function view($id, $params) { global $my, $mainframe, $database, $option, $priTask, $subTask; global $WBG_CONFIG, $wbGalleryDB_cat; $limit = (int) mosGetParam($_REQUEST, 'limit', $params->get('list_limit', $mainframe->getCfg('list_limit', 15))); $limitstart = (int) mosGetParam($_REQUEST, 'limitstart', 0); $page = (int) mosGetParam($_REQUEST, 'page', 0); // No ID.. Do we have a Parameter? if (!$id) { $id = $params->get('cid', 0); } // Ahh.. Page Defined... SEF is Talking if ($page) { $limitstart = $limit * ($page - 1); } // Load Category $row = new wbGalleryDB_cat($database); $row->load($id); if ($row->id && $row->access > $my->gid) { mosNotAuth(); return; } // Load Sub Categories $query = "\r\n SELECT c.*, COUNT(DISTINCT sc.id) AS total_subcats\r\n FROM #__wbgallery_cat AS c\r\n LEFT JOIN #__wbgallery_cat AS sc ON (sc.parent_id = c.id AND c.published = 1)\r\n WHERE c.parent_id = " . (int) $id . "\r\n AND c.published = 1\r\n AND c.access <= " . (int) $my->gid . "\r\n GROUP BY c.id\r\n ORDER BY c.ordering ASC\r\n "; $database->setQuery($query); $subcats = $database->loadObjectList(); echo $database->getErrorMsg(); // Load Sub Category Thumbnails ( if not already found ) for ($i = 0; $i < count($subcats); $i++) { if (!$sc->file) { $imgData = $wbGalleryDB_cat->getSubCatImg($subcats[$i]->id); $subcats[$i]->img_id = $imgData->img_id; $subcats[$i]->img_file = $imgData->img_file; $subcats[$i]->img_name = $imgData->img_name; } } // Count Images $database->setQuery("\r\n SELECT COUNT(DISTINCT i.id)\r\n FROM #__wbgallery_img AS i\r\n WHERE i.cat_id = " . (int) $id . "\r\n AND i.published = 1\r\n "); $total = $database->loadResult(); // Load Images $database->setQuery("\r\n SELECT i.*\r\n FROM #__wbgallery_img AS i\r\n WHERE i.cat_id = " . (int) $id . "\r\n AND i.published = 1\r\n ORDER BY i.ordering ASC\r\n LIMIT {$limitstart}, {$limit}\r\n "); $images = $database->loadObjectList(); echo $database->getErrorMsg(); // Page Navigation require_once $mainframe->getCfg('absolute_path') . '/includes/pageNavigation.php'; $pageNav = new mosPageNav($total, $limitstart, $limit); wbGallery_cat_html::view($row, $subcats, $images, $pageNav, $params); }
function view($id, $params) { global $my, $mainframe, $database, $option, $priTask, $subTask; global $WBG_CONFIG, $wbGalleryDB_cat; if (!$id) { $id = $params->get('id', 0); } // Load Image $row = new wbGalleryDB_img($database); $row->load($id); if (!$row->id) { echo "<script> alert('Image Not Found'); window.history.go(-1); </script>\n"; exit; } // Track Hit $row->hit(); // Load Category if ($row->cat_id != '0') { $cat = new wbGalleryDB_cat($database); $cat->load($row->cat_id); if (!$cat->id) { echo "<script> alert('Category Not Found'); window.history.go(-1); </script>\n"; exit; } if ($cat->access > $my->gid) { mosNotAuth(); exit; } } // Load Prev / Next $neighbors = $row->getNeighbors(); // Load Related Images $database->setQuery("\r\r\n SELECT i.*\r\r\n FROM #__wbgallery_img AS i\r\r\n WHERE i.cat_id = " . (int) $row->cat_id . "\r\r\n AND i.id != " . (int) $row->id . "\r\r\n AND i.published = 1\r\r\n ORDER BY i.hits DESC\r\r\n , i.ordering ASC\r\r\n LIMIT 0, " . $params->get('related_list_limit', $mainframe->getCfg('list_limit', 15)) . "\r\r\n "); $related = $database->loadObjectList(); echo $database->getErrorMsg(); wbGallery_img_html::view($row, $cat, $neighbors, $related, $params); }
function dofreePDF() { global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset; global $mainframe, $database, $my; $id = intval(mosGetParam($_REQUEST, 'id', 1)); $gid = $my->gid; $now = _CURRENT_SERVER_TIME; $nullDate = $database->getNullDate(); // query to check for state and access levels $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $id . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )"; $database->setQuery($query); $row = NULL; if ($database->loadObject($row)) { /* * check whether category is published */ if (!$row->cat_pub && $row->catid) { mosNotAuth(); return; } /* * check whether section is published */ if (!$row->sec_pub && $row->sectionid) { mosNotAuth(); return; } /* * check whether category access level allows access */ if ($row->cat_access > $gid && $row->catid) { mosNotAuth(); return; } /* * check whether section access level allows access */ if ($row->sec_access > $gid && $row->sectionid) { mosNotAuth(); return; } include 'includes/class.ezpdf.php'; $params = new mosParameters($row->attribs); $params->def('author', !$mainframe->getCfg('hideAuthor')); $params->def('createdate', !$mainframe->getCfg('hideCreateDate')); $params->def('modifydate', !