public function log($sql, array $params = null, array $types = null) { global $MAIN_CFG; $this->query_start_time = get_microtime(); if (NEXOS_DEBUG || is_admin() && !empty($MAIN_CFG['debug']['database'])) { $failed = false; $this->_backtrace(); $new_log['line'] = $this->line; $new_log['query'] = htmlprepare($sql); $new_log['params'] = htmlprepare($params); $new_log['types'] = htmlprepare($types); $new_log['failed'] = $failed; $this->query_list[$this->file][$this->num_queries] = $new_log; } }
function mmcache_encode_file($src, $out, $f, $c) { if (empty($out)) { echo "\n// {$src}\n"; } $prefix = ''; $cmp = mmcache_encode($src, $prefix); if (empty($cmp)) { mmcache_error("Can't compile file \"{$src}\""); if ($f) { if ($c && !empty($out)) { global $web_error; if (!empty($web_error)) { echo "<font color=\"#ff0000\">{$web_error}</font><br />\n"; flush(); $web_error = ''; } mmcache_copy_file($src, $out, $f); } } } else { $cmp = $prefix . '<?php if (!is_callable("mmcache_load") && !dl((PHP_OS=="WINNT"||PHP_OS=="WIN32")?"TurckLoader.dll":"TurckLoader.so")) { die("This PHP script has been encoded with Turck MMcache, to run it you must install <a href=\\"http://turck-mmcache.sourceforge.net/\\">Turck MMCache or Turck Loader</a>");} return mmcache_load(\'' . $cmp . "');?>\n"; if (!empty($out)) { if (!$f && file_exists($out)) { mmcache_error("Can't create output file \"{$out}\" (already exists)"); } else { $file = fopen($out, 'wb'); if (!$file) { mmcache_error("Can't open output file \"{$out}\""); } else { fwrite($file, $cmp); unset($cmp); fclose($file); $stat = stat($src); chmod($out, $stat['mode']); echo "<font color=\"#00aa00\">Encoding: \"{$src}\" -> \"{$out}\"</font><br />\n"; } } } else { echo '<pre>' . htmlprepare($cmp) . "</pre>\n"; unset($cmp); } } }
function search_form($search_id = false) { global $db, $dl_prefix, $user_prefix, $module_name, $CPG_SESS, $bgcolor3; $searchdata = $_POST; $return = ''; if ($search_id) { if (isset($CPG_SESS[$module_name]['search'][$search_id])) { $searchdata = $CPG_SESS[$module_name]['search'][$search_id]; $return .= '<div style="background-color: ' . $bgcolor3 . '; padding: 3px;">Editing criteria for search #' . $search_id . '; <a href="' . URL::index('&file=search') . '">start new search</a></div>'; } else { $return .= $this->show_error('Invalid or expired search session. Please start a new search below.'); } } $return .= '<form action="' . URL::index('&file=search') . '" method="post" enctype="multipart/form-data" accept-charset="utf-8"> <h3>Keywords</h3><input type="text" name="s_BASICSEARCH" size="53" value="' . (isset($searchdata['s_BASICSEARCH']) ? htmlprepare($searchdata['s_BASICSEARCH']) : '') . '" maxlength="255" /><br /><br /> <div style="float: left; width: 50%"><h3>Basic information</h3> <label class="ulog" for="s_cid">' . _CATEGORY . '</label> ' . DL_Cat::selectbox(isset($searchdata['s_cid']) ? intval($searchdata['s_cid']) : 0, 's_cid', 2) . '<br /> <label class="ulog" for="s_submitter">' . _DLP_SUBMITTEDBY . '</label> <input type="text" name="s_submitter" id="s_submitter" size="30" maxlength="255" value="' . (isset($searchdata['s_submitter']) ? htmlprepare($searchdata['s_submitter']) : '') . '" /><br /> <label class="ulog" for="s_name">' . _AUTHORNAME . '</label> <input type="text" name="s_name" id="s_name" size="30" maxlength="255" value="' . (isset($searchdata['s_name']) ? htmlprepare($searchdata['s_name']) : '') . '" /><br /> <label class="ulog" for="s_email">' . _AUTHOREMAIL . '</label> <input type="text" name="s_email" id="s_email" size="30" maxlength="255" value="' . (isset($searchdata['s_email']) ? htmlprepare($searchdata['s_email']) : '') . '" /><br /> <h3>Special options</h3> <label class="ulog" for="s_pick">' . _DLP_EDPICK . '</label> <input type="checkbox" name="s_pick" id="s_pick" value="1"' . (isset($searchdata['s_pick']) && $searchdata['s_pick'] == 1 ? ' checked="checked"' : '') . ' /> ' . _YES . '<br /> <label class="ulog" for="s_screenshot">Only downloads with screenshot(s)</label> <input type="checkbox" name="s_screenshot" id="s_screenshot" value="1"' . (isset($searchdata['s_screenshot']) && $searchdata['s_screenshot'] == 1 ? ' checked="checked"' : '') . ' /> ' . _YES . '<br /> <label class="ulog" for="s_date">Published in past</label> ' . select_option('s_date', isset($searchdata['s_date']) ? intval($searchdata['s_date']) : '', array('', 3, 7, 14, 30, 60, 90, 180, 365)) . ' days<br /> <label class="ulog" for="s_updated">Updated in past</label> ' . select_option('s_updated', isset($searchdata['s_updated']) ? intval($searchdata['s_updated']) : '', array('', 3, 7, 14, 30, 60, 90, 180, 365)) . ' days</div> <div style="float: right; width: 50%"><h3>Additional information</h3>'; $result = $db->sql_uquery("SELECT * FROM " . $dl_prefix . "_fields \n\t\t\tWHERE visible > 0 \n\t\t\tORDER BY title"); while ($field = $db->sql_fetchrow($result)) { $f_title = defined($field['title']) ? constant($field['title']) : $field['title']; $f_title = $field['visible'] == 2 ? '* ' . $f_title : $f_title; $return .= '<label class="ulog" for="s_' . $field['field'] . '">' . $f_title . '</label>'; if ($field['type'] == 1 || $field['type'] == 3) { $f_value = isset($searchdata['s_' . $field['field']]) ? intval($searchdata['s_' . $field['field']]) : 0; $return .= '<input type="checkbox" name="s_' . $field['field'] . '" id="s_' . $field['field'] . '" value="1"' . ($f_value == 1 ? ' checked="checked"' : '') . ' /> ' . _YES . '<br />'; } else { $f_value = isset($searchdata['s_' . $field['field']]) ? htmlprepare($searchdata['s_' . $field['field']]) : ''; $return .= '<input type="text" name="s_' . $field['field'] . '" id="s_' . $field['field'] . '" size="30" maxlength="' . $field['size'] . '" value="' . $f_value . '" /><br />'; } } $return .= '</div><br /><br /><input type="submit" name="search" value="' . _SEARCH . '" /></form>'; return $return; }
public function load_toc() { if ($fp = fopen($this->filename, 'rb')) { # find ToC summary (Central Dir) fseek($fp, -18, SEEK_END); while (ftell($fp) > 76) { $id = fread($fp, 4); # "PK\x05\x06" if ($id == "PK") { $this->toc['cd'] = unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size', fread($fp, 18)); $this->toc['cd']['comment'] = $this->toc['cd']['comment_size'] > 0 ? htmlprepare(fread($fp, $this->toc['cd']['comment_size'])) : ''; break; } fseek($fp, -5, SEEK_CUR); } if (empty($this->toc['cd'])) { return false; } # Read all ToC entries $dir = NULL; fseek($fp, $this->toc['cd']['offset']); for ($i = 0; $i < $this->toc['cd']['entries']; ++$i) { $entry = $this->ReadFileHeader($fp); if (substr($entry['filename'], -1) != '/') { $this->toc['files'][$i] = $entry; $dir['entries'][$i] =& $this->toc['files'][$i]; } else { $this->toc['dirs'][$i] = $entry; $dir =& $this->toc['dirs'][$i]; } } fclose($fp); return true; } return false; }
} } require_once 'header.php'; GraphicAdmin('_AMENU3'); if (isset($_GET['del'])) { if (isset($_POST['cancel'])) { URL::redirect(URL::admin('messages')); } cpg_delete_msg(URL::admin('&del=' . intval($_GET['del'])), _REMOVEMSG); } else { if (isset($_GET['edit'])) { OpenTable(); $id = intval($_GET['edit']); $result = $db->sql_query('SELECT title, content, date, expire, active, view, mlanguage FROM ' . $prefix . '_message WHERE mid=' . $id); $row = $db->sql_fetchrow($result); echo '<div style="text-align:center;" class="option">' . _EDITMSG . '</div>' . '<form name="edit_message" action="' . URL::admin('messages&save=' . $id) . '" method="post" enctype="multipart/form-data" accept-charset="utf-8">' . '<br /><strong>' . _MESSAGETITLE . '</strong><br />' . '<input type="text" name="title" value="' . htmlprepare($row['title']) . '" size="50" maxlength="100" /><br /><br />' . '<strong>' . _MESSAGECONTENT . '</strong><br />' . bbcode_table('content', 'edit_message', 1) . '<div style="float:left;"><textarea name="content" rows="15" wrap="virtual" cols="63" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onchange="storeCaret(this);">' . htmlprepare($row['content']) . '</textarea></div> <div style="float:left; margin-left:5px;">' . smilies_table('inline', 'content', 'edit_message') . '</div><br /><br />'; if ($MAIN_CFG['global']['multilingual']) { echo '<strong>' . _LANGUAGE . '</strong> ' . lang_selectbox($row['mlanguage'], 'language') . '<br /><br />'; } else { echo '<input type="hidden" name="language" value="" />'; } echo "<strong>" . _EXPIRATION . '</strong> ' . select_box('expire', $row['expire'], array(86400 => '1 ' . _DAY, 172800 => '2 ' . _DAYS, 432000 => '5 ' . _DAYS, 1296000 => '15 ' . _DAYS, 2592000 => '30 ' . _DAYS, 0 => _UNLIMITED)) . '<br /><br />' . '<strong>' . _ACTIVATE2 . '</strong> ' . yesno_option('active', $row['active']); if ($row['active']) { echo '<br /><br /><strong>' . _CHANGEDATE . '</strong> ' . yesno_option('chng_date', 0) . '<br /><br />'; } else { echo '<br /><div class="tiny">' . _IFYOUACTIVE . '</div><input type="hidden" name="chng_date" value="1" /><br />'; } echo '<strong>' . _VIEWPRIV . '</strong> ' . group_selectbox('view', $row['view'], true) . '<br /><br /><input type="submit" value="' . _SAVECHANGES . '" /></form>'; } else { OpenTable();
