function phpwcmsNews() { global $BL; global $phpwcms; $this->BL =& $BL; $this->phpwcms =& $phpwcms; $this->csrf_token = get_token_get_string('csrftoken'); $this->base_url = PHPWCMS_URL . 'phpwcms.php?' . $this->csrf_token . '&do=articles&p=3'; $this->base_url_decoded = PHPWCMS_URL . 'phpwcms.php?' . $this->csrf_token . '&do=articles&p=3'; }
//Wenn Benutzer Admin-Rechte hat //Löschen eines Benutzers if (isset($_GET["del"])) { $ui = explode(":", clean_slweg($_GET["del"])); $user_id = intval($ui[0]); $user_email = ''; if (isset($ui[1])) { $user_email = $ui[1]; } if ($user_id != $_SESSION["wcs_user_id"]) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='******', " . "usr_pass='******', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email); if ($result = mysql_query($sql, $db)) { if (is_valid_email($user_email)) { @mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n"); } } } } if (isset($_GET["aktiv"])) { $ui = explode(":", clean_slweg($_GET["aktiv"])); $user_id = intval($ui[0]); $user_aktiv = !empty($ui[1]) ? 1 : 0; if ($user_id != $_SESSION["wcs_user_id"]) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";"; mysql_query($sql, $db) or die("error"); } } } //Ende Abarbeiten Aktion headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin');
$sql = "UPDATE " . DB_PREPEND . "phpwcms_forum SET " . $sqla; $sql .= " WHERE forum_entry=0 AND forum_id=" . $forum["id"]; $sql .= " LIMIT 1"; } else { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_forum SET "; $sql .= "forum_entry='0', "; $sql .= "forum_uid='" . $_SESSION["wcs_user_id"] . "', "; $sql .= "forum_created = '" . time() . "', "; $sql .= $sqla; } // update or insert data entry mysql_query($sql, $db) or die("error while updating or inserting forum data"); if (!$forum["id"]) { $forum["id"] = mysql_insert_id($db); } headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&' . build_QueryString('&', 'do=messages', 'p=6', 's=' . $forum["id"])); } if ($forum["id"]) { // read the given subscription datas from db $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_forum WHERE forum_id=" . $forum["id"] . " LIMIT 1;"; if ($result = mysql_query($sql, $db)) { if ($row = mysql_fetch_assoc($result)) { $forum["id"] = $row["forum_id"]; $forum["title"] = html($row["forum_title"]); $forum["text"] = html($row["forum_text"]); } mysql_free_result($result); } } // show form ?>
$sql = "UPDATE " . DB_PREPEND . "phpwcms_template SET " . "template_name='" . aporeplace($template["name"]) . "', " . "template_default=" . $template["default"] . ", " . "template_var='" . aporeplace(serialize($template)) . "' " . "WHERE template_id=" . $template["id"]; } else { // if ID = 0 then show create new template form $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_template (" . "template_name, template_default, template_var) VALUES ('" . aporeplace($template["name"]) . "', " . $template["default"] . ", '" . aporeplace(serialize($template)) . "')"; } // update or insert data entry @mysql_query($sql, $db) or die("error while updating or inserting template datas"); if (empty($template["id"]) || $createcopy == 1) { $template["id"] = mysql_insert_id($db); } //now proof for default template definition if ($template["default"]) { mysql_query("UPDATE " . DB_PREPEND . "phpwcms_template SET template_default=0 " . "WHERE template_id != " . $template["id"], $db); } update_cache(); headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=11&s=' . $template["id"]); } if ($template["id"]) { // read the given template datas from db $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_template WHERE template_id=" . $template["id"] . " LIMIT 1"; if ($result = mysql_query($sql, $db)) { if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { unset($template); $template = unserialize($row["template_var"]); $template["id"] = $row["template_id"]; $template["default"] = $row["template_default"]; // compatibility for older releases where only // 1 css file could be stored per template if (is_string($template['css'])) { $template['css'] = array($template['css']); }
