/** * Smarty function to display admin links for the example module * based on the user's permissions * * Example * <!--[exampleadminlinks start="[" end="]" seperator="|" class="pn-menuitem-title"]--> * * @author Andreas Krapohl * @since 10/01/04 * @see function.exampleadminlinks.php::smarty_function_exampleadminlinks() * @param array $params All attributes passed to this function from the template * @param object &$smarty Reference to the Smarty object * @param string $start start string * @param string $end end string * @param string $seperator link seperator * @param string $class CSS class * @return string the results of the module function */ function smarty_function_exampleadminlinks($params, &$smarty) { extract($params); unset($params); // set some defaults if (!isset($start)) { $start = '['; } if (!isset($end)) { $end = ']'; } if (!isset($seperator)) { $seperator = '|'; } if (!isset($class)) { $class = 'pn-menuitem-title'; } $adminlinks = "<span class=\"{$class}\">{$start} "; if (pnSecAuthAction(0, 'Example::', '::', ACCESS_READ)) { $adminlinks .= "<a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'view')) . "\">" . _VIEW . "</a> "; } if (pnSecAuthAction(0, 'Example::', '::', ACCESS_ADD)) { $adminlinks .= "{$seperator} <a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'new')) . "\">" . _NEW . "</a> "; } if (pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) { $adminlinks .= "{$seperator} <a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'modifyconfig')) . "\">" . _MODIFYCONFIG . "</a> "; } $adminlinks .= "{$end}</span>\n"; return $adminlinks; }
function blocks_ephem_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['ephem_column']; $querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')"; } else { $querylang = ""; } $today = getdate(); $eday = $today['mday']; $emonth = $today['mon']; $column =& $pntable['ephem_column']; $result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}"); $boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />'; while (list($yid, $content) = $result->fields) { $result->MoveNext(); $boxstuff .= '<br /><br />'; $boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . ''; } if (empty($row['title'])) { $row['title'] = _EPHEMERIDS; } $row['content'] = $boxstuff; return themesideblock($row); }
function Tools_admin_main() { // Permission check. if (!pnSecAuthAction(0, 'Tools::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODNOAUTH); } // Create a new output object. $pnRender =& new pnRender('Tools'); // Return template. return $pnRender->fetch('tools_admin.htm'); }
function blocks_weblinks_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) { return; } $url = explode('|', $row['url']); if (!$url[0]) { $row['content'] = 'You forgot to set the module name!'; return themesideblock($row); } if (!$url[1]) { $url[1] = 10; } $links_col =& $pntable['links_links_column']; $linksok = 0; $linkcount = 0; $result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC"); while (list($cid, $title) = $result->fields) { $result->MoveNext(); $linkcount++; if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) { $linksok++; } if ($linksok == $url[1]) { break; } } $oldurl = $url[1]; $url[1] = $linkcount; $row['content'] = '<span class="pn-normal">'; $links_col =& $pntable['links_links_column']; $cats_col =& $pntable['links_categories_column']; $sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n FROM {$pntable['links_links']}\n LEFT JOIN {$pntable['links_categories']}\n ON {$cats_col['cat_id']}={$links_col['cat_id']}\n ORDER BY {$links_col['date']} DESC"; $result = $dbconn->SelectLimit($sql, $url[1]); while (!$result->EOF) { $lrow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) { $lrow['title'] = pnVarPrepForDisplay($lrow['title']); $lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']); $lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']); $row['content'] .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name={$url['0']}&file=index&req=visit&lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n"; $result->MoveNext(); } } //$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>"; $row['content'] .= '</span>'; return themesideblock($row); }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } if (!pnModAvailable('News')) { return; } $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ''; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= ' AND ('; $start_flag = true; } if ($flag) { $query .= ' OR '; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ') '; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= ' AND ('; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= ' OR '; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ') '; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != '') { if (!$no_flag) { $query .= ' AND ('; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ') '; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= ' AND'; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = '1'; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author); if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= '&bool=' . pnVarPrepForDisplay($bool); if (isset($q)) { $url .