function mediashare_source_zip_view(&$args)
{
$albumId = mediashareGetIntUrl('aid', $args, 0);
if (isset($_POST['saveButton'])) {
return mediashareSourceZipUpload($args);
}
if (isset($_POST['moreButton']) || isset($_POST['continueButton'])) {
// After upload - update items and then continue to next page
if (!mediashareSourceZipUpdate()) {
return false;
}
}
if (isset($_POST['cancelButton']) || isset($_POST['continueButton'])) {
return pnRedirect(pnModURL('mediashare', 'edit', 'view', array('aid' => $albumId)));
}
if (isset($_POST['moreButton'])) {
return pnRedirect(pnModURL('mediashare', 'edit', 'addmedia', array('aid' => $albumId, 'source' => 'zip')));
}
// FIXME Required globals??
pnModAPILoad('mediashare', 'edit');
$uploadInfo = pnModAPIFunc('mediashare', 'source_zip', 'getUploadInfo');
$render =& pnRender::getInstance('mediashare', false);
$render->assign('imageNum', 1);
$render->assign('uploadFields', array(1));
$render->assign('post_max_size', $uploadInfo['post_max_size']);
$render->assign('upload_max_filesize', $uploadInfo['upload_max_filesize']);
return $render->fetch('mediashare_source_zip_view.html');
}
function mediashare_external_pasteitem($args)
{
// FIXME access check
$albumId = mediashareGetIntUrl('aid', $args, 0);
$mediaId = mediashareGetIntUrl('mid', $args, 0);
$mode = FormUtil::getPassedValue('mode');
if (isset($_POST['backButton'])) {
return pnRedirect(pnModUrl('mediashare', 'external', 'finditem', array('aid' => $albumId, 'mid' => $mediaId, 'mode' => $mode)));
}
$mediaItem = pnModAPIFunc('mediashare', 'user', 'getMediaItem', array('mediaId' => $mediaId));
/*
if (!($handler = pnModAPIFunc('mediashare', 'mediahandler', 'loadHandler', array('handlerName' => $mediaItem['mediaHandler'])))) {
return false;
}
*/
$render =& pnRender::getInstance('mediashare', false);
mediashareExternalLoadTheme($render);
$render->assign('albumId', $albumId);
$render->assign('mediaId', $mediaId);
$render->assign('mediaItem', $mediaItem);
if ($mediaItem['mediaHandler'] != 'extapp') {
$mediadir = pnModAPIFunc('mediashare', 'user', 'getRelativeMediadir');
$render->assign('thumbnailUrl', $mediadir . $mediaItem['thumbnailRef']);
$render->assign('previewUrl', $mediadir . $mediaItem['previewRef']);
$render->assign('originalUrl', $mediadir . $mediaItem['originalRef']);
} else {
$render->assign('thumbnailUrl', "{$mediaItem['thumbnailRef']}");
$render->assign('previewUrl', "{$mediaItem['previewRef']}");
$render->assign('originalUrl', "{$mediaItem['originalRef']}");
}
$render->assign('mode', $mode);
echo $render->fetch('mediashare_external_pasteitem.html');
return true;
}
function access_user_login($uname, $pass, $url, $rememberme)
{
if (pnUserLogIn($uname, $pass, $rememberme)) {
redirect_index(_LOGGINGYOU, $url);
} else {
pnRedirect('user.php?stop=1');
}
}
function admin_menu($help_file = '')
{
$pntable = pnDBGetTables();
list($newsubs) = db_select_one_row("SELECT count(*) FROM {$pntable['queue']}");
if (!pnSecAuthAction(0, "::", '::', ACCESS_EDIT)) {
// suppress admin display - return to index.