$mainframe->getCfg('hideModifyDate')); $row->fulltext = pdfCleaner($row->fulltext); $row->introtext = pdfCleaner($row->introtext); $pdf = new Cezpdf('a4', 'P'); //A4 Portrait $pdf->ezSetCmMargins(2, 1.5, 1, 1); $pdf->selectFont('./fonts/Helvetica.afm'); //choose font $all = $pdf->openObject(); $pdf->saveState(); $pdf->setStrokeColor(0, 0, 0, 1); // footer $pdf->addText(250, 822, 6, $mosConfig_sitename); $pdf->line(10, 40, 578, 40); $pdf->line(10, 818, 578, 818); $pdf->addText(30, 34, 6, $mosConfig_live_site); $pdf->addText(250, 34, 6, _PDF_POWERED); $pdf->addText(450, 34, 6, _PDF_GENERATED . ' ' . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60)); $pdf->restoreState(); $pdf->closeObject(); $pdf->addObject($all, 'all'); $pdf->ezSetDy(30); $txt1 = $row->title; $pdf->ezText($txt1, 14); $txt2 = AuthorDateLine($row, $params); $pdf->ezText($txt2, 8); $txt3 = $row->introtext . "\n" . $row->fulltext; $pdf->ezText($txt3, 10); $pdf->ezStream(); } else { mosNotAuth(); return; } }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == "0") { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, "usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == "1") { $row->activation = md5(mosMakePassword()); $row->block = "1"; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == "1") { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
function getFeedType($rawfeed) { global $mosConfig_absolute_path; $feed = mosGetParam($_GET, 'feed', 'RSS2.0'); $feed = strtolower(str_replace('.', '', $feed)); $legal = array('rss20', 'rss10', 'rss091', 'atom10', 'opml'); if (in_array($feed, $legal)) { return $mosConfig_absolute_path . '/cache/' . $feed . '.xml'; } else { mosNotAuth(); return ''; } }
function showFeed($feedid) { global $database, $mainframe, $mosConfig_absolute_path, $mosConfig_cachepath, $Itemid, $my; // check if cache directory is writeable $cacheDir = $mosConfig_cachepath . '/'; if (!is_writable($cacheDir)) { echo 'Cache Directory Unwriteable'; return; } require_once $mainframe->getPath('class'); $newsfeed = new mosNewsFeed($database); $newsfeed->load((int) $feedid); /* * Check if newsfeed is published */ if (!$newsfeed->published) { mosNotAuth(); return; } $category = new mosCategory($database); $category->load((int) $newsfeed->catid); /* * Check if newsfeed category is published */ if (!$category->published) { mosNotAuth(); return; } /* * check whether category access level allows access */ if ($category->access > $my->gid) { mosNotAuth(); return; } // full RSS parser used to access image information require_once $mosConfig_absolute_path . '/includes/domit/xml_domit_rss.php'; $LitePath = $mosConfig_absolute_path . '/includes/Cache/Lite.php'; // Adds parameter handling $menu = $mainframe->get('menu'); $params = new mosParameters($menu->params); $params->def('page_title', 1); $params->def('header', $menu->name); $params->def('pageclass_sfx', ''); $params->def('back_button', $mainframe->getCfg('back_button')); // Feed Display control $params->def('feed_image', 1); $params->def('feed_descr', 1); $params->def('item_descr', 1); $params->def('word_count', 0); // Encoding $params->def('utf8', 1); if (!$params->get('page_title')) { $params->set('header', ''); } $and = ''; if ($feedid) { $and = "\n AND id = {$feedid}"; } $mainframe->SetPageTitle($menu->name); HTML_newsfeed::showNewsfeeds($newsfeed, $LitePath, $cacheDir, $params); }
/** * Saves the record on an edit form submit * @param database A database connector object */ function saveWeblink($option) { global $database, $my; if ($my->gid < 1) { mosNotAuth(); return; } // security check to see if link exists in a menu $link = 'index.php?option=com_weblinks&task=new'; $query = "SELECT id" . "\n FROM #__menu" . "\n WHERE link LIKE '%{$link}%'" . "\n AND published = 1"; $database->setQuery($query); $exists = $database->loadResult(); if (!$exists) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosWeblink($database); if (!$row->bind($_POST, 'published')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // sanitise id field // $row->id = (int) $row->id; // until full edit capabilities are given for weblinks - limit saving to new weblinks only $row->id = 0; $isNew = $row->id < 1; $row->date = date('Y-m-d H:i:s'); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // admin users gid $gid = 25; // list of admins $query = "SELECT email, name" . "\n FROM #__users" . "\n WHERE gid = " . (int) $gid . "\n AND sendEmail = 1"; $database->setQuery($query); if (!$database->query()) { echo $database->stderr(true); return; } $adminRows = $database->loadObjectList(); // send email notification to admins foreach ($adminRows as $adminRow) { mosSendAdminMail($adminRow->name, $adminRow->email, '', 'Weblink', $row->title, $my->username); } $msg = $isNew ? _THANK_SUB : ''; mosRedirect('index.php', $msg); }