= '&q=' . pnVarPrepForDisplay($q); } $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>'); $output->Text('<dd>'); $output->Text(pnVarPrepForDisplay($row['fdate']) . ' ('); if (!empty($row['topicid'])) { $output->Text($row['topictext']); } if (!empty($row['catid'])) { $output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title'])); } $output->Text(')</dd>'); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_STORIES_TOPICS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * Update the configuration * * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form * Modify configuration * * @author Jim McDonald * @param bold print items in bold * @param itemsperpage number of items per page */ function Example_admin_updateconfig() { // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke list($bold, $itemsperpage) = pnVarCleanFromInput('bold', 'itemsperpage'); // Confirm authorisation code. This checks that the form had a valid // authorisation code attached to it. If it did not then the function will // proceed no further as it is possible that this is an attempt at sending // in false data to the system if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Example', 'admin', 'view')); } // Update module variables. Note that depending on the HTML structure used // to obtain the information from the user it is possible that the values // might be empty, so it is important to check them all and assign them // default values if required. // ** Please note pnVarCleanFromInput will always return a set variable, even // it's empty so isset() checking is not appropriate. if (empty($bold)) { $bold = false; } pnModSetVar('Example', 'bold', (bool) $bold); if (empty($itemsperpage)) { $itemsperpage = 10; } // make sure $itemsperpage is a positive integer if (!is_integer($itemsperpage) || $itemsperpage < 1) { pnSessionSetVar('errormsg', pnVarPrepForDisplay(_EXAMPLEITEMSPERPAGE)); $itemsperpage = (int) $itemsperpage; if ($itemsperpage < 1) { $itemsperpage = 25; } } pnModSetVar('Example', 'itemsperpage', $itemsperpage); // The configuration has been changed, so we clear all caches for // this module. $pnRender =& new pnRender('Example'); // Please note that by using clear_cache without any parameter, // we clear all cached pages for this module. $pnRender->clear_cache(); // the module configuration has been updated successfuly pnSessionSetVar('statusmsg', _CONFIGUPDATED); // Let any other modules know that the modules configuration has been updated pnModCallHooks('module', 'updateconfig', 'Example', array('module' => 'Example')); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work return pnRedirect(pnModURL('Example', 'admin', 'view')); }
function postcalendar_adminapi_buildAdminList($args) { extract($args); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); pnThemeLoad(pnUserGetTheme()); // get the theme globals :: is there a better way to do this? global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5; global $textcolor1, $textcolor2; $formUrl = pnModUrl(__POSTCALENDAR__, 'admin', 'adminevents'); $output->FormStart($formUrl); $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>'); $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '"><tr><td>'); $output->Text('<center><font size="4"><b>' . $title . '</b></font></center>'); $output->Text('</td></tr></table>'); $output->Text('</td></tr></table>'); $output->Linebreak(); $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>'); $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '">'); if (!$result || $result->EOF) { $output->Text('<tr><td width="100%" bgcolor="' . $bgcolor1 . '" align="center"><b>' . _PC_NO_EVENTS . '</b></td></tr>'); } else { $output->Text('<tr><td bgcolor="' . $bgcolor1 . '" align="center"><b>' . _PC_EVENTS . '</b></td></tr>'); $output->Text('<table border="0" cellpadding="2" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '">'); // build sorting urls if (!isset($sdir)) { $sdir = 1; } else { $sdir = $sdir ? 0 : 1; } $title_sort_url = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset, 'sort' => 'title', 'sdir' => $sdir)); $time_sort_url = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset, 'sort' => 'time', 'sdir' => $sdir)); $output->Text('<tr><td>select</td><td><a href="' . $title_sort_url . '">title</a></td><td><a href="' . $time_sort_url . '">timestamp</a><td></tr>'); // output the queued events $count = 0; for (; !$result->EOF; $result->MoveNext()) { list($eid, $title, $timestamp) = $result->fields; $output->Text('<tr>'); $output->Text('<td align="center" valign="top">'); $output->FormCheckbox('pc_event_id[]', false, $eid); $output->Text('</td>'); $output->Text('<td align="left" valign="top" width="100%">'); $output->URL(pnModURL(__POSTCALENDAR__, 'admin', 'edit', array('pc_event_id' => $eid)), pnVarPrepHTMLDisplay(postcalendar_removeScriptTags($title))); $output->Text('</td>'); $output->Text('<td align="left" valign="top" nowrap>'); $output->Text($timestamp); $output->Text('</td>'); $output->Text('</tr>'); $count++; } $output->Text('</table>'); } $output->Text('</td></tr></table>'); if ($result->NumRows()) { $output->Linebreak(); // action to take? $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>'); $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '"><tr>'); $output->Text('<td align="left" valign="middle">'); $seldata[0]['id'] = _ADMIN_ACTION_VIEW; $seldata[0]['selected'] = 1; $seldata[0]['name'] = _PC_ADMIN_ACTION_VIEW; $seldata[1]['id'] = _ADMIN_ACTION_APPROVE; $seldata[1]['selected'] = 