Пример #1
0
 /**
  * Invokes the whole application.
  */
 public function invoke()
 {
     $this->_pageKey = getGetValue('page', 'accounts');
     $this->_subKey = getGetValue('sub');
     $sessionLang = jpWotSession::get('active_language');
     if (empty($sessionLang)) {
         jpWotSession::set('active_language', strtolower(trim(jpWotConfig::$lang)));
     }
     $changeLang = getPostValue('lang');
     if (isset($changeLang['current'], $changeLang['new']) && $changeLang['current'] != $changeLang['new']) {
         jpWotSession::set('active_language', $changeLang['new']);
         $langKey = $changeLang['new'];
     } else {
         $langKey = jpWotSession::get('active_language');
     }
     $langKey = $this->getIniLanguageKey($langKey);
     $language = jpWotLanguage::getInstance();
     $language->load('main', BPATH, $langKey);
     $language->load('filter', BPATH, $langKey);
     $language->load($this->_pageKey, BPATH, $langKey);
     $controller = $this->getControllerInstance();
     $page = getPostValue('request');
     if (!empty($page)) {
         $controller->setRequestData($page);
     }
     $controller->index();
 }
Пример #2
0
<?php

// Include common functions and declarations
require_once "../../include/common.php";
// Create page object
$pageObject = new Page(getGetValue("pageId"));
// Determine if user has permission to edit page
if (!$pageObject->hasEditPermission()) {
    $login->printLoginForm();
    exit;
}
// Delete page
if (!empty($_POST["deletePage"])) {
    // Delete page
    $pageObject->deletePage($pageObject->id);
    // Redirect to page index
    redirect(scriptUrl . "/" . folderPage . "/" . filePageIndex);
} else {
    if (!empty($_GET["save"])) {
        $errors = $pageObject->savePage();
        // Redirect to page index if referer is empty
        if (!$errors->hasErrors()) {
            $referer = getPostValue("referer");
            redirect(!empty($referer) ? $referer : $pageObject->getPageLink());
        }
    }
}
// Add navigation links
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderPage, $lPageIndex["Header"]);
if (!empty($pageObject->id)) {
Пример #3
0
$MAX_HEIGHT = $MAX_WIDTH = 600;
$DEFAULTS = array('color1' => 'ccc', 'color2' => 'eee', 'colors' => 32, 'direction' => 90, 'height' => 50, 'percent' => 15, 'width' => 50);
if (empty($PHP_SELF) && !empty($_SERVER) && !empty($_SERVER['PHP_SELF'])) {
    $PHP_SELF = $_SERVER['PHP_SELF'];
}
// are we calling this file directly with GET parameters
if (!empty($_GET) && !empty($PHP_SELF) && preg_match("/\\/includes\\/gradient.php/", $PHP_SELF)) {
    if (function_exists('getGetValue')) {
        $base = getGetValue('base');
        $color1 = getGetValue('color1');
        $color2 = getGetValue('color2');
        $direction = getGetValue('direction');
        $height = getGetValue('height');
        $numcolors = getGetValue('colors');
        $percent = getGetValue('percent');
        $width = getGetValue('width');
    } else {
        $base = !empty($_GET['base']) ? $_GET['base'] : '';
        $color1 = !empty($_GET['color1']) ? $_GET['color1'] : '';
        $color2 = !empty($_GET['color2']) ? $_GET['color2'] : '';
        $direction = !empty($_GET['direction']) ? $_GET['direction'] : '';
        $height = !empty($_GET['height']) ? $_GET['height'] : '';
        $numcolors = !empty($_GET['colors']) ? $_GET['colors'] : '';
        $percent = !empty($_GET['percent']) ? $_GET['percent'] : '';
        $width = !empty($_GET['width']) ? $_GET['width'] : '';
    }
    create_image('', $base, $height, $percent, $width, $direction, $numcolors, $color1, $color2);
}
/* Turn an HTML color (like 'AABBCC') into an array of decimal RGB values.
 *
 * Parameters:
Пример #4
0
if (!empty($last_login)) {
    $login = '';
}
if (empty($webcalendar_login)) {
    $webcalendar_login = '';
}
if ($REMEMBER_LAST_LOGIN == 'Y' && empty($login)) {
    $last_login = $login = $webcalendar_login;
}
load_user_preferences('guest');
$WebCalendar->setLanguage();
$cookie_path = str_replace('login.php', '', $PHP_SELF);
//echo "Cookie path: $cookie_path\n";
// Look for action=logout
$logout = false;
$action = getGetValue('action');
if (!empty($action) && $action == 'logout') {
    $logout = true;
    $return_path = '';
    SetCookie('webcalendar_login', '', 0, $cookie_path);
    SetCookie('webcalendar_last_view', '', 0, $cookie_path);
} else {
    if (empty($return_path)) {
        // see if a return path was set
        $return_path = get_last_view(false);
    }
}
if (!empty($return_path)) {
    $return_path = clean_whitespace($return_path);
    $url = $return_path;
} else {
Пример #5
0
<?php

