function calendar_delete() { global $vars, $phpcdb, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["cid"])) { $html->add(tag('p', __('No calendar selected.'))); return $html; } $id = $vars["cid"]; $calendar = $phpcdb->get_calendar($id); if (empty($calendar)) { soft_error(__("Invalid calendar ID.")); } if (empty($vars["confirm"])) { $html->add(tag('p', __('Confirm you want to delete calendar:') . $calendar->get_title())); $html->add(" [ ", create_action_link(__('Confirm'), "calendar_delete", array("cid" => $id, "confirm" => "1")), " ] "); $html->add(" [ ", create_action_link(__('Deny'), "display_month"), " ] "); return $html; } if (!$calendar->can_admin()) { $html->add(tag('p', __("You do not have permission to remove calendar") . ": {$id}")); return $html; } if ($phpcdb->delete_calendar($id)) { $html->add(tag('p', __("Removed calendar") . ": {$id}")); } else { $html->add(tag('p', __("Could not remove calendar") . ": {$id}")); } return message_redirect($html, "{$phpc_script}?action=admin"); }
function occurrence_delete() { global $vars, $phpcdb, $phpcid, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["oid"])) { $message = __('No occurrence selected.'); $html->add(tag('p', $message)); return $html; } if (is_array($vars["oid"])) { $oids = $vars["oid"]; } else { $oids = array($vars["oid"]); } $removed_occurs = array(); $unremoved_occurs = array(); $permission_denied = array(); foreach ($oids as $oid) { $occur = $phpcdb->get_occurrence_by_oid($oid); if (!$occur->can_modify()) { $permission_denied[] = $oid; } else { if ($phpcdb->delete_occurrence($oid)) { $removed_occurs[] = $oid; // TODO: Verify that the event still has occurences. $eid = $occur->get_eid(); } else { $unremoved_occurs[] = $oid; } } } if (sizeof($removed_occurs) > 0) { if (sizeof($removed_occurs) == 1) { $text = __("Removed occurrence"); } else { $text = __("Removed occurrences"); } $text .= ': ' . implode(', ', $removed_occurs); $html->add(tag('p', $text)); } if (sizeof($unremoved_occurs) > 0) { if (sizeof($unremoved_occurs) == 1) { $text = __("Could not remove occurrence"); } else { $text = __("Could not remove occurrences"); } $text .= ': ' . implode(', ', $unremoved_occurs); $html->add(tag('p', $text)); } if (sizeof($permission_denied) > 0) { if (sizeof($permission_denied) == 1) { $text = __("You do not have permission to remove the occurrence."); } else { $text = __("You do not have permission to remove occurrences."); } $text .= ': ' . implode(', ', $permission_denied); $html->add(tag('p', $text)); } return message_redirect($html, "{$phpc_script}?action=display_event&phpcid={$phpcid}&eid={$eid}"); }
function category_delete() { global $vars, $phpcdb, $phpcid, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["catid"])) { return message_redirect(__('No category selected.'), "{$phpc_script}?action=cadmin&phpcid={$phpcid}"); } if (is_array($vars["catid"])) { $ids = $vars["catid"]; } else { $ids = array($vars["catid"]); } $categories = array(); foreach ($ids as $id) { $categories[] = $phpcdb->get_category($id); } foreach ($categories as $category) { if (empty($category['cid']) && !is_admin() || !$phpcdb->get_calendar($category['cid'])->can_admin()) { $html->add(tag('p', __("You do not have permission to delete category: ") . $category['catid'])); continue; } if ($phpcdb->delete_category($category['catid'])) { $html->add(tag('p', __("Removed category: ") . $category['catid'])); } else { $html->add(tag('p', __("Could not remove category: ") . $category['catid'])); } } return message_redirect($html, "{$phpc_script}?action=cadmin&phpcid={$phpcid}"); }
function user_permissions_submit() { global $phpcid, $phpc_cal, $vars, $phpcdb, $phpc_script; if (!$phpc_cal->can_admin()) { return tag('div', __('Permission denied')); } if (empty($vars['uid'])) { return tag('div', __('No users')); } $users = array(); foreach ($vars['uid'] as $uid) { $perm_names = array('read', 'write', 'readonly', 'modify', 'admin'); $old_perms = $phpcdb->get_permissions($phpcid, $uid); $new_perms = array(); $different = false; foreach ($perm_names as $perm_name) { $new_perms[$perm_name] = asbool(!empty($vars["{$perm_name}{$uid}"])); if (empty($old_perms[$perm_name]) != empty($vars["{$perm_name}{$uid}"])) { $different = true; } } if ($different) { $user = $phpcdb->get_user($uid); $users[] = $user->get_username(); $phpcdb->update_permissions($phpcid, $uid, $new_perms); } } if (sizeof($users) == 0) { $message = __('No changes to make.'); } else { $message = __('Updated user(s):') . ' ' . implode(', ', $users); } return message_redirect($message, "{$phpc_script}?action=cadmin&phpcid={$phpcid}"); }
function user_settings_submit() { global $phpcid, $vars, $phpcdb, $phpc_user_tz, $phpc_user_lang, $phpc_prefix, $phpc_user, $phpc_script; verify_token(); // If we have a timezone, make sure it's valid if (!empty($vars["timezone"]) && !in_array($vars['timezone'], timezone_identifiers_list())) { soft_error(__("Invalid timezone.")); } // Expire 20 years in the future, give or take. $expiration_time = time() + 20 * 365 * 24 * 60 * 60; // One hour in the past $past_time = time() - 3600; if (!empty($vars["timezone"])) { setcookie("{$phpc_prefix}tz", $vars['timezone'], $expiration_time); } else { setcookie("{$phpc_prefix}tz", '', $past_time); } if (!empty($vars["language"])) { setcookie("{$phpc_prefix}lang", $vars['language'], $expiration_time); } else { setcookie("{$phpc_prefix}lang", '', $past_time); } if (is_user()) { $uid = $phpc_user->get_uid(); $phpcdb->set_user_default_cid($uid, $vars['default_cid']); $phpcdb->set_timezone($uid, $vars['timezone']); $phpcdb->set_language($uid, $vars['language']); $phpc_user_tz = $vars["timezone"]; $phpc_user_lang = $vars["language"]; } return message_redirect(__('Settings updated.'), "{$phpc_script}?action=user_settings&phpcid={$phpcid}"); }