0; $seldata[1]['name'] = _PC_ADMIN_ACTION_APPROVE; $seldata[2]['id'] = _ADMIN_ACTION_HIDE; $seldata[2]['selected'] = 0; $seldata[2]['name'] = _PC_ADMIN_ACTION_HIDE; $seldata[3]['id'] = _ADMIN_ACTION_DELETE; $seldata[3]['selected'] = 0; $seldata[3]['name'] = _PC_ADMIN_ACTION_DELETE; $output->FormSelectMultiple('action', $seldata); $output->FormHidden('thelist', $function); $output->FormSubmit(_PC_PERFORM_ACTION); $output->Text('</td>'); $output->Text('</tr></table>'); $output->Text('</td></tr></table>'); $output->Linebreak(); // start previous next links $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>'); $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '"><tr>'); if ($offset > 1) { $output->Text('<td align="left">'); $next_link = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset - $offset_increment, 'sort' => $sort, 'sdir' => $sdir)); $output->Text('<a href="' . $next_link . '"><< ' . _PC_PREV . ' ' . $offset_increment . '</a>'); $output->Text('</td>'); } else { $output->Text('<td align="left"><< ' . _PC_PREV . '</td>'); } if ($result->NumRows() >= $offset_increment) { $output->Text('<td align="right">'); $next_link = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset + $offset_increment, 'sort' => $sort, 'sdir' => $sdir)); $output->Text('<a href="' . $next_link . '">' . _PC_NEXT . ' ' . $offset_increment . ' >></a>'); $output->Text('</td>'); } else { $output->Text('<td align="right">' . _PC_NEXT . ' >></td>'); } $output->Text('</tr></table>'); } $output->Text('</td></tr></table>'); // end previous next links $output->FormEnd(); return $output->GetOutput(); }
function Lenses_user_compare_view($args) { if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } $lens = pnVarCleanFromInput('lens'); extract($args); //an array object that will be returned. It will be two dimensional ... $array[field][tid] $field_array = array(); $pnRender =& new pnRender('Lenses'); foreach ($lens as $tid => $value) { $temp_array = pnModAPIFunc('Lenses', 'user', 'get', array('item_type' => 'lens', 'item_id' => $tid)); foreach ($temp_array as $field => $property) { $field_array[$field][$tid] = $property; } } $pnRender->assign('field_array', $field_array); //print_r($field_array); return $pnRender->fetch('lenses_user_compare_view.htm'); }
function Lenses_adminapi_report_company($args) { // Clean $tid from input. $comp_tid = pnVarCleanFromInput('comp_tid'); // Get arguments from argument array extract($args); // Ensure valid values were passed in. if (empty($comp_tid) || !is_numeric($comp_tid)) { return pnVarPrepHTMLDisplay('Invalid company id.'); } //set up the array that will be returned $items = array(); // Get datbase setup list($dbconn) = pnDBGetConn(); //get the table info $pntable =& pnDBGetTables(); $table_lens =& $pntable['lenses']; $field_lens =& $pntable['lenses_column']; $table_polymer =& $pntable['lenses_polymers']; $field_polymer =& $pntable['lenses_polymers_column']; $sql = "SELECT * FROM {$table_lens} \n LEFT JOIN {$table_polymer} ON {$field_polymer['poly_tid']} = {$field_lens['poly_id']}\n WHERE {$field_lens['comp_id']} = {$comp_tid} AND {$field_lens['display']} = 1;"; //echo ("<p>".$sql."</p>"); $result = $dbconn->Execute($sql); //print_r ($result);die; // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { return false; } // get polymer data to switch polymer IDs for polymer names $polymer_data = pnModAPIFunc('Lenses', 'user', 'getall', array('item_type' => 'polymers')); for (; !$result->EOF; $result->MoveNext()) { list($tid, $name, $aliases, $comp_id, $poly_id, $visitint, $ew, $ct, $dk, $oz, $process_text, $process_simple, $qty, $replace_simple, $replace_text, $wear, $price, $markings, $fitting_guide, $website, $image, $other_info, $discontinued, $display, $redirect, $bc_simple, $bc_all, $max_plus, $max_minus, $max_diam, $min_diam, $diam_1, $base_curves_1, $powers_1, $diam_2, $base_curves_2, $powers_2, $diam_3, $base_curves_3, $powers_3, $sph_notes, $toric, $toric_type, $toric_type_simple, $cyl_power, $max_cyl_power, $cyl_axis, $cyl_axis_steps, $oblique, $cyl_notes, $bifocal, $bifocal_type, $add_text, $max_add, $cosmetic, $enh_names, $enh_names_simple, $opaque_names, $opaque_names_simple, $updated) = $result->fields; $items_array[$tid] = array('tid' => $tid, 'name' => $name, 'aliases' => $aliases, 'comp_id' => $comp_id, 'comp_name' => $company_data[$comp_id][comp_name], 'poly_id' => $poly_id, 'poly_name' => $polymer_data[$poly_id][poly_name], 'fda_grp' => $polymer_data[$poly_id][fda_grp], 'h2o' => $polymer_data[$poly_id][h2o], 'visitint' => $visitint, 'ew' => $ew, 'ct' => $ct, 'dk' => $dk, 'oz' => $oz, 'process_text' => $process_text, 'process_simple' => $process_simple, 'qty' => $qty, 'replace_simple' => $replace_simple, 'replace_text' => $replace_text, 'wear' => $wear, 'price' => $price, 'markings' => $markings, 'fitting_guide' => $fitting_guide, 'website' => $website, 'image' => $image, 'other_info' => $other_info, 'discontinued' => $discontinued, 'display' => $display, 'redirect' => $redirect, 'bc_simple' => $bc_simple, 'bc_all' => $bc_all, 'max_plus' => $max_plus, 'max_minus' => $max_minus, 'max_diam' => $max_diam, 'min_diam' => $min_diam, 'diam_1' => $diam_1, 'base_curves_1' => $base_curves_1, 'powers_1' => $powers_1, 'diam_2' => $diam_2, 'base_curves_2' => $base_curves_2, 'powers_2' => $powers_2, 'diam_3' => $diam_3, 'base_curves_3' => $base_curves_3, 'powers_3' => $powers_3, 'sph_notes' => $sph_notes, 'toric' => $toric, 'toric_type' => $toric_type, 'toric_type_simple' => $toric_type_simple, 'cyl_power' => $cyl_power, 'max_cyl_power' => $max_cyl_power, 'cyl_axis' => $cyl_axis, 'cyl_axis_steps' => $cyl_axis_steps, 'oblique' => $oblique, 'cyl_notes' => $cyl_notes, 'bifocal' => $bifocal, 'bifocal_type' => $bifocal_type, 'add_text' => $add_text, 'max_add' => $max_add, 'cosmetic' => $cosmetic, 'enh_names' => $enh_names, 'enh_names_simple' => $enh_names_simple, 'opaque_names' => $opaque_names, 'opaque_names_simple' => $opaque_names_simple, 'updated' => $updated); } //print_r ($items_array);die; // Return the item array return $items_array; }