$sql .= 'WHERE queue_id=' . $value['queue_id']; @_dbQuery($sql, 'UPDATE'); if ($mailresult == false) { echo '<p style="color:#CC3300">' . $value['address_email'] . ' (' . $mail->ErrorInfo . ')</p>'; } else { echo '. '; } flush(); $mail->clearAddresses(); $x++; if ($loop && $loop == $x) { $mail->smtpClose(); updateSentDate($newsletter["newsletter_id"]); echo '<script type="text/javascript">' . LF . SCRIPT_CDATA_START . LF; echo 'function loopIt() { self.location.href="act_sendnewsletter.php?'; echo 'newsletter_id=' . $newsletter["newsletter_id"] . '&' . get_token_get_string('csrftoken') . '&'; echo 'send_confirm=confirmed&loop=' . $loop . '&pause=' . $pause . '"; }' . LF; echo 'window.setTimeout("loopIt()", ' . $pause * 1000 . ')' . LF; echo LF . SCRIPT_CDATA_END . LF . '</script></body></html>'; flush(); exit; } } $mail->smtpClose(); updateSentDate($newsletter["newsletter_id"]); echo '<br /><br />'; echo $BL['be_newsletter_ready']; } } else { echo 'no permission'; }
* some defaults for modules: $phpwcms['modules'][$module] * store all related in here and holds some default values * ['path'], ['type'], ['name'] * language values are store in $BL['modules'][$module] * as defined in lang/en.lang.php * but maybe to keep default language file more lightweight * you can use own language definitions starting within this file * */ // first check if neccessary db exists if (isset($phpwcms['modules'][$module]['path'])) { // module default stuff // put translation back to have easier access to it - use it as relation $BLM =& $BL['modules'][$module]; define('MODULE_HREF', 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=modules&module=' . $module); define('MODULE_HREF_DECODE', PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=modules&module=' . $module); define('MODULE_KEY', 'feedimport'); require_once $phpwcms['modules'][$module]['path'] . 'inc/functions.inc.php'; if (isset($_GET['edit'])) { include_once PHPWCMS_ROOT . '/include/inc_lib/article.functions.inc.php'; //load article funtions // handle posts and read data include_once $phpwcms['modules'][$module]['path'] . 'inc/processing.inc.php'; // edit form include_once $phpwcms['modules'][$module]['path'] . 'backend.editform.php'; } elseif (isset($_GET['active']) && !empty($_GET['editid'])) { // active/inactive $data = array('cnt_changed' => now(), 'cnt_status' => empty($_GET['active']) ? 0 : 1); _dbUpdate('phpwcms_content', $data, 'cnt_id=' . intval($_GET['editid']) . ' AND cnt_module=' . _dbEscape(MODULE_KEY)); headerRedirect(MODULE_HREF_DECODE); } elseif (!empty($_GET['delete'])) {
* @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- /* * module glossary * =============== * * some defaults for modules: $phpwcms['modules'][$module] * store all related in here and holds some default values * ['path'], ['type'], ['name'] * language values are store in $BL['modules'][$module] * as defined in lang/en.lang.php * but maybe to keep default language file more lightweight * you can use own language definitions starting within this file * */ // first check if neccessary db exists if (isset($phpwcms['modules'][$module]['path'])) { // module default stuff // put translation back to have easier access to it - use it as relation $BLM =& $BL['modules'][$module]; define('MODULE_HREF', 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=modules&module=' . $module); // listing include_once $phpwcms['modules'][$module]['path'] . 'backend.listing.php'; }
function init_frontend_edit() { if (empty($GLOBALS['phpwcms']['frontend_edit']) || empty($_SESSION["wcs_user_id"])) { define('VISIBLE_MODE', 0); define('FE_EDIT_LINK', false); return true; } // Check Backend session checkLoginCount(); if (empty($_SESSION["wcs_user_id"])) { define('VISIBLE_MODE', 0); define('FE_EDIT_LINK', false); } else { define('VISIBLE_MODE', $_SESSION['wcs_user_admin'] === 1 ? 2 : 1); if (empty($GLOBALS['phpwcms']['frontend_edit'])) { define('FE_EDIT_LINK', false); } else { define('FE_EDIT_LINK', get_token_get_string('csrftoken')); } } }