function user_enable() { global $vars, $phpcid, $phpcdb, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (!is_admin()) { $html->add(tag('p', __('You must be an admin to enable users.'))); return $html; } if (empty($vars["uid"])) { $html->add(tag('p', __('No user selected.'))); return $html; } if (is_array($vars["uid"])) { $ids = $vars["uid"]; } else { $ids = array($vars["uid"]); } foreach ($ids as $id) { if ($phpcdb->enable_user($id)) { $html->add(tag('p', __("Enabled user: {$id}"))); } else { $html->add(tag('p', __("Could not enable user: {$id}"))); } } return message_redirect($html, "{$phpc_script}?action=admin&phpcid={$phpcid}"); }
function category_submit() { global $vars, $phpcdb, $phpc_script, $phpc_cal; if (empty($vars["text-color"]) || empty($vars["bg-color"])) { $page = "{$phpc_script}?action=category_form"; if (!empty($vars["cid"])) { $page .= "&cid={$vars["cid"]}"; } if (!empty($vars["catid"])) { $page .= "&catid={$vars["catid"]}"; } return message_redirect(__("Color not specified."), $page); } // The current widget produces hex values without the "#". // We may in the future want to allow different input, so store the // values with the "#" $text_color = '#' . $vars["text-color"]; $bg_color = '#' . $vars["bg-color"]; if (empty($vars['gid']) || strlen($vars['gid']) == 0) { $gid = 0; } else { $gid = $vars['gid']; } if (!check_color($text_color) || !check_color($bg_color)) { soft_error(__("Invalid color.")); } if (!isset($vars['catid'])) { $modify = false; if (!isset($vars['cid'])) { $cid = null; if (!is_admin()) { permission_error(__('You do not have permission to add categories to all calendars.')); } } else { $cid = $vars['cid']; $calendar = $phpcdb->get_calendar($cid); if (!$calendar->can_admin()) { permission_error(__('You do not have permission to add categories to this calendar.')); } } $catid = $phpcdb->create_category($cid, $vars["name"], $text_color, $bg_color, $gid); } else { $modify = true; $catid = $vars['catid']; $category = $phpcdb->get_category($catid); if (!(empty($category['cid']) && is_admin() || $phpcdb->get_calendar($category["cid"])->can_admin())) { soft_error(__("You do not have permission to modify this category.")); } $phpcdb->modify_category($catid, $vars['name'], $text_color, $bg_color, $gid); } $page = "{$phpc_script}?action=cadmin&phpcid=" . $vars['phpcid']; if ($modify) { return message_redirect(__("Modified category: ") . $catid, $page); } if ($catid > 0) { return message_redirect(__("Created category: ") . $catid, $page); } return tag('div', attributes('class="phpc-error"'), __('Error submitting category.')); }
function field_submit() { global $vars, $phpcdb, $phpc_script, $phpc_cal; $form_page = "{$phpc_script}?action=field_form"; if (!empty($vars["cid"])) { $form_page .= "&cid={$vars["cid"]}"; } if (!empty($vars["fid"])) { $form_page .= "&fid={$vars["fid"]}"; } if (empty($vars["name"])) { return input_error(__("Name not specified."), $form_page); } $required = !empty($vars['name']) && $vars['required'] == '1'; if (empty($vars['format'])) { $format = false; } else { $format = $vars['format']; } if (!isset($vars['fid'])) { $modify = false; if (!isset($vars['cid'])) { $cid = null; if (!is_admin()) { permission_error(__('You do not have permission to add fields to all calendars.')); } } else { $cid = $vars['cid']; $calendar = $phpcdb->get_calendar($cid); if (!$calendar->can_admin()) { permission_error(__('You do not have permission to add fields to this calendar.')); } } $fid = $phpcdb->create_field($cid, $vars["name"], $required, $format); } else { $modify = true; $fid = $vars['fid']; $field = $phpcdb->get_field($fid); if (!(empty($field['cid']) && is_admin() || $phpcdb->get_calendar($field["cid"])->can_admin())) { permission_error(__("You do not have permission to modify this field.")); } $phpcdb->modify_field($fid, $vars['name'], $required, $format); } $page = "{$phpc_script}?action=cadmin&phpcid={$vars['phpcid']}#phpc-fields"; if ($modify) { return message_redirect(__("Modified field: ") . $fid, $page); } if ($fid > 0) { return message_redirect(__("Created field: ") . $fid, $page); } return tag('div', attributes('class="phpc-error"'), __('Error submitting field.')); }
function default_calendar() { global $vars, $phpcdb, $phpc_script, $phpc_user; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["cid"])) { $html->add(tag('p', __('No calendar selected.'))); return $html; } if ($phpc_user->is_admin()) { $phpcdb->set_config('default_cid', $vars['cid']); $html->add(tag('p', __('Default calendar set to: ') . $vars['cid'])); } return message_redirect($html, "{$phpc_script}?action=admin"); }