function activate($option) { global $database, $my; global $mosConfig_useractivation, $mosConfig_allowUserRegistration; if ($my->id) { // They're already logged in, so redirect them to the home page mosRedirect('index.php'); } if ($mosConfig_allowUserRegistration == '0' || $mosConfig_useractivation == '0') { mosNotAuth(); return; } $activation = stripslashes(mosGetParam($_REQUEST, 'activation', '')); if (empty($activation)) { echo _REG_ACTIVATE_NOT_FOUND; return; } $query = "SELECT id" . "\n FROM #__users" . "\n WHERE activation = " . $database->Quote($activation) . "\n AND block = 1"; $database->setQuery($query); $result = $database->loadResult(); if ($result) { $query = "UPDATE #__users" . "\n SET block = 0, activation = ''" . "\n WHERE activation = " . $database->Quote($activation) . "\n AND block = 1"; $database->setQuery($query); if (!$database->query()) { if (!defined(_REG_ACTIVATE_FAILURE)) { DEFINE('_REG_ACTIVATE_FAILURE', '<div class="componentheading">Activation Failed!</div><br />The system was unable to activate your account, please contact the site administrator.'); } echo _REG_ACTIVATE_FAILURE; } else { echo _REG_ACTIVATE_COMPLETE; } } else { echo _REG_ACTIVATE_NOT_FOUND; } }
/** * Saves the record on an edit form submit * @param database A database connector object */ function saveWeblink($option) { global $database, $my; if ($my->gid < 1) { mosNotAuth(); return; } $row = new mosWeblink($database); if (!$row->bind($_POST, "approved published")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = $row->id < 1; $row->date = date("Y-m-d H:i:s"); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); /** Notify admin's */ $query = "SELECT email, name" . "\n FROM #__users" . "\n WHERE usertype = 'superadministrator'" . "\n AND sendemail = '1'"; $database->setQuery($query); if (!$database->query()) { echo $database->stderr(true); return; } $adminRows = $database->loadObjectList(); foreach ($adminRows as $adminRow) { $type = "Weblink"; $title = $linktitle; mosSendAdminMail($adminRow->name, $adminRow->email, "", $type, $row->title, $my->name); } $msg = $isNew ? _THANK_SUB : ''; $Itemid = mosGetParam($_POST, 'Returnid', ''); mosRedirect('index.php?Itemid=' . $Itemid . '&mosmsg=' . $msg); }
function activate($option) { global $database; global $mosConfig_useractivation, $mosConfig_allowUserRegistration; if ($mosConfig_allowUserRegistration == '0' || $mosConfig_useractivation == '0') { mosNotAuth(); return; } $activation = mosGetParam($_REQUEST, 'activation', ''); $activation = $database->getEscaped($activation); if (empty($activation)) { echo '<div class="componentheading">' . T_('Invalid Activation Link!') . '</div><br />'; echo T_('There is no such account in our database or the account has already been activated.'); return; } $database->setQuery("SELECT username FROM #__users" . "\n WHERE activation='{$activation}' AND block='1'"); $username = $database->loadResult(); if ($username) { $database->setQuery("UPDATE #__users SET block='0', activation='' WHERE activation='{$activation}' AND block='1'"); if (!$database->query()) { echo "SQL error" . $database->stderr(true); } echo '<div class="componentheading">' . T_('Activation Complete!') . '</div><br />'; echo T_('Your account has been activated successfully. You can now login using the username and password you chose during registration.'); $loginfo = new mosLoginDetails($username); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); $mambothandler->trigger('userActivate', array($loginfo)); } else { echo '<div class="componentheading">' . T_('Invalid Activation Link!') . '</div><br />'; echo T_('There is no such account in our database or the account has already been activated.'); } }
function vCard($id) { global $database; global $mosConfig_sitename, $mosConfig_live_site; $contact = new mosContact($database); $contact->load((int) $id); $params = new mosParameters($contact->params); $show = $params->get('vcard', 0); if ($show) { // check to see if VCard option hsa been activated $name = explode(' ', $contact->name); $count = count($name); // handles conversion of name entry into firstname, surname, middlename distinction $surname = ''; $middlename = ''; switch ($count) { case 1: $firstname = $name[0]; break; case 2: $firstname = $name[0]; $surname = $name[1]; break; default: $firstname = $name[0]; $surname = $name[$count - 1]; for ($i = 1; $i < $count - 1; $i++) { $middlename .