pnRedirect('index.php');
} else {
menu_title('admin.php', _ADMINMENU);
menu_graphic(pnConfigGetVar('admingraphic'));
if ($help_file != '') {
menu_help($help_file, _ONLINEMANUAL);
}
$mods = pnModGetAdminMods();
if ($mods == false) {
// there aren't admin modules
return;
}
foreach ($mods as $mod) {
// Hack until the new news module comes into being
// TODO - remove this at appropriate time
if ($mod['name'] == 'AddStory') {
$mod['name'] = 'Stories';
}
if (pnSecAuthAction(0, "{$mod['name']}::", '::', ACCESS_EDIT)) {
if (file_exists("modules/" . pnVarPrepForOS($mod['directory']) . "/pnadmin.php")) {
$file = "modules/" . pnVarPrepForOS($mod['directory']) . "/pnimages/admin.";
if (file_exists($file . 'gif')) {
$imgfile = $file . 'gif';
} elseif (file_exists($file . 'jpg')) {
$imgfile = $file . 'jpg';
} elseif (file_exists($file . 'png')) {
$imgfile = $file . 'png';
} else {
$imgfile = 'modules/NS-Admin/images/default.gif';
}
menu_add_option(pnVarPrepForDisplay(pnModURL($mod['name'], 'admin')), $mod['displayname'], $imgfile);
} else {
$file = "modules/" . pnVarPrepForOS($mod['directory']) . "/images/admin.";
if (file_exists($file . 'gif')) {
$imgfile = $file . 'gif';
} elseif (file_exists($file . 'jpg')) {
$imgfile = $file . 'jpg';
} elseif (file_exists($file . 'png')) {
$imgfile = $file . 'png';
} else {
$imgfile = 'modules/NS-Admin/images/default.gif';
}
menu_add_option("admin.php?module={$mod['directory']}&op=main", $mod['displayname'], $imgfile);
}
}
}
}
}
function dplink_user_main()
{
$url = trim(pnModGetVar('dplink', 'url'));
$window = pnModGetVar('dplink', 'use_window');
$wrap = pnModGetVar('dplink', 'use_postwrap');
$user_data = array();
$home = pnGetBaseURL();
$home .= 'user.php?op=loginscreen&module=NS-User';
if (!pnUserLoggedIn()) {
pnRedirect($home);
}
// We need to get the user password string from the database
$uid = pnUserGetVar('uid');
list($dbconn) = pnDBGetConn();
$pntables = pnDBGetTables();
$usertable = $pntables['users'];
$usercol =& $pntables['users_column'];
$sql = "SELECT {$usercol['uname']}, {$usercol['pass']}, {$usercol['name']}, {$usercol['email']} " . "FROM {$usertable} WHERE {$usercol['uid']} = {$uid}";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
die('Could not get user details');
}
if ($result->EOF) {
die('Could not get user detail');
}
list($uname, $password, $user_name, $user_email) = $result->fields;
$result->Close();
$user_data['login'] = $uname;
$user_data['passwd'] = $password;
$user_data['name'] = $user_name;
$user_data['email'] = $user_email;
$parm = serialize($user_data);
$check = md5($parm);
$cparm = gzcompress($parm);
$bparm = urlencode(base64_encode($cparm));
if ($window) {
$url .= '/index.php?login=pn&userdata=' . $bparm . '&check=' . $check;
header('Location: ' . $url);
} else {
$url .= '/index.php?login=pn%26userdata=' . $bparm . '%26check=' . $check;
if ($wrap) {
header('Location: modules.php?op=modload&name=PostWrap&file=index&page=' . $url);
} else {
header('Location: modules.php?op=modload&name=dplink&file=index&url=' . $url);
}
}
exit;
}
/**
* Update 123FlashChat Settings
*
* @author Tree Florian
* @return mixed true if successful, false if unsuccessful, error string otherwise
*/
function FlashChatBridge_admin_updateconfig()
{
// Security check
if (!SecurityUtil::checkPermission('FlashChatBridge::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// get settings from form - do before authid check
$settings = FormUtil::getPassedValue('settings', null, 'POST');
// if this form wasnt posted to redirect back
if ($settings === NULL) {
return pnRedirect(pnModURL('Settings', 'admin', 'modifyconfig'));
}
/*
// confirm the forms auth key
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError();
}
*/
$lastchar = substr($settings['client_path'], -1);
if ($lastchar != "\\" && $lastchar != "/" && $settings['client_path'] != "") {
$settings['client_path'] = $settings['client_path'] . "/";
}
$settings['server_data_path'] = str_replace("\\", "/", $settings['server_data_path']);
$lastchar = substr($settings['server_data_path'], -1);
if ($lastchar != "\\" && $lastchar != "/" && $settings['client_path'] != "") {
$settings['server_data_path'] = $settings['server_data_path'] . "/";
}
$settings['active_chat_standard'] = $settings['active_chat_standard'] == 1 ? 1 : 0;
$settings['active_chat_html'] = $settings['active_chat_html'] == 1 ? 1 : 0;
$settings['active_chat_avatar'] = $settings['active_chat_avatar'] == 1 ? 1 : 0;
$settings['active_chat_live'] = $settings['active_chat_live'] == 1 ? 1 : 0;
$settings['active_chat_pocket'] = $settings['active_chat_pocket'] == 1 ? 1 : 0;
$settings['active_chat_lite'] = $settings['active_chat_lite'] == 1 ? 1 : 0;
$settings['active_chat_banner'] = $settings['active_chat_banner'] == 1 ? 1 : 0;
// Write the vars
//$configvars = pnModGetVar('FlashChatBridge');
foreach ($settings as $key => $value) {
pnModSetVar('FlashChatBridge', $key, $value);
}
//$configvars = pnModGetVar('FlashChatBridge');
// Let any other modules know that the modules configuration has been updated
pnModCallHooks('module', 'updateconfig', 'FlashChatBridge', array('module' => 'FlashChatBridge'));
return pnRedirect(pnModURL('FlashChatBridge', 'admin', 'modifyconfig'));
}
function Meds_user_search($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
return pnVarPrepHTMLDisplay(_MODULENOAUTH);
}
// Clean any search data.
list($search, $q, $active) = pnVarCleanFromInput('search', 'q', 'active');
if (isset($q)) {
$search[trade] = $q;
$search[type] = "phrase";
}
// Get any results from the database.