/* $Id: usersel.php,v 1.34.2.3 2008/10/15 03:05:11 cknudsen Exp $ */
include_once 'includes/init.php';
// input args in URL
// users:  list of comma-separated users
// form:   name of form on parent page
// listid: element id of user selection object in form
//         ... to be used like form.elements[$listid]
$users = getGetValue('users');
$form = getGetValue('form');
$listid = getGetValue('listid');
$progErrStr = translate('Program Error No XXX specified!');
if (empty($form)) {
    echo str_replace('XXX', translate('form'), $progErrStr);
    exit;
}
if (empty($listid)) {
    echo str_replace('XXX', translate('listid'), $progErrStr);
    exit;
}
// Parse $users.
$exp = split(',', $users);
$groups = $selected = $sql_params = array();
for ($i = 0, $cnt = count($exp); $i < $cnt; $i++) {
    $selected[$exp[$i]] = 1;
}
$owner = $is_nonuser_admin || $is_assistant ? $user : $login;
// Load list of groups.
$sql = 'SELECT wg.cal_group_id, wg.cal_name FROM webcal_group wg';
if ($USER_SEES_ONLY_HIS_GROUPS == 'Y') {
Пример #6
0
// translate ( 'Program Error' ) translate ( 'No XXX specified!' )
$noXStr = translate('Program Error No XXX specified!');
if (empty($users)) {
    echo str_replace('XXX', translate('user'), $noXStr);
    exit;
} elseif (empty($year)) {
    echo str_replace('XXX', translate('year'), $noXStr);
    exit;
} elseif (empty($month)) {
    echo str_replace('XXX', translate('month'), $noXStr);
    exit;
} elseif (empty($day)) {
    echo str_replace('XXX', translate('day'), $noXStr);
    exit;
}
print_header(array('js/availability.php/false/' . "{$month}/{$day}/{$year}/" . getGetValue('form')), '', 'onload="focus();"', true, false, true);
$next_url = $prev_url = '?users=' . $users;
$time = mktime(0, 0, 0, $month, $day, $year);
$date = date('Ymd', $time);
$next_url .= strftime('&amp;year=%Y&amp;month=%m&amp;day=%d', $time + 86400);
$prev_url .= strftime('&amp;year=%Y&amp;month=%m&amp;day=%d', $time - 86400);
$span = ($WORK_DAY_END_HOUR - $WORK_DAY_START_HOUR) * 3 + 1;
$users = explode(',', $users);
$nextStr = translate('Next');
$prevStr = translate('Previous');
echo '
    <div style="width:99%;">
      <a title="' . $prevStr . '" class="prev" href="' . $prev_url . '"><img src="images/leftarrow.gif" class="prev" alt="' . $prevStr . '" /></a>
      <a title="' . $nextStr . '" class="next" href="' . $next_url . '"><img src="images/rightarrow.gif" class="next" alt="' . $nextStr . '" /></a>
      <div class="title">
        <span class="date">';
Пример #7
0
<?php

// Include common functions and declarations
require_once "include/common.php";
// Get values
$id = getGetValue("pageId");
// If id is empty attempt to fetch sectionId (for backwards compatibility)
if (empty($id)) {
    $id = getGetValue("sectionId");
}
// Get parameters for readable URLs
$parameters = getURLParameters(filePage);
// Create Page object
$page = new Page();
if (!empty($id)) {
    $page->init($id);
} else {
    if (sizeof($parameters) > 0) {
        if (!empty($parameters[0])) {
            $page->init(!empty($parameters[1]) ? $parameters[1] : 0, $parameters[0]);
            if (empty($page->id) && !empty($parameters[1])) {
                $page->init($parameters[1]);
            }
        }
    }
}
// If page not set create default page
if (empty($page->id)) {
    if (constant("pageDefaultPage") != 0) {
        $page->init(pageDefaultPage);
    } else {
Пример #8
0
<?php