= $name[$i] . ' '; } break; } $middlename = trim($middlename); $v = new MambovCard(); $v->setPhoneNumber($contact->telephone, 'PREF;WORK;VOICE'); $v->setPhoneNumber($contact->fax, 'WORK;FAX'); $v->setName($surname, $firstname, $middlename, ''); $v->setAddress('', '', $contact->address, $contact->suburb, $contact->state, $contact->postcode, $contact->country, 'WORK;POSTAL'); $v->setEmail($contact->email_to); $v->setNote($contact->misc); $v->setURL($mosConfig_live_site, 'WORK'); $v->setTitle($contact->con_position); $v->setOrg($mosConfig_sitename); $filename = str_replace(' ', '_', $contact->name); $v->setFilename($filename); $output = $v->getVCard($mosConfig_sitename); $filename = $v->getFileName(); // header info for page header('Content-Disposition: attachment; filename=' . $filename); header('Content-Length: ' . strlen($output)); header('Connection: close'); header('Content-Type: text/x-vCard; name=' . $filename); header('Cache-Control: store, cache'); header('Pragma: cache'); print $output; } else { mosNotAuth(); return; } }
function CheckIn($userid, $access, $option) { global $database; global $mosConfig_db; if (!($access->canEdit || $access->canEditOwn || $userid > 0)) { mosNotAuth(); return; } $lt = mysql_list_tables($mosConfig_db); $k = 0; echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\">"; while (list($tn) = mysql_fetch_array($lt)) { // only check in the mos_* tables if (strpos($tn, $database->_table_prefix) !== 0) { continue; } $lf = mysql_list_fields($mosConfig_db, "{$tn}"); $nf = mysql_num_fields($lf); $checked_out = false; $editor = false; for ($i = 0; $i < $nf; $i++) { $fname = mysql_field_name($lf, $i); if ($fname == "checked_out") { $checked_out = true; } else { if ($fname == "editor") { $editor = true; } } } if ($checked_out) { if ($editor) { $database->setQuery("SELECT checked_out, editor FROM {$tn} WHERE checked_out > 0 AND checked_out={$userid}"); } else { $database->setQuery("SELECT checked_out FROM {$tn} WHERE checked_out > 0 AND checked_out={$userid}"); } $res = $database->query(); $num = $database->getNumRows($res); if ($editor) { $database->setQuery("UPDATE {$tn} SET checked_out=0, checked_out_time='00:00:00', editor=NULL WHERE checked_out > 0"); } else { $database->setQuery("UPDATE {$tn} SET checked_out=0, checked_out_time='0000-00-00 00:00:00' WHERE checked_out > 0"); } $res = $database->query(); if ($res == 1) { if ($num > 0) { echo "\n<tr class=\"row{$k}\">"; echo "\n\t<td width=\"250\">"; echo T_('Checking table'); echo " - {$tn}</td>"; echo "\n\t<td>"; printf(Tn_('Checked in %d item', 'Checked in %d items', $num), $num); echo T_(); echo "</td>"; echo "\n</tr>"; } $k = 1 - $k; } } } ?> <tr> <td colspan="2"><strong><?php echo T_('All items checked out have now been checked in'); ?> </strong></td> </tr> </table> <?php }
function userSave($option, $uid) { global $database, $my, $mosConfig_frontend_userparams; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); $row->load((int) $user_id); $orig_password = $row->password; $orig_username = $row->username; if (!$row->bind($_POST, 'gid usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); mosMakeHtmlSafe($row); if (isset($_POST['password']) && $_POST['password'] != '') { if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } else { echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $orig_password; } if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) { // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // check if username has been changed if ($orig_username != $row->username) { // change username value in session table $query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0"; $database->setQuery($query); $database->query(); } mosRedirect('index.php', _USER_DETAILS_SAVE); }
/** * Saves the record on an edit form submit * @param database A database connector object */ function saveWeblink($option) { global $database, $my, $mosConfig_absolute_path, $mosConfig_mailfrom; if ($my->gid < 1) { mosNotAuth(); return; } $row = new mosWeblink($database); if (!$row->bind($_POST, "approved published")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // sanitize $row->id = intval($row->id); $isNew = $row->id < 1; $row->date = date("Y-m-d H:i:s"); $row->title = $database->getEscaped($row->title); $row->catid = $database->getEscaped($row->catid); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // messaging for new items require_once $mosConfig_absolute_path . '/components/com_messages/messages.class.php'; $query = "SELECT id,email FROM #__users WHERE sendEmail = '1'"; $database->setQuery($query); $rows = $database->loadObjectList(); foreach ($rows as $user) { // admin message $msg = new mosMessage($database); $msg->send($my->id, $user->id, T_("New Item"), sprintf(T_('A new WebLink has been submitted by [ %s ] titled [ %s ] '), $my->username, $row->title)); // email message mosMail($mosConfig_mailfrom, $mosConfig_mailfrom, $user->email, "A new Web Link has been submitted", 'A new WebLink has been submitted by [' . $my->username . '] titled [' . $row->title . ']. Please login to view and approve it.'); } $msg = $isNew ? T_('Thanks for your submission; it will be reviewed before being posted to the site.') : ''; $Itemid = mosGetParam($_POST, 'Returnid', ''); mosRedirect('index.php?Itemid=' . $Itemid, $msg); }