$results = pnModAPIFunc('Meds', 'user', 'search_result', array('search' => $search));
$count = count($results);
if (!is_array($results)) {
$count = 0;
}
//a little written summary of what was searched for
if ($active) {
$summary = pnModFunc('Meds', 'user', 'search_summary', array('search' => $search, 'count' => $count));
}
if ($count == 1 && is_array($results) && pnSecAuthAction(0, 'Meds::', '::', ACCESS_READ)) {
pnRedirect(pnModURL('Meds', 'user', 'display', array('search' => $search, 'med_id' => $results[0]['med_id'])));
}
// Start a new output object.
$pnRender =& new pnRender('Meds');
$pnRender->caching = false;
$pnRender->assign('summary', $summary);
$pnRender->assign('search', $search);
$pnRender->assign('results', $results);
$pnRender->assign('count', $count);
$pnRender->assign(pnModAPIFunc('Meds', 'user', 'getall_selects'));
// Return search form.
return $pnRender->fetch('meds_user_search.htm');
}
}
switch ($op) {
case 'modload':
define("LOADED_AS_MODULE", "1");
include_once 'includes/pnAPI.php';
if (!function_exists('pnsessionsetup')) {
pnInit();
}
include_once 'includes/legacy.php';
// eugenio themeover 20020413
// pnThemeLoad();
// Module not found error msg 08/08/00 Chris Bowler www.aquanuke.com
if (file_exists('modules/' . pnVarPrepForOS($name) . '/' . pnVarPrepForOS($file) . '.php')) {
include 'modules/' . pnVarPrepForOS($name) . '/' . pnVarPrepForOS($file) . '.php';
} else {
pnRedirect('error.php');
}
if (function_exists('session_write_close')) {
session_write_close();
} else {
// Hack for old versions of PHP with bad session save
$sessvars = '';
foreach ($GLOBALS as $k => $v) {
if (preg_match('/^PNSV/', $k) && isset($v)) {
$sessvars .= "{$k}|" . serialize($v);
}
}
pnSessionWrite(session_id(), $sessvars);
}
break;
default:
/**
* Update the configuration
*
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
* Modify configuration
*
* @author Jim McDonald
* @param bold print items in bold
* @param itemsperpage number of items per page
*/
function Example_admin_updateconfig()
{
// Security check - important to do this as early as possible to avoid
// potential security holes or just too much wasted processing
if (!pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) {
return pnVarPrepHTMLDisplay(_MODULENOAUTH);
}
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
list($bold, $itemsperpage) = pnVarCleanFromInput('bold', 'itemsperpage');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Example', 'admin', 'view'));
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be empty, so it is important to check them all and assign them
// default values if required.
// ** Please note pnVarCleanFromInput will always return a set variable, even
// it's empty so isset() checking is not appropriate.
if (empty($bold)) {
$bold = false;
}
pnModSetVar('Example', 'bold', (bool) $bold);
if (empty($itemsperpage)) {
$itemsperpage = 10;
}
// make sure $itemsperpage is a positive integer
if (!is_integer($itemsperpage) || $itemsperpage < 1) {
pnSessionSetVar('errormsg', pnVarPrepForDisplay(_EXAMPLEITEMSPERPAGE));
$itemsperpage = (int) $itemsperpage;
if ($itemsperpage < 1) {
$itemsperpage = 25;
}
}
pnModSetVar('Example', 'itemsperpage', $itemsperpage);
// The configuration has been changed, so we clear all caches for
// this module.
$pnRender =& new pnRender('Example');
// Please note that by using clear_cache without any parameter,
// we clear all cached pages for this module.
$pnRender->clear_cache();
// the module configuration has been updated successfuly
pnSessionSetVar('statusmsg', _CONFIGUPDATED);
// Let any other modules know that the modules configuration has been updated
pnModCallHooks('module', 'updateconfig', 'Example', array('module' => 'Example'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
return pnRedirect(pnModURL('Example', 'admin', 'view'));
}
function Lenses_user_view($args)
{
// Security check
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) {
return pnVarPrepHTMLDisplay(_NOTSUBSCRIBED);
}
list($phrase, $q, $display_phrase, $search, $or, $and, $markings, $markings2, $wizard) = pnVarCleanFromInput('phrase', 'q', 'display_phrase', 'search', 'or', 'and', 'markings', 'markings2', 'wizard');
//print_r($or);
//print_r($search);
if (isset($q)) {
$phrase = $q;
}
//echo ("here");
//echo($q);
//echo ($phrase);
/*
The following will require some explanation. I want the search to be very dynamic, and I wanted to be able to take the user's input from the search form and create an SQL query from it. I did this by creating several arrays that will ultimately be passed to the API function. This includes the
*/
//the $or_array will have this structure: =>[field]=array (value, value...), where the key is a database field. The API will eventually parse this to make part of the SQL statement: "...WHERE (key = 'value' OR key='value...)"