/* $Id: datesel.php,v 1.31 2005/03/11 13:59:51 cknudsen Exp $ */
include_once $gfplugins . 'webcalendar/www/includes/init.php';
// month and year are being overwritten so we will copy vars to fix.
// this will make datesel.php still work where ever it is called from.
// The values $fday, $fmonth and $fyear hold the form variable names
// to update when the user selects a date.  (This is needed in
// the js/datesel.php file that gets included below.)
$fday = getGetValue("fday");
$fmonth = getGetValue("fmonth");
$fyear = getGetValue("fyear");
$INC = array('js/datesel.php');
print_header($INC, '', '', true);
if (strlen($date) > 0) {
    $thisyear = substr($date, 0, 4);
    $thismonth = substr($date, 4, 2);
} else {
    $thismonth = date("m");
    $thisyear = date("Y");
}
$next = mktime(3, 0, 0, $thismonth + 1, 1, $thisyear);
$nextyear = date("Y", $next);
$nextmonth = date("m", $next);
$nextdate = date("Ym", $next) . "01";
$prev = mktime(3, 0, 0, $thismonth - 1, 1, $thisyear);
$prevyear = date("Y", $prev);
$prevmonth = date("m", $prev);
$prevdate = date("Ym", $prev) . "01";
?>
Пример #9
0
        $mimetype = $doc->getMimeType();
        $owner = $doc->getLogin();
        $size = $doc->getSize();
        $type = $doc->getType();
    }
    dbi_free_result($res);
}
// Make sure this user is allowed to look at this file.
// If the blob is associated with an event, then the user must be able
// to view the event in order to access this file.
// TODO: move all this code (and code in view_entry.php) to a common
// function named can_view_event or something similar.
$can_view = false;
$is_my_event = false;
$is_private = $is_confidential = false;
$log = getGetValue('log');
$show_log = !empty($log);
if (empty($id)) {
    $can_view = true;
}
// not associated with an event
if (!empty($id) && empty($error)) {
    if ($is_admin || $is_nonuser_admin || $is_assistant) {
        $can_view = true;
    }
    if (empty($id) || $id <= 0 || !is_numeric($id)) {
        $error = str_replace('XXX', $id, $invalidIDStr);
    }
    if (empty($error)) {
        // is this user a participant or the creator of the event?
        $res = dbi_execute('SELECT we.cal_id FROM webcal_entry we,
Пример #10
0
}
// Delete groups
$deleteGroups = getValue("deleteGroups");
if (!empty($deleteGroups)) {
    $groups = getValue("groups");
    for ($i = 0; $i < sizeof($groups); $i++) {
        $group = new Group($groups[$i]);
        $group->deleteGroup();
    }
    // Redirect to group index
    redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderGroups . "/" . fileGroupIndex);
}
// Set number of groups to display per page
$groupLimit = 30;
// Get page number
$page = getGetValue("page");
if (!empty($page)) {
    $page = $page - 1;
}
// Get search parameters
$search_string = getValue("searchString");
// Add navigation links
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderGroups . "/" . fileGroupIndex, $lGroupIndex["Header"]);
// Print common header
$site->printHeader();
// Print page description
echo "<p>" . $lGroupIndex["HeaderText"] . "</p>";
// Fetch groups
$result = $dbi->query("SELECT id FROM `" . groupTableName . "`" . (!empty($search_string) ? " WHERE name LIKE " . $dbi->quote($search_string . "%") . " OR description LIKE " . $dbi->quote($search_string . "%") : "") . " ORDER BY name LIMIT " . $page * $groupLimit . "," . $groupLimit);
if ($result->rows() || !empty($search_string)) {
Пример #11
0
<?php

// Include common functions and declarations
require_once "../../include/common.php";
// Get content type and content identifier
$moduleContentTypeId = getGetValue("moduleContentTypeId");
$moduleContentId = getGetValue("moduleContentId");
$revisionNumber = getValue("revisionNumber");
$textfieldIndex = getGetValue("textfieldIndex");
if (!empty($moduleContentTypeId) && !empty($moduleContentId)) {
    if (!$login->hasEditPermission($moduleContentTypeId, $moduleContentId)) {
        $login->printLoginForm();
        exit;
    }
    // Get info on module type
    $moduleId = 0;
    $title = "";
    $result = $dbi->query("SELECT moduleId, title FROM " . moduleContentTypeTableName . " WHERE id=" . $dbi->quote($moduleContentTypeId));
    if ($result->rows()) {
        list($moduleId, $title) = $result->fetchrow_array();
    }
    // Get module content type object
    $moduleContentTypeObject = $module->getModuleContentTypeObject($moduleContentTypeId);
    // Revert to previous revision
    if (!empty($_POST["revert"])) {
        if (method_exists($moduleContentTypeObject, "restoreRevision")) {
            $moduleContentTypeObject->restoreRevision($moduleContentId, $revisionNumber);
        } else {
            if (method_exists($moduleContentTypeObject, "setText")) {
                $text = method_exists($moduleContentTypeObject, "getText") ? $moduleContentTypeObject->getText($moduleContentId, $textfieldIndex) : "";
                if (!empty($revisionNumber)) {
Пример #12
0
<?php

