function sendmessage() { global $set, $contactmessage; if (!is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) { die("Contact - aha! Clever!"); } if ($_POST['secCode'] != $_SESSION[session_id()]) { $message = $contactmessage[139]; } else { if (isset($_POST['text'])) { $message = $contactmessage[26]; if ($_POST['text'] != "" && $_POST['name'] != "") { if (extension_loaded("mbstring") && function_exists("mb_encode_mimeheader")) { mb_language("uni"); mb_internal_encoding("UTF-8"); //org $fromname = '"'. mb_encode_mimeheader($set['fromname']).'" <'.$set['fromemail'].'> '; $fromname = '"' . mb_encode_mimeheader($set['author']) . '" <' . $set['wemail'] . '> '; } else { //org $fromname = $set['fromemail']; $fromname = $set['author'] . '" <' . $set['wemail'] . '> '; } // $email = html_entity_decode(sanitize($_POST['email'])); $text = html_entity_decode(sanitize($_POST['text'])); $name = html_entity_decode(sanitize($_POST['name'])); $phone = html_entity_decode(sanitize($_POST['phone'])); /* $additional_header = array(); $additional_header[] = 'MIME-Version: 1.0'; $additional_header[] = 'Content-Type: text/plain; charset=utf-8'; $additional_header[] = 'Content-Transfer-Encoding: 7bit '; $additional_header[] = 'From: ' .$fromname.' '.$email; */ //org $to=$set['toemail']."\r\n"; $to = $set['wemail'] . "\r\n"; $subject = $contactmessage[27] . $name . " via Website"; $mailbody = $contactmessage[27] . ": " . $name . "\r\n\r\n" . $contactmessage[31] . ": " . $email . "\r\n"; if ($phone != "") { $mailbody .= $contactmessage[34] . ": " . $phone . "\r\n"; } $mailbody .= "\r\n\r\n" . $contactmessage[32] . ":\r\n\r\n" . $text; $additional_header = 'MIME-Version: 1.0' . "\r\n" . 'Content-Type: text/plain; charset=utf-8' . "\r\n" . 'Content-Transfer-Encoding: 7bit ' . "\r\n" . 'From: ' . $fromname . "\r\n"; if ($email != "") { $additional_header .= 'Reply-To: ' . $name . '" <' . $email . '> ' . "\r\n"; } $additional_header .= 'X-Mailer: LightNEasy '; //org if(!mail($to, $contactmessage[27].$set['fromname'], $contactmessage[27].$name."\r\n".$email."\r\n".$phone."\r\n\r\n\r\n".$text, implode("\r\n", $additional_header) )) if (!mail($to, $subject, $mailbody, $additional_header)) { $message = $contactmessage[28]; } } else { $message = $contactmessage[29]; } } else { $message = $contactmessage[29]; } } return $message; }
foreach ($news['config']['gallery_allowed_ext'] as $ikey => $ivalue) { $news['config']['gallery_allowed_ext'][$ikey] = _dbEscape($ivalue); } $news['config']['gallery_allowed_ext'] = implode(',', $news['config']['gallery_allowed_ext']); } else { $news['config']['gallery_allowed_ext'] = ''; } // start parsing news entries $news['row_count'] = 1; $news['total_count'] = 1; $news['entry_count'] = count($news['result']); // set new target if necessary if (empty($news['news_detail_link'])) { $news['base_href'] = rel_url($news['listing_page'], array('newsdetail')); } else { if (is_intval($news['news_detail_link'])) { $news['news_detail_link'] = 'aid=' . $news['news_detail_link']; } $news['base_href'] = rel_url($news['listing_page'], array('newsdetail'), $news['news_detail_link']); } foreach ($news['result'] as $key => $value) { $value['cnt_object'] = @unserialize($value['cnt_object']); $news['entries'][$key] = getFrontendEditLink('news', $value['cnt_id']); if (empty($value['cnt_object']['cnt_files']['gallery'])) { $news['tmpl_gallery_item'] = ''; $news['entries'][$key] .= $news['tmpl_entry']; } else { if (empty($news['tmpl_gallery_item'])) { $news['tmpl_gallery_item'] = get_tmpl_section('GALLERY_ITEM', $news['tmpl_entry']); } $news['entries'][$key] .= replace_tmpl_section('GALLERY_ITEM', $news['tmpl_entry']);
function users() { global $langmessage, $prefix; $out = "<h2>{$langmessage['154']}</h2>\n<hr />\n"; if ($_GET['id'] != "" && !is_intval($_GET['id']) || $_GET['pag'] != "" && !is_intval($_GET['pag'])) { die($langmessage[98]); } if ($_GET['action'] == "deleteuser") { $result = dbquery('SELECT * FROM ' . $prefix . 'users WHERE id=' . $_GET['id']); if ($row = fetch_array($result)) { if ($_SESSION['adminlevel'] >= $row['adminlevel']) { $out .= userform($_GET['id'], $row, true); } } } elseif ($_GET['action'] == "edituser") { $result = dbquery('SELECT * FROM ' . $prefix . 'users WHERE id=' . $_GET['id']); if ($row = fetch_array($result)) { $out .= userform($_GET['id'], $row); } } else { $out .= userform(); } $out .= "<div style=\"margin-top: 20px;\">\n<table style=\"border: none;\">\n"; $multy = false; $result = dbquery('SELECT * FROM ' . $prefix . 'users ORDER BY handle'); $pages = num_rows($result); if ($pages > 25) { if ($_GET['pag'] == "") { $_GET['pag'] = 1; } $query = "SELECT * FROM " . $prefix . "users "; if (isset($_GET['letter'])) { $query .= "WHERE UPPER(SUBSTR(handle,1,1))=\"" . sanitize($_GET['letter']) . "\" "; } $query .= "ORDER BY handle limit " . ($_GET['pag'] - 1) * 25 . ", 25"; $result = dbquery($query); $pagebar = "<tr><td colspan=\"6\" align=\"left\"><a href=\"LightNEasy.php?page=index&do=users"; if (isset($_GET['letter'])) { $pagebar .= "&letter=" . sanitize($_GET['letter']); } $pagebar .= "&pag="; if ($_GET['pag'] > 1) { $pagebar .= $_GET['pag'] - 1; } else { $pagebar .= $_GET['pag']; } $pagebar .= "\"><</a> "; $result1 = dbquery("SELECT DISTINCT UPPER(SUBSTR(handle,1,1)) as letter FROM " . $prefix . "users ORDER BY handle ASC"); while ($row = fetch_array($result1)) { $pagebar .= "<a href=\"LightNEasy.php?page=index&do=users&letter=" . $row['letter'] . "&pag=1\">" . $row['letter'] . "</a> "; } $pagebar .= " <a href=\"LightNEasy.php?page=index&do=users"; if (isset($_GET['letter'])) { $pagebar .= "&letter=" . sanitize($_GET['letter']); } $pagebar .= "&pag="; if ($pages > $_GET['pag'] * 25) { $pagebar .= $_GET['pag'] + 1; } else { $pagebar .= $_GET['pag']; } $pagebar .= "\"> ></a></td></tr>\n"; $out .= $pagebar; $multy = true; } while ($row = fetch_array($result)) { $out .= "<tr><td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?do=users&action=edituser&id=" . $row['id'] . "\"><img style=\"padding: none; border: none;\" src=\"images/edit.png\" alt=\"edit\" /></a></td>"; $out .= "<td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?do=users&action=deleteuser&id=" . $row['id'] . "\"><img style=\"padding: none; border: none;\" src=\"images/editdelete.png\" alt=\"delete\" /></a></td>"; $out .= "<td><b>" . decode($row['handle']) . "</b></td><td>" . $row['adminlevel'] . "</td><td>" . $row['ip'] . "</td><td>" . strftime("%m/%d/%y", $row['datejoined']) . "</td></tr>\n"; } if ($multy) { $out .= $pagebar; } $out .= "</table>\n</div>\n"; return $out; }
