(); exit; } // Delete files $delete = getPostValue("delete"); if ($delete) { // Check if data is submitted from the form checkSubmitter(); // Delete folders $folders = getPostValue("folders"); if (!empty($folders)) { for ($i = 0; $i < sizeof($folders); $i++) { if (!empty($folders[$i])) { $tmpFolder = new Folder($folders[$i]); $tmpFolder->deleteFolder(); } } } // Delete files $files = getPostValue("files"); if (!empty($files)) { for ($i = 0; $i < sizeof($files); $i++) { if (!empty($files[$i])) {
<?php /* $Id: datesel.php,v 1.54.2.2 2007/08/06 02:28:29 cknudsen Exp $ */ include_once 'includes/init.php'; $fday = getGetValue('fday'); $fmonth = getGetValue('fmonth'); $fyear = getGetValue('fyear'); $form = getGetValue('form'); $date = getGetValue('date'); if (strlen($date) > 0) { $thisyear = substr($date, 0, 4); $thismonth = substr($date, 4, 2); } else { $thisyear = date('Y'); $thismonth = date('m'); } $href = 'href="datesel.php?form=' . $form . '&fday=' . $fday . '&fmonth=' . $fmonth . '&fyear=' . $fyear . '&date='; $nextdate = $href . date('Ym01"', mktime(0, 0, 0, $thismonth + 1, 1, $thisyear)); $nextStr = translate('Next'); $prevdate = $href . date('Ym01"', mktime(0, 0, 0, $thismonth - 1, 1, $thisyear)); $previousStr = translate('Previous'); $monthStr = month_name($thismonth - 1); $wkstart = get_weekday_before($thisyear, $thismonth); $monthstartYmd = date('Ymd', mktime(0, 0, 0, $thismonth, 1, $thisyear)); $monthendYmd = date('Ymd', mktime(23, 59, 59, $thismonth + 1, 0, $thisyear)); print_header('', '', '', true, false, true, true, true); //build weekday names $wkdys = ''; for ($i = 0; $i < 7; $i++) { $wkdys .= '<td>' . weekday_name(($i + $WEEK_START) % 7, 'D') . '</td>'; }
* Client apps must use the same authentication as the web browser. * If WebCalendar is setup to use web-based authentication, then the login.php * found in this directory should be used to obtain a session cookie. * * Developer Notes: * If you enable the WS_DEBUG option below, * all data will be written to a debug file in /tmp also. */ $WS_DEBUG = false; $MAX_ENTRIES = 1000; // Do not allow a client to ask for more than this. require_once 'ws.php'; // Initialize... ws_init(); $num = getGetValue('num'); $startid = getGetValue('startid'); if (empty($num) || $num < 0) { $num = 100; } if ($num > $MAX_ENTRIES) { $num = $MAX_ENTRIES; } header('Content-type: text/xml'); // header ( 'Content-type: text/plain' ); echo '<?xml version="1.0" encoding="UTF-8"?' . ">\n"; // If login is public user, make sure public can view others... if ($login == '__public__' && $login != $user) { if ($PUBLIC_ACCESS_OTHERS != 'Y') { $out = ' <error>' . translate('Not authorized') . '</error> </events>
<?php // Include common functions and declarations require_once "include/common.php"; // Add navigation link $site->addNavigationLink(scriptUrl . "/" . fileProfileForgotPassword, $lForgotPassword["Header"]); // Print header $site->printHeader(); echo '<p>' . $lForgotPassword["HeaderText"] . '</p>'; // Get values $send = getGetValue("send"); $username = getPostValue("username"); $email = getPostValue("email"); $id = getGetValue("id"); $key = getGetValue("key"); $success = getGetValue("success"); if (!empty($id) && !empty($key)) { $user = new User($id); if (!empty($user->id)) { // Check if key matches key in database $result = $dbi->query("SELECT username,activationKey FROM " . userTableName . " WHERE id=" . $dbi->quote($user->id)); if ($result->rows()) { list($username, $activationKey) = $result->fetchrow_array(); if ($key == $activationKey) { // Include password form $forgotPassword = 1; include scriptPath . '/' . folderUsers . '/include/form/userPasswordForm.php'; } else { echo '<p>' . $lForgotPassword["InvalidKey"] . '</p>'; } }
<?php // Include common functions and declarations require_once "../../include/common.php"; // Get category id $category = new Category(getGetValue("categoryId")); // Check if user has edit permission if (!$category->hasEditPermission()) { $login->printLoginForm(); exit; } // Delete entries $deleteReferences = getPostValue("deleteReferences"); if (!empty($deleteReferences)) { $references = getPostValue("references"); for ($i = 0; $i < sizeof($references); $i++) { $dbi->query("DELETE FROM `" . categoryContentRefTableName . "` WHERE id=" . $dbi->quote($references[$i])); } // Redirect to category index redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderCategory . "/" . fileCategoryIndex); } // Validate page $page = !empty($_GET["page"]) ? $_GET["page"] - 1 : 0; // Generate navigation $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderCategory, $lAdminIndex["Categories"]); $site->addNavigationLink(scriptUrl . "/" . folderCategory . "/" . fileCategory . "?categoryId=" . $category->id, $category->title); // Print common header $site->printHeader(); // Print section header printf("<p>" . $lCategory["HeaderText"] . "</p>", $category->title);