/* $Id: del_layer.php,v 1.20.2.2 2012/02/28 02:07:45 cknudsen Exp $ */
include_once 'includes/init.php';
require_valide_referring_url();
$id = getGetValue('id');
if ($ALLOW_VIEW_OTHER != 'Y' || empty($id)) {
    print_header();
    echo print_not_auth(7) . print_trailer();
    exit;
}
$id = getGetValue('id');
$updating_public = false;
if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') {
    $updating_public = true;
    $layer_user = '******';
} else {
    $layer_user = $login;
}
load_user_layers($layer_user, 1);
if (strlen($layers[$id]['cal_layeruser']) > 0 && ($is_admin || $readonly == 'N')) {
    $layeruser = $layers[$id]['cal_layeruser'];
    dbi_execute('DELETE FROM webcal_user_layers WHERE cal_login = ?
    AND cal_layeruser = ?', array($layer_user, $layeruser));
}
do_redirect('layers.php' . ($updating_public ? '?public=1' : ''));
Пример #13
0
    //end if ($c)
    //test db_cachedir directory for write permissions
    if (strlen($db_cachedir) > 0) {
        if (!@is_dir($db_cachedir)) {
            $response_msg2 = $failureStr . $cachedirStr . ' ' . translate('does not exist');
        } else {
            if (!@is_writable($db_cachedir)) {
                $response_msg2 = $failureStr . $cachedirStr . ' ' . translate('is not writable');
            } else {
            }
        }
    }
}
// Is this a Timezone Convert?
//Manual tzoffset input in URL
$tzoffset = getGetValue('tzoffset');
if (!empty($tzoffset)) {
    $action = 'tz_convert';
}
// If so, run it
if (!empty($action) && $action == 'tz_convert' && !empty($_SESSION['validuser'])) {
    $cutoffdate = getIntValue('cutoffdate');
    $db_persistent = false;
    $db_type = $settings['db_type'];
    $db_host = $settings['db_host'];
    $db_database = $settings['db_database'];
    $db_login = $settings['db_login'];
    $db_password = $settings['db_password'];
    $db_cachedir = getPostValue('form_db_cachedir');
    // Avoid false visibilty of single user login
    $onload = 'auth_handler();';
Пример #14
0
<?php