function parse_select_option($value) { if (!preg_match("/.+?no=(\\d+),album_nm='(.+?)',album_sort=(\\d+),action=(\\d)/", $value, $matches)) { return false; } return array('album_no' => (int) $matches[1], 'album_nm' => htmlprepare($matches[2]), 'album_sort' => (int) $matches[3], 'action' => (int) $matches[4]); }
public static function encode_html($text) { return false !== strpos($text, '<') ? htmlprepare($text, false, ENT_NOQUOTES) : $text; }
if ($group_info = $db->sql_fetchrow($result)) { $group_moderator = $group_info['group_moderator']; // // Handle Additions, removals, approvals and denials // if (!empty($_POST['add']) || !empty($_POST['remove']) || isset($_POST['approve']) || isset($_POST['deny'])) { if (!is_user()) { URL::redirect(URL::index('Your_Account'), true); } if (!$is_moderator && $group_moderator != $userinfo['user_id']) { URL::refresh(URL::index()); $message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . URL::index() . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } if (isset($_POST['add'])) { $username = isset($_POST['username']) ? htmlprepare($_POST['username']) : ''; $sql = "SELECT user_id, user_email, user_lang FROM " . USERS_TABLE . " WHERE username = '******'"; $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) { URL::refresh(URL::index("&" . POST_GROUPS_URL . "={$group_id}")); $message = $lang['Could_not_add_user'] . "<br /><br />" . sprintf($lang['Click_return_group'], "<a href=\"" . URL::index("&" . POST_GROUPS_URL . "={$group_id}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_index'], "<a href=\"" . URL::index() . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } if ($row['user_id'] == ANONYMOUS) { URL::refresh(URL::index("&" . POST_GROUPS_URL . "={$group_id}")); $message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . URL::index("&" . POST_GROUPS_URL . "={$group_id}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . URL::index() . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $sql = "SELECT ug.user_id FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u\n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . "\n\t\t\t\t\t\tAND ug.user_id = u.user_id\n\t\t\t\t\t\tAND ug.group_id = {$group_id}"; $result = $db->sql_query($sql); if (!$db->sql_numrows($result)) {
cpg_error('Group doesn\'t exist'); } $mode = 'editgroup'; echo 'Edit group'; } else { $group_info = array('group_name' => '', 'group_description' => '', 'group_moderator' => '', 'group_type' => 0, 'username' => ''); $mode = 'newgroup'; echo 'Create new group'; } $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="gid" value="' . $group_id . '" />'; echo '</th> </tr> <tr> <td class="row1" width="38%"><span class="gen">Group name:</span></td> <td class="row2" width="62%"> <input type="text" name="group_name" size="35" maxlength="40" value="' . htmlprepare($group_info['group_name']) . '" /> </td> </tr><tr> <td class="row1" width="38%"><span class="gen">Group description:</span></td> <td class="row2" width="62%"> <textarea name="group_description" rows="10" cols="63">' . $group_info['group_description'] . '</textarea> </td> </tr><tr> <td class="row1" width="38%"><span class="gen">Group moderator:</span></td> <td class="row2" width="62%"><input type="text" class="post" name="username" maxlength="50" size="20" value="' . $group_info['username'] . '" /> <input type="submit" name="usersubmit" value="Find a username" class="liteoption" onclick="window.open(\'' . URL::index('Forums&file=search&mode=searchuser&popup=1&menu=1') . '\', \'_phpbbsearch\', \'HEIGHT=250,resizable=yes,WIDTH=400\');return false;" /></td> </tr><tr> <td class="row1" width="38%"><span class="gen">Group status:</span></td> <td class="row2" width="62%"> <input type="radio" name="group_type" value="0" ' . ($group_info['group_type'] == 0 ? ' checked="checked"' : '') . ' /> Open group <input type="radio" name="group_type" value="1" ' . ($group_info['group_type'] == 1 ? ' checked="checked"' : '') . ' /> Closed group <input type="radio" name="group_type" value="2" ' . ($group_info['group_type'] == 2 ? ' checked="checked"' : '') . ' /> Hidden group</td>
CloseTable(); } else { cpg_error(_CPG_MMNOLINK); } } elseif (isset($_GET['editcat'])) { $cid = isset($_GET['cid']) ? intval($_GET['cid']) : ''; $mode = $_GET['editcat']; $title = _CPG_MMCATNEW; if ($mode == 'mod') { $result = $db->sql_query("SELECT name, image, link_type, link FROM " . $prefix . "_modules_cat WHERE cid=" . $cid); $title = _CPG_MMCATEDIT; } if ($mode != 'new' && $db->sql_numrows($result) > 0 || $mode == 'new') { cpg_mm_admin_header($title); $cat = $mode == 'new' ? array('name' => 'My title', 'image' => 'image.gif', 'link' => '', 'link_type' => 0) : $db->sql_fetchrow($result); $cpgtpl->assign_vars(array('EDITLINK' => false, 'EDITCAT' => true, 'S_URL' => _URL, 'S_CPG_MMOPTIONAL' => _CPG_MMOPTIONAL, 'MODE' => $mode, 'CID' => $cid, 'S_CATNAME_VALUE' => htmlprepare($cat['name']), 'S_CATIMAGE_VALUE' => $cat['image'], 'S_CATLINK_VALUE' => $cat['link'], 'S_SUBMIT_VALUE' => $mode != 'new' ? _SAVECHANGES : _CPG_MMADDCAT, 'SEL_LINKTYPE' => select_box('lnktype', $cat['link_type'], array(0 => 'getlink', 1 => 'link', 2 => 'web')))); $cpgtpl->set_handle('body', 'admin/cpgmm_edit.html'); $cpgtpl->display('body'); } else { cpg_error(_CPG_MMNOCAT); } } elseif (isset($_GET['savecat'])) { if ($_POST['catname'] == '') { cpg_error(_CPG_MMCATEMPTY); } if ($_GET['savecat'] == 'mod') { $db->sql_query("UPDATE " . $prefix . "_modules_cat SET name='" . Fix_Quotes($_POST['catname']) . "', image='{$_POST['catimage']}', link='{$_POST['catlink']}', link_type='{$_POST['lnktype']}' WHERE cid=" . intval($_POST['cid'])); } else { list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM); $pos = empty($pos) ? 0 : $pos + 1; $db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')");
function run_ranks() { global $db, $lang, $template, $op, $bgcolor1, $bgcolor2; if (isset($_GET['mode']) || isset($_POST['mode'])) { $mode = htmlprepare(isset($_GET['mode']) ? $_GET['mode'] : $_POST['mode']); } else { if (isset($_POST['add'])) { $mode = 'add'; } else { if (isset($_POST['save'])) { $mode = 'save'; } else { $mode = ''; } } } if ($mode != '') { if ($mode == 'edit' || $mode == 'add') { // // They want to add a new rank, show the form. // $rank_id = isset($_GET['id']) ? intval($_GET['id']) : 0; $s_hidden_fields = ''; if ($mode == 'edit') { if (empty($rank_id)) { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } $result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}"); $rank_info = $db->sql_fetchrow($result); $s_hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />'; } else { $rank_info['rank_special'] = 0; } $s_hidden_fields .= '<input type="hidden" name="mode" value="save" />'; $rank_is_special = $rank_info['rank_special'] ? "checked=\"checked\"" : ""; $rank_is_not_special = !