function group_delete() { global $vars, $phpcdb, $phpcid, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["gid"])) { return message_redirect(__('No group selected.'), "{$phpc_script}?action=cadmin&phpcid={$phpcid}"); } if (is_array($vars["gid"])) { $ids = $vars["gid"]; } else { $ids = array($vars["gid"]); } $groups = array(); foreach ($ids as $id) { $groups[] = $phpcdb->get_group($id); } if (empty($vars["confirm"])) { $list = tag('ul'); foreach ($groups as $group) { $list->add(tag('li', "{$id}: " . $group['name'])); } $html->add(tag('p', __('Confirm you want to delete:'))); $html->add($list); $html->add(" [ ", create_action_link(__('Confirm'), "group_delete", array("gid" => $ids, "confirm" => "1")), " ] "); $html->add(" [ ", create_action_link(__('Deny'), "display_month"), " ] "); return $html; } foreach ($groups as $group) { if (empty($group['cid']) && !is_admin() || !$phpcdb->get_calendar($group['cid'])->can_admin()) { $html->add(tag('p', __("You do not have permission to delete group: ") . $group['gid'])); continue; } if ($phpcdb->delete_group($group['gid'])) { $html->add(tag('p', __("Removed group: ") . $group['gid'])); } else { $html->add(tag('p', __("Could not remove group: ") . $group['gid'])); } } return message_redirect($html, "{$phpc_script}?action=cadmin&phpcid={$phpcid}"); }
function calendar_delete() { global $vars, $phpcdb, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["cid"])) { $html->add(tag('p', __('No calendar selected.'))); return $html; } if (is_array($vars["cid"])) { $ids = $vars["cid"]; } else { $ids = array($vars["cid"]); } if (empty($vars["confirm"])) { $list = tag('ul'); foreach ($ids as $id) { $calendar = $phpcdb->get_calendar($id); $list->add(tag('li', "{$id}: " . $calendar->get_title())); } $html->add(tag('p', __('Confirm you want to delete:'))); $html->add($list); $html->add(" [ ", create_action_link(__('Confirm'), "calendar_delete", array("cid" => $ids, "confirm" => "1")), " ] "); $html->add(" [ ", create_action_link(__('Deny'), "display_month"), " ] "); return $html; } foreach ($ids as $id) { $calendar = $phpcdb->get_calendar($id); if (!$calendar->can_admin()) { $html->add(tag('p', __("You do not have permission to remove calendar") . ": {$id}")); continue; } if ($phpcdb->delete_calendar($id)) { $html->add(tag('p', __("Removed calendar") . ": {$id}")); } else { $html->add(tag('p', __("Could not remove calendar") . ": {$id}")); } } return message_redirect($html, "{$phpc_script}?action=admin"); }
function user_delete() { global $vars, $phpcid, $phpcdb, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (!is_admin()) { $html->add(tag('p', __('You must be an admin to delete users.'))); return $html; } if (empty($vars["uid"])) { $html->add(tag('p', __('No user selected.'))); return $html; } if (is_array($vars["uid"])) { $ids = $vars["uid"]; } else { $ids = array($vars["uid"]); } if (empty($vars["confirm"])) { $list = tag('ul'); foreach ($ids as $id) { $user = $phpcdb->get_user($id); $list->add(tag('li', "{$id}: " . $user->get_username())); } $html->add(tag('p', __('Confirm you want to delete:'))); $html->add($list); $html->add(" [ ", create_action_link(__('Confirm'), "user_delete", array("uid" => $ids, "confirm" => "1")), " ] "); $html->add(" [ ", create_action_link(__('Deny'), "display_month"), " ] "); return $html; } foreach ($ids as $id) { if ($phpcdb->delete_user($id)) { $html->add(tag('p', __("Removed user: {$id}"))); } else { $html->add(tag('p', __("Could not remove user: {$id}"))); } } return message_redirect($html, "{$phpc_script}?action=admin&phpcid={$phpcid}"); }
function calendar_delete() { global $vars, $phpcdb, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["cid"])) { $html->add(tag('p', __('No calendar selected.'))); return $html; } $id = $vars["cid"]; $calendar = $phpcdb->get_calendar($id); if (empty($calendar)) { soft_error(__("Calendar does not exist") . ": {$id}"); } if (!$calendar->can_admin()) { soft_error(__("You do not have permission to remove calendar") . ": {$id}"); } if ($phpcdb->delete_calendar($id)) { $html->add(tag('p', __("Removed calendar") . ": {$id}")); } else { $html->add(tag('p', __("Could not remove calendar") . ": {$id}")); } return message_redirect($html, "{$phpc_script}?action=admin"); }
function group_submit() { global $vars, $phpcdb, $phpc_script, $phpc_cal; if (!isset($vars['gid'])) { $modify = false; if (!isset($vars['cid'])) { $cid = null; if (!is_admin()) { permission_error(__('You do not have permission to add a global group.')); } } else { $cid = $vars['cid']; $calendar = $phpcdb->get_calendar($cid); if (!$calendar->can_admin()) { permission_error(__('You do not have permission to add a group to this calendar.')); } } $gid = $phpcdb->create_group($cid, $vars["name"]); } else { $modify = true; $gid = $vars['gid']; $group = $phpcdb->get_group($gid); if (!(empty($group['cid']) && is_admin() || $phpcdb->get_calendar($group["cid"])->can_admin())) { soft_error(__("You do not have permission to modify this group.")); } $phpcdb->modify_group($gid, $vars['name']); } $page = "{$phpc_script}?action=cadmin&phpcid=" . $vars['cid']; if ($modify) { return message_redirect(__("Modified group: ") . $gid, $page); } if ($gid > 0) { return message_redirect(__("Created group: ") . $gid, $page); } return tag('div', attributes('class="phpc-error"'), __('Error submitting group.')); }