<?php // Include common functions and declarations require_once "../../include/common.php"; // Create user object $user = new User(getGetValue("userId")); // Check if user is webmaster if (!$user->hasEditPermission()) { $login->printLoginForm(); exit; } // Delete user $deleteUser = getValue("deleteUser"); if (!empty($deleteUser)) { // Delete user $user->deleteUser(); // Redirect to user index redirect(scriptUrl . "/" . folderUsers); } else { if (!empty($_GET["save"])) { // Save user data $errors = $user->saveUser(); // Redirect to user index if (!$errors->hasErrors()) { redirect(scriptUrl . "/" . folderUsers); } } } // Add navigation links $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderUsers, $lUserIndex["Header"]);
echo "<br/><br/><br/><div align=\"center\"><form><input align=\"middle\" type=\"button\" onclick=\"window.close()\" value=\"Close\" /></form></div>\n"; echo "</p>"; echo "<script language=\"JavaScript\" type=\"text/javascript\">\n"; echo "<!-- <![CDATA[\n"; echo "window.opener.show_db_status ( " . ($c ? "true" : "false") . " );\n"; echo "//]]> -->\n</script>\n"; echo "</body></html>\n"; } else { // Not valid user echo "You are not authorized."; // etranslate ( "You are not authorized" ); } exit; } // Is this a call to phpinfo()? $action = getGetValue("action"); if (!empty($action) && $action == "phpinfo") { if (!empty($_SESSION['validuser'])) { phpinfo(); } else { echo "You are not authorized."; // etranslate ( "You are not authorized" ); } exit; } $exists = file_exists($file); $canWrite = false; if ($exists) { $canWrite = is_writable($file); } else { // check to see if we can create a new file.
if (!empty($commentId)) { $comment = new Comment($commentId); $comment->setSpamStatus($spam); } } // Redirect redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex); } // Get page number $pageNumber = getGetValue("page"); if (!empty($pageNumber)) { $pageNumber = $pageNumber - 1; } // Get module content type $moduleContentTypeId = getGetValue("moduleContentTypeId"); $moduleContentId = getGetValue("moduleContentId"); // Get comment type $commentType = getValue("commentType"); // Search string $searchString = getValue("searchString"); $searchQuery = ""; if (!empty($searchString)) { /* TODO: Support searching for names of registered users */ $searchQuery = !empty($searchString) ? "(" . "name LIKE '" . $searchString . "%' OR " . "name LIKE '%" . $searchString . "%' OR " . "name LIKE '%" . $searchString . "' OR " . "subject LIKE '" . $searchString . "%' OR " . "subject LIKE '%" . $searchString . "%' OR " . "subject LIKE '%" . $searchString . "' OR " . "message LIKE '" . $searchString . "%' OR " . "message LIKE '%" . $searchString . "%' OR " . "message LIKE '%" . $searchString . "'" . ")" : ""; } // Get field to sort by $sortby = getValue("sortby"); if (!($sortby == "subject" || $sortby == "subject desc" || $sortby == "name" || $sortby == "name desc" || $sortby == "posted" || $sortby == "posted desc")) { $sortby = "posted desc"; } // Generate navigation info
function getValue($name, $format = '', $fatal = false) { global $settings; $val = getPostValue($name); if (!isset($val)) { $val = getGetValue($name); } // for older PHP versions... if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) { $val = $GLOBALS[$name]; } if (!isset($val)) { return ''; } if (!empty($format) && !preg_match('/^' . $format . '$/', $val)) { // does not match if ($fatal) { if ($settings['mode'] == 'dev') { $error_str = ' "' . $val . '"'; } else { $error_str = ''; } die_miserable_death(translate('Fatal Error') . ': ' . translate('Invalid data format for') . ' ' . $name . $error_str); } // ignore value return ''; } preventHacking($name, $val); return $val; }
function getValue($name, $format = "", $fatal = false) { $val = getPostValue($name); if (!isset($val)) { $val = getGetValue($name); } // for older PHP versions... if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) { $val = $GLOBALS[$name]; } if (!isset($val)) { return ""; } if (!empty($format) && !preg_match("/^" . $format . "\$/", $val)) { // does not match if ($fatal) { echo "Fatal Error: Invalid data format for {$name}\n"; exit; } // ignore value return ""; } return $val; }