* @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type Search Form $content["template"] = clean_slweg($_POST['template']); $content["search"]["result_per_page"] = empty($_POST["csearch_result_per_page"]) ? '' : intval($_POST["csearch_result_per_page"]); $content["search"]["wordlimit"] = isset($_POST["csearch_wordlimit"]) ? trim($_POST["csearch_wordlimit"]) : ''; $content["search"]["wordlimit"] = is_intval($content["search"]["wordlimit"]) ? intval($content["search"]["wordlimit"]) : ''; $content["search"]["newwin"] = isset($_POST["csearch_newwin"]) ? 1 : 0; $content["search"]["highlight_result"] = isset($_POST["csearch_highlight"]) ? 1 : 0; $content["search"]["label_input"] = html_specialchars(clean_slweg($_POST["csearch_label_input"])); $content["search"]["style_input"] = html_specialchars(clean_slweg($_POST["csearch_style_input"])); $content["search"]["label_button"] = html_specialchars(clean_slweg($_POST["csearch_label_button"])); $content["search"]["style_button"] = html_specialchars(clean_slweg($_POST["csearch_style_button"])); $content["search"]["label_result"] = slweg($_POST["csearch_label_result"]); $content["search"]["style_result"] = html_specialchars(clean_slweg($_POST["csearch_style_result"])); $content["search"]["align"] = isset($_POST["csearch_align"]) ? intval($_POST["csearch_align"]) : 0; $content["search"]["text_intro"] = slweg($_POST["csearch_text_intro"], 65500); $content["search"]["text_result"] = slweg($_POST["csearch_text_result"], 65500); $content["search"]["text_noresult"] = slweg($_POST["csearch_text_noresult"], 65500); $content["search"]["template"] = isset($_POST["csearch_template"]) ? slweg($_POST["csearch_template"]) : ''; $content['search']["text_html"] = empty($_POST['csearch_text_html']) ? 0 : (intval($_POST['csearch_text_html']) ? 1 : 0); $content["search"]["label_pages"] = slweg($_POST['csearch_label_pages']);
if (!isset($_tmpl['config']['shop_url'])) { $_tmpl['config']['shop_url'] = _getConfig('shop_pref_id_shop', '_shopPref'); } if (!isset($_tmpl['config']['cart_url'])) { $_tmpl['config']['cart_url'] = _getConfig('shop_pref_id_cart', '_shopPref'); } if (!is_intval($_tmpl['config']['shop_url']) && is_string($_tmpl['config']['shop_url'])) { $_tmpl['config']['shop_url'] = trim($_tmpl['config']['shop_url']); } elseif (is_intval($_tmpl['config']['shop_url']) && intval($_tmpl['config']['shop_url'])) { $_tmpl['config']['shop_url'] = 'aid=' . intval($_tmpl['config']['shop_url']); } else { $_tmpl['config']['shop_url'] = $aktion[1] ? 'aid=' . $aktion[1] : 'id=' . $aktion[0]; } if (!is_intval($_tmpl['config']['cart_url']) && is_string($_tmpl['config']['cart_url'])) { $_tmpl['config']['cart_url'] = trim($_tmpl['config']['cart_url']); } elseif (is_intval($_tmpl['config']['cart_url']) && intval($_tmpl['config']['cart_url'])) { $_tmpl['config']['cart_url'] = 'aid=' . intval($_tmpl['config']['cart_url']); } else { $_tmpl['config']['cart_url'] = $aktion[1] ? 'aid=' . $aktion[1] : 'id=' . $aktion[0]; } if ($_tmpl['config']['shop_wrap']) { $_tmpl['config']['shop_wrap'] = explode('|', $_tmpl['config']['shop_wrap']); $_tmpl['config']['shop_wrap'] = array('prefix' => trim($_tmpl['config']['shop_wrap'][0]) . LF, 'suffix' => empty($_tmpl['config']['shop_wrap'][1]) ? '' : LF . trim($_tmpl['config']['shop_wrap'][1])); } else { $_tmpl['config']['shop_wrap'] = array('prefix' => '', 'suffix' => ''); } $_tmpl['config']['price_decimals'] = (int) $_tmpl['config']['price_decimals']; $_tmpl['config']['vat_decimals'] = (int) $_tmpl['config']['vat_decimals']; $_tmpl['config']['weight_decimals'] = (int) $_tmpl['config']['weight_decimals']; if ($_tmpl['config']['shop_css']) { renderHeadCSS($_tmpl['config']['shop_css']);
| Copyright 2007 - 2011 Fernando Baptista | http://www.lightneasy.org +----------------------------------------------------+ | Addon Downloads send module main.php | Version 3.2.4 SQLite/MySQL +----------------------------------------------------+ | Released under the terms & conditions of v2 of the | GNU General Public License. For details refer to | the included gpl.txt file or visit http://gnu.org +----------------------------------------------------*/ if (isset($_GET['dlid'])) { global $set, $prefix, $fuso_s; // there is a download request require_once "../../data/database.php"; require_once "../../LightNEasy/common.php"; if (!is_intval($_GET['dlid'])) { die("Downloads - Aha! Clever!"); } if ($MySQL == 1) { $sqldbdb = @mysql_connect($databasehost, $databaselogin, $databasepassword) or die("Error - Could not connect to MySQL server: " . mysql_error()); @mysql_select_db($databasename) or die("Error - Could not open MySQL database " . mysql_error()); } elseif ($MySQL == 0) { if (!($sqldbdb = @sqlite_open("../../data/{$databasename}.db"))) { die("Error - Could not open SQLite 2 database"); } } else { if (!($sqldbdb = new SQLite3("../../data/{$databasename}.db"))) { die("Couldn't open SQLite 3 database"); } } readsetup();