$or_array = array();
//the $and_array will have the same structure: =>[field]=array (value, value...), where the key is a database field. The API will eventually parse this to make part of the SQL statement: "...WHERE (key = 'value' AND key='value...)". The only difference is the values will be separated by "AND".
$and_array = array();
//The and_or array. Each array contains an array where the key is a field name and the value is a search value, like this: =>[0] => ([field1]=>value1, [field2]=>value2,..)... This will ultimately be parsed to look like this: "...WHERE (field1 = value1 OR field2=value2...). This is different from the or_array in that different fields can be used.
$and_or_array = array();
//the $select array is a list of database fields for which the user has specified an interest.
//the following values will be defaults to be displayed
$select = array('tid', 'name', 'comp_name', 'discontinued', 'max_minus', 'max_plus', 'toric', 'bifocal', 'cosmetic', 'max_cyl_power', 'max_add');
//if the user is simply searching for a lens by name the $phrase variable will have been passed. Since it may contain multiple words, it will be exploded and all terms will be searched in the names and aliases fields.
if (isset($phrase) && $phrase != "") {
$phrase_array = explode(" ", $phrase);
//print_r($phrase_array);
$i = 0;
foreach ($phrase_array as $value) {
$and_or_array[$i][name] = " LIKE '%{$value}%'";
$and_or_array[$i][aliases] = " LIKE '%{$value}%'";
$i++;
}
//this is just a term to display on the search results page
$display_phrase = "that contain the phrase '" . $phrase . "'";
}
// if a phrase isn't passed to this fuction, assume the more "advanced" search is being requested
// Clean input to this function.
//the search array will be passed with database fields as keys and search criterion as values. The API will eventually parse this into the SQL statement. The values from the $or and $and arrays will be added to the appropriate arrays that will be passed to the API.
foreach ($or as $value) {
$temp = pnVarCleanFromInput($value);
if (is_array($temp)) {
$or_array[$value] = $temp;
$select[] = $value;
}
}
foreach ($and as $value) {
$temp = pnVarCleanFromInput($value);
if (is_array($temp)) {
$and_array[$value] = $temp;
$select[] = $value;
}
}
foreach ($search as $key => $value) {
//echo ($key." : ".$value."<br/>");
if ($value != '0') {
$select[] = $key;
}
}
//check to see if 'markings' was passed - indicates user is searching by toric markings...
//there's gotta be a better way to do this....
if ($markings != "") {
$and_array[markings][0] = $markings;
}
if ($markings2 != "") {
$and_array[markings][1] = $markings2;
}
//die;
// Data called by other modules.
extract($args);
// add these fields to the select array. Some may have already been present, so the weed out the items that are not unique. Then, the array will be reduced to the top 9 items so there aren't too many fields displayed in the search results table
$select = array_values(array_unique($select));
// The API function is called. The arguments to the function are passed in
// as their own arguments array
$items = pnModAPIFunc('Lenses', 'user', 'getlist', array('search' => $search, 'or_array' => $or_array, 'and_array' => $and_array, 'and_or_array' => $and_or_array, 'select' => $select));
//print_r ($items);//die;
// if no items were found and the user was searching for a phrase, will do a full-text search for this phrase and hopefully find something
if (!$items && isset($phrase)) {
$display_phrase = " whose content includes: '{$phrase}'";
$items = pnModAPIFunc('Lenses', 'user', 'getlist', array('search' => $search, 'phrase' => $phrase, 'select' => $select));
}
//count the items.
$count = count($items);
//If there is only one result (and the user has permission), go directly to that lens.
if ($count == 1 && is_array($items) && pnSecAuthAction(0, 'Lenses::', '::', ACCESS_READ)) {
pnRedirect(pnModURL('Lenses', 'user', 'display', array('tid' => $items[0]['tid'])));
}
//just to be thorough, if the user is searching for a lens by a phrase, check to see if there's any company names that match that phrase. This will be displayed with a statement saying something like "were you looking for lenses made by..."
$company_options = pnModAPIFunc('Lenses', 'user', 'getcompany', array('phrase_array' => $phrase_array));
// The return value of the function is checked here, and if the function
// suceeded then an appropriate message is posted.