$rank_info['rank_special'] ? "checked=\"checked\"" : ""; $template->set_filenames(array('body' => 'forums/admin/ranks_edit_body.html')); $template->assign_vars(array("RANK" => isset($rank_info['rank_title']) ? $rank_info['rank_title'] : '', "SPECIAL_RANK" => $rank_is_special, "NOT_SPECIAL_RANK" => $rank_is_not_special, "MINIMUM" => $rank_is_special ? "" : isset($rank_info['rank_min']) ? $rank_info['rank_min'] : '', "IMAGE" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? $rank_info['rank_image'] : "", "IMAGE_DISPLAY" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? '<img src="' . $rank_info['rank_image'] . '" alt="" />' : "", "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK_TITLE" => $lang['Rank_title'], "L_RANK_SPECIAL" => $lang['Rank_special'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_RANK_IMAGE" => $lang['Rank_image'], "L_RANK_IMAGE_EXPLAIN" => $lang['Rank_image_explain'], "L_SUBMIT" => $lang['Submit'], "L_RESET" => $lang['Reset'], "L_YES" => $lang['Yes'], "L_NO" => $lang['No'], "S_RANK_ACTION" => URL::admin("{$op}"), "S_HIDDEN_FIELDS" => $s_hidden_fields)); } else { if ($mode == "save") { // // Ok, they sent us our info, let's update it. // $rank_id = isset($_POST['id']) ? intval($_POST['id']) : 0; $rank_title = isset($_POST['title']) ? trim($_POST['title']) : ""; $special_rank = $_POST['special_rank'] == 1 ? TRUE : 0; $min_posts = isset($_POST['min_posts']) ? intval($_POST['min_posts']) : -1; $rank_image = isset($_POST['rank_image']) ? trim($_POST['rank_image']) : ""; if ($rank_title == "") { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } if ($special_rank == 1) { $max_posts = -1; $min_posts = -1; } // // The rank image has to be a jpg, gif or png // if ($rank_image != "") { if (!preg_match("/(\\.gif|\\.png|\\.jpg)\$/is", $rank_image)) { $rank_image = ""; } } if ($rank_id) { if (!$special_rank) { $db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}"); } $sql = "UPDATE {$db->TBL->bbranks}\n\t\t\t\t\tSET rank_title = '" . Fix_Quotes($rank_title) . "', rank_special = {$special_rank}, rank_min = {$min_posts}, rank_image = '" . Fix_Quotes($rank_image) . "'\n\t\t\t\t\tWHERE rank_id = {$rank_id}"; $message = $lang['Rank_updated']; } else { $sql = "INSERT INTO {$db->TBL->bbranks} (rank_title, rank_special, rank_min, rank_image)\n\t\t\t\t\tVALUES ('" . Fix_Quotes($rank_title) . "', {$special_rank}, {$min_posts}, '" . Fix_Quotes($rank_image) . "')"; $message = $lang['Rank_added']; } $db->sql_query($sql); $message .= "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } else { if ($mode == "delete") { // // Ok, they want to delete their rank // if (isset($_POST['id']) || isset($_GET['id'])) { $rank_id = isset($_POST['id']) ? intval($_POST['id']) : intval($_GET['id']); } else { $rank_id = 0; } if ($rank_id) { $db->sql_query("DELETE FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}"); $db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}"); $message = $lang['Rank_removed'] . "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } else { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } } else { // // They didn't feel like giving us any information. Oh, too bad, we'll just display the // list then... // $template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html')); $result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min, rank_title"); $rank_rows = $db->sql_fetchrowset($result); $rank_count = count($rank_rows); $template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin("{$op}"))); for ($i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if ($special_rank) { $rank_min = $rank_max = "-"; } $row_color = !($i % 2) ? $bgcolor2 : $bgcolor1; $row_class = !($i % 2) ? 'row1' : 'row2'; $template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "RANK_MIN" => $rank_min, "SPECIAL_RANK" => $special_rank == 1 ? $lang['Yes'] : $lang['No'], "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}"))); } } } } } else { // // Show the default page // $template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html')); $result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min ASC, rank_special ASC"); $rank_count = $db->sql_numrows($result); $rank_rows = $db->sql_fetchrowset($result); $template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Rank_special'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin($op))); for ($i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if ($special_rank == 1) { $rank_min = $rank_max = "-"; } $row_color = !($i % 2) ? $bgcolor2 : $bgcolor1; $row_class = !($i % 2) ? 'row1' : 'row2'; $rank_is_special = $special_rank ? $lang['Yes'] : $lang['No']; $template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "SPECIAL_RANK" => $rank_is_special, "RANK_MIN" => $rank_min, "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}"))); } } $template->display('body'); CloseTable(); }
$db->sql_freeresult($result); } $ranksrow = $db->sql_ufetchrowset("SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_special, rank_min", SQL_ASSOC); # Define censored word matches $orig_word = array(); $replacement_word = array(); obtain_word_list($orig_word, $replacement_word); # Censor topic title if (count($orig_word)) { $topic_title = preg_replace($orig_word, $replacement_word, $topic_title); } # Was a highlight request part of the URI? $highlight_match = $highlight = ''; if (isset($_GET['highlight'])) { // Split words and phrases $words = explode(' ', htmlprepare($_GET['highlight'])); for ($i = 0; $i < sizeof($words); $i++) { $words[$i] = trim($words[$i]); if (trim($words[$i]) != '') { $highlight_match .= ($highlight_match != '' ? '|' : '') . str_replace('*', '\\w*', phpbb_preg_quote($words[$i], '#')); } } unset($words); $highlight = urlencode($_GET['highlight']); } # Post, reply and other URL generation for templating vars $printer_topic_url = URL::index("&file=viewtopic&printertopic=1&" . POST_TOPIC_URL . "={$topic_id}&start={$start}&postdays={$post_days}&postorder={$post_order}&vote=viewresult"); $new_topic_url = URL::index("&file=posting&mode=newtopic&" . POST_FORUM_URL . "={$forum_id}"); $reply_topic_url = URL::index("&file=posting&mode=reply&" . POST_TOPIC_URL . "={$topic_id}"); $view_forum_url = URL::index("&file=viewforum&" . POST_FORUM_URL . "={$forum_id}"); $view_prev_topic_url = URL::index("&file=viewtopic&" . POST_TOPIC_URL . "={$topic_id}&view=previous");
} if ($desc != '') { $post_titles[] = $desc; } } } } // Iron out those Attachments assigned to us, but not more controlled by us. ;) (PM's) if (count($post_titles) > 0) { $delete_box = '<input type="checkbox" name="delete_id_list[]" value="' . $attachments[$i]['attach_id'] . '" />'; for ($j = 0; $j < count($delete_id_list); $j++) { if ($delete_id_list[$j] == $attachments[$i]['attach_id']) { $delete_box = '<input type="checkbox" name="delete_id_list[]" value="' . $attachments[$i]['attach_id'] . '" checked="checked" />'; break; } } $post_titles = implode('<br />', $post_titles); $hidden_field = '<input type="hidden" name="attach_id_list[]" value="' . $attachments[$i]['attach_id'] . '">'; $template->assign_block_vars('attachrow', array('ROW_NUMBER' => $i + ($_GET['start'] + 1), 'ROW_COLOR' => $row_color, 'ROW_CLASS' => $row_class, 'FILENAME' => $attachments[$i]['real_filename'], 'COMMENT' => nl2br(htmlprepare($attachments[$i]['comment'])), 'EXTENSION' => $attachments[$i]['extension'], 'SIZE' => round($attachments[$i]['filesize'] / MEGABYTE, 2), 'DOWNLOAD_COUNT' => $attachments[$i]['download_count'], 'POST_TIME' => create_date($board_config['default_dateformat'], $attachments[$i]['filetime']), 'POST_TITLE' => $post_titles, 'S_DELETE_BOX' => $delete_box, 'S_HIDDEN' => $hidden_field, 'U_VIEW_ATTACHMENT' => URL::index('Forums&file=download&id=' . $attachments[$i]['attach_id']))); } } } // // Generate Pagination // if ($do_pagination && $total_rows > $board_config['topics_per_page']) { $pagination = generate_pagination('&file=uacp&mode=' . $mode . '&order=' . $sort_order . '&' . POST_USERS_URL . '=' . $profiledata['user_id'], $total_rows, $board_config['topics_per_page'], $start) . ' '; $template->assign_vars(array('PAGINATION' => $pagination, 'PAGE_NUMBER' => sprintf($lang['Page_of'], floor($start / $board_config['topics_per_page']) + 1, ceil($total_rows / $board_config['topics_per_page'])), 'L_GOTO_PAGE' => $lang['Goto_page'])); } $template->set_filenames(array('body' => 'forums/uacp_body.html')); require_once 'includes/phpBB/page_tail.php';