function saveEditTab($tab, &$user, $ui, $postdata) { if (ACA_CMSTYPE) { // joomla 15 $my =& JFactory::getUser(); if ($my->get('id') < 1) { echo JText::_('ALERTNOTAUTH'); echo "<br />" . JText::_('You need to login.'); return; } } else { //joomla 1x global $my; if (intval($my->id) < 1) { mosNotAuth(); return; } } //endif require_once ACA_JPATH_ROOT_NO_ADMIN . '/administrator/components/com_acajoom/classes/class.acajoom.php'; if (!subscribers::updateOneSubscriber($user->user_id, $user)) { $this->_setErrorMSG(_ACA_ERROR); } }
function UserView($option, $uid) { global $database; if ($uid == 0) { mosNotAuth(); return; } $user_id = intval(mosGetParam($_REQUEST, 'userid', 0)); if ($user_id == 0) { $user_id = $uid; } // echo "<script>alert('$user_id');</script>"; include_once "administrator/components/com_user_extended/user_extended.class.php"; $row = new mosUser_Extended($database); $row->load($user_id); $urow = new mosUser($database); $urow->load($user_id); $u_name = $urow->name; $u_username = $urow->username; $u_email = $urow->email; UserExtended_content::UserView($option, $row, $u_name, $u_username, $u_email); }
/** * The function from com_registration! * Registers a user into Mambo/Joomla * * @return boolean True when the registration process was successful, False when not */ function saveRegistration() { global $database, $acl, $vmLogger, $mosConfig_useractivation, $mosConfig_allowUserRegistration, $mosConfig_live_site; if ($mosConfig_allowUserRegistration == '0') { mosNotAuth(); return false; } $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } mosMakeHtmlSafe($row); $usergroup = 'Registered'; $row->id = 0; $row->usertype = $usergroup; $row->gid = $acl->get_group_id($usergroup, 'ARO'); if ($mosConfig_useractivation == '1') { $row->activation = md5(vmGenRandomPassword()); $row->block = '1'; } if (!$row->check()) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date('Y-m-d H:i:s'); if (!$row->store()) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration'; $activation_link = $mosConfig_live_site . "/index.php?option={$component}&task=activate&activation=" . $row->activation; // Send the registration email $this->_sendMail($name, $email, $username, $pwd, $activation_link); return true; }
/** * Shows the email form for a given content item. * @param int The content item id */ function emailContentSend($uid, $gid) { global $database, $mainframe; global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail; $id = intval(mosGetParam($_REQUEST, 'id', 0)); if ($id) { $query = 'SELECT attribs FROM #__content WHERE `id`=' . $id; $database->setQuery($query); $params = new mosParameters($database->loadResult()); } else { $params = new mosParameters(''); } $paramEmail = intval($params->get('email', 0)); if ($mosConfig_hideEmail && !$paramEmail) { echo _NOT_AUTH; return; } // simple spoof check security josSpoofCheck(1); // check for session cookie // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) { mosErrorAlert(_NOT_AUTH); } $itemid = intval(mosGetParam($_POST, 'itemid', 0)); $now = _CURRENT_SERVER_TIME; $nullDate = $database->getNullDate(); // query to check for state and access levels $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $uid . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )"; $database->setQuery($query); $row = NULL; if ($database->loadObject($row)) { /* * check whether category is published */ if (!$row->cat_pub && $row->catid) { mosNotAuth(); return; } /* * check whether section is published */ if (!$row->sec_pub && $row->sectionid) { mosNotAuth(); return; } /* * check whether category access level allows access */ if ($row->cat_access > $gid && $row->catid) { mosNotAuth(); return; } /* * check whether section access level allows access */ if ($row->sec_access > $gid && $row->sectionid) { mosNotAuth(); return; } $email = strval(mosGetParam($_POST, 'email', '')); $yourname = strval(mosGetParam($_POST, 'yourname', '')); $youremail = strval(mosGetParam($_POST, 'youremail', '')); $subject = strval(mosGetParam($_POST, 'subject', '')); if (empty($subject)) { $subject = _EMAIL_INFO . ' ' . $yourname; } if ($uid < 1 || !$email || !