function search_comments() { list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q'); if (empty($active_comments)) { return; } if (!pnModAvailable('Comments')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['comments_column']; $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, "; $query .= "{$column['sid']} as sid, {$column['pid']} as pid, {$column['comment']} as comment FROM {$pntable['comments']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['subject']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$column['comment']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['subject']}"; if (empty($total)) { $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_comments=1&bool={$bool}&q={$q}"; $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $row['comment'] = strip_tags($row['comment']); if (strlen($row['comment']) > 128) { $row['comment'] = substr($row['comment'], 0, 125) . '...'; } if ($row[subject] == "") { $row[subject] = "No title"; } if ($row[pid] != 0) { // comment with parent posting $output->Text("<dt><a href=\"index.php?name=Comments&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">" . pnVarPrepHTMLDisplay($row[subject]) . "</a></dt>"); } else { // comment without parent posting $output->Text("<dt><a href=\"index.php?name=Comments&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">" . pnVarPrepHTMLDisplay($row[subject]) . "</a></dt>"); } $output->Text("<dd>" . pnVarPrepForDisplay($row[comment]) . "</dd>"); $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_COMMENTS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function Lenses_admin_search_report($args) { // Clean input from the form. $time = pnVarCleanFromInput('time'); // Extract any extra arguments. extract($args); // Permission check. if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Start a new output object. $pnRender =& new pnRender('Lenses'); // Call API function to get all lenses. $lenses_data = pnModAPIFunc('Lenses', 'user', 'search_report', array('time' => $time)); // // Assign $lenses to template. $pnRender->assign('lenses_data', $lenses_data); $pnRender->assign('time', $time); // Return templated output. return $pnRender->fetch('lenses_admin_search_report.htm'); }
function postcalendar_admin_testSystem() { global $bgcolor1, $bgcolor2; if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $pcDir = pnVarPrepForOS($modinfo['directory']); $version = $modinfo['version']; unset($modinfo); $tpl = new pcSmarty(); $infos = array(); if (phpversion() >= '4.1.0') { $__SERVER =& $_SERVER; $__ENV =& $_ENV; } else { $__SERVER =& $HTTP_SERVER_VARS; $__ENV =& $HTTP_ENV_VARS; } if (defined('_PN_VERSION_NUM')) { $pnVersion = _PN_VERSION_NUM; } else { $pnVersion = pnConfigGetVar('Version_Num'); } array_push($infos, array('CMS Version', $pnVersion)); array_push($infos, array('Sitename', pnConfigGetVar('sitename'))); array_push($infos, array('url', pnGetBaseURL())); array_push($infos, array('PHP Version', phpversion())); if ((bool) ini_get('safe_mode')) { $safe_mode = "On"; } else { $safe_mode = "Off"; } array_push($infos, array('PHP safe_mode', $safe_mode)); if ((bool) ini_get('safe_mode_gid')) { $safe_mode_gid = "On"; } else { $safe_mode_gid = "Off"; } array_push($infos, array('PHP safe_mode_gid', $safe_mode_gid)); $base_dir = ini_get('open_basedir'); if (!empty($base_dir)) { $open_basedir = "{$base_dir}"; } else { $open_basedir = "NULL"; } array_push($infos, array('PHP open_basedir', $open_basedir)); array_push($infos, array('SAPI', php_sapi_name())); array_push($infos, array('OS', php_uname())); array_push($infos, array('WebServer', $__SERVER['SERVER_SOFTWARE'])); array_push($infos, array('Module dir', "modules/{$pcDir}")); $modversion = array(); include "modules/{$pcDir}/pnversion.php"; $error = ''; if ($modversion['version'] != $version) { $error = '<br /><div style=\\"color: red;\\">'; $error .= "new version {$modversion['version']} installed but not updated!"; $error .= '</div>'; } array_push($infos, array('Module version', $version . " {$error}")); array_push($infos, array('smarty version', $tpl->_version)); array_push($infos, array('smarty location', SMARTY_DIR)); array_push($infos, array('smarty template dir', $tpl->template_dir)); $info = $tpl->compile_dir; $error = ''; if (!file_exists($tpl->compile_dir)) { $error .= " compile dir doesn't exist! [{$tpl->compile_dir}]<br />"; } else { // dir exists -> check if it's writeable if (!is_writeable($tpl->compile_dir)) { $error .= " compile dir not writeable! [{$tpl->compile_dir}]<br />"; } } if (strlen($error) > 0) { $info .