function cadmin_submit() { global $phpcid, $phpc_cal, $vars, $phpcdb, $phpc_script; if (!$phpc_cal->can_admin()) { return tag('div', __('Permission denied')); } foreach (get_config_options() as $item) { if ($item[2] == PHPC_CHECK) { if (isset($vars[$item[0]])) { $value = "1"; } else { $value = "0"; } } else { if (isset($vars[$item[0]])) { $value = $vars[$item[0]]; } else { soft_error($item[0] . __(" was not set.")); } } $phpcdb->update_config($phpcid, $item[0], $value); } return message_redirect(__('Updated options'), "{$phpc_script}?action=cadmin&phpcid={$phpcid}"); }
$addtime = $board_time; // write postdata db_query("INSERT INTO " . $pref . "post SET\n\t\t\t user_id='" . U_ID . "',\n\t\t\t\t post_time='{$addtime}',\n\t\t\t\t post_text='" . addslashes($text) . "',\n\t\t\t\t guest_name='" . (U_ID == 0 ? $autor : '') . "',\n\t\t\t\t thread_id='{$threadid}',\n\t\t\t\t board_id='{$boardid}',\n\t\t\t\t post_ip='" . getenv('REMOTE_ADDR') . "',\n\t\t\t\t post_smilies='" . (isset($do_smilies) ? '1' : '0') . "',\n\t\t\t\t bcode='" . (isset($b_code) ? '1' : '0') . "',\n\t\t\t\t sendmail='" . (isset($abbo) ? '1' : '0') . "'"); // update thread -------------------------------------- $last_post_id = mysql_insert_id(); $replies = $thread['replies'] + 1; db_query("UPDATE " . $pref . "thread SET\n\t\t\t last_act_time='{$addtime}',\n\t\t\t last_act_user='******',\n\t\t\t last_post_id='{$last_post_id}',\n\t\t\t\t replies='{$replies}'\n\t\t\t WHERE thread_id='{$threadid}'"); // boarddata $posts = $board['posts'] + 1; db_query("UPDATE " . $pref . "board SET\n\t\t\t last_act_time='{$addtime}',\n\t\t\t\t last_post_id='{$last_post_id}',\n\t\t\t\t last_thread_id='{$threadid}',\n\t\t\t\t last_act_user='******',\n\t\t\t\t last_act_thread='" . addslashes($new['topic']) . "',\n\t\t\t\t posts='{$posts}'\n\t\t\t WHERE board_id='{$boardid}'"); // update userdata if (U_ID != 0) { $post_count = U_COUNT + 1; db_query("UPDATE " . $pref . "user SET\n\t\t\t\t user_lastacttime='{$addtime}',\n\t\t\t\t\t post_count='{$post_count}',\n\t\t\t\t\t user_lasttopic='" . addslashes($new['topic']) . "',\n\t\t\t\t\t user_lastpostt='{$addtime}',\n\t\t\t\t\t user_lastpostid='{$last_post_id}'\n\t\t\t\t WHERE user_id='" . U_ID . "'"); } // statiks $r_stats = db_query("SELECT\n\t\t\t posts\n\t\t\t FROM " . $pref . "stats"); $stats = db_result($r_stats); $stats['posts']++; db_query("UPDATE " . $pref . "stats SET\n\t\t\t posts='" . $stats['posts'] . "'"); // last_act_time if (U_ID == 0) { db_query("UPDATE " . $pref . "guest SET\n\t\t\t\t last_act_time='{$addtime}'\n\t\t\t\t WHERE session_id='{$sid}'"); } else { db_query("UPDATE " . $pref . "user SET\n\t\t\t\t user_lastpostt='{$addtime}'\n\t\t\t\t WHERE user_id='" . U_ID . "'"); } message_redirect('Danke für Deinen Beitrag, bitte warten ...', 'showtopic.php?boardid=' . $boardid . '&threadid=' . $threadid . '&page=last#p' . $last_post_id); } } } echo Output(Template($TBoard));
function process_form() { global $vars, $phpcdb, $phpc_script, $phpc_user, $phpc_cal; // When modifying events, this is the value of the checkbox that // determines if the date should change $modify_occur = !isset($vars['eid']) || !empty($vars['phpc-modify']); if ($modify_occur) { $start_ts = get_timestamp("start"); $end_ts = get_timestamp("end"); switch ($vars["time-type"]) { case 'normal': $time_type = 0; break; case 'full': $time_type = 1; break; case 'tba': $time_type = 2; break; default: soft_error(__("Unrecognized Time Type.")); } $duration = $end_ts - $start_ts; if ($duration < 0) { throw new Exception(__("An event cannot have an end earlier than its start.")); } } verify_token(); if (!isset($vars['cid'])) { throw new Exception(__("Calendar ID is not set.")); } $cid = $vars['cid']; $calendar = $phpcdb->get_calendar($cid); if (!$calendar->can_write()) { permission_error(__('You do not have permission to write to this calendar.')); } if ($calendar->can_create_readonly() && !empty($vars['readonly'])) { $readonly = true; } else { $readonly = false; } $catid = empty($vars['catid']) ? false : $vars['catid']; if (!isset($vars['eid'])) { $modify = false; $eid = $phpcdb->create_event($cid, $phpc_user->get_uid(), $vars["subject"], $vars["description"], $readonly, $catid); } else { $modify = true; $eid = $vars['eid']; $phpcdb->modify_event($eid, $vars['subject'], $vars['description'], $readonly, $catid); if ($modify_occur) { $phpcdb->delete_occurrences($eid); } } foreach ($phpc_cal->get_fields() as $field) { $fid = $field['fid']; if (empty($vars["phpc-field-{$fid}"])) { if ($field['required']) { throw new Exception(sprintf(__('Field "%s" is required but was not set.'), $field['name'])); } continue; } $phpcdb->add_event_field($eid, $fid, $vars["phpc-field-{$fid}"]); } if ($modify_occur) { $occurrences = 0; $n = 1; $until = $start_ts; switch ($vars['repeats']) { case 'daily': check_input("every-day"); $n = $vars["every-day"]; $until = get_timestamp("daily-until"); break; case 'weekly': check_input("every-week"); $n = $vars["every-week"] * 7; $until = get_timestamp("weekly-until"); break; case 'monthly': check_input("every-month"); $n = $vars["every-month"]; $until = get_timestamp("monthly-until"); break; case 'yearly': check_input("every-year"); $n = $vars["every-year"]; $until = get_timestamp("yearly-until"); break; } if ($n < 1) { soft_error(__('Increment must be 1 or greater.')); } while ($occurrences <= 730 && days_between($start_ts, $until) >= 0) { $oid = $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts); $occurrences++; switch ($vars["repeats"]) { case 'daily': case 'weekly': $start_ts = add_days($start_ts, $n); $end_ts = add_days($end_ts, $n); break; case 'monthly': $start_ts = add_months($start_ts, $n); $end_ts = add_months($end_ts, $n); break; case 'yearly': $start_ts = add_years($start_ts, $n); $end_ts = add_years($end_ts, $n); break; default: break 2; } } } if ($eid != 0) { if ($modify) { $message = __("Modified event: "); } else { $message = __("Created event: "); } return message_redirect(tag('', $message, create_event_link($eid, 'display_event', $eid)), "{$phpc_script}?action=display_event&eid={$eid}"); } else { return message_redirect(__('Error submitting event.'), "{$phpc_script}?action=display_month&phpcid={$cid}"); } }