$youremail || JosIsValidEmail($email) == false || JosIsValidEmail($youremail) == false) { mosErrorAlert(_EMAIL_ERR_NOINFO); } $query = "SELECT template" . "\n FROM #__templates_menu" . "\n WHERE client_id = 0" . "\n AND menuid = 0"; $database->setQuery($query); $template = $database->loadResult(); // determine Itemid for Item if ($itemid) { $_itemid = '&Itemid=' . $itemid; } else { $itemid = $mainframe->getItemid($uid, 0, 0); $_itemid = '&Itemid=' . $itemid; } // link sent in email $link = sefRelToAbs('index.php?option=com_content&task=view&id=' . $uid . $_itemid); // message text $msg = sprintf(_EMAIL_MSG, html_entity_decode($mosConfig_sitename, ENT_QUOTES), $yourname, $youremail, $link); // mail function $success = mosMail($youremail, $yourname, $email, $subject, $msg); if (!$success) { mosErrorAlert(_EMAIL_ERR_NOINFO); } HTML_content::emailSent($email, $template); } else { mosNotAuth(); return; } }
function CheckIn($userid, $access, $option) { global $database; global $mosConfig_db; $nullDate = $database->getNullDate(); if (!($access->canEdit || $access->canEditOwn || $userid > 0)) { mosNotAuth(); return; } // security check to see if link exists in a menu $link = 'index.php?option=com_user&task=CheckIn'; $query = "SELECT id" . "\n FROM #__menu" . "\n WHERE link LIKE '%{$link}%'" . "\n AND published = 1"; $database->setQuery($query); $exists = $database->loadResult(); if (!$exists) { mosNotAuth(); return; } $lt = mysql_list_tables($mosConfig_db); $k = 0; echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\">"; while (list($tn) = mysql_fetch_array($lt)) { // only check in the jos_* tables if (strpos($tn, $database->_table_prefix) !== 0) { continue; } $lf = mysql_list_fields($mosConfig_db, "{$tn}"); $nf = mysql_num_fields($lf); $checked_out = false; $editor = false; for ($i = 0; $i < $nf; $i++) { $fname = mysql_field_name($lf, $i); if ($fname == "checked_out") { $checked_out = true; } else { if ($fname == "editor") { $editor = true; } } } if ($checked_out) { if ($editor) { $query = "SELECT checked_out, editor" . "\n FROM `{$tn}`" . "\n WHERE checked_out > 0" . "\n AND checked_out = " . (int) $userid; $database->setQuery($query); } else { $query = "SELECT checked_out" . "\n FROM `{$tn}`" . "\n WHERE checked_out > 0" . "\n AND checked_out = " . (int) $userid; $database->setQuery($query); } $res = $database->query(); $num = $database->getNumRows($res); if ($editor) { $query = "UPDATE `{$tn}`" . "\n SET checked_out = 0, checked_out_time = " . $database->Quote($nullDate) . ", editor = NULL" . "\n WHERE checked_out > 0" . "\n AND checked_out = " . (int) $userid; $database->setQuery($query); } else { $query = "UPDATE `{$tn}`" . "\n SET checked_out = 0, checked_out_time = " . $database->Quote($nullDate) . "\n WHERE checked_out > 0" . "\n AND checked_out = " . (int) $userid; $database->setQuery($query); } $res = $database->query(); if ($res == 1) { if ($num > 0) { echo "\n<tr class=\"row{$k}\">"; echo "\n\t<td width=\"250\">"; echo _CHECK_TABLE; echo " - {$tn}</td>"; echo "\n\t<td>"; echo _CHECKED_IN; echo "<b>{$num}</b>"; echo _CHECKED_IN_ITEMS; echo "</td>"; echo "\n</tr>"; } $k = 1 - $k; } } } ?> <tr> <td colspan="2"> <b><?php echo _CONF_CHECKED_IN; ?> </b> </td> </tr> </table> <?php }
/** * Shows the email form for a given content item. */ function emailContentForm($uid) { global $database, $mainframe, $my; $row = new mosContent($database); $row->load($uid); if ($row->id === null || $row->access > $my->gid) { mosNotAuth(); return; } else { $template = ''; $database->setQuery("SELECT template FROM #__templates_menu WHERE client_id = '0' AND menuid = '0'"); $template = $database->loadResult(); HTML_content::emailForm($row->id, $row->title, $template); } }
function pollresult($uid) { global $database, $Itemid; global $mainframe; $poll = new mosPoll($database); $poll->load((int) $uid); // if id value is passed and poll not published then exit if ($poll->id != '' && !$poll->published) { mosNotAuth(); return; } $first_vote = ''; $last_vote = ''; $votes = ''; /* Check if there is a poll corresponding to id and if poll is published */ if (isset($poll->id) && $poll->id != '' && $poll->published == 1) { if (empty($poll->title)) { $poll->id = ''; $poll->title = _SELECT_POLL; } $query = "SELECT MIN( date ) AS mindate, MAX( date ) AS maxdate" . "\n FROM #__poll_date" . "\n WHERE poll_id = " . (int) $poll->id; $database->setQuery($query); $dates = $database->loadObjectList(); if (isset($dates[0]->mindate)) { $first_vote = mosFormatDate($dates[0]->mindate, _DATE_FORMAT_LC2); $last_vote = mosFormatDate($dates[0]->maxdate, _DATE_FORMAT_LC2); } $query = "SELECT a.id, a.text, a.hits, b.voters" . "\n FROM #__poll_data AS a" . "\n INNER JOIN #__polls AS b ON b.id = a.pollid" . "\n WHERE a.pollid = " . (int) $poll->id . "\n AND a.text != ''" . "\n AND b.published = 1"; $database->setQuery($query); $votes = $database->loadObjectList(); } // list of polls for dropdown selection $query = "SELECT id, title" . "\n FROM #__polls" . "\n WHERE published = 1" . "\n ORDER BY id"; $database->setQuery($query); $polls = $database->loadObjectList(); // Itemid for dropdown $_Itemid = ''; if ($Itemid && $Itemid != 99999999) { $_Itemid = '&Itemid=' . $Itemid; } // dropdown output $link = sefRelToAbs('index.php?option=com_poll&task=results&id=\' + this.options[selectedIndex].value + \'' . $_Itemid . '\' + \''); $pollist = '<select name="id" class="inputbox" size="1" style="width:200px" onchange="if (this.options[selectedIndex].value != \'\') {document.location.href=\'' . $link . '\'}">'; $pollist .