// // Extension Management // if ($submit && $mode == 'extensions') { // // Change Extensions ? // $extension_change_list = isset($_POST['extension_change_list']) ? $_POST['extension_change_list'] : array(); $extension_explain_list = isset($_POST['extension_explain_list']) ? $_POST['extension_explain_list'] : array(); $group_select_list = isset($_POST['group_select']) ? $_POST['group_select'] : array(); // // Generate correct Change List // $extensions = array(); for ($i = 0; $i < count($extension_change_list); $i++) { $extensions['_' . $extension_change_list[$i]]['comment'] = htmlprepare($extension_explain_list[$i]); $extensions['_' . $extension_change_list[$i]]['group_id'] = intval($group_select_list[$i]); } $result = $db->sql_query("SELECT * FROM " . EXTENSIONS_TABLE . " ORDER BY ext_id"); if ($db->sql_numrows($result) > 0) { $extension_row = $db->sql_fetchrowset($result); for ($i = 0; $i < count($extension_row); $i++) { if ($extension_row[$i]['comment'] != $extensions['_' . $extension_row[$i]['ext_id']]['comment'] || intval($extension_row[$i]['group_id']) != intval($extensions['_' . $extension_row[$i]['ext_id']]['group_id'])) { $sql = "UPDATE " . EXTENSIONS_TABLE . " \n\t\t\t\tSET comment = '" . $extensions['_' . $extension_row[$i]['ext_id']]['comment'] . "', group_id = " . $extensions['_' . $extension_row[$i]['ext_id']]['group_id'] . "\n\t\t\t\tWHERE ext_id = " . $extension_row[$i]['ext_id']; $db->sql_query($sql); } } } // // Delete Extension ? //
$error = _SUSERSHORT; } if ($unum > 25) { $error = _SUSERLONG; } if (eregi("javascript:(.*)", $username)) { $error = _SUSERJS; } $username = ereg_replace("([^ ]{42})", "\\1", $username); } else { $username = $shoutconf['username']; } } else { cpg_error('You\'re not allowed to post.'); } $comment = htmlprepare($_POST['comment']); //lots of little tests $num = strlen($comment); if ($num < 2) { $error = _SHOUTSHORT; } if ($num > 2500) { $error = _SHOUTLONG; } if (!$comment) { $error = _SHOUTNONE; } //no more XSS....more or less...needs work..// if (eregi("javascript:(.*)", $comment)) { $error = _SHOUTJS; }
} else { $cpgtpl->assign_var('DL_REVIEWS', false); } $db->sql_freeresult($result); if (can_admin($module_name) || $row['submitter'] == $userinfo['user_id']) { // pagination $cur_page2 = isset($_GET['p_page']) && $_GET['p_page'] > 0 ? intval($_GET['p_page']) : 1; $limit2 = ($cur_page2 - 1) * $perpage; $result = $db->sql_query("SELECT r.id, r.uid, r.ip, r.title, r.comment, r.score, r.timestamp, u.username, COUNT(r.score) AS votes FROM " . $dl_prefix . "_ratings r\n\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = r.uid)\n\tWHERE r.lid='{$global_id}' AND r.comment!='' AND active=0 \n\tGROUP BY r.id DESC, r.uid, r.ip, r.title, r.comment, r.score, r.timestamp, u.username \n\tLIMIT {$perpage} OFFSET {$limit2}"); list($pending) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $dl_prefix . "_ratings \n\tWHERE lid='{$global_id}' AND active=0"); if ($db->sql_numrows($result)) { $cpgtpl->assign_vars(array('DL_P_REVIEW_PAGES' => ceil($pending / $perpage) > 1 ? gen_pagination($pending, $perpage, $cur_page2, '&file=details&id=' . $global_id, 'p_reviews', 'p_page') : false, 'DL_P_REVIEWS' => $pending)); $i = 0; while (list($review_id, $review_uid, $review_ip, $review_title, $review_comment, $review_score, $review_timestamp, $review_uname, $review_votes) = $db->sql_fetchrow($result)) { $rating_info = get_rating($review_score, $review_votes); $cpgtpl->assign_block_vars('dl_p_review', array('ID' => $review_id, 'U_ID' => htmlprepare(URL::uri()) . '#r' . $review_id, 'RATING' => _DLP_REVIEW . ' #' . $review_id . ': ' . $rating_info['desc'], 'U_MEMBER' => URL::index('Your_Account&profile=' . $review_uid), 'MEMBERNAME' => $review_uname, 'DATE' => generate_date($review_timestamp), 'U_DEL' => can_admin($module_name) || $row['submitter'] == $userinfo['user_id'] ? '<a href="' . URL::index('&del_review=' . $review_id) . '">[' . strtolower(_DELETE) . ']</a>' : false, 'U_APPR' => can_admin($module_name) || $row['submitter'] == $userinfo['user_id'] ? '<a href="' . URL::index('&approve_review=' . $review_id) . '">[' . strtolower(_DLP_APPROVE) . ']</a>' : false, 'TITLE' => $review_title, 'COMMENT' => decode_bb_all($review_comment), 'IP' => decode_ip($review_ip), 'IMG_RATE' => dl_image('stars/' . $rating_info['rating'] . '.png'), 'SPACER' => $i > 0)); $i++; } } else { $cpgtpl->assign_var('DL_P_REVIEWS', false); } $db->sql_freeresult($result); } else { $cpgtpl->assign_var('DL_P_REVIEWS', false); } } if ($row['pick']) { $cpgtpl->assign_block_vars('dl_image', array('SRC' => dl_image('pick.png'), 'TITLE' => _DLP_EDPICK)); } // custom fields: images $result = $db->sql_query("SELECT field, img_path, img_alt FROM " . $dl_prefix . "_fields \n\tWHERE type=3 AND visible > 0");
if ($db->sql_numrows($result) < 1) { echo _NORESULTSTEXT; } else { while ($row = $db->sql_fetchrow($result)) { $tid = $row['tid']; $title = $row['title']; echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}&query={$query}") . "\">{$title}</a><br />"; } } echo "<br /><br />" . "<center><form action=\"" . getlink("&file=search") . "\" method=\"post\">" . "<input type=\"text\" size=\"20\" name=\"query\"> " . "<input type=\"hidden\" name=\"eid\" value=\"{$eid}\">" . "<input type=\"submit\" value=\"" . _SEARCH . "\">" . "</form><br /><br />" . "[ <a href=\"" . getlink() . "\">" . _RETURNTO . " " . _ENCYCLOPEDIA . "</a> ]<br /><br />" . _GOBACK . "</center>"; CloseTable(); } elseif (isset($_POST['query']) && !empty($_POST['query']) && $eid > 0) { $result2 = $db->sql_query("SELECT title FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'", false, __FILE__, __LINE__); $row = $db->sql_fetchrow($result2); OpenTable(); echo '<center><b>' . _SEARCHRESULTSFOR . ' <i>' . htmlprepare($_POST['query']) . '</i></b></center><br /><br /><br /> <i><b>' . _RESULTSINTERMTITLE . '</b></i><br /><br />'; $query = Fix_Quotes($_POST['query'], 1); $result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND title LIKE '%{$query}%'", false, __FILE__, __LINE__); if ($db->sql_numrows($result) < 1) { echo _NORESULTSTITLE; } else { while ($row = $db->sql_fetchrow($result)) { $tid = $row[tid]; $title = $row[title]; echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}") . "\">{$title}</a><br />"; } } $result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND text LIKE '%{$query}%'", false, __FILE__, __LINE__); echo "<br /><br /><i><b>" . _RESULTSINTERMTEXT . "</b></i><br /><br />"; if ($db->sql_numrows($result) < 1) {
function saveuser(&$userinfo) { global $db, $user_prefix, $MAIN_CFG, $allowusertheme, $CPG_SESS, $SESS; $mode = isset($_POST['save']) ? $_POST['save'] : 'profile'; if ($mode == 'admin' && !defined('ADMIN_PAGES')) { $mode = 'profile'; } if ($mode == 'profile') { $section = 'section=1 OR section=2'; } elseif ($mode == 'private') { $section = 'section=3'; } elseif ($mode == 'prefs') { $section = 'section=5'; } $sql = $pass_change = false; if ($mode == 'reg_details') { global $allowmailchange; $current_password = isset($_POST['current_password']) ? md5($_POST['current_password']) : ''; if (isset($_POST['new_password'])) { $new_password = $_POST['new_password']; $verify_password = isset($_POST['verify_password']) ? $_POST['verify_password'] : ''; if ($new_password != $verify_password) { cpg_error(_PASSDIFFERENT, 'ERROR: Password mismatch'); } elseif ($new_password != '') { if (strlen($new_password) < $MAIN_CFG['member']['minpass']) { cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG, 'ERROR: Password too short'); } $new_password = md5($new_password); if ($new_password != $userinfo['user_password']) { if (!defined('ADMIN_PAGES') && $current_password != $userinfo['user_password']) { cpg_error('Password incorrect'); } $sql = " user_password='******'"; $pass_change = true; } } } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : $userinfo['user_email']; if (($allowmailchange || defined('ADMIN_PAGES')) && $user_email != $userinfo['user_email']) { if ($current_password != $userinfo['user_password'] && !defined('ADMIN_PAGES')) { cpg_error('Password incorrect'); } if (is_email($user_email) < 1) { cpg_error(_ERRORINVEMAIL); } if ($sql) { $sql .= ', '; } $sql .