function phpc_updatedb($dbh) { global $phpc_script, $phpcdb; $message_tags = tag('div', tag('div', __("Updating calendar"))); $updated = false; foreach (phpc_table_schemas() as $table) { $tags = $table->update($dbh); $message_tags->add($tags); if (sizeof($tags) > 0) { $updated = true; } } $phpcdb->set_config("version", PHPC_DB_VERSION); if (!$updated) { $message_tags->add(tag('div', __('Already up to date.'))); } message_redirect($message_tags, $phpc_script); }
} } } // read styles $r_style = db_query("SELECT\n *\n FROM " . $pref . "style WHERE " . $where . " "); $style = db_result($r_style); $style['smallfont'] = '<font size="1">'; $style['smallfontend'] = '</font>'; // script basename $basename = basename($HTTP_SERVER_VARS["SCRIPT_NAME"]); $data['loginscript'] = $basename; if ($basename == 'category.php') { $data['loginscript'] = $basename . '?catid=' . $catid; } if ($basename == 'board.php') { $data['loginscript'] = $basename . '?boardid=' . $boardid; } if ($basename == 'showtopic.php') { $data['loginscript'] = $basename . '?boardid=' . $boardid . '&threadid=' . $threadid; } // U_ID == 0 then Logintemplate if (U_ID == 0) { $data['login'] = Template(Get_Template('templates/' . $style['styletemplate'] . '/login.html')); } $data['javascript'] = ''; // JUMP ----- if boardid negativ then it is catid if (isset($boardid)) { if ($boardid < 0) { message_redirect('Du wirst zur gewünschten Kategorie weiter geleitet, bitte warten ...', 'category.php?catid=' . abs($boardid)); } }
<?php /* $Id: login.php,v 1.3 2003/06/16 18:08:20 master_mario Exp $ */ include 'inc/header.inc.php'; $r_login = db_query("SELECT\n user_id,\n user_pw,\n user_lastacttime\n FROM " . $pref . "user WHERE user_name='" . addslashes($login['name']) . "'"); if (db_rows($r_login) == 1) { $a_login = db_result($r_login); if (md5(addslashes($login['pw'])) == $a_login['user_pw']) { // login -------------------------- db_query("UPDATE " . $pref . "user SET\n user_session='" . $sid . "',\n user_oldsavet='" . $a_login['user_lastacttime'] . "'\n WHERE user_id='" . $a_login['user_id'] . "'"); // gast l�schen ------------------- db_query("DELETE FROM " . $pref . "guest WHERE session_id='{$sid}'"); db_query("OPTIMIZE TABLE " . $pref . "guest"); setNewposts($a_login['user_lastacttime']); // Weiterleitung ------------------ message_redirect('Du hast Dich erfolgreich eingeloggt, bitte warten ...', $loginscript); } else { $TBoard = Get_Template('templates/' . $style['styletemplate'] . '/board.html'); message('Das Passwort ist falsch.', 'Fehler', 0); } } else { $TBoard = Get_Template('templates/' . $style['styletemplate'] . '/board.html'); message('Es ist kein User mit diesem Namen registriert.', 'Fehler', 0); }
function process_form() { global $vars, $phpcdb, $phpc_cal, $phpcid, $phpc_script, $phpc_user; // When modifying events, this is the value of the checkbox that // determines if the date should change $modify_occur = !isset($vars['eid']) || !empty($vars['phpc-modify']); if ($modify_occur) { $start_ts = get_timestamp("start"); $end_ts = get_timestamp("end"); switch ($vars["time-type"]) { case 'normal': $time_type = 0; break; case 'full': $time_type = 1; break; case 'tba': $time_type = 2; break; default: soft_error(__("Unrecognized Time Type.")); } $duration = $end_ts - $start_ts; if ($duration < 0) { message(__("An event cannot have an end earlier than its start.")); return display_form(); } } verify_token(); if (0) { permission_error(__('You do not have permission to write to this calendar.')); } if ($phpc_cal->can_create_readonly() && !empty($vars['readonly'])) { $readonly = true; } else { $readonly = false; } $catid = empty($vars['catid']) ? false : $vars['catid']; if (!isset($vars['eid'])) { $modify = false; $eid = $phpcdb->create_event($phpcid, $phpc_user->get_uid(), $vars["subject"], $vars["description"], $readonly, $catid); } else { $modify = true; $eid = $vars['eid']; $phpcdb->modify_event($eid, $vars['subject'], $vars['description'], $readonly, $catid); if ($modify_occur) { $phpcdb->delete_occurrences($eid); } } if ($modify_occur) { $oid = $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts); $occurrences = 1; switch ($vars["repeats"]) { case "never": break; case 'daily': if (!isset($vars["every-day"])) { soft_error(__("Required field \"every-day\" is not set.")); } $ndays = $vars["every-day"]; if ($ndays < 1) { soft_error(__("every-day must be greater than 1")); } $daily_until = get_timestamp("daily-until"); while ($occurrences <= 730) { $start_ts = add_days($start_ts, $ndays); $end_ts = add_days($end_ts, $ndays); if (days_between($start_ts, $daily_until) < 