function asurvey() { global $prefix, $sqldbdb, $MySQL, $set, $langmessage; if (file_exists("addons/survey/lang/lang_" . $set['language'] . ".php")) { require_once "addons/survey/lang/lang_" . $set['language'] . ".php"; } else { require_once "addons/survey/lang/lang_en_US.php"; } // Check if table exists in the database if ($MySQL == 0) { if (!($aa = sqlite_fetch_column_types($prefix . "surveynames", $sqldbdb))) { dbquery("CREATE TABLE " . $prefix . "surveynames ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL)"); } if (!($aa = sqlite_fetch_column_types($prefix . "surveyvotes", $sqldbdb))) { dbquery("CREATE TABLE " . $prefix . "surveyvotes ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL)"); } } else { dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveynames ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL, PRIMARY KEY (id))"); dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveyvotes ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL, PRIMARY KEY (id))"); } if (isset($_POST['surveysubmit'])) { if ($_POST['surveysubmit'] == "New Survey" && $_POST['surveyname'] != "") { if (!is_intval($_POST['adminlevel'])) { die($langmessage[98]); } dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, 0, \"" . encode(sanitize($_POST['surveyname'])) . "\", 0, " . $_POST['adminlevel'] . ")"); } if ($_POST['surveysubmit'] == "Delete Survey" && $_POST['surveyid'] != "") { if (!is_intval($_POST['surveyid'])) { die($langmessage[98]); } dbquery("DELETE FROM " . $prefix . "surveynames WHERE (id=" . $_POST['surveyid'] . " AND surveyid=0) OR surveyid=" . $_POST['surveyid']); dbquery("DELETE FROM " . $prefix . "surveyvotes WHERE surveyid=" . $_POST['surveyid']); } if ($_POST['surveysubmit'] == "Add Option" && $_POST['option'] != "") { if (!is_intval($_POST['surveyid']) || !is_intval($_POST['place'])) { die($langmessage[98]); } dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, " . $_POST['surveyid'] . ", \"" . encode(sanitize($_POST['option'])) . "\", " . $_POST['place'] . ", 0)"); } } $out .= "<h2>{$surveymessage['15']}</h2>\n<hr />\n"; $out .= "<h3>{$surveymessage['1']}</h3>\n"; $out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n"; $out .= "<table>\n<tr><td>{$surveymessage['2']}: </td><td><input type=\"text\" name=\"surveyname\" value=\"\" size=\"50\" /></td></tr>\n"; $out .= "<tr><td>{$surveymessage['3']}: </td><td><SELECT name=\"adminlevel\">\n"; $out .= "<option value=\"0\">{$langmessage['161']}</option>\n"; $out .= "<option value=\"2\">{$langmessage['162']}</option>\n"; $out .= "<option value=\"3\">{$langmessage['29']}</option>\n"; $out .= "<option value=\"4\">{$langmessage['163']}</option>\n"; $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"New Survey\" /></td>"; $out .= "<td><input type=\"submit\" value=\"{$surveymessage['1']}\" name=\"aaa\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $out .= "<hr /><h3>{$surveymessage['5']}</h3>\n"; $out .= "<form name=\"form2\" method=\"POST\" action=\"\">\n"; $out .= "<table>\n"; $out .= "<tr><td>{$surveymessage['5']}: </td><td><SELECT name=\"surveyid\">\n"; $output = dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0"); $row = fetch_all($output); $i = 0; while ($row[$i]['surveyname']) { $out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n"; $i++; } $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Delete Survey\" /></td>"; $out .= "<td><input type=\"submit\" value=\"{$surveymessage['5']}\" name=\"aaa\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $out .= "<hr /><h3>{$surveymessage['6']}</h3>\n"; $out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n"; $out .= "<table>\n"; $out .= "<tr><td>{$surveymessage['2']}: </td><td><SELECT name=\"surveyid\">\n"; $row = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0")); $i = 0; while ($row[$i]['surveyname']) { $out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n"; $i++; } $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td>{$surveymessage['7']}: </td><td><input type=\"text\" name=\"place\" size=\"2\" value=\"\" /></td></tr>\n"; $out .= "<tr><td>{$surveymessage['8']}: </td><td><input type=\"text\" name=\"option\" size=\"50\" value=\"\" /></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Add Option\" /></td>"; $out .= "<td><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['9']}\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $out .= "<hr /><h3>{$surveymessage['4']}</h3>\n<ul>"; $i = 0; while ($row[$i]['id']) { $out .= "<li>" . $row[$i]['id'] . " - " . decode($row[$i]['surveyname']) . "</li>\n"; $row1 = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $row[$i]['id'])); $j = 0; $out .= "<ul>"; while ($row1[$j]['id']) { $out .= "<li>" . $row1[$j]['surveyname'] . "</li>\n"; $j++; } $out .= "</ul>\n"; $i++; } $out .= "</ul>\n"; return $out; }
function update_404redirect() { $data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s'))); if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) { $data['error'][] = $GLOBALS['BL']['be_redirect_error1']; } if ($data['data']['type'] && $data['data']['target'] === '') { $data['error'][] = $GLOBALS['BL']['be_redirect_error2']; } elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) { $data['error'][] = $GLOBALS['BL']['be_redirect_error3']; } if (count($data['error'])) { $data['data']['active'] = 0; set_status_message(implode('<br />', $data['error']), 'error'); } else { $data['error'] = NULL; $rid = $data['data']['rid']; unset($data['data']['rid']); if ($rid) { // Mark for deletion if (isset($_POST['delete_' . md5($rid)])) { $data['data']['active'] = 9; $result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE'); } else { $result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid); } } else { $result = _dbInsert('phpwcms_redirect', $data['data']); if (isset($result['INSERT_ID'])) { $rid = $result['INSERT_ID']; } } $data['data']['rid'] = $rid; if ($result) { if ($data['data']['active'] == 9) { set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success'); headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14'); } else { set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success'); } } else { set_status_message($GLOBALS['BL']['be_error_while_save'], 'error'); } } return $data; }
function qminimal($a) { if (is_intval($a)) { return (string) $a; } return qq($a); }
function saveprofile() { global $message, $prefix; if (!is_intval($_POST['userid'])) { die("aha! Naughty!"); } $handle = encode(sanitize($_POST['handle'])); $password = sanitize($_POST['password']); $repeatpassword = sanitize($_POST['repeatpassword']); $email = sanitize(strip_tags($_POST['email'])); $firstname = encode(sanitize(strip_tags($_POST['firstname']))); $lastname = encode(sanitize(strip_tags($_POST['lastname']))); $website = sanitize(strip_tags($_POST['website'])); $location = encode(sanitize(strip_tags($_POST['location']))); $query = "UPDATE " . $prefix . "users SET email=\"{$email}\", firstname=\"{$firstname}\", lastname=\"{$lastname}\", handle=\"{$handle}\", website=\"{$website}\", location=\"{$location}\""; if ($_POST['password'] != "") { if ($_POST['password'] == $_POST['repeatpassword']) { $query .= ", password=\"" . sha1($_POST['password']) . "\""; } else { $message = $langmessage[180]; } } $query .= " WHERE id=" . $_POST['userid']; dbquery($query); }