//if (!$items && !$company_options) return pnVarPrepHTMLDisplay(_LENSESITEMFAILED);
//if the user was searching by company, find the company name by looking at the first lens returned and capturing it's company name (this should work because ALL lenses returned should be manufactured by this company...
if ($display_phrase == "company") {
$display_phrase = " that are manufactured by " . $items[0][comp_name];
}
// Create output object
$pnRender =& new pnRender('Lenses');
//get the company data for the drop-down boxes for the search forms
$opt_companies = pnModAPIFunc('Lenses', 'user', 'getall', array('item_type' => 'companies'));
$opt_polymers = pnModAPIFunc('Lenses', 'user', 'getall', array('item_type' => 'polymers'));
$pnRender->assign('opt_companies', $opt_companies);
$pnRender->assign('opt_polymers', $opt_polymers);
//count recently searched lenses (saved as an array of IDs in a session variable)
$saved_lens_count = count(pnSessionGetVar('saved_lens_array'));
$pnRender->assign('saved_lens_count', $saved_lens_count);
$pnRender->assign('count', $count);
$pnRender->assign('display_phrase', $display_phrase);
$pnRender->assign('search', $search);
$pnRender->assign('phrase', $phrase);
$pnRender->assign('wizard', $wizard);
$pnRender->assign('select', array_flip($select));
$pnRender->assign('lenses', $items);
$pnRender->assign('company_options', $company_options);
// Return the output that has been generated by this function
return $pnRender->fetch('lenses_user_view.htm');
}
if (substr($module, 0, 3) == 'NS-') {
$function = substr($module, 3) . '_user_';
} else {
$function = $module . '_user_';
}
$function_op = $function . $op;
$function_main = $function . 'main';
if (function_exists($function_op)) {
$function_op($_REQUEST);
exit;
} elseif (function_exists($function_main)) {
$function_main($_REQUEST);
exit;
} else {
// die("error : user_execute($file,$function_op)");
pnRedirect('index.php');
return true;
}
}
// when we are here, the call is the result of an action
// requested by a (legacy) Your_Account plugin.
// Get all user modules...
$usermods = pnModGetUserMods();
// since the your account module does't have index.php/pnuser.php it
// won't be listed as user_capable hence we need to manually add it to
// our result set. [markwest]
$usermods[] = pnModGetInfo(pnModGetIDFromName('Your_Account'));
// ...and run the requested action (specified by $op)
foreach ($usermods as $usermod) {
if (@is_dir($dir = 'modules/' . $usermod['directory'] . '/user/case/')) {
$casedir = opendir($dir);
* http://postcalendar.tv
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
/*******************************************************
This file is for the old module load routine
You can now link the module in a menu using the
module name enclosed with brackets
(ex: [PostCalendar])
*******************************************************/
if (!defined("LOADED_AS_MODULE")) {
echo 'You may not access this module directly';
} else {
pnRedirect(pnModURL(pnVarCleanFromInput('name'), 'user', 'main'));
}
function user_admin_setConfig($var)
{
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
// Escape some characters in these variables.
// hehe, I like doing this, much cleaner :-)
$fixvars = array();
// todo: make FixConfigQuotes global / replace with other function
foreach ($fixvars as $v) {
// $var[$v] = FixConfigQuotes($var[$v]);
}
// Set any numerical variables that havn't been set, to 0. i.e. paranoia check :-)
$fixvars = array();
foreach ($fixvars as $v) {
if (empty($var[$v])) {
$var[$v] = 0;
}
}
// all variables starting with x are the config vars.
while (list($key, $val) = each($var)) {
if (substr($key, 0, 1) == 'x') {
pnConfigSetVar(substr($key, 1), $val);
}
}
pnRedirect('admin.php');
}
function modules_admin_regenerate()
{
// Security check
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
// Load in API
pnModAPILoad('Modules', 'admin');
// Regenerate modules
if (pnModAPIFunc('Modules', 'admin', 'regenerate')) {
// Success
pnSessionSetVar('statusmsg', _MODREGENERATED);
}
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
/**
* This is a standard function to update the configuration parameters of the
* module given the information passed back by the modification form
*/
function template_admin_updateconfig()
{
// Get parameters from whatever input we need. All arguments to this
// function should be obtained from pnVarCleanFromInput(), getting them
// from other places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
$bold = pnVarCleanFromInput('bold');
// Confirm authorisation code. This checks that the form had a valid
// authorisation code attached to it. If it did not then the function will
// proceed no further as it is possible that this is an attempt at sending
// in false data to the system
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Template', 'admin', 'view'));
return true;
}
// Update module variables. Note that depending on the HTML structure used
// to obtain the information from the user it is possible that the values
// might be unset, so it is important to check them all and assign them
// default values if required
if (!isset($bold)) {
$bold = 0;
}
pnModSetVar('template', 'bold', $bold);
if (!isset($itemsperpage)) {
$itemsperpage = 10;
}
pnModSetVar('template', 'itemsperpage', $itemsperpage);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect(pnModURL('Template', 'admin', 'view'));
// Return
return true;
}
function Lenses_admin_update_company($args)
{
// Clean input from the form.