= '<option value="">' . _SELECT_POLL . '</option>'; for ($i = 0, $n = count($polls); $i < $n; $i++) { $k = $polls[$i]->id; $t = $polls[$i]->title; $sel = $k == intval($poll->id) ? " selected=\"selected\"" : ''; $pollist .= "\n\t<option value=\"" . $k . "\"{$sel}>" . $t . "</option>"; } $pollist .= '</select>'; // Adds parameter handling $menu = $mainframe->get('menu'); $params = new mosParameters($menu->params); $params->def('page_title', 1); $params->def('pageclass_sfx', ''); $params->def('back_button', $mainframe->getCfg('back_button')); $params->def('header', $menu->name); $mainframe->SetPageTitle($poll->title); poll_html::showResults($poll, $votes, $first_vote, $last_vote, $pollist, $params); }
function feedFrontpage($showFeed) { global $database, $mainframe; global $mosConfig_live_site, $mosConfig_cachepath; $nullDate = $database->getNullDate(); // pull id of syndication component $query = "SELECT a.id" . "\n FROM #__components AS a" . "\n WHERE ( a.admin_menu_link = 'option=com_syndicate' OR a.admin_menu_link = 'option=com_syndicate&hidemainmenu=1' )" . "\n AND a.option = 'com_syndicate'"; $database->setQuery($query); $id = $database->loadResult(); // load syndication parameters $component = new mosComponent($database); $component->load((int) $id); $params = new mosParameters($component->params); // test if security check is enbled $check = $params->def('check', 1); if ($check) { // test if rssfeed module is published // if not disable access $query = "SELECT m.id" . "\n FROM #__modules AS m" . "\n WHERE m.module = 'mod_rssfeed'" . "\n AND m.published = 1"; $database->setQuery($query); $check = $database->loadResultArray(); if (empty($check)) { mosNotAuth(); return; } } $now = _CURRENT_SERVER_TIME; $iso = split('=', _ISO); // parameter intilization $info['date'] = date('r'); $info['year'] = date('Y'); $info['encoding'] = $iso[1]; $info['link'] = htmlspecialchars($mosConfig_live_site); $info['cache'] = $params->def('cache', 1); $info['cache_time'] = $params->def('cache_time', 3600); $info['count'] = $params->def('count', 5); $info['orderby'] = $params->def('orderby', ''); $info['title'] = $params->def('title', 'Joomla! powered Site'); $info['description'] = $params->def('description', 'Joomla! site syndication'); $info['image_file'] = $params->def('image_file', 'joomla_rss.png'); if ($info['image_file'] == -1) { $info['image'] = NULL; } else { $info['image'] = $mosConfig_live_site . '/images/M_images/' . $info['image_file']; } $info['image_alt'] = $params->def('image_alt', 'Powered by Joomla!'); $info['limit_text'] = $params->def('limit_text', 0); $info['text_length'] = $params->def('text_length', 20); // get feed type from url $info['feed'] = strval(mosGetParam($_GET, 'feed', 'RSS2.0')); // live bookmarks $info['live_bookmark'] = $params->def('live_bookmark', ''); $info['bookmark_file'] = $params->def('bookmark_file', ''); // set filename for live bookmarks feed if (!$showFeed & $info['live_bookmark']) { if ($info['bookmark_file']) { // custom bookmark filename $filename = $info['bookmark_file']; } else { // standard bookmark filename $filename = $info['live_bookmark']; } } else { // set filename for rss feeds $info['file'] = strtolower(str_replace('.', '', $info['feed'])); // security check to limit arbitrary file creation. // and to allow disabling/enabling of selected feed types switch ($info['file']) { case 'rss091': if (!$params->get('rss091', 1)) { echo _NOT_AUTH; return; } break; case 'rss10': if (!$params->get('rss10', 1)) { echo _NOT_AUTH; return; } break; case 'rss20': if (!$params->get('rss20', 1)) { echo _NOT_AUTH; return; } break; case 'atom03': if (!$params->get('atom03', 1)) { echo _NOT_AUTH; return; } break; case 'opml': if (!