= "user_email='{$user_email}'"; } if (defined('ADMIN_PAGES') && isset($_POST['username']) && $_POST['username'] != $userinfo['username']) { if (preg_match('#(\\ |\\*|#|\\\\|%|"|\'|`|&|\\^|@)', $_POST['username'])) { cpg_error(_ERRORINVNICK); } if ($db->sql_count($user_prefix . '_users u, ' . $user_prefix . '_users_temp t', "u.username='******'username']}' OR t.username='******'username']}' LIMIT 1") > 0) { cpg_error(_NICKTAKEN); } if ($sql) { $sql .= ', '; } $sql .= "username='******'username']}'"; } } elseif ($mode == 'avatar') { require_once 'modules/' . basename(dirname(__FILE__)) . '/avatars.php'; // Local avatar? $avatar_local = isset($_POST['user_avatar']) ? $_POST['user_avatar'] : ''; // Remote avatar? $avatar_remoteurl = !empty($_POST['avatarremoteurl']) ? htmlprepare($_POST['avatarremoteurl']) : ''; // Upload avatar thru remote or upload? $avatar_upload = !empty($_POST['avatarurl']) ? trim($_POST['avatarurl']) : (!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none" ? $_FILES['avatar']['tmp_name'] : ''); $avatar_name = !empty($_FILES['avatar']['name']) ? $_FILES['avatar']['name'] : ''; // 0 = USER_AVATAR_NONE if (isset($_POST['avatardel']) || $avatar_local == '') { $sql = avatar_delete($userinfo); } // 1 = USER_AVATAR_UPLOAD if ((!empty($avatar_upload) || !empty($avatar_name)) && $MAIN_CFG['avatar']['allow_upload']) { if (!empty($avatar_upload)) { $sql = avatar_upload(empty($avatar_name), $userinfo, $avatar_upload, $_FILES['avatar']); } elseif (!empty($avatar_name)) { cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)), 'ERROR: Filesize'); } } elseif ($avatar_remoteurl != $userinfo['user_avatar'] && $avatar_remoteurl != '' && $MAIN_CFG['avatar']['allow_remote']) { if (!preg_match('#^(http)|(ftp):\\/\\/#i', $avatar_remoteurl)) { $avatar_remoteurl = 'http://' . $avatar_remoteurl; } if (preg_match('#^((http)|(ftp):\\/\\/[\\w\\-]+?\\.([\\w\\-]+\\.)+[\\w]+(:[0-9]+)*\\/.*?\\.(gif|jpg|jpeg|png)$)#is', $avatar_remoteurl)) { if (in_array('getimagesize', explode(',', ini_get('disable_functions'))) || ini_get('disable_functions') == 'getimagesize') { cpg_error('getimagesize is disabled', _AVATAR_ERR_URL); } elseif (!getimagesize($avatar_remoteurl)) { cpg_error('Image has wrong filetype', _AVATAR_ERR_URL); } elseif (!($file_data = get_fileinfo($avatar_remoteurl, !$MAIN_CFG['avatar']['animated']))) { cpg_error(_AVATAR_ERR_URL); } elseif ($file_data['size'] > $MAIN_CFG['avatar']['filesize']) { cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024))); } elseif (!$MAIN_CFG['avatar']['animated'] && $file_data['animation']) { cpg_error('Animated avatar not allowed'); } if (avatar_size($avatar_remoteurl)) { avatar_delete($userinfo); $sql = "user_avatar='{$avatar_remoteurl}', user_avatar_type=2"; } } else { cpg_error('Image has wrong filetype', 'ERROR: Image filetype'); } } elseif ($avatar_local != $userinfo['user_avatar'] && $avatar_local != '' && $MAIN_CFG['avatar']['allow_local'] && file_exists($MAIN_CFG['avatar']['gallery_path'] . '/' . $avatar_local)) { avatar_delete($userinfo); $sql = "user_avatar='{$avatar_local}', user_avatar_type=3"; } } elseif ($mode == 'admin') { $sql = 'user_allow_pm=' . intval($_POST['user_allow_pm']) . ', user_allowavatar=' . intval($_POST['user_allowavatar']) . ', user_rank=' . intval($_POST['user_rank']); $suspendreason = isset($_POST['suspendreason']) ? $_POST['suspendreason'] : 'no reason'; if ($_POST['suspendreason'] != $userinfo['susdel_reason']) { $sql .= ', susdel_reason=\'' . Fix_Quotes($suspendreason) . "'"; } if (intval($_POST['user_suspend']) == 0 && $userinfo['user_level'] == 0) { $sql .= ', user_level=1'; } elseif (intval($_POST['user_suspend']) > 0 && $userinfo['user_level'] > 0) { $message = _SORRYTO . ' ' . $MAIN_CFG['global']['sitename'] . ' ' . _HASSUSPEND; if ($suspendreason > '') { $message .= "\n\n" . _SUSPENDREASON . "\n{$suspendreason}"; } $from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']); if (!send_mail($mailer_message, $message, 0, _ACCTSUSPEND, $userinfo['user_email'], $userinfo['username'], $from)) { trigger_error($mailer_message, E_USER_WARNING); } $sql .= ', user_level=0, susdel_reason=\'' . Fix_Quotes($suspendreason) . "'"; } } else { $result = $db->sql_query('SELECT field, type FROM ' . $user_prefix . '_users_fields WHERE ' . $section); if ($db->sql_numrows($result) > 0) { while ($row = $db->sql_fetchrow($result)) { $field = $row['field'] == 'name' ? 'realname' : $row['field']; $value = Fix_Quotes($_POST[$field], 1); if ($row['field'] == 'user_lang' && !$MAIN_CFG['global']['multilingual']) { continue; } if ($row['type'] == 1 || $row['type'] == 4) { $value = intval($value); } else { if ($field == 'user_website') { if (!preg_match('#^http[s]?:\\/\\/#i', $value)) { $value = 'http://' . $value; } if (!preg_match('#^(http[s]?\\:\\/\\/)?([a-z0-9\\-\\.]+)?[a-z0-9\\-]+\\.[a-z]{2,4}$#i', $value)) { $value = ''; } } } if ($row['type'] == 7 && !$allowusertheme) { $value = $MAIN_CFG['global']['Default_Theme']; } if ($row['type'] == 6) { $value = date_raw($value); if (checkdate(substr($value, 4, 2), substr($value, 6, 2), substr($value, 0, 4))) { $sql .= ", {$row['field']}='{$value}'"; } } elseif (array_key_exists($row['field'], $userinfo) && $userinfo[$row['field']] != $value) { $sql .= ", {$row['field']}='{$value}'"; } if ($field == 'user_timezone') { $sql .= ', user_dst=' . intval($_POST['user_dst']); } } if ($sql) { $sql = substr($sql, 2); } } } if ($sql) { $db->sql_query('UPDATE ' . $user_prefix . '_users SET ' . $sql . " WHERE user_id=" . intval($userinfo['user_id'])); $_SESSION['CPG_USER'] = false; unset($_SESSION['CPG_USER']); if (!defined('ADMIN_PAGES')) { if ($pass_change) { global $CLASS; $CLASS['member']->setmemcookie($userinfo['user_id'], $userinfo['username'], $new_password); } if (isset($_POST['theme']) && $allowusertheme) { $CPG_SESS['theme'] = $_POST['theme']; unset($CPG_SESS['prevtheme']); } cpg_error(_TASK_COMPLETED, _TB_INFO, URL::index('&edit=' . $mode)); } else { cpg_error(_TASK_COMPLETED, _TB_INFO, URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id'])); } } if (!defined('ADMIN_PAGES')) { URL::redirect(URL::index('&edit=' . $mode)); } else { cpg_error('Nothing changed', 'No update', URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id'])); } }
if ($comments == 0) { $commentlink = $story_link . _COMMENTSQ . '</a> | '; } elseif ($comments == 1) { $commentlink = $story_link . $comments . ' ' . _COMMENT . '</a> | '; } elseif ($comments > 1) { $commentlink = $story_link . $comments . ' ' . _COMMENTS . '</a> | '; } } $printlink = '<a href="' . URL::index('News&file=print&sid=' . $row['sid']) . '"><img src="images/news/print.gif" alt="' . _PRINTER . '" title="' . _PRINTER . '" /></a>'; if ($row['catid'] != 0) { $title = '<a href="' . URL::index('News&catid=' . $row['catid']) . '">' . $row['cattitle'] . '</a> : ' . $title; $catlink = '<a href="' . URL::index('News&catid=' . $row['catid']) . '">' . $row['cattitle'] . '</a> | '; } $rated = 0; if ($row['score'] != 0) { $rated = substr($row['score'] / $row['ratings'], 0, 4); } $scorelink = _SCORE . ' ' . $rated; $row['topicimage'] = $row['topicimage'] != '' ? $row['topicimage'] : 'AllTopics.gif'; $row['topictext'] = htmlprepare($row['topictext']); $row['informant'] = $row['informant'] != '' ? '<a href="' . URL::index("Your_Account&profile={$row['informant']}") . "\">{$row['informant']}</a>" : _ANONYMOUS; $cpgtpl->assign_block_vars('newstopic', array('IMG_TOPIC' => (file_exists("themes/{$CPG_SESS['theme']}/images/topics/{$row['topicimage']}") ? "themes/{$CPG_SESS['theme']}/" : '') . "images/topics/{$row['topicimage']}", 'S_AUTHOR' => $row['aid'], 'S_INFORMANT' => $row['informant'], 'S_MORELINK' => $morelink, 'S_COMMLINK' => $commentlink, 'S_PRNTLINK' => $printlink, 'S_CATLINK' => $catlink, 'S_SCORLINK' => $scorelink, 'S_NOTE' => _NOTE, 'S_NOTES' => $row['notes'], 'S_POSTEDBY' => _POSTEDBY, 'S_STORY' => $row['hometext'], 'S_ON' => _ON, 'S_TEXTCOLOR1' => $textcolor1, 'S_TEXTCOLOR2' => $textcolor2, 'S_TIME' => " {$datetime} ", 'S_READS' => "({$row['counter']} " . _READS . ")", 'S_TITLE' => $title, 'S_TOPIC' => $row['topictext'], 'S_WRITES' => _WRITES, 'S_SID' => $row['sid'], 'U_NEWTOPIC' => URL::index("News&topic={$row['topic']}"))); } $db->sql_freeresult($result); $tmp = 0 < $topic ? '&topic=' . $topic : (0 < $catid ? '&catid=' . $catid : ''); pagination('News' . $tmp . '&page=', $pages, 1, $page); $cpgtpl->set_filenames(array('body' => 'news/index.html')); $cpgtpl->display('body'); } } }