$subscription["name"] = clean_slweg($_POST["subscription_name"]); if (!$subscription["name"]) { $subscription["name"] = "subscription_" . generic_string(3); } $subscription["info"] = clean_slweg($_POST["subscription_info"]); if ($subscription["id"]) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_subscription SET " . "subscription_name='" . aporeplace($subscription["name"]) . "', " . "subscription_info='" . aporeplace($subscription["info"]) . "' " . "WHERE subscription_id=" . $subscription["id"]; } else { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_subscription (" . "subscription_name, subscription_info) VALUES ('" . aporeplace($subscription["name"]) . "', '" . aporeplace($subscription["info"]) . "')"; } // update or insert data entry mysql_query($sql, $db) or die("error while updating or inserting subscription datas"); if (!$subscription["id"]) { $subscription["id"] = mysql_insert_id($db); } headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=2&s=' . $subscription["id"]); } if ($subscription["id"]) { // read the given subscription datas from db $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_subscription WHERE subscription_id=" . $subscription["id"] . " LIMIT 1;"; if ($result = mysql_query($sql, $db)) { if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $subscription["id"] = $row["subscription_id"]; $subscription["name"] = html($row["subscription_name"]); $subscription["info"] = html($row["subscription_info"]); } mysql_free_result($result); } } // show form ?>
} } mysql_free_result($check); $_SESSION['PHPWCMS_ROOT'] = PHPWCMS_ROOT; set_status_message('Welcome ' . $wcs_user . '!'); if ($ref_url) { if (($token_position = strpos($ref_url, 'csrftoken')) !== false) { $ref_url = substr_replace($ref_url, '', $token_position, 42); $ref_url = str_replace('?&', '?', $ref_url); $ref_url = str_replace('&&', '&', $ref_url); } $backend_redirect = $ref_url . '&'; } else { $backend_redirect = PHPWCMS_URL . 'phpwcms.php?'; } headerRedirect($backend_redirect . get_token_get_string('csrftoken') . '&' . session_name() . '=' . session_id()); } else { $err = 1; } } elseif (isset($_POST['json']) && intval($_POST['json']) != 1) { $err = 1; } $reason_types = array('default' => 'alert-default', 'info' => 'alert-info', 'error' => 'alert-error', 'warning' => 'alert-warning', 'success' => 'alert-success', 'danger' => 'alert-danger'); ?> <!DOCTYPE html> <html> <head> <title><?php echo $BL['be_page_title'] . ' - ' . PHPWCMS_HOST; ?> </title>
// check for multiple entries if ($value['address_count'] > 1) { $sql = 'SELECT address_id FROM ' . DB_PREPEND . 'phpwcms_address '; $sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' "; $sql .= 'ORDER BY address_verified DESC, address_name DESC LIMIT 1'; $dataID = _dbQuery($sql); if (!empty($dataID[0]['address_id'])) { $sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address '; $sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' "; $sql .= "AND address_id != " . intval($dataID[0]['address_id']); @_dbQuery($sql, 'DELETE'); } } } } headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=4'); } // delete susbcriber if (isset($_GET["del"]) && isset($_GET["s"]) && $_GET["del"] == $_GET["s"]) { _dbQuery("DELETE FROM " . DB_PREPEND . "phpwcms_address WHERE address_id=" . intval($_GET["del"]) . " LIMIT 1", 'DELETE'); } // change verification if (isset($_GET["verify"]) && isset($_GET["s"])) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_address SET address_verified="; $sql .= intval($_GET["verify"]) ? 1 : 0; $sql .= " WHERE address_id=" . intval($_GET["s"]) . " LIMIT 1"; _dbQuery($sql, 'UPDATE'); } echo '<div class="title" style="margin-bottom:10px">' . $BL['be_subnav_msg_subscribers'] . '</div>'; ?>
$sql = "UPDATE " . DB_PREPEND . "phpwcms_pagelayout SET " . "pagelayout_name='" . aporeplace($pagelayout["layout_name"]) . "', " . "pagelayout_default=" . $pagelayout["layout_default"] . ", " . "pagelayout_var='" . aporeplace(serialize($pagelayout)) . "' " . "WHERE pagelayout_id=" . $pagelayout["id"]; } else { // if ID = 0 then create new pagelayout $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_pagelayout (" . "pagelayout_name, pagelayout_default, pagelayout_var) VALUES ('" . aporeplace($pagelayout["layout_name"]) . "', " . $pagelayout["layout_default"] . ", '" . aporeplace(serialize($pagelayout)) . "')"; } // update or insert data entry mysql_query($sql, $db) or die("error while updating or inserting pagelayout: <br></pre>" . wordwrap($sql) . "</pre>"); if (!