/** * Parse matched replacement tag */ function parse_match($match = '') { $default = array(); $match = trim($match); // set query defaults $this->dbReset(); $this->defaultTemplate(); if ($match !== '' && strpos($match, '=') !== FALSE) { // oh yes fix, in case LF was converted to <br /> by phpwcms $match = str_replace('<br />', LF, $match); // result is a normal array $match = parse_ini_str($match, false); $default['items'] = isset($match['items']) ? intval($match['items']) : $this->limit; $default['template'] = empty($match['template']) ? '' : trim($match['template']); $default['lang'] = empty($match['lang']) ? '' : trim($match['lang']); $default['tag'] = empty($match['tag']) ? '' : trim($match['tag']); $default['tagmode'] = empty($match['tagmode']) ? 'OR' : (trim(strtoupper($match['tagmode'])) === 'AND' ? 'AND' : 'OR'); $default['href'] = empty($match['href']) ? '' : trim($match['href']); $default['place'] = empty($match['place']) ? '' : trim($match['place']); $default['gettype'] = empty($match['gettype']) ? '' : $match['gettype']; $default['teaserwords'] = empty($match['teaserwords']) ? 0 : intval($match['teaserwords']); if (!empty($match['expired'])) { $match['expired'] = strtolower(trim($match['expired'])); $default['expired'] = in_array($match['expired'], array('hide', 'bottom', 'top')) ? $match['expired'] : ''; } else { $default['expired'] = ''; } if (!empty($match['expired_date'])) { $match['expired_date'] = strtoupper(trim($match['expired_date'])); $default['expired_date'] = in_array($match['expired_date'], array('START', 'END')) ? $match['expired_date'] : 'END'; } else { $default['expired_date'] = 'END'; } $default['expired_prefix'] = empty($match['expired_prefix']) ? '' : trim($match['expired_prefix']); $default['expired_suffix'] = empty($match['expired_suffix']) ? '' : trim($match['expired_suffix']); } else { // base format // 2,main_page.tmpl,de en, href, tag1, tag2 tag2, tag3 : date_start, date_end, place // [item count,[template[,language(en de - separated by space)[, href, tags, tag, tag, tag]]]] $match = explode(',', $match, 5); $default['items'] = intval($match[0]); $default['lang'] = empty($match[1]) ? '' : $match[1]; $default['template'] = empty($match[2]) ? '' : trim($match[2]); $default['href'] = empty($match[3]) ? '' : trim($match[3]); $default['tagmode'] = 'OR'; $default['place'] = ''; $default['gettype'] = ''; $default['teaserwords'] = 0; $default['expired'] = ''; $default['expired_date'] = 'END'; $default['expired_prefix'] = ''; $default['expired_suffix'] = ''; if (empty($match[4])) { $default['tag'] = ''; } else { // check for start/end date $match[4] = explode(':', $match[4], 2); if (isset($match[4][1])) { $match[4][1] = explode(',', $match[4][1], 3); if (!empty($match[4][1][0])) { $match['date_start'] = $match[4][1][0]; } else { $match['date_start'] = 'TODAY'; } if (!empty($match[4][1][1])) { $match['date_end'] = $match[4][1][1]; } else { $match['date_end'] = 365 * 24 * 60 * 60 - 1; // + 365 days - 1 second } if (!empty($match[4][1][2])) { $default['place'] = trim($match[4][1][2]); } } } } // check for limit if (isset($_POST[$this->getbasis . 'limit'])) { $default['items'] = intval(clean_slweg($_POST[$this->getbasis . 'limit'])); $this->session = true; } elseif (isset($_GET[$this->getbasis . 'limit'])) { $default['items'] = intval(clean_slweg($_GET[$this->getbasis . 'limit'])); $this->session = true; } elseif (!empty($_SESSION['pcal']['limit'])) { $default['items'] = $_SESSION['pcal']['limit']; } // check for place to search if (isset($_POST[$this->getbasis . 'place'])) { $default['place'] = clean_slweg($_POST[$this->getbasis . 'place']); $this->session = true; } elseif (isset($_GET[$this->getbasis . 'place'])) { $default['place'] = clean_slweg($_GET[$this->getbasis . 'place']); $this->session = true; } elseif (!empty($_SESSION['pcal']['place'])) { $default['place'] = $_SESSION['pcal']['place']; } // custom start date if (isset($_POST[$this->getbasis . 'start'])) { if (empty($_POST[$this->getbasis . 'start'])) { $match['date_start'] = $_POST[$this->getbasis . 'start_year'] . '-' . $_POST[$this->getbasis . 'start_month'] . '-' . $_POST[$this->getbasis . 'start_day'] . ' 00:00:00'; } else { $match['date_start'] = $_POST[$this->getbasis . 'start']; } $match['date_start'] = clean_slweg($match['date_start']); $this->session = true; } elseif (isset($_GET[$this->getbasis . 'start'])) { if (empty($_GET[$this->getbasis . 'start'])) { $match['date_start'] = $_GET[$this->getbasis . 'start_year'] . '-' . $_GET[$this->getbasis . 'start_month'] . '-' . $_GET[$this->getbasis . 'start_day'] . ' 00:00:00'; } else { $match['date_start'] = $_GET[$this->getbasis . 'start']; } $match['date_start'] = clean_slweg($match['date_start']); $this->session = true; } elseif (!empty($_SESSION['pcal']['date_start'])) { $match['date_start'] = $_SESSION['pcal']['date_start']; } // custom end date if (isset($_POST[$this->getbasis . 'end'])) { if (empty($_POST[$this->getbasis . 'end'])) { $match['date_end'] = $_POST[$this->getbasis . 'end_year'] . '-' . $_POST[$this->getbasis . 'end_month'] . '-' . $_POST[$this->getbasis . 'end_day'] . ' 23:59:59'; } else { $match['date_end'] = $_POST[$this->getbasis . 'end']; } $match['date_end'] = clean_slweg($match['date_end']); $this->session = true; } elseif (isset($_GET[$this->getbasis . 'end'])) { if (empty($_GET[$this->getbasis . 'end'])) { $match['date_end'] = $_GET[$this->getbasis . 'end_year'] . '-' . $_GET[$this->getbasis . 'end_month'] . '-' . $_GET[$this->getbasis . 'end_day'] . ' 23:59:59'; } else { $match['date_end'] = $_GET[$this->getbasis . 