<input type="hidden" name="n_group" value="' . $group . '" />'; } // Load the required wysiwyg class require CORE_PATH . 'wysiwyg/wysiwyg.inc'; // Create as many wysiwyg instances as you need $wysiwyg = new Wysiwyg('newsletter', 'content', '90%', '300px', $content); // Set all the required wysiwyg headers $wysiwyg->setHeader(); require 'header.php'; GraphicAdmin('_AMENU5'); OpenTable(); echo '<form name="newsletter" action="' . URL::admin() . '" method="post" enctype="multipart/form-data" accept-charset="utf-8"> ' . $wysiwyg->getSelect() . ' <table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline" style="margin:auto;"> <tr> <td align="center" class="catleft" colspan="2"><b><span class="gen">' . $title . '</span></b></td> </tr>' . $preview . '<tr> <td class="row1"><span class="gen">' . _SUBJECT . '</span></td> <td class="row2"><input type="text" name="subject" size="50" maxlength="255" value="' . htmlprepare($subject) . '" /></td> </tr><tr> <td class="row1"><span class="gen">' . _CONTENT . '</span></td> <td class="row2">' . $wysiwyg->getHTML() . '</td> </tr><tr> <td class="row1"><span class="gen">' . _NL_RECIPS . '</span></td> <td class="row2">' . newsletter_selection('group', $group) . '</td> </tr>' . $notes . '<tr> <td class="catbottom" colspan="2" align="center" height="28"> <input type="submit" name="preview" value="' . _PREVIEW . '" class="mainoption" />' . $submit . ' </td> </tr></table></form>'; CloseTable();
# user configs, temporary here # force HTTPS when $Module->https is active define('HTTPS_REQUIRED', false); require 'includes/cmsinit.inc'; //foreach (HOOKS::get('loader.name', 'cache')) {} header('Last-Modified: ' . date('D, d M Y H:i:s', time()) . ' GMT'); header('X-Content-Type-Options: nosniff'); header('Expires: 0'); // should be moved to header.php header('P3P: CP="' . $MAIN_CFG['header']['P3P'] . '"'); # standard privacy header change to yours if ($SESS->new && $MAIN_CFG['global']['httpref'] && isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) { $referer = Fix_Quotes($_SERVER['HTTP_REFERER']); if (strpos($referer, '://') && !stripos($referer, $MAIN_CFG['server']['domain'])) { if (!$db->sql_query('UPDATE ' . $prefix . '_referer SET lasttime=' . time() . ' WHERE url=\'' . htmlprepare($referer) . '\'', true) || !$db->sql_affectedrows()) { $db->sql_query('INSERT INTO ' . $prefix . "_referer (url, lasttime) VALUES ('" . htmlprepare($referer) . "', " . time() . ")", true); } $numrows = $db->sql_count($prefix . '_referer'); $httprefmax = (int) $MAIN_CFG['global']['httprefmax']; if ($numrows >= $httprefmax) { $db->sql_query('DELETE FROM ' . $prefix . '_referer ORDER BY lasttime LIMIT ' . ($numrows - $httprefmax / 2)); } } } /* acp insert new virtual modules, chroot example.php to /includes/load */ //Module::$custom[-2] = array('mid' => -2, 'name' => 'credits', 'file' => CORE_PATH.'info.inc', 'view' => 0); //Module::$custom[-3] = array('mid' => -3, 'name' => 'privacy_policy', 'file' => CORE_PATH.'info.inc', 'view' => 0); //Module::$custom[-4] = array('mid' => -4, 'name' => 'smilies', 'file' => CORE_PATH.'nbbcode.php', 'view' => 1); //Module::$custom[-5] = array('mid' => -5, 'name' => 'user_search', 'file' => CORE_PATH.'user_search.php', 'view' => 1); $name = !empty($_POST['name']) ? $_POST['name'] : (!empty($_GET['name']) ? $_GET['name'] : $MAIN_CFG['global']['main_module']); if (!preg_match('#^[a-zA-Z0-9_\\-]+$#', $name)) {
} } // // Assign Default Template Vars // $template->assign_vars(array('L_VIEW' => $lang['View'], 'L_SUBMIT' => $lang['Submit'], 'L_CONTROL_PANEL_TITLE' => $lang['Control_panel_title'], 'L_CONTROL_PANEL_EXPLAIN' => $lang['Control_panel_explain'], 'S_VIEW_SELECT' => $select_view, 'S_MODE_ACTION' => URL::admin('&do=attach_cp'))); if ($submit_change && $view == 'attachments') { $attach_change_list = isset($_POST['attach_id_list']) ? $_POST['attach_id_list'] : array(); $attach_comment_list = isset($_POST['attach_comment_list']) ? $_POST['attach_comment_list'] : array(); $attach_download_count_list = isset($_POST['attach_count_list']) ? $_POST['attach_count_list'] : array(); // // Generate correct Change List // $attachments = array(); for ($i = 0; $i < count($attach_change_list); $i++) { $attachments['_' . $attach_change_list[$i]]['comment'] = htmlprepare($attach_comment_list[$i]); $attachments['_' . $attach_change_list[$i]]['download_count'] = intval($attach_download_count_list[$i]); } $result = $db->sql_query("SELECT * FROM " . ATTACHMENTS_DESC_TABLE . " ORDER BY attach_id"); while ($attachrow = $db->sql_fetchrow($result)) { if (isset($attachments['_' . $attachrow['attach_id']])) { if ($attachrow['comment'] != $attachments['_' . $attachrow['attach_id']]['comment'] || intval($attachrow['download_count']) != intval($attachments['_' . $attachrow['attach_id']]['download_count'])) { $sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\tSET comment = '" . $attachments['_' . $attachrow['attach_id']]['comment'] . "', download_count = " . intval($attachments['_' . $attachrow['attach_id']]['download_count']) . "\n\t\t\t\tWHERE attach_id = " . $attachrow['attach_id']; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Couldn\'t update Attachments Informations', '', __LINE__, __FILE__, $sql); } } } } } else { if ($view == 'stats') {
function html_comments($pid) { global $CONFIG, $USER, $CURRENT_ALBUM_DATA, $username, $FAVPICS, $CURRENT_PIC_DATA, $THEME_DIR; global $template_image_comments, $template_add_your_comment, $db; $html = ''; if (!$CONFIG['enable_smilies']) { $tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_no_smilies', '{EDIT}'); template_extract_block($template_image_comments, 'edit_box_smilies'); template_extract_block($template_add_your_comment, 'input_box_smilies'); } else { $tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_smilies', '{EDIT}'); template_extract_block($template_image_comments, 'edit_box_no_smilies'); template_extract_block($template_add_your_comment, 'input_box_no_smilies'); } $tmpl_comments_buttons = template_extract_block($template_image_comments, 'buttons', '{BUTTONS}'); $tmpl_comments_ipinfo = template_extract_block($template_image_comments, 'ipinfo', '{IPINFO}'); $result = $db->sql_query("SELECT msg_id, msg_author, msg_body, msg_date, author_id, author_md5_id, msg_raw_ip, msg_hdr_ip FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}' ORDER BY msg_id ASC", false, __FILE__, __LINE__); while ($row = $db->sql_fetchrow($result)) { $user_can_edit = GALLERY_ADMIN_MODE || USER_ID > 1 && USER_ID == $row['author_id'] && USER_CAN_POST_COMMENTS || USER_ID < 2 && USER_CAN_POST_COMMENTS && $USER['ID'] == $row['author_md5_id']; $comment_buttons = $user_can_edit ? $tmpl_comments_buttons : ''; $comment_edit_box = $user_can_edit ? $tmpl_comment_edit_box : ''; $comment_ipinfo = $row['msg_raw_ip'] && GALLERY_ADMIN_MODE ? $tmpl_comments_ipinfo : ''; if ($CONFIG['enable_smilies']) { $comment_body = set_smilies(make_clickable($row['msg_body'])); $smilies = smilies_table('onerow', 'msg_body', "f{$row['msg_id']}"); } else { $comment_body = make_clickable($row['msg_body']); $smilies = ''; } $params = array('{EDIT}' => &$comment_edit_box, '{BUTTONS}' => &$comment_buttons, '{IPINFO}' => &$comment_ipinfo); $template = template_eval($template_image_comments, $params); $info = ''; if (!in_array($pid, $FAVPICS)) { $info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . ADDFAV . '</a>'; } else { $info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . REMFAV . '</a>'; } $params = array('{MSG_AUTHOR}' => $row['msg_author'], '{MSG_ID}' => $row['msg_id'], '{MSG_TYPE}' => GALLERY_ADMIN_MODE ? 