$pagelayout["id"]) { $pagelayout["id"] = mysql_insert_id($db); } //now proof for default pagelayout and set if ($pagelayout["layout_default"]) { mysql_query("UPDATE " . DB_PREPEND . "phpwcms_pagelayout SET pagelayout_default=0 " . "WHERE pagelayout_id != " . $pagelayout["id"], $db); } update_cache(); headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=8&s=' . $pagelayout["id"]); } if ($pagelayout["id"]) { // read the given pagelayout from db $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_pagelayout WHERE pagelayout_id=" . $pagelayout["id"] . " LIMIT 1"; if ($result = mysql_query($sql, $db)) { if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { unset($pagelayout); $pagelayout = unserialize($row["pagelayout_var"]); $pagelayout["id"] = $row["pagelayout_id"]; $pagelayout["layout_default"] = $row["pagelayout_default"]; } mysql_free_result($result); } } else { // set default pagelayout information
} } else { // if unmarked -> first remove all unset recipients from queue for same newsletter $sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_newsletterqueue '; $sql .= 'WHERE queue_pid=' . $newsletter["newsletter_id"] . ' AND queue_status=0'; _dbQuery($sql, 'DELETE'); } // update active status $sql = "UPDATE " . DB_PREPEND . 'phpwcms_newsletter SET '; $sql .= 'newsletter_active=' . $newsletter['newsletter_active'] . ' '; $sql .= "WHERE newsletter_id=" . $newsletter["newsletter_id"]; @_dbQuery($sql, 'UPDATE'); if (isset($_POST['close'])) { headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=3'); } else { headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=3&s=' . $newsletter["newsletter_id"] . '&edit=1'); } } } if ($newsletter["newsletter_id"] && !isset($_POST["newsletter_id"])) { // read the given subscription datas from db $sql = "SELECT *, UNIX_TIMESTAMP(newsletter_changed) AS newsletter_date FROM "; $sql .= DB_PREPEND . "phpwcms_newsletter WHERE newsletter_id=" . $newsletter["newsletter_id"] . " LIMIT 1;"; if ($result = mysql_query($sql, $db)) { if ($row = mysql_fetch_assoc($result)) { $newsletter = $row; $newsletter['newsletter_vars'] = unserialize($newsletter['newsletter_vars']); } mysql_free_result($result); } }
$indexpage = array(); $phpwcms = array(); $BL = array(); $BE = array('HTML' => '', 'BODY_OPEN' => array(), 'BODY_CLOSE' => array(), 'HEADER' => array(), 'LANG' => 'en'); // check against user's language if (!empty($_SESSION["wcs_user_lang"]) && preg_match('/[a-z]{2}/i', $_SESSION["wcs_user_lang"])) { $BE['LANG'] = $_SESSION["wcs_user_lang"]; } require_once 'include/config/conf.inc.php'; require_once 'include/inc_lib/default.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php'; checkLogin(); validate_csrf_tokens(); define('CSRF_GET_TOKEN', get_token_get_string('csrftoken')); require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/default.backend.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lang/backend/en/lang.inc.php'; //load default language EN include_once PHPWCMS_ROOT . "/include/inc_lang/code.lang.inc.php"; $BL['modules'] = array(); if (!empty($_SESSION["wcs_user_lang_custom"])) { //use custom lang if available -> was set in login.php $BL['merge_lang_array'][0] = $BL['be_admin_optgroup_label']; $BL['merge_lang_array'][1] = $BL['be_cnt_field']; include PHPWCMS_ROOT . '/include/inc_lang/backend/' . $BE['LANG'] . '/lang.inc.php'; $BL['be_admin_optgroup_label'] = array_merge($BL['merge_lang_array'][0], $BL['be_admin_optgroup_label']); $BL['be_cnt_field'] = array_merge($BL['merge_lang_array'][1], $BL['be_cnt_field']); unset($BL['merge_lang_array']); }
function update_404redirect() { $data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s'))); if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) { $data['error'][] = $GLOBALS['BL']['be_redirect_error1']; } if ($data['data']['type'] && $data['data']['target'] === '') { $data['error'][] = $GLOBALS['BL']['be_redirect_error2']; } elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) { $data['error'][] = $GLOBALS['BL']['be_redirect_error3']; } if (count($data['error'])) { $data['data']['active'] = 0; set_status_message(implode('<br />', $data['error']), 'error'); } else { $data['error'] = NULL; $rid = $data['data']['rid']; unset($data['data']['rid']); if ($rid) { // Mark for deletion if (isset($_POST['delete_' . md5($rid)])) { $data['data']['active'] = 9; $result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE'); } else { $result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid); } } else { $result = _dbInsert('phpwcms_redirect', $data['data']); if (isset($result['INSERT_ID'])) { $rid = $result['INSERT_ID']; } } $data['data']['rid'] = $rid; if ($result) { if ($data['data']['active'] == 9) { set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success'); headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14'); } else { set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success'); } } else { set_status_message($GLOBALS['BL']['be_error_while_save'], 'error'); } } return $data; }
$sql .= " WHERE acontent_id=" . $content["id"]; $sql .= " AND acontent_aid=" . $content["aid"]; mysql_query($sql, $db) or die("error while updating content type info"); } change_articledate($content["aid"]); //update article date too update_cache(); // set cache timeout = 0 if (empty($_POST['SubmitClose'])) { // cnt teaser has some special filter options if (isset($_POST['teaser_filter_category']) && is_intval($_POST['teaser_filter_category'])) { $_SESSION['teaser_filter_category'] = intval($_POST['teaser_filter_category']); } if (!empty($_POST['teaser_filter_category_by_tags'])) { $_SESSION['teaser_filter_category_by_tags'] = true; } headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=articles&p=2&s=1&aktion=2&id=' . $content["aid"] . "&acid=" . $content["id"]); } else { headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=articles&p=2&s=1&id=' . $content["aid"]); } } } //end update/insert } //end error check } //form to edit article content parts include PHPWCMS_ROOT . "/include/inc_tmpl/articlecontent.edit.tmpl.php"; } //end edit article content part }
} //Undo Normale Message if ($do == 3) { if (intval($wert) == 0) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=0, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";"; mysql_query($sql, $db) or die("error"); } } //Undo Sent Message if ($do == 4) { if (intval($wert) == 0) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=0, msg_tstamp=msg_tstamp WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";"; mysql_query($sql, $db) or die("error"); } } //Delete Normale Message if ($do == 5) { if (intval($wert) == 9) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=9, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_deleted=1;"; mysql_query($sql, $db) or die("error"); } } //Delete sent message (Set del to 9) if ($do == 6) { if (intval($wert) == 9) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=9, msg_tstamp=msg_tstamp WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_from_del=1;"; mysql_query($sql, $db) or die("error"); } } $ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL']; headerRedirect($ref);
" /><input name="gbid" type="hidden" value="<?php echo intval($row['guestbook_id']); ?> " /></td> <td valign="bottom"> <input type="hidden" name="csrf_token_name" value="<?php echo $token_name; ?> " /> <input type="hidden" name="csrf_token_value" value="<?php echo $token_value; ?> " /> <input name="gbsubmit" type="submit" id="gbsubmit" value="submit changes" /> <input name="gbcancel" type="button" id="gbcancel" value="close" onclick="location.href='act_guestbook.php?<?php echo get_token_get_string('csrftoken'); ?> &cid=<?php echo $row['guestbook_cid']; ?> ';" /> </td> </tr> </form> <?php $c++; } } mysql_free_result($result); } // if no guestbook entry available
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) { $file_error["upload"] = $BL['be_fprivup_err3'] . ' (2)'; } } else { $file_error["upload"] = $BL['be_fprivup_err4']; } umask($oldumask); } if (is_file($usernewfile)) { @chmod($usernewfile, 0666); } if (empty($file_error["upload"])) { // store tags _dbSaveCategories($file_tags, 'file', $new_fileId, ','); //after successful upload go back to clear post (form) var headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=files&f=0&uploaded=1'); } else { echo $file_error["upload"] . "<br />"; $file_error["upload"] = str_replace('{VAL}', $phpwcms["admin_email"], $BL['be_fprivup_err6']); mysql_query("DELETE FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $new_fileId . " AND f_uid=" . $_SESSION["wcs_user_id"] . ";", $db); } } } if (!ini_get('safe_mode') && function_exists('set_time_limit')) { set_time_limit(30); } } ?> <form action="phpwcms.php?do=files&f=0" method="post" enctype="multipart/form-data" name="uploadfile" id="uploadfile"> <table border="0" cellpadding="0" cellspacing="0" bgcolor="#EBF2F4" summary=""> <tr>