$company = pnVarCleanFromInput('company');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
// Attempt to update company.
if (pnModAPIFunc('Lenses', 'admin', 'update_company', array('company' => $company))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_companies'));
}
function pollCollector($pollID, $voteID, $forwarder)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// Check that the user hasn't voted for this poll already
if (pnSessionGetVar("poll_voted{$pollID}")) {
$warn = "You already voted today!";
} else {
pnSessionSetVar("poll_voted{$pollID}", 1);
$column =& $pntable['poll_data_column'];
$dbconn->Execute("UPDATE {$pntable['poll_data']} SET {$column['optioncount']}={$column['optioncount']}+1 WHERE ({$column['pollid']}=" . (int) pnVarPrepForStore($pollID) . ") AND ({$column['voteid']}=" . (int) pnVarPrepForStore($voteID) . ")");
$column =& $pntable['poll_desc_column'];
$dbconn->Execute("UPDATE {$pntable['poll_desc']} SET {$column['voters']}={$column['voters']}+1 WHERE {$column['pollid']}=" . (int) pnVarPrepForStore($pollID) . "");
}
pnRedirect($forwarder);
}
function referers_admin_delete($var)
{
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
if (!pnSecAuthAction(0, 'Referers::', '::', ACCESS_ADMIN)) {
include 'header.php';
echo _REFERERSDELNOAUTH;
include 'footer.php';
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$dbconn->Execute("DELETE FROM {$pntable['referer']}");
pnRedirect('admin.php');
}
function mediashare_admin_onoffsources()
{
$dom = ZLanguage::getModuleDomain('mediashare');
if (FormUtil::getPassedValue('id')) {
if (!pnModAPIFunc('mediashare', 'sources', 'OnOffSources', array('id' => FormUtil::getPassedValue('id'), 'active' => FormUtil::getPassedValue('active')))) {
return false;
}
}
LogUtil::registerStatus(__('Done!', $dom));
return pnRedirect(pnModURL('mediashare', 'admin', 'plugins'));
}
<?php
if (!defined("LOADED_AS_MODULE")) {
die("You cannot access this file directly");
}
if (!pnLocalReferer()) {
die("You cannot access this file from an external site");
}
if (!$url) {
die("You must use the {} calling method in your menu, not []");
}
$home = pnGetBaseURL();
$home .= "user.php?op=loginscreen&module=NS-User";
if (!pnUserLoggedIn()) {
pnRedirect($home);
}
include "header.php";
echo "<iframe name='dplink' src='{$url}' width='100%' height='1600'\nmarginwidth=0 marginheight=0 frameborder=0></iframe>";
include "footer.php";
function mediashareUpdateAccess($args)
{
if (!SecurityUtil::confirmAuthKey()) {
return LogUtil::registerAuthidError();
}
$albumId = mediashareGetIntUrl('aid', $args, 1);
if (!($groups = pnModAPIFunc('mediashare', 'edit', 'getAccessGroups'))) {
return false;
}
$access = array();
foreach ($groups as $group) {
$accessView = FormUtil::getPassedValue('accessView' . $group['groupId']) != null;
$accessEditAlbum = FormUtil::getPassedValue('accessEditAlbum' . $group['groupId']) != null;
$accessEditMedia = FormUtil::getPassedValue('accessEditMedia' . $group['groupId']) != null;
$accessAddAlbum = FormUtil::getPassedValue('accessAddAlbum' . $group['groupId']) != null;
$accessAddMedia = FormUtil::getPassedValue('accessAddMedia' . $group['groupId']) != null;
$access[] = array('groupId' => $group['groupId'], 'accessView' => $accessView, 'accessEditAlbum' => $accessEditAlbum, 'accessEditMedia' => $accessEditMedia, 'accessAddAlbum' => $accessAddAlbum, 'accessAddMedia' => $accessAddMedia);
}
if (!pnModAPIFunc('mediashare', 'edit', 'updateAccessSettings', array('albumId' => $albumId, 'access' => $access))) {
return false;
}
return pnRedirect(pnModURL('mediashare', 'edit', 'view', array('aid' => $albumId)));
}
// Original Author of file: Francisco Burzi
// Purpose of file: Displays a printer friendly (story) page
// ----------------------------------------------------------------------
include 'includes/pnAPI.php';
pnInit();
include 'includes/legacy.php';
// eugenio themeover 20020413
// pnThemeLoad();
if (!isset($sid) || !is_numeric($sid)) {
include 'header.php';
echo _MODARGSERROR;
include 'footer.php';
exit;
}
if (!pnLocalReferer() && pnConfigGetVar('refereronprint')) {
pnRedirect("modules.php?op=modload&name=News&file=article&sid={$sid}");
exit;
}