'text' : 'hidden', '{EDIT_TITLE}' => COM_EDIT_TITLE, '{CONFIRM_DELETE}' => CONFIRM_DELETE_COM, '{DELETE_LINK}' => URL::index("&file=delete"), '{DELETE_TEXT}' => DELETE . ' ' . COMMENT, '{MSG_DATE}' => localised_date($row['msg_date'], COMMENT_DATE_FMT), '{MSG_BODY}' => &$comment_body, '{MSG_BODY_RAW}' => $row['msg_body'], '{OK}' => OK, '{SMILIES}' => $smilies, '{HDR_IP}' => NET::decode_ip($row['msg_hdr_ip']), '{RAW_IP}' => NET::decode_ip($row['msg_raw_ip']), '{ACTION}' => 'action="' . URL::index('&file=db_input') . '" enctype="multipart/form-data" accept-charset="utf-8"', '{ADDFAVLINK}' => URL::index("&file=addfav&pid={$pid}"), '{ADDFAVTEXT}' => $info, '{THEMEDIR}' => $THEME_DIR); $html .= template_eval($template, $params); } if (USER_CAN_POST_COMMENTS && $CURRENT_ALBUM_DATA['comments']) { if (USER_ID > 1) { $username_input = '<input type="hidden" name="msg_author" value="' . CPG_USERNAME . '" />'; template_extract_block($template_add_your_comment, 'username_input', $username_input); // $username = ''; } else { $username = isset($USER['name']) ? '"' . htmlprepare($USER['name']) . '"' : '"' . YOUR_NAME . '" onclick="javascript:this.value=\'\';"'; } if (!in_array($pid, $FAVPICS)) { $info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . ADDFAV . '</a>'; } else { $info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . REMFAV . '</a>'; } $params = array('{ADD_YOUR_COMMENT}' => ADD_YOUR_COMMENT, '{NAME}' => COM_NAME, '{COMMENT}' => COMMENT, '{PIC_ID}' => $pid, '{username}' => $username, '{MAX_COM_LENGTH}' => $CONFIG['max_com_size'], '{OK}' => OK, '{SMILIES}' => '', '{ACTION}' => 'action="' . URL::index("&file=db_input") . '" enctype="multipart/form-data" accept-charset="utf-8"', '{ADDFAVLINK}' => URL::index("&file=addfav&pid={$pid}"), '{ADDFAVTEXT}' => $info); if ($CONFIG['enable_smilies']) { $params['{SMILIES}'] = smilies_table('onerow', 'message', 'post'); } // if ($CONFIG['enable_smilies']) $params['{SMILIES}'] = generate_smilies(); $html .= template_eval($template_add_your_comment, $params); } if (USER_ID > 1 or $CONFIG['allow_anon_fullsize'] or USER_IS_ADMIN) { return $html; } }
while ($row = $db->sql_fetchrow($result)) { $post_id_sql .= ($post_id_sql != '' ? ', ' : '') . intval($row['post_id']); } $db->sql_freeresult($result); $sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . "\n\t\t WHERE post_id IN ({$post_id_sql}) ORDER BY post_time ASC"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $first_poster = $row['poster_id']; $topic_id = $row['topic_id']; $post_time = $row['post_time']; $user_id_sql = $post_id_sql = ''; do { $user_id_sql .= ($user_id_sql != '' ? ', ' : '') . intval($row['poster_id']); $post_id_sql .= ($post_id_sql != '' ? ', ' : '') . intval($row['post_id']); } while ($row = $db->sql_fetchrow($result)); $post_subject = htmlprepare($_POST['subject']); if (empty($post_subject)) { message_die(GENERAL_MESSAGE, $lang['Empty_subject']); } $new_forum_id = intval($_POST['new_forum_id']); $topic_time = time(); $sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)\n\t\t\tVALUES ('" . Fix_Quotes($post_subject) . "', {$first_poster}, " . $topic_time . ", {$new_forum_id}, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")"; $db->sql_query($sql); $new_topic_id = $db->sql_nextid('topic_id'); // Update topic watch table, switch users whose posts // have moved, over to watching the new topic $sql = "UPDATE " . TOPICS_WATCH_TABLE . "\n\t\t\tSET topic_id = {$new_topic_id}\n\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tAND user_id IN ({$user_id_sql})"; $db->sql_query($sql); $sql_where = !empty($_POST['split_type_beyond']) ? " post_time >= {$post_time} AND topic_id = {$topic_id}" : "post_id IN ({$post_id_sql})"; $sql = "UPDATE " . POSTS_TABLE . "\n\t\t\tSET topic_id = {$new_topic_id}, forum_id = {$new_forum_id}\n\t\t\tWHERE {$sql_where}"; $db->sql_query($sql);
// application/rss+xml // <ttl>60</ttl> a number of minutes that indicates how long a channel can be cached before refresh. echo '<?xml version="1.0" encoding="UTF-8"?> <rss version="2.0"> <channel> <title>' . htmlprepare($sitename) . '</title> <link>' . $BASEHREF . '</link> <description>' . htmlprepare($backend_title) . '</description> <language>' . $backend_language . '</language> <pubDate>' . $date . '</pubDate> <ttl>' . 60 * 24 . '</ttl> <generator>CPG-Nuke Dragonfly</generator> <copyright>' . htmlprepare($sitename) . '</copyright> <category>Downloads</category> <docs>http://backend.userland.com/rss</docs> <image> <url>' . $BASEHREF . 'images/' . $MAIN_CFG['global']['site_logo'] . '</url> <title>' . htmlprepare($sitename) . '</title> <link>' . $BASEHREF . "</link>\n </image>\n\n"; if ($row) { do { echo '<item> <title>' . htmlprepare($row['title']) . '</title> <link>' . URL::index('Downloads&file=details&id=' . $row['lid'], true, true) . '</link> <description>' . htmlprepare($row['desc_short'], false, ENT_QUOTES, true) . '</description> <pubDate>' . date('D, d M Y H:i:s \\G\\M\\T', $row['date']) . "</pubDate>\n</item>\n\n"; } while ($row = $db->sql_fetchrow($result)); } ?> </channel> </rss>
foreach ($modlist as $mod) { if (class_exists($mod['search_class'])) { $search = new $mod['search_class'](); if ($search->options) { echo '<hr /><div><strong>' . _ADVOPTIONSFOR . ' ' . $mod['title'] . ':</strong><br />' . $search->options . '<br /></div>'; } } } echo '</form>'; CloseTable(); } else { $page = isset($_GET['page']) ? intval($_GET['page']) : 0; $limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10; $query = isset($_POST['search']) ? $_POST['search'] : $_GET['search']; $sql_query = Fix_Quotes($query); $the_query = htmlprepare($query); $url_query = urlencode($query); $modules = array(); if (isset($_POST['modules'])) { foreach ($_POST['modules'] as $mod) { if (isset($modlist[$mod])) { $modules[$mod] = $modlist[$mod]; } } } else { if (isset($_GET['mod'])) { if (isset($modlist[$_GET['mod']])) { $modules[$_GET['mod']] = $modlist[$_GET['mod']]; } } else { $modules = $modlist;
$selects .= '<optgroup label="' . $cat['crumb'] . '">'; } else { $selects .= '<option value="' . $cat['cid'] . '"' . (isset($_GET['c']) && $cat['cid'] == intval($_GET['c']) || $cat['cid'] == $in['cat'] ? ' selected="selected"' : '') . '>' . $cat['crumb'] . '</option>'; } } $selects .= '</optgroup></select>'; } require_once 'header.php'; $images = DL_Image::output_list($mng_id, $in['screen']); $cpgtpl->assign_vars(array('DL_MENU' => dl_menu(), 'DL_ERRORS' => !empty($errors), 'DL_WARNINGS' => !empty($warnings), 'DL_MIRRORS' => DL_Mirror::output_list($mng_id), 'DL_IMAGES' => $images, 'IS_NEW_DL' => !can_admin($module_name), 'CAN_ADMIN' => can_admin($module_name), 'B_SCREENSHOT' => $dl_config['screen_active'] || can_admin($module_name), 'B_ADD_IMAGE' => $dl_config['screen_active'] && $images < $dl_config['screen_max'], 'B_NOTES' => false, 'B_REASON' => false, 'B_UPL_FILE' => $dl_config['upl_file'] || can_admin($module_name), 'B_UPL_IMAGE' => $dl_config['upl_image'] || can_admin($module_name), 'B_PENDING' => false, 'B_FETCH_PAD' => $fetch_pad, 'B_REM_MD5' => $dl_config['md5_remote'], 'L_YES' => _YES, 'L_NO' => _NO, 'L_DELETE' => _DELETE, 'L_UPDATE' => 'Update', 'L_CATEGORY' => _CATEGORY, 'L_SHORT_DESC' => 'Short Description', 'L_MAX_CHARS' => sprintf(_M_CHARS, 255), 'L_DESCRIPTION' => _DESCRIPTION, 'L_AUTHORNAME' => _AUTHORNAME, 'L_AUTHOREMAIL' => _AUTHOREMAIL, 'L_MD5' => 'MD5', 'S_BBCODE' => bbcode_table('in[desc_long]', 'add_download', true), 'DL_TITLE' => htmlprepare($in['title']), 'DL_ACCESS' => group_selectbox('in[access]', $in['access']), 'DL_CATSEL' => $selects, 'DL_DESC_SHORT' => htmlprepare($in['desc_short']), 'DL_DESC_LONG' => htmlprepare($in['desc_long']), 'DL_NOTES' => '', 'DL_REASON' => '', 'DL_NAME' => htmlprepare($in['name']), 'DL_EMAIL' => $in['email'], 'U_DL_FORM' => URL::index('&file=add'))); foreach ($errors as $error) { $cpgtpl->assign_block_vars('dl_errors', array('S_ENTRY' => $error)); } foreach ($warnings as $warning) { $cpgtpl->assign_block_vars('dl_warnings', array('S_ENTRY' => $warning)); } $result = $db->sql_uquery("SELECT * FROM " . $dl_prefix . "_fields \n\tWHERE visible > 0" . (!can_admin($module_name) ? ' AND visible < 3' : '') . " \n\tORDER BY title"); while ($field = $db->sql_fetchrow($result)) { $f_title = defined($field['title']) ? constant($field['title']) : $field['title']; $f_title = $field['visible'] == 2 ? '* ' . $f_title : $f_title; if ($field['type'] == 1 || $field['type'] == 3) { $f_value = isset($in[$field['field']]) ? intval($in[$field['field']]) : $field['size']; $f_value = $f_value > 0 ? array(' checked="checked"', '') : array('', ' checked="checked"'); $cpgtpl->assign_block_vars('fields', array('TITLE' => $f_title, 'TYPE' => $field['type'], 'NAME' => $field['field'], 'S_YES' => $f_value[0], 'S_NO' => $f_value[1])); } else { $f_value = isset($in[$field['field']]) ? htmlprepare($in[$field['field']]) : ''; $cpgtpl->assign_block_vars('fields', array('TITLE' => $f_title, 'TYPE' => $field['type'], 'NAME' => $field['field'], 'SIZE' => $field['size'], 'VALUE' => $f_value)); } } $cpgtpl->set_filenames(array('body' => 'downloads/manage.html')); $cpgtpl->display('body');