0) { break; } $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts); $occurrences++; } break; case 'weekly': if (!isset($vars["every-week"])) { soft_error(__("Required field \"every-week\" is not set.")); } if ($vars["every-week"] < 1) { soft_error(__("every-week must be greater than 1")); } $ndays = $vars["every-week"] * 7; $weekly_until = get_timestamp("weekly-until"); while ($occurrences <= 730) { $start_ts = add_days($start_ts, $ndays); $end_ts = add_days($end_ts, $ndays); if (days_between($start_ts, $weekly_until) < 0) { break; } $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts); $occurrences++; } break; case 'monthly': if (!isset($vars["every-month"])) { soft_error(__("Required field \"every-month\" is not set.")); } if ($vars["every-month"] < 1) { soft_error(__("every-month must be greater than 1")); } $nmonths = $vars["every-month"]; $monthly_until = get_timestamp("monthly-until"); while ($occurrences <= 730) { $start_ts = add_months($start_ts, $nmonths); $end_ts = add_months($end_ts, $nmonths); if (days_between($start_ts, $monthly_until) < 0) { break; } $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts); $occurrences++; } break; case 'yearly': if (!isset($vars["every-year"])) { soft_error(__("Required field \"every-year\" is not set.")); } if ($vars["every-year"] < 1) { soft_error(__("every-month must be greater than 1")); } $nyears = $vars["every-year"]; $yearly_until = get_timestamp("yearly-until"); while ($occurrences <= 730) { $start_ts = add_years($start_ts, $nyears); $end_ts = add_years($end_ts, $nyears); if (days_between($start_ts, $yearly_until) < 0) { break; } $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts); $occurrences++; } break; default: soft_error(__("Invalid event type.")); } } if ($eid != 0) { if ($modify) { $message = __("Modified event: "); } else { $message = __("Created event: "); } /* before return message_redirect(tag($eid, $message, create_event_link('', 'display_event', $eid)), */ return message_redirect(tag('', $message, create_event_link('', 'display_event', '')), "{$phpc_script}?action=display_event&phpcid={$phpcid}&oid={$oid}"); /* <-- before last paremeter was &eid=$eid instead of &oid=$oid */ } else { return message_redirect(__('Error submitting event.'), "{$phpc_script}?action=display_month&phpcid={$phpcid}"); } }
if (U_ID != 0) { $r_board = db_query("SELECT\n board_id\n FROM " . $pref . "board WHERE category!='0' AND disabled!='1'"); if (db_rows($r_board) > 0) { while ($a_board = db_result($r_board)) { $session_var_name = 'b' . $a_board['board_id']; $r_post_id = db_query("SELECT\n MAX(post_id)\n FROM " . $pref . "post WHERE board_id='{$a_board['board_id']}'"); if (db_rows($r_post_id) == 0) { $_SESSION[$session_var_name] = 0; } else { $a_post_id = db_result($r_post_id); list(, $poid) = each($a_post_id); $_SESSION[$session_var_name] = $poid; } } } } message_redirect('Alle Foren wurden als gelesen makiert, bitte warten ...', 'index.php'); } else { if (U_ID != 0) { $session_var_name = 'b' . $boardid; $r_post_id = db_query("SELECT\n MAX(post_id)\n FROM " . $pref . "post WHERE board_id='{$boardid}'"); if (db_rows($r_post_id) == 0) { $_SESSION[$session_var_name] = 0; } else { $a_post_id = db_result($r_post_id); list(, $poid) = each($a_post_id); $_SESSION[$session_var_name] = $poid; } } message_redirect('Board wurde als gelesen makiert, bitte warten ...', 'board.php?boardid=' . $boardid); }
$text = trim($text); $legalchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 [|](){}.-_äöüÄÖÜß,"; for ($i = 0; $i < strlen($text); $i++) { if (!strstr($legalchars, $text[$i])) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text enthält nicht erlaubte Zeichen. ( ' . $text[$i] . ' )'; } } if (strlen($text) > $config['report_max_len']) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu lang.'; } if (strlen($text) < $config['report_min_len']) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu kurz.'; } if ($err_mess != '') { $mess = '<form action="report.php" method="post" name="sendback"> ' . $err_mess . ' <input type="hidden" name="boardid" value="' . $boardid . '" /> <input type="hidden" name="threadid" value="' . $threadid . '" /> <input type="hidden" name="postid" value="' . $postid . '" /> <input type="hidden" name="page" value="' . $page . '" /> <input type="hidden" name="back" value="1" /> <input type="hidden" name="text" value="' . $text . '" /> </form>'; message($mess, 'Fehler', 1); } else { db_query("INSERT INTO " . $pref . "report SET\n\t\t report_time='{$board_time}',\n\t\t\t user_name='" . U_NAME . "',\n\t\t\t user_id='" . U_ID . "',\n\t\t\t user_ip='" . getenv('REMOTE_ADDR') . "',\n\t\t\t report='" . addslashes($text) . "',\n\t\t\t post_id='{$postid}'"); message_redirect('Die Meldung ist erfolgt, bitte warten ...', 'showtopic.php?boardid=' . $boardid . '&threadid=' . $threadid . '&page=' . $page . '#p' . $postid); } } $data['boardtable'] = $TReport; echo Output(Template($TBoard));