'end']; } $this->session = true; } elseif (!empty($_SESSION['pcal']['date_end'])) { $match['date_end'] = $_SESSION['pcal']['date_end']; } // set custom defined start/end date if (!empty($match['date_start'])) { $match['date_start'] = trim($match['date_start']); if (strtoupper($match['date_start']) == 'TODAY') { $this->date_start = mktime(0, 0, 0, $this->current_date['mon'], $this->current_date['mday'], $this->current_date['year']); } elseif (strtoupper($match['date_start']) == 'WEEKSTART') { $this->date_start = strtotime((intval(date('w', $this->current_date[0])) === 1 ? 'Today' : 'last Monday') . ' 00:00:00'); } elseif (strtoupper($match['date_start']) == 'MONTHSTART') { $this->date_start = mktime(0, 0, 0, $this->current_date['mon'], 1, $this->current_date['year']); } elseif (strtoupper($match['date_start']) == 'YEARSTART') { $this->date_start = mktime(0, 0, 0, 1, 1, $current_date['year']); } else { $match['date_start'] = phpwcms_strtotime($match['date_start']); if ($match['date_start']) { $this->date_start = $match['date_start']; } } } if (!empty($match['date_end'])) { $match['date_end'] = strtoupper(trim($match['date_end'])); if (is_intval($match['date_end'])) { $this->date_end = ceil($this->date_start + $match['date_end'] * 24 * 3600); // Get Seconds of this day and match against 23:59:59 $today_hours = date('G', $this->date_end) * 3600; $today_minutes = intval(date('i', $this->date_end)) * 60; $today_seconds = intval(date('s', $this->date_end)); $total_seconds = $today_hours + $today_minutes + $today_seconds; $this->date_end += 24 * 3600 - $total_seconds - 1; } elseif ($match['date_end'] == 'TODAY') { $this->date_end = mktime(23, 59, 59, $this->current_date['mon'], $this->current_date['mday'], $this->current_date['year']); } elseif ($match['date_end'] == 'WEEKEND') { $this->date_end = strtotime('next Sunday 23:59:59'); } elseif (preg_match('/(\\d+)\\s{0,1}(DAY|DAYS|WEEK|WEEKS|MONTH|MONTHS)/', $match['date_end'], $add)) { $this->date_end = strtotime('+' . $add[1] . ' ' . $add[2] . ' 23:59:59', $this->date_start); } elseif (strtoupper($match['date_end']) == 'MONTHEND') { $this->date_end = mktime(23, 59, 59, $this->current_date['mon'], intval(date('t', $this->current_date[0])), $this->current_date['year']); } elseif (strtoupper($match['date_end']) == 'YEAREND') { $this->date_end = mktime(23, 59, 59, 12, 31, $current_date['year']); } else { if (strlen($match['date_end']) < 12 && preg_match('/[0-9\\-]/', $match['date_end']) && strpos($match['date_end'], ':') === false) { $match['date_end'] .= ' 23:59:59'; } $match['date_end'] = phpwcms_strtotime($match['date_end']); if ($match['date_end']) { $this->date_end = $match['date_end']; } } } if ($this->date_end <= $this->date_start) { $this->date_end = mktime(0, 0, 0, $this->current_date['mon'], $this->current_date['mday'], $this->current_date['year'] + 1) - 1; } $this->limit = $default['items']; $this->limit_item = $default['items']; $this->href = $default['href']; $this->gettype = $default['gettype']; $this->teaserwords = $default['teaserwords']; $this->expired = $default['expired']; $this->expired_date = $default['expired_date']; $this->expired_prefix = $default['expired_prefix']; $this->expired_suffix = $default['expired_suffix']; if ($default['template'] !== '') { $default['template'] = preg_replace('/[\\/\\:]/', '', $default['template']); if (is_file(PHPWCMS_TEMPLATE . 'calendar/' . $default['template'])) { $default['template'] = file_get_contents(PHPWCMS_TEMPLATE . 'calendar/' . $default['template']); if ($default['template']) { $default['template'] = str_replace('{STARTDATE', '{LIVEDATE', $default['template']); $default['template'] = str_replace('{ENDDATE', '{KILLDATE', $default['template']); $this->template = $default['template']; } } } $where = array(); if ($default['lang'] !== '') { $default['lang'] = str_replace(',', ' ', preg_replace('/[^a-z\\-]/', '', strtolower($default['lang']))); $default['lang'] = array_intersect(convertStringToArray($default['lang'], ' '), $GLOBALS['phpwcms']['allowed_lang']); if (count($default['lang'])) { $this->where_lang = "calendar_lang IN ('" . implode("','", $default['lang']) . "')"; $where[] = $this->where_lang; } } if ($default['place'] !== '') { $places = convertStringToArray(strtolower($default['place']), ','); $place_items = array(); foreach ($places as $place) { $place_items[] = 'calendar_where LIKE ' . _dbEscape('%' . $place . '%'); } if (count($place_items)) { $this->where_place = '(' . implode(' OR ', $place_items) . ')'; $where[] = $this->where_place; } } if ($default['tag'] !== '') { $default['tag'] = convertStringToArray(strtolower($default['tag']), ','); if (count($default['tag'])) { $tag_where = array(); foreach ($default['tag'] as $tag) { $tag_where[] = "cat_name='" . aporeplace($tag) . "'"; } if (count($tag_where)) { $this->where_tag = '(' . implode(' ' . $default['tagmode'] . ' ', $tag_where) . ')'; $where[] = $this->where_tag; $this->join_on = 'LEFT JOIN ' . DB_PREPEND . 'phpwcms_categories ON cat_pid=calendar_id'; $this->group_by = 'calendar_id'; } } } $this->where = implode(' AND ', $where); $this->datetime_start = date('Y-m-d H:i:s', $this->date_start); $this->datetime_end = date('Y-m-d H:i:s', $this->date_end); $this->place = $default['place']; $this->getDate(); if ($this->session && session_id()) { $this->session = array('date_start' => $this->datetime_start, 'date_end' => $this->datetime_end, 'place' => $default['place'], 'limit' => $default['items']); $_SESSION['pcal'] = isset($_SESSION['pcal']) ? array_merge($_SESSION['pcal'], $this->session) : $this->session; } return $default; }