// Include common functions and declarations
include "../include/common.lite.php";
// Get file id
$id = !empty($_GET["fileId"]) ? $_GET["fileId"] : "";
if (!empty($id)) {
    $extension = getDatabaseFileExtension($id);
    if (!empty($extension)) {
        $file = filePath . "/" . $id . "." . $extension;
        if (file_exists($file)) {
            // Determine whether to generate a thumbnail
            $imageWidth = getGetValue("imageWidth");
            if (!empty($imageWidth)) {
                // Generate cached thumbnail
                $imageUrl = $cache->generateThumbnail("", str_replace(scriptPath . "/", "", $file), "file_" . $id, $imageWidth);
                if (!empty($imageUrl)) {
                    redirect($imageUrl);
                }
            }
            // If file is outside web root get contents
            if (false) {
                // Make file stay in cache for 30 days.
                header("Expires: " . date("D, j M Y H:i:s", time() + 86400 * 30) . " UTC");
                header("Cache-Control: Public");
                header("Pragma: Public");
                // File not cached or cache outdated, we respond '200 OK' and output the file
                header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($file)) . ' GMT', true, 200);
                header('Content-Length: ' . filesize($file));
                header('Content-Type: ' . $fileObject->type);
                header('Content-Disposition: attachment; filename="' . basename($fileObject->name) . '"');
Пример #15
0
 /** 
  * Print blog index.
  * @param	$categoryId	Identifier of category.
  */
 function printBlog($categoryId = -1)
 {
     global $dbi, $login, $site;
     if (!empty($this->id)) {
         if ($this->hasReadPermission()) {
             // Include language
             include scriptPath . "/" . folderBlog . "/include/language/" . $this->language . "/general.php";
             if (!empty($this->id)) {
                 // Get get values
                 $day = getGetValue("day");
                 $month = getGetValue("month");
                 $year = getGetValue("year");
                 // Add meta links
                 if ($this->hasAdministerPermission()) {
                     $site->addMetaLink(scriptUrl . "/" . folderBlog . "/" . fileBlogEdit . "?blogId=" . $this->id, $lBlog["EditBlog"], "edit");
                     $site->addMetaLink(scriptUrl . "/" . folderUsers . "/" . fileEditPermissions . "?moduleContentTypeId=" . blogContentId . "&amp;moduleContentId=" . $this->id, $lBlog["EditPermissions"], "permission");
                 }
                 $site->addMetaLink($this->getBlogLink(), "", "direct");
                 $site->addMetaLink($this->getBlogLink() . "&amp;print=1", "", "print");
                 $site->addMetaLink(scriptUrl . "/" . fileSendToFriend . "?url=" . urlencode($this->getBlogLink()) . "&amp;title=" . urlencode($this->title) . "&amp;summary=" . urlencode(validateTextLength($this->description, 100)), "", "recommend");
                 // Add navigation links
                 $site->addNavigationLink(scriptUrl . "/" . folderBlog . "/" . fileBlogIndex, $lBlogIndex["Header"]);
                 $site->addNavigationLink($this->getBlogLink(), $this->title);
                 if ($categoryId != -1) {
                     $category = new Category($categoryId);
                     $site->addNavigationLink(scriptUrl . "/" . folderBlog . "/" . fileBlog . "?blogId=" . $this->id . "&amp;categoryId=" . $categoryId, $categoryId == 0 ? $lBlogPost["Uncategorized"] : $category->title);
                 } else {
                     if (!empty($month) && !empty($year)) {
                         $site->addNavigationLink(scriptUrl . "/" . folderBlog . "/" . fileBlog . "?blogId=" . $this->id . "&amp;month=" . $month . "&amp;year=" . $year, intToMonth($month) . " " . $year);
                     }
                 }
                 // Register rss feeds
                 $site->registerRSSFeed(scriptUrl . "/" . folderBlog . "/" . fileBlogPostRSS . "?blogId=" . $this->id, $this->title);
                 $site->registerRSSFeed(scriptUrl . "/" . folderBlog . "/" . fileBlogCommentRSS . "?blogId=" . $this->id, $this->title . " - " . $lBlogPost["Comments"]);
                 // Set website path
                 $site->setPath(folderBlog);
                 // Print common header
                 $site->printHeader();
                 // Print blog body
                 $this->printBlogBody($categoryId);
                 // Print common footer
                 $site->printFooter();
             }
         } else {
             $login->printLoginForm();
             exit;
         }
     } else {
         redirect(scriptUrl . "/" . folderBlog . "/" . fileBlogIndex);
     }
 }
Пример #16
0
// Is this user owner or participant?
$is_confidential = $is_private = $rss_view = false;
$error = $eType = $event_status = '';
$log = getGetValue('log');
$show_log = !empty($log);
$can_email = 'Y';
$areYouSureStr = str_replace('XXX', translate('entry'), translate('Are you sure you want to delete this XXX?'));
$pri[1] = translate('High');
$pri[2] = translate('Medium');
$pri[3] = translate('Low');
if (empty($id) || $id <= 0 || !is_numeric($id)) {
    $error = translate('Invalid entry id.');
}
$hide_details = $login == '__public__' && !empty($OVERRIDE_PUBLIC) && $OVERRIDE_PUBLIC == 'Y';
// Check if we can display basic info for RSS FEED
$rssuser = getGetValue('rssuser');
if (!empty($rssuser)) {
    $user_rss_enabled = get_pref_setting($rssuser, 'USER_RSS_ENABLED');
    $user_remote_access = get_pref_setting($rssuser, 'USER_REMOTE_ACCESS');
    $user_rss_timezone = get_pref_setting($rssuser, 'TIMEZONE');
    $rss_view = $RSS_ENABLED == 'Y' && $user_rss_enabled == 'Y' && $friendly == 1 && !empty($rssuser) && isset($user_remote_access);
    if ($rss_view == true) {
        if ($login == '__public__') {
            $user = $rssuser;
        }
        $hide_details = false;
        // Make sure the displayed time is accurate.
        set_env('TZ', $user_rss_timezone);
    }
}
// Is this user a participant or the creator of the event?
Пример #17
0
<?php

// Include common functions and declarations
require_once "../../include/common.php";
// Create folder object
$folder = new Folder(getGetValue("folderId"));
// Check if user has permission to view page
if (!$login->isAdmin()) {
    $login->printLoginForm();
    exit;
}
// Delete files
$delete = getPostValue("delete");
if ($delete) {
    // Check if data is submitted from the form
    checkSubmitter();
    // Delete folders
    $folders = getPostValue("folders");
    if (!empty($folders)) {
        for ($i = 0; $i < sizeof($folders); $i++) {
            if (!empty($folders[$i])) {
                $tmpFolder = new Folder($folders[$i]);
                $tmpFolder->deleteFolder();
            }
        }
    }
    // Delete files
    $files = getPostValue("files");
    if (!empty($files)) {
        for ($i = 0; $i < sizeof($files); $i++) {
            if (!empty($files[$i])) {
Пример #18
0
<?php