function copy_article_to_level($do, $dbcon) { $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_article WHERE article_deleted=0 AND article_id=" . $do[1]; if ($result = mysql_query($sql, $dbcon) or die("error while connecting to database: <pre>" . $sql . "</pre>")) { if ($row = mysql_fetch_assoc($result)) { $row["article_cid"] = $do[2]; $row["article_created"] = now(); $row["article_tstamp"] = date('Y-m-d H:i:s', now()); $row["article_sort"] = getArticleSortValue($row["article_cid"]); $row["article_alias"] = proof_alias(0, empty($row["article_alias"]) ? $row['article_title'] : $row["article_alias"], 'ARTICLE'); foreach ($row as $key => $value) { if ($key == "article_id") { $keys = $key; $values = "''"; } else { $keys .= ", " . $key; $values .= ", " . _dbEscape($value); } } } mysql_free_result($result); $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_article (" . $keys . ") VALUES (" . $values . ")"; if ($result = mysql_query($sql, $dbcon) or die("error while copy article <br>error while connecting to database: <pre>" . $sql . "</pre>")) { $article_insert_id = mysql_insert_id($dbcon); $sql1 = "SELECT * FROM " . DB_PREPEND . "phpwcms_articlecontent WHERE acontent_aid=" . $do[1]; if ($result1 = mysql_query($sql1, $dbcon) or die("error sql")) { while ($row1 = mysql_fetch_assoc($result1)) { $row1["acontent_aid"] = $article_insert_id; foreach ($row1 as $key1 => $value1) { if ($key1 == "acontent_id") { $key1s = $key1; $value1s = "''"; } else { $key1s .= ", " . $key1; $value1s .= ", " . _dbEscape($value1); } } $sql2 = "INSERT INTO " . DB_PREPEND . "phpwcms_articlecontent (" . $key1s . ") VALUES (" . $value1s . ")"; $result = mysql_query($sql2, $dbcon) or die("error while copy article content <br>error while connecting to database: <pre>" . $sql2 . "</pre>"); } mysql_free_result($result1); } if (empty($GLOBALS['phpwcms']['disallow_open_copied_article']) && isset($do[3]) && $do[3] == 'open' && $article_insert_id) { headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=articles&p=2&s=1&id=' . $article_insert_id); } } } }
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ session_start(); $phpwcms = array(); require_once '../../include/config/conf.inc.php'; require_once '../inc_lib/default.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php'; checkLogin(); validate_csrf_tokens(); require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php'; $chat_message = clean_slweg(trim($_POST['chatmsg'])); $chatlist = intval($_POST['chatlist']); if ($chat_message) { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) "; $sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)"; _dbQuery($sql, 'INSERT'); } headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
/** * Add csrftoken GET parameter to backend links. * * @access public * @param string $html * @return string */ function tokenize_urls($html) { $get_token = get_token_get_string('csrftoken'); if ($get_token) { $search = array('phpwcms.php?', '/act_structure.php?', '/act_articlecontent.php?', '/act_file.php?', '/act_download.php?', '/act_filecat.php?', '/act_usergroup.php?', '/act_user.php?', '/act_frontendsetup.php?', '/act_message.php?', '/act_cache.php?'); $replace = array('phpwcms.php?' . $get_token . '&', '/act_structure.php?' . $get_token . '&', '/act_articlecontent.php?' . $get_token . '&', '/act_file.php?' . $get_token . '&', '/act_download.php?' . $get_token . '&', '/act_filecat.php?' . $get_token . '&', '/act_usergroup.php?' . $get_token . '&', '/act_user.php?' . $get_token . '&', '/act_frontendsetup.php?' . $get_token . '&', '/act_message.php?' . $get_token . '&', '/act_cache.php?' . $get_token . '&'); $html = str_replace($search, $replace, $html); } return $html; }