// <ttl>60</ttl> a number of minutes that indicates how long a channel can be cached before refresh. echo '<?xml version="1.0" encoding="UTF-8"?> <rss version="2.0"> <channel> <title>' . htmlprepare($sitename) . '</title> <link>' . $BASEHREF . '</link> <description>' . htmlprepare($backend_title) . '</description> <language>' . $backend_language . '</language> <pubDate>' . $date . '</pubDate> <ttl>' . 60 * 24 . '</ttl> <generator>NexOS RSS Feeder</generator> <copyright>' . htmlprepare($sitename) . '</copyright> <category>News</category> <docs>http://cyber.law.harvard.edu/rss/rss.html</docs> <image> <url>' . $BASEHREF . 'images/' . $MAIN_CFG['global']['site_logo'] . '</url> <title>' . htmlprepare($sitename) . '</title> <link>' . $BASEHREF . "</link>\n </image>\n\n"; if ($row) { do { echo '<item> <title>' . htmlprepare($row['title']) . '</title> <link>' . URL::index('News&file=article&sid=' . $row['sid'], true, true) . '</link> <description>' . htmlprepare(decode_bb_all($row['hometext'], 1, true), false, ENT_QUOTES, true) . '</description> <pubDate>' . date('D, d M Y H:i:s \\G\\M\\T', $row['time']) . "</pubDate>\n</item>\n\n"; } while ($row = $db->sql_fetchrow($result)); } ?> </channel> </rss>
} if ($mode != "") { if ($mode == "edit" || $mode == "add") { $word_id = isset($_GET['id']) ? intval($_GET['id']) : 0; $template->set_filenames(array('body' => 'forums/admin/words_edit_body.html')); $s_hidden_fields = ''; if ($mode == "edit") { if ($word_id) { $result = $db->sql_query("SELECT * FROM " . WORDS_TABLE . " WHERE word_id = {$word_id}"); $word_info = $db->sql_fetchrow($result); $s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />'; } else { message_die(GENERAL_MESSAGE, $lang['No_word_selected']); } } $template->assign_vars(array("WORD" => isset($word_info['word']) ? htmlprepare($word_info['word']) : '', "REPLACEMENT" => isset($word_info['replacement']) ? htmlprepare($word_info['replacement']) : '', "L_WORDS_TITLE" => $lang['Words_title'], "L_WORDS_TEXT" => $lang['Words_explain'], "L_WORD_CENSOR" => $lang['Edit_word_censor'], "L_WORD" => $lang['Word'], "L_REPLACEMENT" => $lang['Replacement'], "L_SUBMIT" => $lang['Submit'], "S_WORDS_ACTION" => URL::admin("&do=words"), "S_HIDDEN_FIELDS" => $s_hidden_fields)); } else { if ($mode == "save") { $word_id = isset($_POST['id']) ? intval($_POST['id']) : 0; $word = isset($_POST['word']) ? trim($_POST['word']) : ""; $replacement = isset($_POST['replacement']) ? trim($_POST['replacement']) : ""; if ($word == "" || $replacement == "") { message_die(GENERAL_MESSAGE, $lang['Must_enter_word']); } if ($word_id) { $sql = "UPDATE " . WORDS_TABLE . "\n\t\t\t\tSET word = '" . Fix_Quotes($word) . "', replacement = '" . Fix_Quotes($replacement) . "'\n\t\t\t\tWHERE word_id = {$word_id}"; $message = $lang['Word_updated']; } else { $sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement)\n\t\t\t\tVALUES ('" . Fix_Quotes($word) . "', '" . Fix_Quotes($replacement) . "')"; $message = $lang['Word_added']; }
protected function display_attachment_bodies() { global $attach_config, $db, $is_auth, $lang, $mode, $template, $upload_dir, $userdata, $forum_id; global $phpbb_root_path; $value_add = $value_posted = ''; // // Choose what to display // if (intval($attach_config['show_apcp'])) { if (!empty($_POST['add_attachment_box'])) { $value_add = $this->add_attachment_body == 0 ? '1' : '0'; $this->add_attachment_body = intval($value_add); } else { $value_add = $this->add_attachment_body == 0 ? '0' : '1'; } if (!empty($_POST['posted_attachments_box'])) { $value_posted = $this->posted_attachments_body == 0 ? '1' : '0'; $this->posted_attachments_body = intval($value_posted); } else { $value_posted = $this->posted_attachments_body == 0 ? '0' : '1'; } $template->assign_block_vars('show_apcp', array()); } else { $this->add_attachment_body = 1; $this->posted_attachments_body = 1; } $template->set_filenames(array('attachbody' => 'forums/posting_attach_body.html')); //display_compile_cache_clear($template->files['attachbody'], 'attachbody'); $s_hidden = '<input type="hidden" name="add_attachment_body" value="' . $value_add . '" />'; $s_hidden .= '<input type="hidden" name="posted_attachments_body" value="' . $value_posted . '" />'; $u_rules_id = $forum_id; $template->assign_vars(array('L_ATTACH_POSTING_CP' => $lang['Attach_posting_cp'], 'L_ATTACH_POSTING_CP_EXPLAIN' => $lang['Attach_posting_cp_explain'], 'L_OPTIONS' => $lang['Options'], 'L_ADD_ATTACHMENT_TITLE' => $lang['Add_attachment_title'], 'L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'], 'L_FILE_NAME' => $lang['File_name'], 'L_FILE_COMMENT' => $lang['File_comment'], 'POSTED_ATTACHMENTS_BODY' => '', 'RULES' => '<a href="' . URL::index("Forums&file=attach_rules&f={$u_rules_id}&popup=1") . '" target="_blank">' . $lang['Allowed_extensions_and_sizes'] . '</a>', 'S_HIDDEN' => $s_hidden)); $attachments = array(); if (count($this->attachments) > 0) { if (intval($attach_config['show_apcp'])) { $template->assign_block_vars('switch_posted_attachments', array()); } } if ($this->add_attachment_body) { $template->set_filenames(array('addbody' => 'forums/add_attachment_body.html')); $form_enctype = 'enctype="multipart/form-data" accept-charset="utf-8"'; $template->assign_vars(array('L_ADD_ATTACH_TITLE' => $lang['Add_attachment_title'], 'L_ADD_ATTACH_EXPLAIN' => $lang['Add_attachment_explain'], 'L_ADD_ATTACHMENT' => $lang['Add_attachment'], 'FILE_COMMENT' => htmlprepare($this->file_comment), 'FILESIZE' => intval($attach_config['max_filesize']), 'FILENAME' => $this->filename, 'S_FORM_ENCTYPE' => $form_enctype)); $template->assign_var_from_handle('ADD_ATTACHMENT_BODY', 'addbody'); } if ($this->posted_attachments_body && count($this->attachments) > 0) { $template->set_filenames(array('postedbody' => 'forums/posted_attachments_body.html')); $template->assign_vars(array('L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'], 'L_UPDATE_COMMENT' => $lang['Update_comment'], 'L_UPLOAD_NEW_VERSION' => $lang['Upload_new_version'], 'L_DELETE_ATTACHMENT' => $lang['Delete_attachment'], 'L_DELETE_THUMBNAIL' => $lang['Delete_thumbnail'], 'L_OPTIONS' => $lang['Options'])); for ($i = 0; $i < count($this->attachments); $i++) { if ($this->attachments[$i]['attach_id'] < 1) { $download_link = $upload_dir . '/' . $this->attachments[$i]['physical_filename']; } else { global $module_name; $module = $module_name == 'Private_Messages' ? 'Forums' : $module_name; $download_link = URL::index($module_name . '&file=download&id=' . $this->attachments[$i]['attach_id']); } $template->assign_block_vars('attach_row', array('FILE_NAME' => $this->attachments[$i]['real_filename'], 'ATTACH_FILENAME' => $this->attachments[$i]['physical_filename'], 'FILE_COMMENT' => htmlprepare($this->attachments[$i]['comment']), 'ATTACH_ID' => $this->attachments[$i]['attach_id'], 'U_VIEW_ATTACHMENT' => $download_link)); // // Thumbnail there ? And is the User Admin or Mod ? Then present the 'Delete Thumbnail' Button // if (intval($this->attachments[$i]['thumbnail']) == 1 && ($is_auth['auth_mod'] || $userdata['user_level'] == ADMIN)) { $template->assign_block_vars('attach_row.switch_thumbnail', array()); } if ($this->attachments[$i]['attach_id'] > 0) { $template->assign_block_vars('attach_row.switch_update_attachment', array()); } } $template->assign_var_from_handle('POSTED_ATTACHMENTS_BODY', 'postedbody'); } $template->assign_var_from_handle('ATTACHBOX', 'attachbody'); }