= "<br /><div style=\"color: red;\">{$error}</div>"; } array_push($infos, array('smarty compile dir', $info)); $info = $tpl->cache_dir; $error = ""; if (!file_exists($tpl->cache_dir)) { $error .= " cache dir doesn't exist! [{$tpl->cache_dir}]<br />"; } else { // dir exists -> check if it's writeable if (!is_writeable($tpl->cache_dir)) { $error .= " cache dir not writeable! [{$tpl->cache_dir}]<br />"; } } if (strlen($error) > 0) { $info .= "<br /><div style=\"color: red;\">{$error}</div>"; } array_push($infos, array('smarty cache dir', $info)); $header = <<<EOF \t<html> \t<head></head> \t<body bgcolor= EOF; $header .= '"' . $GLOBALS['style']['BGCOLOR2'] . '">'; $output .= $header; $output = postcalendar_adminmenu(); $output .= '<table border="1" cellpadding="3" cellspacing="1">'; $output .= ' <tr><th align="left">Name</th><th align="left">Value</th>'; $output .= '</tr>'; foreach ($infos as $info) { $output .= '<tr><td ><b>' . pnVarPrepHTMLDisplay($info[0]) . '</b></td>'; $output .= '<td>' . pnVarPrepHTMLDisplay($info[1]) . '</td></tr>'; } $output .= '</table>'; $output .= '<br /><br />'; $output .= postcalendar_admin_modifyconfig('', false); $output .= "</body></html>"; return $output; }
/** * display block */ function admin_messages_messagesblock_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!isset($row['title'])) { $row['title'] = ''; } if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) { return; } $messagestable = $pntable['message']; $messagescolumn =& $pntable['message_column']; if (pnConfigGetVar('multilingual') == 1) { $currentlang = pnUserGetLang(); $querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')"; } else { $querylang = ''; } $sql = "SELECT {$messagescolumn['mid']},\n {$messagescolumn['title']},\n {$messagescolumn['content']},\n {$messagescolumn['date']},\n {$messagescolumn['view']}\n FROM {$messagestable}\n WHERE {$messagescolumn['active']} = 1 \n AND ( {$messagescolumn['expire']} > unix_timestamp(now())\n OR {$messagescolumn['expire']} = 0)\n {$querylang}\n ORDER by {$messagescolumn['mid']} DESC"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return; } $output = new pnHTML(); while (list($mid, $title, $content, $date, $view) = $result->fields) { $result->MoveNext(); $show = 0; if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) { switch ($view) { case 1: // Message for everyone $show = 1; break; case 2: // Message for users if (pnUserLoggedIn()) { $show = 1; } break; case 3: // Messages for non-users if (!pnUserLoggedIn()) { $show = 1; } break; case 4: // Messages for administrators of any description if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) { $show = 1; } break; } } if ($show) { list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content)); $output->TableStart('', '', 0); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->SetOutputMode(_PNH_RETURNOUTPUT); $ttitle = $output->Linebreak(); $ttitle .= $output->Text($title); $ttitle .= $output->Linebreak(2); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center'); $output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left'); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); } } if ($output->output != "") { // Don't want a title $row['title'] = ''; $row['content'] = $output->GetOutput(); return themesideblock($row); } }
function Meds_user_display($args) { // Permission check. if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_READ)) { return pnVarPrepHTMLDisplay(_MODULENOTSUBSCRIBED); } // This is a flag to use in the template for // the purpose of displaying a go-back link. // This flag is needed because the go back link // is not needed when the user dialed in a med // and displayed it directly (ie, non-search) $search = pnVarCleanFromInput('search'); // Get the object type and start number. $med_id = pnVarCleanFromInput('med_id'); // Get medication from database. $med = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'med', 'med_id' => $med_id)); // Check if medication could not be obtained. if (!$med) { return pnVarPrepHTMLDisplay(_NOSUCHITEM); } if (strpos($med['rxInfo'], "pdf/") === 0) { $med['rxInfo'] = "modules/Meds/pn" . $med['rxInfo']; } //print (strpos($med['rxInfo'], "pdf/")); //information used for popup windows. I'm sure there's a better way to do this but... $pregnancy = pnModAPIFunc('Meds', 'user', 'preg_descriptions'); $schedules = pnModAPIFunc('Meds', 'user', 'sched_descriptions'); if ($med['pres_id1']) { $pres_info1 = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'preserve', 'pres_id' => $med['pres_id1'])); } if ($med['pres_id2']) { $pres_info2 = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'preserve', 'pres_id' => $med['pres_id2'])); } $comp_info = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'company', 'comp_id' => $med['comp_id'])); $comp_text = pnModFunc('Meds', 'user', 'company_popup', array('comp_info' => $comp_info)); if ($med['moa_id1']) { $moa_info1 = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'moa', 'moa_id' => $med['moa_id1'])); } if ($med['moa_id2']) { $moa_info2 = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'moa', 'moa_id' => $med['moa_id2'])); } if ($med['moa_id3']) { $moa_info3 = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'moa', 'moa_id' => $med['moa_id3'])); } if ($med['moa_id4']) { $moa_info4 = pnModAPIFunc('Meds', 'user', 'get', array('object' => 