$params->get('opml', 1)) { echo _NOT_AUTH; return; } break; default: echo _NOT_AUTH; return; break; } } $filename = $info['file'] . '.xml'; // security check to stop server path disclosure if (strstr($filename, '/')) { echo _NOT_AUTH; return; } $info['file'] = $mosConfig_cachepath . '/' . $filename; // load feed creator class $rss = new UniversalFeedCreator(); // load image creator class $image = new FeedImage(); // loads cache file if ($showFeed && $info['cache']) { $rss->useCached($info['feed'], $info['file'], $info['cache_time']); } $rss->title = $info['title']; $rss->description = $info['description']; $rss->link = $info['link']; $rss->syndicationURL = $info['link']; $rss->cssStyleSheet = NULL; $rss->encoding = $info['encoding']; if ($info['image']) { $image->url = $info['image']; $image->link = $info['link']; $image->title = $info['image_alt']; $image->description = $info['description']; // loads image info into rss array $rss->image = $image; } // Determine ordering for sql switch (strtolower($info['orderby'])) { case 'date': $orderby = 'a.created'; break; case 'rdate': $orderby = 'a.created DESC'; break; case 'alpha': $orderby = 'a.title'; break; case 'ralpha': $orderby = 'a.title DESC'; break; case 'hits': $orderby = 'a.hits DESC'; break; case 'rhits': $orderby = 'a.hits ASC'; break; case 'front': $orderby = 'f.ordering'; break; default: $orderby = 'f.ordering'; break; } // query of frontpage content items $query = "SELECT a.*, u.name AS author, u.usertype, UNIX_TIMESTAMP( a.created ) AS created_ts, cat.title AS cat_title, sec.title AS section_title" . "\n FROM #__content AS a" . "\n INNER JOIN #__content_frontpage AS f ON f.content_id = a.id" . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" . "\n LEFT JOIN #__categories AS cat ON cat.id = a.catid" . "\n LEFT JOIN #__sections AS sec ON sec.id = a.sectionid" . "\n WHERE a.state = 1" . "\n AND cat.published = 1" . "\n AND sec.published = 1" . "\n AND a.access = 0" . "\n AND cat.access = 0" . "\n AND sec.access = 0" . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )" . "\n ORDER BY {$orderby}"; $database->setQuery($query, 0, $info['count']); $rows = $database->loadObjectList(); foreach ($rows as $row) { // title for particular item $item_title = htmlspecialchars($row->title); $item_title = html_entity_decode($item_title); // url link to article // & used instead of & as this is converted by feed creator $_Itemid = ''; $itemid = $mainframe->getItemid($row->id); if ($itemid) { $_Itemid = '&Itemid=' . $itemid; } $item_link = 'index.php?option=com_content&task=view&id=' . $row->id . $_Itemid; $item_link = sefRelToAbs($item_link); // removes all formating from the intro text for the description text $item_description = $row->introtext; $item_description = mosHTML::cleanText($item_description); $item_description = html_entity_decode($item_description); if ($info['limit_text']) { if ($info['text_length']) { // limits description text to x words $item_description_array = split(' ', $item_description); $count = count($item_description_array); if ($count > $info['text_length']) { $item_description = ''; for ($a = 0; $a < $info['text_length']; $a++) { $item_description .= $item_description_array[$a] . ' '; } $item_description = trim($item_description); $item_description .= '...'; } } else { // do not include description when text_length = 0 $item_description = NULL; } } // load individual item creator class $item = new FeedItem(); // item info $item->title = $item_title; $item->link = $item_link; $item->description = $item_description; $item->source = $info['link']; $item->date = date('r', $row->created_ts); $item->category = $row->section_title . ' - ' . $row->cat_title; // loads item info into rss array $rss->addItem($item); } // save feed file $rss->saveFeed($info['feed'], $info['file'], $showFeed); }
$gid = intval($my->gid); // gets template for page $cur_template = $mainframe->getTemplate(); /** temp fix - this feature is currently disabled */ /** @global A places to store information from processing of the component */ $_MOS_OPTION = array(); // precapture the output of the component require_once $mosConfig_absolute_path . '/editor/editor.php'; ob_start(); if ($path = $mainframe->getPath('front')) { $task = mosGetParam($_REQUEST, 'task', ''); $ret = mosMenuCheck($Itemid, $option, $task, $gid); if ($ret) { require_once $path; } else { mosNotAuth(); } } else { echo _NOT_EXIST; } $_MOS_OPTION['buffer'] = ob_get_contents(); ob_end_clean(); initGzip(); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); // loads template file if (!file_exists('templates/' . $cur_template . '/index.php')) { echo _TEMPLATE_WARN . $cur_template;
function saveEditTab($tab, &$user, $ui, $postdata) { global $my; if (intval($my->id) < 1) { mosNotAuth(); return; } require_once $GLOBALS['mosConfig_absolute_path'] . '/administrator/components/com_acajoom/classes/class.acajoom.php'; if (!subscribers::updateOneSubscriber($user->user_id, $user)) { $this->_setErrorMSG(_ACA_ERROR); } }