function PrintPage($sid)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// grab the actual story from the database
$column =& $pntable['stories_column'];
$result = $dbconn->Execute("SELECT {$column['title']},\n {$column['time']},\n {$column['hometext']},\n {$column['bodytext']},\n {$column['topic']},\n {$column['notes']},\n {$column['cid']},\n {$column['aid']}\n FROM {$pntable['stories']} where {$column['sid']} = '" . pnVarPrepForStore($sid) . "'");
list($title, $time, $hometext, $bodytext, $topic, $notes, $cid, $aid) = $result->fields;
if (!isset($title) || $title == '') {
include 'header.php';
echo _DBSELECTERROR;
include 'footer.php';
exit;
function mediashare_invitation_open()
{
$key = FormUtil::getPassedValue('inv');
$result = pnModAPIFunc('mediashare', 'invitation', 'register', array('key' => $key));
if ($result === false) {
return false;
} else {
if (!$result['ok']) {
return $result['message'];
}
}
return pnRedirect(pnModURL('mediashare', 'user', 'view', array('aid' => $result['albumId'])));
}
function deletemsg()
{
list($mid, $ok) = pnVarCleanFromInput('mid', 'ok');
if (!isset($ok)) {
$ok = 0;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['message_column'];
$result = $dbconn->Execute("SELECT {$column['title']}\n FROM {$pntable['message']}\n WHERE {$column['mid']} = '" . pnVarPrepForStore($mid) . "'");
list($title) = $result->fields;
$result->Close();
if (!pnSecAuthAction(0, 'Messages::', "{$title}::{$mid}", ACCESS_DELETE)) {
include 'header.php';
echo _MESSAGESDELNOAUTH;
include 'footer.php';
return;
}
if ($ok) {
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
return;
}
$result = $dbconn->Execute("DELETE FROM {$pntable['message']}\n WHERE {$column['mid']}='" . pnVarPrepForStore($mid) . "'");
if ($dbconn->ErrorNo() != 0) {
error_log("Error: " . $dbconn->ErrorMsg());
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
return;
}
pnRedirect('admin.php?module=' . $GLOBALS['module'] . '&op=messages');
} else {
include "header.php";
GraphicAdmin();
OpenTable();
echo "<center><font class=\"pn-title\"><b>" . _MESSAGESADMIN . "</b></font></center>";
CloseTable();
OpenTable();
echo "<center><font class=\"pn-normal\">" . _REMOVEMSG . " <b>{$mid} </font></b>";
echo "<table><tr><td>\n";
echo myTextForm("admin.php?module=" . $GLOBALS['module'] . "&op=messages", _NO);
echo "</td><td>\n";
echo myTextForm("admin.php?module=" . $GLOBALS['module'] . "&op=deletemsg&mid={$mid}&ok=1&authid=" . pnSecGenAuthKey(), _YES);
echo "</td></tr></table>\n";
echo "</center>\n";
CloseTable();
include "footer.php";
}
}
function Lenses_admin_update_lens($args)
{
// Clean input from the form.
$lens_data = pnVarCleanFromInput('lens_data');
$bc = pnVarCleanFromInput('bc');
$enh_colors = pnVarCleanFromInput('enh_colors');
$opaque_colors = pnVarCleanFromInput('opaque_colors');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
//take the arrays for the base curves and the simple opaque and enhancer colors
//and create a string that's added to the appropriate parts of the $lens_data array
$lens_data[bc_simple] = $bc[0] . " " . $bc[1] . " " . $bc[2];
$lens_data[enh_names_simple] = "";
$lens_data[opaque_names_simple] = "";
foreach ($enh_colors as $value) {
$lens_data[enh_names_simple] .= $value . " ";
}
foreach ($opaque_colors as $value) {
$lens_data[opaque_names_simple] .= $value . " ";
}
// Attempt to update lens.
if (pnModAPIFunc('Lenses', 'admin', 'update_lens', array('lens_data' => $lens_data))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'user', 'view', array('tid' => $lens_data[tid])));
}
function dplink_admin_updateconfig()
{
// Get parameters from whatever input we need.
$_loc = pnVarCleanFromInput('url');
$_window = pnVarCleanFromInput('use_window');
$_wrap = pnVarCleanFromInput('use_postwrap');
// Confirm authorisation code.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('dplink', 'admin', ''));
return true;
}
// Update module variables.
pnModSetVar('dplink', 'url', $_loc);
pnModSetVar('dplink', 'use_window', $_window);
pnModSetVar('dplink', 'use_postwrap', $_wrap);
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
pnRedirect('admin.php');
// Return
return true;
}
/**
* display item
* This is a standard function to provide detailed information on a single item
* available from the module.