$mess = '<form action="threadopt.php" method="post" name="weiter"> Durch löschen dieses Beitrags wird der gesamte Thread gelöscht<br /> Wenn Du sicher bist, dann bestätige mit weiter. <input type="hidden" name="action" value="delete" /> <input type="hidden" name="boardid" value="' . $boardid . '" /> <input type="hidden" name="threadid" value="' . $threadid . '" /> <input type="hidden" name="postid" value="' . $postid . '" /> <input type="hidden" name="new[page]" value="' . $page . '" /> </form>'; message($mess, 'Fehler', 2); } else { // threaddaten lesen $r_thread = db_query("SELECT\n\t\t replies,\n\t\t\t replies_del\n\t\t FROM " . $pref . "thread WHERE thread_id='{$threadid}'"); $thread = db_result($r_thread); // Boarddaten lesen $r_board = db_query("SELECT\n\t\t posts,\n\t\t\t posts_del\n\t\t FROM " . $pref . "board WHERE board_id='{$boardid}'"); // post updaten db_query("UPDATE " . $pref . "post SET\n\t\t deleted='1'\n\t\t WHERE post_id='{$postid}'"); // threaddaten updaten db_query("UPDATE " . $pref . "thread SET\n\t\t replies='" . ($thread['replies'] - 1) . "',\n\t\t replies_del='" . ($thread['replies_del'] + 1) . "'\n\t\t WHERE thread_id='{$threadid}'"); // boarddaten updaten db_query("UPDATE " . $pref . "board SET\n\t\t posts='" . ($board['posts'] - 1) . "',\n\t\t posts_del='" . ($board['posts_del'] + 1) . "'\n\t\t WHERE board_id='{$boardid}'"); // modlog $basename = basename($HTTP_SERVER_VARS["SCRIPT_NAME"]); db_query("INSERT INTO " . $pref . "modlog SET\n logtime='{$board_time}',\n loguser='******'Gast' : U_NAME) . "',\n logip='" . getenv('REMOTE_ADDR') . "',\n logfile='{$basename}',\n action='" . $action . "(p" . $postid . ")'"); message_redirect('Der Beitrag wurde als gelöscht makiert, bitte warten ...', 'showtopic.php?boardid=' . $boardid . '&threadid=' . $threadid . '&page=' . $page . '#p' . $postid); } } else { message('Bitte wäle eine Funktion aus.', 'Fehler', 0); } echo Output(Template($TBoard));
} $user = mysql_fetch_array($r_user); if ($user['userpassword'] != md5($login_password)) { $msg .= "Das Passwort ist leider falsch.<br>"; possible_flood(FLOOD_LOGIN); } if ($user['useractivate']) { $msg .= "Sie haben ihren Account noch nicht aktiviert."; } if (isset($msg) && strlen($msg) > 0) { message("Fehler", "Es sind leider Fehler aufgetreten:<font color='{$style['color_err']}'><br><br>{$msg}</font>"); } global $g_user, $s; $g_user = array(); $g_user['userisadmin'] = false; $g_user['userid'] = $user['userid']; $g_user['have_cookie'] = $login_cookie; $s = new_session(); $g_user['have_cookie'] = false; if ($login_cookie) { setcookie("thwb_cookie", md5($login_password) . $user['userid'], time() + 60 * 60 * 24 * 365); } if (empty($source)) { $source = 'index.php'; } else { $source = urldecode($source); } // $source xss vuln fix by tendor $source = str_replace(array('"', '<', '>'), array('%22', '%3c', '%3e'), $source); message_redirect('Sie wurden erfolgreich eingeloggt, bitte warten ...', $source);
} if (strlen($text) > $config['max_event_len']) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu lang, es darf maximal ' . $config['max_event_len'] . ' Zeichen lang sein.'; } if ($event['hours'] < 0 || $event['hours'] > 23) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Die Angegebene Uhrzeit ist nicht korrekt (Stunden).'; } if ($event['min'] < 0 || $event['min'] > 59) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Die Angegebene Uhrzeit ist nicht korrekt (Minuten).'; } if ($err_mess != '') { $mess = '<form action="calevent.php" name="sendback" method="post"> ' . $err_mess . ' <input type="hidden" name="back" value="1" /> <input type="hidden" name="event[day]" value="' . $event['day'] . '" /> <input type="hidden" name="m" value="' . $event['month'] . '" /> <input type="hidden" name="y" value="' . $event['year'] . '" /> <input type="hidden" name="event[hours]" value="' . $event['hours'] . '" /> <input type="hidden" name="event[min]" value="' . $event['min'] . '" /> <input type="hidden" name="event[topic]" value="' . $event['topic'] . '" /> <input type="hidden" name="event[text]" value="' . $text . '" /> <input type="hidden" name="event[report]" value="' . (isset($event['report']) ? 1 : 0) . '" /> </form>'; message($mess, 'Folgende Fehler sind aufgetreten', 1); } else { db_query("INSERT INTO " . $pref . "calendar SET\n\t\t caltime='" . mktime($event['hours'], $event['min'], 0, $event['month'], $event['day'], $event['year']) . "',\n\t\t\t caltopic='" . addslashes($event['topic']) . "',\n\t\t\t calautor='" . U_NAME . "',\n\t\t\t caltext='" . addslashes($text) . "',\n\t\t\t showasevent='" . (isset($event['report']) ? 1 : 0) . "',\n\t\t\t aktiv='1'"); message_redirect('Dein Kalendereintrag wurde aufgenommen, bitte warten ...', 'calendar.php?m=' . intval($event['month']) . '&y=' . $event['year']); } } $data['boardtable'] = Template($TNewevent); echo Output(Template($TBoard));
$r_pm = db_query("SELECT\n\t COUNT(pm_id)\n\t FROM " . $pref . "pm WHERE pm_empf='" . U_NAME . "' AND pm_gelesen='0'"); $pm = db_result($r_pm); list(, $pm_noread) = each($pm); db_query("UPDATE " . $pref . "user SET\n\t pm_count='{$pm_count}',\n\t\t pm_overflow='" . ($pm_count <= $config['max_pm_count'] ? 0 : 1) . "',\n\t\t pm_new='" . ($pm_noread == 0 ? 0 : 1) . "'\n\t WHERE user_id='" . U_ID . "'"); if ($no_delete == 1) { message('<form action="pm.php" method="post" name="weiter"> Mindestens eine der gewälten PM wurde durch Dich geschützt.</form>', 'Geschützte PM gefunden', 2); } message_redirect('PM gelöscht, bitte warten ...', 'pm.php'); } elseif ($action == 'save') { $r_pm = db_query("SELECT\n\t pm_saved\n\t FROM " . $pref . "pm WHERE pm_empf='" . U_NAME . "' AND pm_id='{$pmid}'"); if (db_rows($r_pm) == 1) { $pm = db_result($r_pm); $save = 0; if ($pm['pm_saved'] == 0) { $save = 1; } $r_pm = db_query("SELECT\n\t\t COUNT(pm_id)\n\t\t FROM " . $pref . "pm WHERE pm_empf='" . U_NAME . "' AND pm_saved='1'"); $pm = db_result($r_pm); list(, $saved_pms) = each($pm); if ($saved_pms >= $config['max_pm_saved'] && $save == 1) { message('Du kannst maximal ' . $config['max_pm_saved'] . ' PMs schützen.', 'Maximum erreicht', 0); } db_query("UPDATE " . $pref . "pm SET\n\t\t pm_saved='{$save}'\n\t\t WHERE pm_id='{$pmid}'"); } message_redirect('PM-Sicherung bearbeitet, bitte warten ...', 'pm.php'); } else { message('Bitte Eine Funktion wählen.', 'Fehler', 0); } $data['boardtable'] = Template($TPm); echo Output(Template($TBoard));