'moa', 'moa_id' => $med['moa_id4'])); } // Start a new output object. $pnRender =& new pnRender('Meds'); // Assign medication's data to template. $pnRender->assign('med', $med); //assign popup info to templates $pnRender->assign('preg', $pregnancy[$med['preg']]); $pnRender->assign('sched', $schedules[$med['schedule']]); $pnRender->assign('comp_text', $comp_text); $pnRender->assign('preserve_info1', $pres_info1['comments']); $pnRender->assign('preserve_info2', $pres_info2['comments']); $pnRender->assign('moa_info1', $moa_info1['comments']); $pnRender->assign('moa_info2', $moa_info2['comments']); $pnRender->assign('moa_info3', $moa_info3['comments']); $pnRender->assign('moa_info4', $moa_info4['comments']); // Assign flag to template; for search back-links. if (!empty($search)) { $pnRender->assign('search', $search); } // Assign flag for admin permission capacity. $pnRender->assign('is_admin', pnSecAuthAction(0, 'Meds::', '::', ACCESS_ADMIN)); // Let any hooks know that we are displaying an item. As this is a display // hook we're passing a URL as the extra info, which is the URL that any // hooks will show after they have finished their own work. It is normal // for that URL to bring the user back to this function $pnRender->assign('hooks', pnModCallHooks('item', 'display', $med_id, pnModURL('Meds', 'user', 'display', array('med_id' => $med_id)))); // Get options for all dropdowns. These are not used // for dropdowns here, but rather are used to help convert // the med's various ids back into meaning texts. $pnRender->assign(pnModAPIFunc('Meds', 'user', 'getall_selects')); // Return templated output. return $pnRender->fetch('meds_user_display.htm'); }
function referers_admin_main() { include "header.php"; $bgcolor2 = $GLOBALS["bgcolor2"]; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _HTTPREFERERS . "</b></font></center>"; CloseTable(); if (!pnSecAuthAction(0, 'Referers::', '::', ACCESS_ADMIN)) { echo _REFERERSNOAUTH; include 'footer.php'; return; } // Added by Leithya - Start list($sortby, $page) = pnVarCleanFromInput('sortby', 'page'); if (!isset($page) || !is_numeric($page)) { $page = 1; } if ($sortby != "pn_url") { $sortby = "pn_frequency"; } $column =& $pntable['referer_column']; if ($sortby == 'pn_url') { $sort = "ORDER BY {$column['url']} "; } else { $sort = "ORDER BY {$column['frequency']} DESC "; } $pagesize = '25'; $min = $pagesize * ($page - 1); $max = $pagesize; // Added by Leithya - End // Edited by Leithya - Start OpenTable(); echo "<center><font class=\"pn-normal\"><b>" . _WHOLINKS . "</b</font></center><br /><br />" . "<table border=0 width=\"100%\">" . "<tr><td><font class=\"pn-normal\"><a class=\"pn-sub\" href='admin.php?module=NS-Referers&op=main&sortby=pn_frequency'>" . _FREQUENCY . "</a></font></td>" . "<td><font class=\"pn-normal\"><a class=\"pn-sub\" href='admin.php?module=NS-Referers&op=main&sortby=pn_url'>" . _URL . "</a></font></td>" . "<td><font class=\"pn-sub\">" . _PERCENT . "</font></td></tr>"; /** * fifers: grab the total count of referers for percentage calculations */ $hresult = $dbconn->Execute("SELECT SUM({$column['frequency']}) FROM {$pntable['referer']}"); list($totalfreq) = $hresult->fields; $hresult5 = $dbconn->Execute("SELECT * FROM {$pntable['referer']}"); list($totalurl) = $hresult5->fields; $totalurl = $hresult5->PO_RecordCount(); $hresult = $dbconn->Execute("SELECT {$column['url']}, {$column['frequency']} FROM {$pntable['referer']} {$sort} LIMIT " . $min . "," . $max . " "); while (list($url, $freq) = $hresult->fields) { $urls = str_replace('&', ' &', $url); $urls = str_replace('/', '/ ', $urls); $url = pnVarPrepForDisplay($url); // Edited by Leithya - End /* $hresult = $dbconn->Execute("SELECT $column[url], $column[frequency] FROM $pntable[referer] ORDER BY $column[frequency] DESC"); while(list($url, $freq) = $hresult->fields) { */ $hresult->MoveNext(); echo "<tr>\n" . "<td bgcolor=\"{$bgcolor2}\"><font class=\"pn-normal\">" . pnVarPrepForDisplay($freq) . "</font></td>\n" . "<td bgcolor=\"{$bgcolor2}\"><font class=\"pn-normal\">" . ($url == "bookmark" ? "" : "<a target=_blank href={$url}>") . pnVarPrepForDisplay($urls) . ($url == "bookmark" ? "" : "</a>") . "</font></td>\n" . "<td bgcolor=\"{$bgcolor2}\"><font class=\"pn-normal\">" . round($freq / $totalfreq * 100, 2) . " %</font></td>\n" . "</tr>\n"; } echo "</table><font class=\"pn-normal\">" . _TOTAL . " " . pnVarPrepForDisplay($totalfreq) . " </font><br />"; // Added by Leithya - Start if ($totalurl > $pagesize) { $total_pages = ceil($totalurl / $pagesize) + 0.99; $prev_page = $page - 1; $next_page = $page + 1; if ($prev_page > 0) { echo "<a class=\"pn-normal\" href='admin.php?module=NS-Referers&op=main&sortby={$sortby}&page={$prev_page}'><font class=\"pn-sub\"> <-- </font></a>"; } for ($n = 1; $n < $total_pages; $n++) { if ($n == $page) { echo " <font class=\"pn-sub\">{$n}</font></a> "; } else { echo " <a class=\"pn-normal\" href='admin.php?module=NS-Referers&op=main&sortby={$sortby}&page={$n}'><font class=\"pn-sub\">" . pnVarPrepHTMLDisplay($n) . "</font></a> "; } } if ($next_page <= $total_pages) { echo "<a class=\"pn-normal\" href='admin.php?module=NS-Referers&op=main&sortby={$sortby}&page={$next_page}'><font class=\"pn-sub\"> --> </font></a>"; } } // Added by Leithya - End echo "<form action=\"admin.php\" method=\"post\">" . "<input type=\"hidden\" name=\"module\" value=\"NS-Referers\">" . "<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" . "<input type=\"hidden\" name=\"op\" value=\"delete\">" . "<center><input type=\"submit\" value=\"" . _DELETEREFERERS . "\"></center></form>"; CloseTable(); // Access Referer Settings OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _REFERERSCONF . "</b></font></center><br /><br />"; echo "<center><a href=\"admin.php?module=" . $GLOBALS['module'] . "&op=getConfig\">" . _REFERERSCONF . "</a></center>"; CloseTable(); include "footer.php"; }