$content['news']['news_detail_link'] = clean_slweg($_POST['news_detail_link']); if (!count($content['news']['news_lang']) || isset($content['news']['news_lang'][0]) && $content['news']['news_lang'][0] == '') { $content['news']['news_lang'] = array(); } if (empty($content['news']['news_sort']) || $content['news']['news_sort'] > 10) { $content['news']['news_sort'] = 9; } if (empty($content['news']['news_paginate_count'])) { $content['news']['news_paginate_count'] = $content['news']['news_paginate'] ? 10 : ''; } if ($content['news']['news_paginate_basis'] > 4) { $content['news']['news_paginate_basis'] = 3; } if (empty($content['news']['news_limit'])) { $content['news']['news_limit'] = ''; } if (empty($content['news']['news_skip'])) { $content['news']['news_skip'] = ''; } if ($content['news']['news_archive'] > 3) { $content['news']['news_sort'] = 1; } if (!in_array($content['news']['news_andor'], array('OR', 'AND', 'NOT'))) { $content['news']['news_andor'] = 'OR'; } if (is_intval($content['news']['news_detail_link'])) { $content['news']['news_detail_link'] = intval($content['news']['news_detail_link']) ? intval($content['news']['news_detail_link']) : ''; } if (is_intval($content['news']['news_archive_link'])) { $content['news']['news_archive_link'] = intval($content['news']['news_archive_link']) ? intval($content['news']['news_archive_link']) : ''; }
unlink($target_path); } $imagename = encode(sanitize($_POST['imagename'])); if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { @chmod($target_path, 0644); dbquery("INSERT INTO " . $prefix . "images ( id, file, name ) VALUES (null, \"" . basename($_FILES['uploadedfile']['name']) . "\", \"{$imagename}\" )"); $message = $gallerymessage[124] . basename($_FILES['uploadedfile']['name']) . $gallerymessage[125]; } else { $message = $gallerymessage[123]; } } unset($_GET['do']); } if ($_POST['submit'] == "Submit Settings") { $message = ""; if (!is_intval($_POST['maxfilesize']) || !is_intval($_POST['thumbnailwidth'])) { die($langmessage[98]); } if (!($fp = fopen("addons/gallery/settings.php", "w"))) { die($langmessage[55]); } fwrite($fp, "<?php\n\$maxfilesize=" . $_POST['maxfilesize'] . ";\n\$thumbnailwidth=" . $_POST['thumbnailwidth'] . ";\n?>\n"); fclose($fp); $message = $langmessage[150]; } function images() { global $gallerymessage, $max_upload_image_size, $prefix; $out = "<h2>{$gallerymessage['7']}</h2>\n<hr />\n<div align=\"center\">\n"; if ($_GET['do'] == "gallery" && $_GET['action'] == "delete" && $_GET['name'] != "") { $out .= deleteimage($_GET['name']);
function auploads() { global $prefix, $langmessage, $set; if (file_exists("addons/uploads/lang/lang_" . $set['language'] . ".php")) { require_once "addons/uploads/lang/lang_" . $set['language'] . ".php"; } else { require_once "addons/uploads/lang/lang_en_US.php"; } require_once "addons/uploads/settings.php"; $message = ""; if ($_POST['submitupload'] == "Transfer upload") { if (!is_intval($_POST['cat']) || !is_intval($_POST['fileid'])) { die($uploadsmessage[16]); } dbquery("UPDATE " . $prefix . "downloads SET ex=" . $_POST['cat'] . " WHERE reg=" . $_POST['fileid']); $filename = sanitize($_POST['filename']); rename("./uploads/" . $filename, "./downloads/" . $filename); } if ($_POST['submitupload'] == "savesettings") { if (!is_intval($_POST['adminlevel']) || !is_intval($_POST['maxsize'])) { die($langmessage[98]); } $adminlevel = $_POST['adminlevel']; $max_upload_file_size = $_POST['maxsize']; if (!($fp = fopen("addons/uploads/settings.php", "w"))) { die($langmessage[55]); } fwrite($fp, "<?php\n\$adminlevel=" . $_POST['adminlevel'] . ";\n\$max_upload_file_size={$max_upload_file_size};\n?>\n"); fclose($fp); $message = $langmessage[150]; } if ($message != "") { $out .= "<h3 style=\"color: red;\">" . $message . "</h3>\n"; } $out .= "<h2>{$uploadsmessage['1']}</h2>\n<hr />\n"; $out .= "<h3>{$uploadsmessage['18']}</h3>\n"; $out .= "<form name=\"formn\" method=\"POST\" action=\"\">\n"; $out .= "<table><tr><td>{$uploadsmessage['17']}:</td><td><SELECT name=\"adminlevel\">\n"; $out .= "<option value=\"1\""; if ($adminlevel == 1) { $out .= " SELECTED"; } $out .= ">{$langmessage['161']}</option>\n"; $out .= "<option value=\"2\""; if ($adminlevel == 2) { $out .= " SELECTED"; } $out .= ">{$langmessage['162']}</option>\n"; $out .= "<option value=\"3\""; if ($adminlevel == 3) { $out .= " SELECTED"; } $out .= ">{$langmessage['29']}</option>\n"; $out .= "<option value=\"4\""; if ($adminlevel == 4) { $out .= " SELECTED"; } $out .= ">{$langmessage['163']}</option>\n"; $out .= "</SELECT></td></tr>\n"; $out .= "<tr><td>{$uploadsmessage['20']}:</td><td><input type=\"text\" name=\"maxsize\" value=\"{$max_upload_file_size}\" /></td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"submitupload\" value=\"savesettings\" /></td>"; $out .= "<td><input type=\"submit\" name=\"aaa\" value=\"{$uploadsmessage['19']}\" /></td></tr>\n"; $out .= "</table>\n</form>\n"; $cat = fetch_array(dbquery("SELECT * FROM " . $prefix . "downloadscat WHERE nome=\"Uploads\"")); $result = dbquery("SELECT * FROM " . $prefix . "downloads WHERE ex=" . $cat['id'] . " ORDER BY reg DESC"); $out .= "<hr /><h3>{$uploadsmessage['14']}</h3>\n"; $out .= "<form name=\"formm\" method=\"POST\" action=\"\">\n"; if (num_rows($result)) { $out .= "<table cellspacing=\"5\">\n"; while ($row = fetch_array($result)) { $out .= "<form name=\"form" . $row['reg'] . "\" method=\"post\" action=\"\">\n"; $out .= "<tr><td><input type=\"hidden\" name=\"submitupload\" value=\"Transfer upload\" />"; $out .= "<input type=\"hidden\" name=\"fileid\" value=" . $row['reg'] . " />"; $out .= "<input type=\"hidden\" name=\"filename\" value=" . $row['file'] . " />"; $out .= "<input type=\"submit\" name=\"aaa\" value=\"{$uploadsmessage['15']}\" /></td>\n"; $out .= "<td><select name=\"cat\">\n"; $output = dbquery("SELECT * FROM " . $prefix . "downloadscat WHERE nome <> \"Uploads\""); $i = 0; while ($row1 = fetch_array($output)) { $out .= "<option value=\"" . $row1['id'] . "\">" . $row1['nome'] . "</option>\n"; $i++; } $out .= "</select></td>\n"; $out .= "<td><a href=\"addons/downloads/send.php?cat=" . $cat['id'] . "&dlid=" . $row['reg'] . "\">" . decode($row['nome']) . "</a></td><td>" . $row['file'] . "</td>\n"; $out .= "<td>" . $row['downloads'] . "</td><td>" . $row['ex'] . "</td></tr>\n</form>\n"; } $out .= "</table>\n"; } else { $out .= "<p>{$uploadsmessage['4']}</p>\n"; } return $out; }