function event_delete() { global $vars, $phpcdb, $phpc_script; $html = tag('div', attributes('class="phpc-container"')); if (empty($vars["eid"])) { $message = __('No event selected.'); $html->add(tag('div', $message)); return $html; } if (is_array($vars["eid"])) { $eids = $vars["eid"]; } else { $eids = array($vars["eid"]); } if (empty($vars["confirm"])) { $list = tag('ul'); foreach ($eids as $eid) { $event = new PhpcEvent($phpcdb->get_event_by_eid($eid)); $list->add(tag('li', "{$eid}: " . $event->get_subject())); } $html->add(tag('div', __('Confirm you want to delete:'))); $html->add($list); $html->add(" [ ", create_action_link(__('Confirm'), "event_delete", array("eid" => $eids, "confirm" => "1")), " ] "); $html->add(" [ ", create_action_link(__('Deny'), "display_month"), " ] "); return $html; } $removed_events = array(); $unremoved_events = array(); $permission_denied = array(); foreach ($eids as $eid) { $event = new PhpcEvent($phpcdb->get_event_by_eid($eid)); if (!$event->can_modify()) { $permission_denied[] = $eid; } else { if ($phpcdb->delete_event($eid)) { $removed_events[] = $eid; } else { $unremoved_events[] = $eid; } } } if (sizeof($removed_events) > 0) { if (sizeof($removed_events) == 1) { $text = __("Removed event"); } else { $text = __("Removed events"); } $text .= ': ' . implode(', ', $removed_events); $html->add(tag('div', $text)); } if (sizeof($unremoved_events) > 0) { if (sizeof($unremoved_events) == 1) { $text = __("Could not remove event"); } else { $text = __("Could not remove events"); } $text .= ': ' . implode(', ', $unremoved_events); $html->add(tag('div', $text)); } if (sizeof($permission_denied) > 0) { if (sizeof($permission_denied) == 1) { $text = __("You do not have permission to remove event"); } else { $text = __("You do not have permission to remove events"); } $text .= ': ' . implode(', ', $permission_denied); $html->add(tag('div', $text)); } return message_redirect($html, $phpc_script); }
function process_form() { global $vars, $phpcdb, $phpc_cal, $phpcid, $phpc_script; if (!isset($vars['eid']) && !isset($vars['oid'])) { soft_error(__("Cannot create occurrence.")); } $start_ts = get_timestamp("start"); $end_ts = get_timestamp("end"); switch ($vars["time-type"]) { case 'normal': $time_type = 0; break; case 'full': $time_type = 1; break; case 'tba': $time_type = 2; break; default: soft_error(__("Unrecognized Time Type.")); } $duration = $end_ts - $start_ts; if ($duration < 0) { soft_error(__("An event cannot have an end earlier than its start.")); } verify_token(); if (!$phpc_cal->can_write()) { permission_error(__('You do not have permission to write to this calendar.')); } if (!isset($vars['oid'])) { $modify = false; if (!isset($vars["eid"])) { soft_error(__("EID not set.")); } $oid = $phpcdb->create_occurrence($vars["eid"], $time_type, $start_ts, $end_ts); } else { $modify = true; $oid = $vars["oid"]; $phpcdb->modify_occurrence($oid, $time_type, $start_ts, $end_ts); } if ($oid != 0) { if ($modify) { $message = __("Modified occurence: "); } else { $message = __("Created occurence: "); } return message_redirect(tag('', $message, create_event_link($oid, 'display_event', $oid)), "{$phpc_script}?action=display_event&phpcid={$phpcid}&oid={$oid}"); } else { return message_redirect(__('Error submitting occurrence.'), "{$phpc_script}?action=display_month&phpcid={$phpcid}"); } }
function display_phpc() { global $phpc_messages, $phpc_redirect, $phpc_script, $phpc_prefix; $navbar = false; try { $content = do_action(); $navbar = navbar(); if (sizeof($phpc_messages) > 0) { $messages = tag('div', attrs('class="phpc-message"')); foreach ($phpc_messages as $message) { $messages->add($message); } // If we're redirecting, the messages might not get // seen, so don't clear them if (empty($phpc_redirect)) { $_SESSION["{$phpc_prefix}messages"] = NULL; } } else { $messages = ''; } return tag('', $navbar, $messages, $content, footer()); } catch (PermissionException $e) { $results = tag(''); // TODO: make navbar show if there is an error in do_action() if ($navbar !== false) { $results->add($navbar); } $msg = __('You do not have permission to do that: ') . $e->getMessage(); $results->add(tag('div', attrs('class="phpc-message ui-state-error"'), $msg)); if (is_user()) { return $results; } else { return message_redirect($msg, "{$phpc_script}?action=login"); } } catch (Exception $e) { $results = tag(''); if ($navbar !== false) { $results->add($navbar); } $results->add(tag('div', attrs('class="phpc-main"'), tag('h2', __('Error')), tag('p', $e->getMessage()), tag('h3', __('Backtrace')), tag('pre', phpc_html_escape($e->getTraceAsString())))); return $results; } }