function modifyUser($chng_user) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); include "header.php"; GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _USERADMIN . "</b></font></center>"; CloseTable(); $column =& $pntable['users_column']; $result = $dbconn->Execute("SELECT {$column['uid']}, {$column['uname']}, {$column['name']},\n {$column['url']}, {$column['email']}, {$column['femail']},\n {$column['user_icq']}, {$column['user_aim']},\n {$column['user_yim']}, {$column['user_msnm']},\n {$column['user_from']}, {$column['user_occ']},\n {$column['user_intrest']}, {$column['user_viewemail']},\n {$column['user_avatar']}, {$column['user_sig']}, {$column['bio']}, {$column['pass']}\n FROM {$pntable['users']} \n WHERE {$column['uname']}='{$chng_user}'"); if ($result->EOF) { $result = $dbconn->Execute("SELECT {$column['uid']}, {$column['uname']}, {$column['name']},\n {$column['url']}, {$column['email']}, {$column['femail']},\n {$column['user_icq']}, {$column['user_aim']},\n {$column['user_yim']}, {$column['user_msnm']},\n {$column['user_from']}, {$column['user_occ']},\n {$column['user_intrest']}, {$column['user_viewemail']},\n {$column['user_avatar']}, {$column['user_sig']},\n {$column['bio']}, {$column['pass']}\n FROM {$pntable['users']} \n WHERE {$column['uid']}='{$chng_user}'"); } if (!$result->EOF) { list($chng_uid, $chng_uname, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_user_icq, $chng_user_aim, $chng_user_yim, $chng_user_msnm, $chng_user_from, $chng_user_occ, $chng_user_intrest, $chng_user_viewemail, $chng_avatar, $chng_user_sig, $chng_bio, $chng_pass) = $result->fields; if (!pnSecAuthAction(0, 'Users::', "{$chng_uname}::{$chng_uid}", ACCESS_EDIT)) { echo _MODIFYUSERSEDITNOAUTH; include 'footer.php'; return; } OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _USERUPDATE . ": <i>" . pnVarPrepForDisplay(stripslashes($chng_user)) . "</i></b></font></center>" . "<form action=\"admin.php\" method=\"post\">" . "<table border=\"0\">" . "<tr><td><font class=\"pn-normal\">" . _USERID . "</font></td>" . "<td><font class=\"pn-normal\"><b>" . pnVarPrepForDisplay($chng_uid) . "</font></b></td></tr>" . "<tr><td><font class=\"pn-normal\">" . _NICKNAME . "</font></td>" . "<td><input type=\"text\" name=\"chng_uname\" value=\"{$chng_uname}\"> <font class=\"pn-sub\">" . _REQUIRED . "</font></td></tr>" . "<input type=\"hidden\" name=\"chng_name\" value=\"{$chng_name}\">" . "<input type=\"hidden\" name=\"chng_url\" value=\"{$chng_url}\">" . "<tr><td><font class=\"pn-normal\">" . _EMAIL . "</font></td>" . "<td><input type=\"text\" name=\"chng_email\" value=\"{$chng_email}\" size=\"30\" maxlength=\"60\"> <font class=\"pn-sub\">" . _REQUIRED . "</font></td></tr>" . "<input type=\"hidden\" name=\"chng_femail\" value=\"{$chng_femail}\">" . "<input type=\"hidden\" name=\"chng_user_icq\" value=\"{$chng_user_icq}\">" . "<input type=\"hidden\" name=\"chng_user_aim\" value=\"{$chng_user_aim}\">" . "<input type=\"hidden\" name=\"chng_user_yim\" value=\"{$chng_user_yim}\">" . "<input type=\"hidden\" name=\"chng_user_msnm\" value=\"{$chng_user_msnm}\">" . "<input type=\"hidden\" name=\"chng_user_from\" value=\"{$chng_user_from}\">" . "<input type=\"hidden\" name=\"chng_user_occ\" value=\"{$chng_user_occ}\">" . "<input type=\"hidden\" name=\"chng_user_intrest\" value=\"{$chng_user_intrest}\">" . "<tr><td><font class=\"pn-normal\">" . _BIO . "</font></td>" . "<td><textarea cols=\"80\" rows=\"10\" name=\"chng_bio\">" . pnVarPrepHTMLDisplay(nl2br($chng_bio)) . "</textarea></td></tr>" . "<tr><td><font class=\"pn-normal\">" . _OPTION . "</font></td>"; if ($chng_user_viewemail == 1) { echo "<td><font class=\"pn-normal\"><input type=\"checkbox\" name=\"chng_user_viewemail\" value=\"1\" checked> " . _ALLOWUSERS . "</font></td></tr>"; } else { echo "<td><font class=\"pn-normal\"><input type=\"checkbox\" name=\"chng_user_viewemail\" value=\"1\"> " . _ALLOWUSERS . "</font></td></tr>"; } echo "<input type=\"hidden\" name=\"chng_user_sig\" value=\"{$chng_user_sig}\">" . "<tr><td><font class=\"pn-normal\">" . _PASSWORD . "</font></td>" . "<td><input type=\"password\" name=\"chng_pass\" size=\"12\" maxlength=\"12\"></td></tr>" . "<tr><td><font class=\"pn-normal\">" . _RETYPEPASSWD . "</font></td>" . "<td><input type=\"password\" name=\"chng_pass2\" size=\"12\" maxlength=\"12\"> <font class=\"pn-sub\">" . _FORCHANGES . "</font></td></tr>" . "<input type=\"hidden\" name=\"chng_avatar\" value=\"{$chng_avatar}\">" . "<input type=\"hidden\" name=\"chng_uid\" value=\"{$chng_uid}\">" . "<input type=\"hidden\" name=\"module\" value=\"NS-User\">" . "<input type=\"hidden\" name=\"op\" value=\"updateUser\">" . "<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" . "<tr><td><input type=\"submit\" value=\"" . _SAVECHANGES . "\"></form></td></tr>" . "</table>"; CloseTable(); } else { OpenTable(); echo "<center><b><font class=\"pn-normal\">" . _USERNOEXIST . "</b><br><br>" . "" . _GOBACK . "</font></center>"; CloseTable(); } include "footer.php"; }