// store cookie for 1 year } $_phpwcms_home['homeCntType'] = clean_slweg($_POST['homeCntType']); @setcookie('homeCntType', $_phpwcms_home['homeCntType'], time() + 31536000); // store cookie for 1 year $_SESSION['phpwcms_backend_search'] = ''; } // set if user has admin rights $_usql = $_SESSION["wcs_user_admin"] ? '' : 'AND article_uid=' . intval($_SESSION["wcs_user_id"]) . ' '; // first list last edited articles $_asql_1 = "SELECT *, DATE_FORMAT(acontent_tstamp, '%d/%m/%Y %H:%i') AS acontent_changed FROM " . DB_PREPEND . "phpwcms_articlecontent t1 "; $_asql_1 .= "LEFT JOIN " . DB_PREPEND . "phpwcms_article t2 ON "; $_asql_1 .= "t1.acontent_aid = t2.article_id "; $_asql_1 .= 'WHERE t1.acontent_trash=0 AND t2.article_deleted=0 '; $_asql_1 .= $_usql; if (is_intval($_phpwcms_home['homeCntType'])) { $_asql_1 .= ' AND t1.acontent_type=' . _dbEscape($_phpwcms_home['homeCntType']); } if (!empty($_SESSION['phpwcms_backend_search'])) { $_asql_1 .= " AND ("; $_asql_1 .= "\tCONCAT(t1.acontent_title,t1.acontent_subtitle,t1.acontent_text,t1.acontent_html) LIKE '%" . _dbEscape($_SESSION['phpwcms_backend_search'], FALSE) . "%'"; $_asql_1 .= " OR "; $_asql_1 .= "\tCONCAT(t2.article_title,t2.article_subtitle,t2.article_summary) LIKE '%" . _dbEscape($_SESSION['phpwcms_backend_search'], FALSE) . "%'"; $_asql_1 .= " ) "; $_be_search = $BL['be_ctype_search'] . ': ' . html($_SESSION['phpwcms_backend_search']); } else { $_be_search = $BL['be_last_edited']; } $_asql_1 .= ' ORDER BY acontent_tstamp DESC LIMIT ' . $_phpwcms_home['homeMaxCntParts']; $_last10_articlecontent = _dbQuery($_asql_1); $_asql_1 = "SELECT article_id, article_cid, article_title, article_subtitle, article_aktiv, article_uid, ";
if ($target_image) { if (!empty($phpwcms['cmsimage_redirect'])) { headerRedirect(PHPWCMS_URL . PHPWCMS_IMAGES . $target_image, 301); } header('Content-Type: ' . get_mimetype_by_extension($ext)); header('Content-Disposition: inline'); @readfile(PHPWCMS_THUMB . $target_image); exit; } } // uncached transparent GIF phpwcms_empty_gif(); } else { $data[0] = preg_replace('/[^0-9xgsXGSctrlb\\-]/', '', $data[0]); } if (is_intval($hash)) { @session_start(); $file_public = empty($_SESSION["wcs_user_id"]) ? 'f_public=1' : '(f_public=1 OR f_uid=' . intval($_SESSION["wcs_user_id"]) . ')'; require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php'; $sql = 'SELECT f_hash, f_ext FROM ' . DB_PREPEND . 'phpwcms_file WHERE '; $sql .= 'f_id=' . intval($hash) . " AND "; if (substr($phpwcms['image_library'], 0, 2) == 'gd') { $sql .= "f_ext IN ('jpg','jpeg','png','gif','bmp') AND "; } $sql .= 'f_trash=0 AND f_aktiv=1 AND ' . $file_public; $hash = _dbQuery($sql); if (isset($hash[0]['f_hash'])) { $ext = $hash[0]['f_ext']; $hash = $hash[0]['f_hash']; } else { $hash = '';
if ($result = mysql_query($SQL, $db) or die("error while updating content: " . $SQL)) { if ($content["update_type"]) { //If content part type was changed $sql = "UPDATE " . DB_PREPEND . "phpwcms_articlecontent SET"; $sql .= " acontent_type=" . $content["target_type"]; $sql .= " WHERE acontent_id=" . $content["id"]; $sql .= " AND acontent_aid=" . $content["aid"]; mysql_query($sql, $db) or die("error while updating content type info"); } change_articledate($content["aid"]); //update article date too update_cache(); // set cache timeout = 0 if (empty($_POST['SubmitClose'])) { // cnt teaser has some special filter options if (isset($_POST['teaser_filter_category']) && is_intval($_POST['teaser_filter_category'])) { $_SESSION['teaser_filter_category'] = intval($_POST['teaser_filter_category']); } if (!empty($_POST['teaser_filter_category_by_tags'])) { $_SESSION['teaser_filter_category_by_tags'] = true; } headerRedirect(PHPWCMS_URL . "phpwcms.php?do=articles&p=2&s=1&aktion=2&id=" . $content["aid"] . "&acid=" . $content["id"]); } else { headerRedirect(PHPWCMS_URL . "phpwcms.php?do=articles&p=2&s=1&id=" . $content["aid"]); } } } //end update/insert } //end error check }
function get_structurelevel_single_article_alias($article_cid = 0) { if (!is_intval($article_cid)) { return ''; } global $content; if (empty($content['struct'][$article_cid]['acat_articlecount'])) { $sql = 'SELECT COUNT(article_id) FROM ' . DB_PREPEND . 'phpwcms_article '; $sql .= 'WHERE article_cid=' . $article_cid . ' AND article_aktiv=1 AND article_deleted=0'; if (!PREVIEW_MODE) { $sql .= ' AND article_begin < NOW() AND article_end > NOW()'; } $content['struct'][$article_cid]['acat_articlecount'] = _dbCount($sql); } // reset article alias/ID if ($content['struct'][$article_cid]['acat_articlecount'] === 1) { return empty($content['struct'][$article_cid]['acat_alias']) ? 'id=' . $article_cid : $content['struct'][$article_cid]['acat_alias']; } return ''; }
$crow["acontent_template"] = ''; } $crow['template'] = array('header' => get_tmpl_section('SEARCH_HEADER', $crow["acontent_template"]), 'footer' => get_tmpl_section('SEARCH_FOOTER', $crow["acontent_template"]), 'item_space' => get_tmpl_section('SEARCH_ITEM_SPACER', $crow["acontent_template"]), 'item' => get_tmpl_section('SEARCH_ITEM', $crow["acontent_template"]), 'pagination' => trim(get_tmpl_section('SEARCH_PAGINATE', $crow["acontent_template"])), 'text' => '', 'form' => '', 'image_render' => false); if (!empty($_POST["search_input_field"]) || !empty($_GET['searchwords'])) { $s_run = 0; // check search // remove unsecure replacement tags $content["search_word"] = empty($_POST["search_input_field"]) ? rawurldecode($_GET['searchwords']) : $_POST["search_input_field"]; $content["search_word"] = clean_slweg($content["search_word"]); $content["search_word"] = clean_replacement_tags($content["search_word"]); $content["search_word"] = cleanUpSpecialHtmlEntities($content["search_word"]); // split all search words $content["search_word"] = explode(' ', $content["search_word"]); $content["search_word"] = array_unique($content["search_word"]); $content['search']['highlight_result'] = empty($content["search"]['highlight_result']) ? false : true; $content['search']['wordlimit'] = isset($content["search"]['wordlimit']) && is_intval($content["search"]['wordlimit']) ? intval($content["search"]['wordlimit']) : 35; $content["search"]["result_per_page"] = empty($content["search"]['result_per_page']) ? 15 : $content["search"]['result_per_page']; if ($content["search"]["result_per_page"] == -1) { $content["search"]["result_per_page"] = 100000; } if (!isset($content["search"]["show_always"])) { $content["search"]["show_always"] = 1; } if (!isset($content["search"]["show_top"])) { $content["search"]["show_top"] = 1; } if (!isset($content["search"]["show_bottom"])) { $content["search"]["show_bottom"] = 1; } if (!isset($content["search"]["show_next"])) { $content["search"]["show_next"] = 1;