*/
function postcalendar_user_display($args)
{
list($eid, $viewtype, $tplview, $pc_username, $Date, $print, $category, $topic, $pc_facility) = pnVarCleanFromInput('eid', 'viewtype', 'tplview', 'pc_username', 'Date', 'print', 'pc_category', 'pc_topic', 'pc_facility');
// added to allow the view & providers to remain as the user last saw it -- JRM
if ($_SESSION['viewtype']) {
$viewtype = $_SESSION['viewtype'];
}
if ($_SESSION['pc_username']) {
$pc_username = $_SESSION['pc_username'];
}
// funky things happen if the view is 'details' and we don't have an event ID
// so in such a case, we're going to revert to the 'day' view -- JRM
if ($viewtype == 'details' && (!isset($eid) || $eid == "")) {
$_SESSION['viewtype'] = 'day';
$viewtype = $_SESSION['viewtype'];
}
extract($args);
if (empty($Date) && empty($viewtype)) {
return false;
}
if (empty($tplview)) {
$tplview = 'default';
}
$uid = pnUserGetVar('uid');
$theme = pnUserGetTheme();
//$cacheid = md5($Date.$viewtype.$tplview._SETTING_TEMPLATE.$eid.$print.$uid.'u'.$pc_username.$theme.'c'.$category.'t'.$topic);
$cacheid = md5(strtotime("now"));
switch ($viewtype) {
case 'details':
if (!(bool) PC_ACCESS_READ) {
return _POSTCALENDARNOAUTH;
}
$event = pnModAPIFunc('PostCalendar', 'user', 'eventDetail', array('eid' => $eid, 'Date' => $Date, 'print' => $print, 'cacheid' => $cacheid));
if ($event === false) {
pnRedirect(pnModURL(__POSTCALENDAR__, 'user'));
}
$out = "\n\n<!-- START user_display -->\n\n";
$out .= $event;
$out .= "\n\n<!-- END user_display -->\n\n";
break;
default:
if (!(bool) PC_ACCESS_OVERVIEW) {
return _POSTCALENDARNOAUTH;
}
$out = "\n\n<!-- START user_display -->\n\n";
$out .= pnModAPIFunc('PostCalendar', 'user', 'buildView', array('Date' => $Date, 'viewtype' => $viewtype, 'cacheid' => $cacheid));
$out .= "\n\n<!-- END user_display -->\n\n";
break;
}
// Return the output that has been generated by this function
return $out;
}
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Francisco Burzi
// Purpose of file: Displays a printer friendly (story) page
// ----------------------------------------------------------------------
include 'includes/pnAPI.php';
pnInit();
// get story id from input
$sid = pnVarCleanFromInput('sid');
if (empty($sid) || !is_numeric($sid) || !pnModAvailable('News')) {
header('HTTP/1.0 404 Not Found');
include 'header.php';
echo _MODARGSERROR;
include 'footer.php';
exit;
}
if (!pnLocalReferer() && pnConfigGetVar('refereronprint')) {
Header('HTTP/1.1 301 Moved Permanently');
pnRedirect("index.php?name=News&file=article&sid={$sid}");
exit;
} else {
pnRedirect('index.php?name=News&file=article&sid=' . $sid . '&theme=Printer');
}
exit;
} else {
if (!pnModAvailable($module) || !pnSecAuthAction(0, "{$module}::", '::', ACCESS_EDIT)) {
// call for an unavailable module - either not available or not authorized
header('HTTP/1.0 403 Access Denied');
include 'header.php';
echo 'Module <strong>' . pnVarPrepForDisplay($module) . '</strong> not available';
include 'footer.php';
exit;
}
}
// get the module information
$modinfo = pnModGetInfo(pnModGetIDFromName($module));
if ($modinfo['type'] == 2 || $modinfo['type'] == 3) {
// Redirect to new style admin panel
pnRedirect(pnModURL($module, 'admin'));
exit;
}
if (!file_exists($adminfile = 'modules/' . pnVarPrepForOS($modinfo['directory']) . '/admin.php')) {
// Module claims to be old-style, but no admin.php present - quit here
header('HTTP/1.0 404 Not Found');
include 'header.php';
echo 'Wrong call for Adminfunction in Module <strong>' . pnVarPrepForDisplay($module) . '</strong>';
include 'footer.php';
exit;
}
/**
* old style module administration
*/
list($func, $op, $name, $file, $type) = pnVarCleanFromInput('func', 'op', 'name', 'file', 'type');
// load the legacy includes
function renameGroup()
{
$module = pnVarCleanFromInput('module');
list($gid, $gname) = pnVarCleanFromInput('gid', 'gname');
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$groupstable = $pntable['groups'];
$groupscolumn =& $pntable['groups_column'];
// Get details on current group
$query = "SELECT {$groupscolumn['name']}\n FROM {$groupstable}\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID {$gid}");
}
list($oldgname) = $result->fields;
$result->Close();
if (!pnSecAuthAction(0, 'Groups::', "{$oldgname}::{$gid}", ACCESS_EDIT)) {
include 'header.php';
GraphicAdmin();
OpenTable();
echo "<CENTER><A HREF=\"admin.php?module=" . $module . "&op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>" . _GROUPADMIN . "</B></FONT></A><font class=\"pn-normal\">: " . pnVarPrepForDisplay($gname) . "</font></CENTER>";
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
$query = "UPDATE {$groupstable}\n SET {$groupscolumn['name']}=\"{$gname}\"\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'";
$dbconn->Execute($query);
pnRedirect('admin.php?module=' . $module . '&op=secviewgroup&gid=' . $gid);
}