$sql = 'DELETE FROM webcal_user_pref WHERE cal_login = ? ' . 'AND cal_setting = ?'; dbi_execute($sql, array($prefuser, $setting)); if (strlen($value) > 0) { $setting = strtoupper($setting); $sql = 'INSERT INTO webcal_user_pref ' . '( cal_login, cal_setting, cal_value ) VALUES ' . '( ?, ?, ? )'; if (!dbi_execute($sql, array($prefuser, $setting, $value))) { $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql; break; } } } } } $currenttab = ''; $public = getGetValue('public'); $user = getGetValue('user'); $updating_public = false; load_global_settings(); if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') { $updating_public = true; load_user_preferences('__public__'); $prefuser = '******'; } elseif (!empty($user) && $user != $login && ($is_admin || $is_nonuser_admin)) { $prefuser = $user; load_user_preferences($user); } else { $prefuser = $login; // Reload preferences so any css changes will take effect load_user_preferences(); } //get list of theme files from /themes directory
<?php /* $Id: catsel.php,v 1.22.2.4 2013/01/24 21:10:19 cknudsen Exp $ */ include_once 'includes/init.php'; // load user and global cats load_user_categories(); $catList = $catNames = $error = ''; if ($CATEGORIES_ENABLED == 'N') { exit; } $cats = getGetValue('cats'); $form = getGetValue('form'); $eventcats = explode(',', $cats); $availCatStr = translate('AVAILABLE CATEGORIES'); $availCatFiller = str_repeat(' ', (30 - strlen($availCatStr)) / 2); if (strlen($availCatStr) < 30) { $availCatStr = $availCatFiller . $availCatStr . $availCatFiller; } $entryCatStr = translate('ENTRY CATEGORIES'); $entryCatFiller = str_repeat(' ', (30 - strlen($entryCatStr)) / 2); if (strlen($entryCatStr) < 30) { $entryCatStr = $entryCatFiller . $entryCatStr . $entryCatFiller; } print_header(array('js/catsel.php/false/' . $form), '', '', true, false, true); ob_start(); echo ' <table align="center" border="0" width="90%"> <tr> <th colspan="3">' . translate('Categories') . '</th> </tr> <form action="" method="post" name="editCategories" ' . 'onSubmit="sendCats( this )">
<?php // Include common functions and declarations require_once "../../include/common.php"; // Check if user has edit permissions if (!$login->isAdmin()) { $login->printLoginForm(); exit; } // Create file object $file = new File(getGetValue("fileId")); // Check if file exists if (!empty($file->id)) { $mode = getGetValue("mode"); if ($mode == "update") { // Save file $errors = $file->saveFile(); if (!$errors->hasErrors()) { // Redirect redirect(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesIndex . (!empty($file->parent->id) ? "?folderId=" . $file->parent->id : "")); } } // Add navigation links $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderFilesAdmin, $lFileIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesEditFile . "?fileId=" . $file->id, $lFileEditFile["Header"]); // Print common header $site->printHeader(); // Print page text printf($lFileEditFile["HeaderText"], $file->name); // Print error messages if any
<?php // Include common functions and declarations require_once "include/common.php"; // Get get values $down = getGetValue("down"); $id = getGetValue("id"); $pageNumber = getGetValue("page"); $position = getGetValue("position"); $up = getGetValue("up"); $visible = getGetValue("visible"); // Get search string values $searchString = parseString(getValue("searchString"), true); $searchType = parseString(getValue("searchType"), true); // Set limits for search results based on search type $viewAll = !empty($searchType) ? true : false; $limit = $viewAll ? 15 : 5; // Count page number down by 1 if (!empty($pageNumber)) { $pageNumber = $pageNumber - 1; } // Move search section up or down if ($login->isWebmaster()) { if (!empty($id) && !empty($position)) { if (!empty($up)) { $result = $dbi->query("SELECT id,position FROM " . searchTypeTableName . " WHERE position<" . $dbi->quote($position) . " ORDER BY position DESC LIMIT 1"); if ($result->rows()) { list($swapId, $swapPos) = $result->fetchrow_array(); $dbi->query("UPDATE " . searchTypeTableName . " SET position=" . $dbi->quote($swapPos) . " WHERE id=" . $dbi->quote($id)); $dbi->query("UPDATE " . searchTypeTableName . " SET position=" . $dbi->quote($position) . " WHERE id=" . $dbi->quote($swapId)); }