/* $Id: datesel.php,v 1.54.2.2 2007/08/06 02:28:29 cknudsen Exp $ */
include_once 'includes/init.php';
$fday = getGetValue('fday');
$fmonth = getGetValue('fmonth');
$fyear = getGetValue('fyear');
$form = getGetValue('form');
$date = getGetValue('date');
if (strlen($date) > 0) {
    $thisyear = substr($date, 0, 4);
    $thismonth = substr($date, 4, 2);
} else {
    $thisyear = date('Y');
    $thismonth = date('m');
}
$href = 'href="datesel.php?form=' . $form . '&amp;fday=' . $fday . '&amp;fmonth=' . $fmonth . '&amp;fyear=' . $fyear . '&amp;date=';
$nextdate = $href . date('Ym01"', mktime(0, 0, 0, $thismonth + 1, 1, $thisyear));
$nextStr = translate('Next');
$prevdate = $href . date('Ym01"', mktime(0, 0, 0, $thismonth - 1, 1, $thisyear));
$previousStr = translate('Previous');
$monthStr = month_name($thismonth - 1);
$wkstart = get_weekday_before($thisyear, $thismonth);
$monthstartYmd = date('Ymd', mktime(0, 0, 0, $thismonth, 1, $thisyear));
$monthendYmd = date('Ymd', mktime(23, 59, 59, $thismonth + 1, 0, $thisyear));
print_header('', '', '', true, false, true, true, true);
//build weekday names
$wkdys = '';
for ($i = 0; $i < 7; $i++) {
    $wkdys .= '<td>' . weekday_name(($i + $WEEK_START) % 7, 'D') . '</td>';
}
Пример #19
0
 *  Client apps must use the same authentication as the web browser.
 *  If WebCalendar is setup to use web-based authentication, then the login.php
 *  found in this directory should be used to obtain a session cookie.
 *
 * Developer Notes:
 *  If you enable the WS_DEBUG option below,
 *  all data will be written to a debug file in /tmp also.
 */
$WS_DEBUG = false;
$MAX_ENTRIES = 1000;
// Do not allow a client to ask for more than this.
require_once 'ws.php';
// Initialize...
ws_init();
$num = getGetValue('num');
$startid = getGetValue('startid');
if (empty($num) || $num < 0) {
    $num = 100;
}
if ($num > $MAX_ENTRIES) {
    $num = $MAX_ENTRIES;
}
header('Content-type: text/xml');
// header ( 'Content-type: text/plain' );
echo '<?xml version="1.0" encoding="UTF-8"?' . ">\n";
// If login is public user, make sure public can view others...
if ($login == '__public__' && $login != $user) {
    if ($PUBLIC_ACCESS_OTHERS != 'Y') {
        $out = '
  <error>' . translate('Not authorized') . '</error>
</events>
Пример #20
0
<?php

// Include common functions and declarations
require_once "include/common.php";
// Add navigation link
$site->addNavigationLink(scriptUrl . "/" . fileProfileForgotPassword, $lForgotPassword["Header"]);
// Print header
$site->printHeader();
echo '<p>' . $lForgotPassword["HeaderText"] . '</p>';
// Get values
$send = getGetValue("send");
$username = getPostValue("username");
$email = getPostValue("email");
$id = getGetValue("id");
$key = getGetValue("key");
$success = getGetValue("success");
if (!empty($id) && !empty($key)) {
    $user = new User($id);
    if (!empty($user->id)) {
        // Check if key matches key in database
        $result = $dbi->query("SELECT username,activationKey FROM " . userTableName . " WHERE id=" . $dbi->quote($user->id));
        if ($result->rows()) {
            list($username, $activationKey) = $result->fetchrow_array();
            if ($key == $activationKey) {
                // Include password form
                $forgotPassword = 1;
                include scriptPath . '/' . folderUsers . '/include/form/userPasswordForm.php';
            } else {
                echo '<p>' . $lForgotPassword["InvalidKey"] . '</p>';
            }
        }
Пример #21
0
<?php

// Include common functions and declarations
require_once "../../include/common.php";
// Get category id
$category = new Category(getGetValue("categoryId"));
// Check if user has edit permission
if (!$category->hasEditPermission()) {
    $login->printLoginForm();
    exit;
}
// Delete entries
$deleteReferences = getPostValue("deleteReferences");
if (!empty($deleteReferences)) {
    $references = getPostValue("references");
    for ($i = 0; $i < sizeof($references); $i++) {
        $dbi->query("DELETE FROM `" . categoryContentRefTableName . "` WHERE id=" . $dbi->quote($references[$i]));
    }
    // Redirect to category index
    redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderCategory . "/" . fileCategoryIndex);
}
// Validate page
$page = !empty($_GET["page"]) ? $_GET["page"] - 1 : 0;
// Generate navigation
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderCategory, $lAdminIndex["Categories"]);
$site->addNavigationLink(scriptUrl . "/" . folderCategory . "/" . fileCategory . "?categoryId=" . $category->id, $category->title);
// Print common header
$site->printHeader();
// Print section header
printf("<p>" . $lCategory["HeaderText"] . "</p>", $category->title);
Пример #22
0
<?php