function deletecomment() { global $prefix, $newsmessage; if (!is_intval($_POST['newsid']) || !is_intval($_POST['id'])) { return $newsmessage[3]; } if ($_SESSION['adminlevel'] > 3) { dbquery("DELETE FROM " . $prefix . "comments WHERE newsid=" . $_POST['newsid'] . " AND id=" . $_POST['newsid']); return $newsmessage[175]; } else { return $newsmessage[2]; } }
if (isset($_response->status) && $_response->status == 'OK' && isset($_response->results[0]->address_components)) { foreach ($_response->results[0]->address_components as $_component) { // Test agains delivery country code if (isset($_component->types[0]) && $_component->types[0] === 'country' && strtolower($_component->short_name) !== $subtotal['shipping_distance_details']['country_code']) { $subtotal['shipping_distance_details']['foreign'] = true; $_SESSION[CART_KEY]['distance_details']['foreign'] = true; } } } } } } } } } } elseif (isset($_SESSION[CART_KEY]['distance']) && is_intval($_SESSION[CART_KEY]['distance'])) { $subtotal['shipping_distance'] = $_SESSION[CART_KEY]['distance']; $subtotal['shipping_distance_details'] = array_merge($subtotal['shipping_distance_details'], $_SESSION[CART_KEY]['distance_details']); } } foreach (_getConfig('shop_pref_shipping', '_shopPref') as $item_key => $row) { // calculate shipping costs based on weight if ($subtotal['shipping_calc_type'] === 0) { // do nothing as long shipping fee = 0 if ($row['net'] == 0) { continue; } // lower weight and current shipping fee lower then this if ($subtotal['weight'] <= $row['weight']) { $subtotal['shipping_calc'] = true; }
function search() { if (!$this->search_word_count) { return NULL; } $shop_url = _getConfig('shop_pref_id_shop', '_shopPref'); $shop_lang_support = _getConfig('shop_pref_felang') ? true : false; if (!is_intval($shop_url) && is_string($shop_url)) { $shop_url = trim($shop_url); } elseif (is_intval($shop_url) && intval($shop_url)) { $shop_url = 'aid=' . intval($shop_url); } else { $shop_url = $GLOBALS['aktion'][1] ? 'aid=' . $GLOBALS['aktion'][1] : 'id=' . $GLOBALS['aktion'][0]; } if ($this->search_highlight_words && is_array($this->search_highlight_words)) { $s_highlight_words = implode(' ', $this->search_highlight_words); } else { $s_highlight_words = ''; $this->search_highlight = false; } $sql = 'SELECT shopprod_id, shopprod_category, shopprod_ordernumber, '; $sql .= 'shopprod_name1, shopprod_var, '; $sql .= 'UNIX_TIMESTAMP(shopprod_changedate) AS shopprod_date, '; $sql .= 'CONCAT('; $sql .= "\tshopprod_description0,' ',"; $sql .= "\tshopprod_description1,' ',"; $sql .= "\tshopprod_description2,' ',"; $sql .= "\tshopprod_description3,' ',"; $sql .= "\tshopprod_color,' ',"; $sql .= "\tshopprod_size,' ',"; $sql .= "\tshopprod_ordernumber,' ',"; $sql .= "\tshopprod_model,' ',"; $sql .= "\tshopprod_name1,' ',"; $sql .= "\tshopprod_name2,' '"; $sql .= ') AS shopprod_search '; $sql .= 'FROM ' . DB_PREPEND . 'phpwcms_shop_products WHERE shopprod_status=1'; if ($shop_lang_support && !empty($GLOBALS['phpwcms']['default_lang'])) { $sql .= " AND (shopprod_lang='' OR shopprod_lang=" . _dbEscape($GLOBALS['phpwcms']['default_lang']) . ')'; } $data = _dbQuery($sql); foreach ($data as $value) { $s_result = array(); $s_text = $value['shopprod_search']; $s_text = str_replace(array('~', '|', ':', 'http', '//', '_blank', ' '), ' ', $s_text); $s_text = clean_search_text($s_text); preg_match_all('/' . $this->search_words . '/is', $s_text, $s_result); $s_count = count($s_result[0]); if ($s_count && SEARCH_TYPE_AND) { $s_and_or = array(); foreach ($s_result[0] as $svalue) { $s_and_or[strtolower($svalue)] = 1; } $s_and_or = count($s_and_or); if ($s_and_or != $this->search_word_count) { $s_count = 0; } } if ($s_count) { $id = $this->search_result_entry; $s_title = $value['shopprod_ordernumber'] ? trim($value['shopprod_ordernumber']) . ': ' : ''; $s_title .= $value['shopprod_name1']; $s_title = html($s_title); $s_text = trim($s_text); if ($this->search_wordlimit) { $s_text = getCleanSubString($s_text, $this->search_wordlimit, $this->ellipse_sign, 'word'); } $s_text = html($s_text); $this->search_results[$id]["id"] = $value['shopprod_id']; $this->search_results[$id]["cid"] = 0; $this->search_results[$id]["rank"] = $s_count; $this->search_results[$id]["date"] = $value['shopprod_date']; $this->search_results[$id]["user"] = ''; $this->search_results[$id]["subtitle"] = ''; $this->search_results[$id]['query'] = $shop_url; //.'&shop_cat='.$value['shopprod_category'].'&shop_detail='.$value['shopprod_id']; $this->search_results[$id]['image'] = false; if ($this->image_render) { $value['shopprod_var'] = unserialize($value['shopprod_var']); if (isset($value['shopprod_var']['images'][0]['f_hash'])) { $this->search_results[$id]['image'] = array('id' => $value['shopprod_var']['images'][0]['f_id'], 'hash' => $value['shopprod_var']['images'][0]['f_hash'], 'ext' => $value['shopprod_var']['images'][0]['f_ext'], 'name' => $value['shopprod_var']['images'][0]['f_name']); } } if ($this->search_highlight) { $this->search_results[$id]["title"] = highlightSearchResult($s_title, $this->search_highlight_words); $this->search_results[$id]["text"] = highlightSearchResult($s_text, $this->search_highlight_words); $this->search_results[$id]['link'] = rel_url(array('shop_cat' => $value['shopprod_category'], 'shop_detail' => $value['shopprod_id'], 'highlight' => $s_highlight_words), array('searchstart', 'searchwords'), $shop_url); } else { $this->search_results[$id]["title"] = $s_title; $this->search_results[$id]["text"] = $s_text; $this->search_results[$id]['link'] = rel_url(array('shop_cat' => $value['shopprod_category'], 'shop_detail' => $value['shopprod_id']), array('highlight', 'searchstart', 'searchwords'), $shop_url); } $this->search_result_entry++; } } }