// Include common functions and declarations
require_once "../../include/common.php";
// Create user object
$user = new User(getGetValue("userId"));
// Check if user is webmaster
if (!$user->hasEditPermission()) {
    $login->printLoginForm();
    exit;
}
// Delete user
$deleteUser = getValue("deleteUser");
if (!empty($deleteUser)) {
    // Delete user
    $user->deleteUser();
    // Redirect to user index
    redirect(scriptUrl . "/" . folderUsers);
} else {
    if (!empty($_GET["save"])) {
        // Save user data
        $errors = $user->saveUser();
        // Redirect to user index
        if (!$errors->hasErrors()) {
            redirect(scriptUrl . "/" . folderUsers);
        }
    }
}
// Add navigation links
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderUsers, $lUserIndex["Header"]);
Пример #23
0
        echo "<br/><br/><br/><div align=\"center\"><form><input align=\"middle\" type=\"button\" onclick=\"window.close()\" value=\"Close\" /></form></div>\n";
        echo "</p>";
        echo "<script language=\"JavaScript\" type=\"text/javascript\">\n";
        echo "<!-- <![CDATA[\n";
        echo "window.opener.show_db_status ( " . ($c ? "true" : "false") . " );\n";
        echo "//]]> -->\n</script>\n";
        echo "</body></html>\n";
    } else {
        // Not valid user
        echo "You are not authorized.";
        // etranslate ( "You are not authorized" );
    }
    exit;
}
// Is this a call to phpinfo()?
$action = getGetValue("action");
if (!empty($action) && $action == "phpinfo") {
    if (!empty($_SESSION['validuser'])) {
        phpinfo();
    } else {
        echo "You are not authorized.";
        // etranslate ( "You are not authorized" );
    }
    exit;
}
$exists = file_exists($file);
$canWrite = false;
if ($exists) {
    $canWrite = is_writable($file);
} else {
    // check to see if we can create a new file.
Пример #24
0
        if (!empty($commentId)) {
            $comment = new Comment($commentId);
            $comment->setSpamStatus($spam);
        }
    }
    // Redirect
    redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex);
}
// Get page number
$pageNumber = getGetValue("page");
if (!empty($pageNumber)) {
    $pageNumber = $pageNumber - 1;
}
// Get module content type
$moduleContentTypeId = getGetValue("moduleContentTypeId");
$moduleContentId = getGetValue("moduleContentId");
// Get comment type
$commentType = getValue("commentType");
// Search string
$searchString = getValue("searchString");
$searchQuery = "";
if (!empty($searchString)) {
    /* TODO: Support searching for names of registered users */
    $searchQuery = !empty($searchString) ? "(" . "name LIKE '" . $searchString . "%' OR " . "name LIKE '%" . $searchString . "%' OR " . "name LIKE '%" . $searchString . "' OR " . "subject LIKE '" . $searchString . "%' OR " . "subject LIKE '%" . $searchString . "%' OR " . "subject LIKE '%" . $searchString . "' OR " . "message LIKE '" . $searchString . "%' OR " . "message LIKE '%" . $searchString . "%' OR " . "message LIKE '%" . $searchString . "'" . ")" : "";
}
// Get field to sort by
$sortby = getValue("sortby");
if (!($sortby == "subject" || $sortby == "subject desc" || $sortby == "name" || $sortby == "name desc" || $sortby == "posted" || $sortby == "posted desc")) {
    $sortby = "posted desc";
}
// Generate navigation info
function getValue($name, $format = '', $fatal = false)
{
    global $settings;
    $val = getPostValue($name);
    if (!isset($val)) {
        $val = getGetValue($name);
    }
    // for older PHP versions...
    if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) {
        $val = $GLOBALS[$name];
    }
    if (!isset($val)) {
        return '';
    }
    if (!empty($format) && !preg_match('/^' . $format . '$/', $val)) {
        // does not match
        if ($fatal) {
            if ($settings['mode'] == 'dev') {
                $error_str = ' "' . $val . '"';
            } else {
                $error_str = '';
            }
            die_miserable_death(translate('Fatal Error') . ': ' . translate('Invalid data format for') . ' ' . $name . $error_str);
        }
        // ignore value
        return '';
    }
    preventHacking($name, $val);
    return $val;
}
Пример #26
0
function getValue($name, $format = "", $fatal = false)
{
    $val = getPostValue($name);
    if (!isset($val)) {
        $val = getGetValue($name);
    }
    // for older PHP versions...
    if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) {
        $val = $GLOBALS[$name];
    }
    if (!isset($val)) {
        return "";
    }
    if (!empty($format) && !preg_match("/^" . $format . "\$/", $val)) {
        // does not match
        if ($fatal) {
            echo "Fatal Error: Invalid data format for {$name}\n";
            exit;
        }
        // ignore value
        return "";
    }
    return $val;
}
Пример #27
0
            $sql = 'DELETE FROM webcal_user_pref WHERE cal_login = ? ' . 'AND cal_setting = ?';
            dbi_execute($sql, array($prefuser, $setting));
            if (strlen($value) > 0) {
                $setting = strtoupper($setting);
                $sql = 'INSERT INTO webcal_user_pref ' . '( cal_login, cal_setting, cal_value ) VALUES ' . '( ?, ?, ? )';
                if (!dbi_execute($sql, array($prefuser, $setting, $value))) {
                    $error = 'Unable to update preference: ' . dbi_error() . '<br /><br /><span class="bold">SQL:</span>' . $sql;
                    break;
                }
            }
        }
    }
}
$currenttab = '';
$public = getGetValue('public');
$user = getGetValue('user');
$updating_public = false;
load_global_settings();
if ($is_admin && !empty($public) && $PUBLIC_ACCESS == 'Y') {
    $updating_public = true;
    load_user_preferences('__public__');
    $prefuser = '******';
} elseif (!empty($user) && $user != $login && ($is_admin || $is_nonuser_admin)) {
    $prefuser = $user;
    load_user_preferences($user);
} else {
    $prefuser = $login;
    // Reload preferences so any css changes will take effect
    load_user_preferences();
}
//get list of theme files from /themes directory
Пример #28
0
<?php

/* $Id: catsel.php,v 1.22.2.4 2013/01/24 21:10:19 cknudsen Exp $ */
include_once 'includes/init.php';
// load user and global cats
load_user_categories();
$catList = $catNames = $error = '';
if ($CATEGORIES_ENABLED == 'N') {
    exit;
}
$cats = getGetValue('cats');
$form = getGetValue('form');
$eventcats = explode(',', $cats);
$availCatStr = translate('AVAILABLE CATEGORIES');
$availCatFiller = str_repeat('&nbsp;', (30 - strlen($availCatStr)) / 2);
if (strlen($availCatStr) < 30) {
    $availCatStr = $availCatFiller . $availCatStr . $availCatFiller;
}
$entryCatStr = translate('ENTRY CATEGORIES');
$entryCatFiller = str_repeat('&nbsp;', (30 - strlen($entryCatStr)) / 2);
if (strlen($entryCatStr) < 30) {
    $entryCatStr = $entryCatFiller . $entryCatStr . $entryCatFiller;
}
print_header(array('js/catsel.php/false/' . $form), '', '', true, false, true);
ob_start();
echo '
    <table align="center" border="0" width="90%">
      <tr>
        <th colspan="3">' . translate('Categories') . '</th>
      </tr>
      <form action="" method="post" name="editCategories" ' . 'onSubmit="sendCats( this )">
Пример #29
0
<?php

// Include common functions and declarations
require_once "../../include/common.php";
// Check if user has edit permissions
if (!$login->isAdmin()) {
    $login->printLoginForm();
    exit;
}
// Create file object
$file = new File(getGetValue("fileId"));
// Check if file exists
if (!empty($file->id)) {
    $mode = getGetValue("mode");
    if ($mode == "update") {
        // Save file
        $errors = $file->saveFile();
        if (!$errors->hasErrors()) {
            // Redirect
            redirect(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesIndex . (!empty($file->parent->id) ? "?folderId=" . $file->parent->id : ""));
        }
    }
    // Add navigation links
    $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
    $site->addNavigationLink(scriptUrl . "/" . folderFilesAdmin, $lFileIndex["Header"]);
    $site->addNavigationLink(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesEditFile . "?fileId=" . $file->id, $lFileEditFile["Header"]);
    // Print common header
    $site->printHeader();
    // Print page text
    printf($lFileEditFile["HeaderText"], $file->name);
    // Print error messages if any
Пример #30
0
<?php

// Include common functions and declarations
require_once "include/common.php";
// Get get values
$down = getGetValue("down");
$id = getGetValue("id");
$pageNumber = getGetValue("page");
$position = getGetValue("position");
$up = getGetValue("up");
$visible = getGetValue("visible");
// Get search string values
$searchString = parseString(getValue("searchString"), true);
$searchType = parseString(getValue("searchType"), true);
// Set limits for search results based on search type
$viewAll = !empty($searchType) ? true : false;
$limit = $viewAll ? 15 : 5;
// Count page number down by 1
if (!empty($pageNumber)) {
    $pageNumber = $pageNumber - 1;
}
// Move search section up or down
if ($login->isWebmaster()) {
    if (!empty($id) && !empty($position)) {
        if (!empty($up)) {
            $result = $dbi->query("SELECT id,position FROM " . searchTypeTableName . " WHERE position<" . $dbi->quote($position) . " ORDER BY position DESC LIMIT 1");
            if ($result->rows()) {
                list($swapId, $swapPos) = $result->fetchrow_array();
                $dbi->query("UPDATE " . searchTypeTableName . " SET position=" . $dbi->quote($swapPos) . " WHERE id=" . $dbi->quote($id));
                $dbi->query("UPDATE " . searchTypeTableName . " SET position=" . $dbi->quote($position) . " WHERE id=" . $dbi->quote($swapId));
            }