function dplink_adminmenu() { $theme = pnUserGetTheme(); pnThemeLoad($theme); // Create output object $output = new pnHTML(); // Security check if (!pnSecAuthAction(0, 'dplink::', '::', ACCESS_ADMIN)) { $output->Text(pnVarPrepHTMLDisplay(_SHIMLINKNOAUTH)); return $output->GetOutput(); } //Title ob_start(); OpenTable(); $oTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($oTable); $output->Title(pnVarPrepHTMLDisplay('<b>' . _SHIMLINK . '</b>')); $output->Text(pnVarPrepHTMLDisplay(_SHIMLINKMODIFYCONFIG)); ob_start(); CloseTable(); $cTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($cTable); // Start form $output->FormStart(pnModURL('dplink', 'admin', 'updateconfig')); // Add an authorisation ID $output->FormHidden('authid', pnSecGenAuthKey()); // Start the table that holds the information to be modified. ob_start(); OpenTable(); $oTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($oTable); $output->TableStart(); // dplink location $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODSUBJECT)); $row[] = $output->FormText('url', pnModGetVar('dplink', 'url'), 50, 50); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); // Warning $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWARNING)); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); // Use I-frame $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWRAP)); $row[] = $output->FormCheckbox('use_wrap', pnModGetVar('dplink', 'use_wrap')); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); // Open in New >Window $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWINDOW)); $row[] = $output->FormCheckbox('use_window', pnModGetVar('dplink', 'use_window')); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); $output->TableEnd(); ob_start(); CloseTable(); $cTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($cTable); // End form //$output->Linebreak(1); ob_start(); OpenTable(); $oTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($oTable); $output->Text('<div align="center"><br>'); $output->FormSubmit(pnVarPrepHTMLDisplay(_SHIMLINKUPDATE)); $output->Text('<br><br></div>'); ob_start(); CloseTable(); $cTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($cTable); $output->FormEnd(); // Return the output that has been generated by this function $output->SetOutputMode(_PNH_KEEPOUTPUT); return $output->GetOutput(); }
function Tools_user_explain($args) { // Permission check. if (!pnSecAuthAction(0, 'Tools::', '::', ACCESS_OVERVIEW)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Clean tool from input. $tool = pnVarCleanFromInput('tool'); // White-list approach; we only allow these values as $tool. $explanations = array('contact_lens', 'conversions', 'crt', 'incentives', 'keratometer', 'oblique', 'parks'); // Ensure proper value is passed in or default it. if (!in_array($tool, $explanations)) { $tool = $explanations[0]; //return pnVarPrepHTMLDisplay('Invalid Tool Specified'); } // Create a new output object. $pnRender =& new pnRender('Tools'); // Return template. return $pnRender->fetch('tools_user_explain_' . (string) $tool . '.htm'); }
function PrintPage($sid) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // grab the actual story from the database $column =& $pntable['stories_column']; $result = $dbconn->Execute("SELECT {$column['title']},\n {$column['time']},\n {$column['hometext']},\n {$column['bodytext']},\n {$column['topic']},\n {$column['notes']},\n {$column['cid']},\n {$column['aid']}\n FROM {$pntable['stories']} where {$column['sid']} = '" . pnVarPrepForStore($sid) . "'"); list($title, $time, $hometext, $bodytext, $topic, $notes, $cid, $aid) = $result->fields; if (!isset($title) || $title == '') { include 'header.php'; echo _DBSELECTERROR; include 'footer.php'; exit; } if ($dbconn->ErrorNo() != 0) { include 'header.php'; echo _DBSELECTERROR; include 'footer.php'; exit; } // Get data for "autorise check" // Just a temp. solution; // Print.php needs completely redesign by using getArticles() and genArticleInfo() // fix for Stories::Story, Topics::Topic [larsneo] // find out the cattitle if ($cid == 0) { // Default category $cattitle = "" . _ARTICLES . ""; } else { $catcolumn =& $pntable['stories_cat_column']; $catquery = buildSimpleQuery('stories_cat', array('title'), "{$catcolumn['catid']} = {$cid}"); $catresult = $dbconn->Execute($catquery); list($cattitle) = $catresult->fields; } // find out the topictext $topicscolumn =& $pntable['topics_column']; $topicquery = buildSimpleQuery('topics', array('topictext', 'topicname'), "{$topicscolumn['topicid']} = {$topic}"); $topicresult = $dbconn->Execute($topicquery); list($topictext, $topicname) = $topicresult->fields; if (pnSecAuthAction(0, 'Stories::Story', "{$aid}:{$cattitle}:{$sid}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$topicname}::{$topic}", ACCESS_READ)) { // user is authorised to view Stories::Story and Topics::Topic // Increment the read counter $column =& $pntable['stories_column']; $dbconn->Execute("UPDATE {$pntable['stories']} SET {$column['counter']}={$column['counter']}+1 WHERE {$column['sid']}='" . pnVarPrepForStore($sid) . "'"); $time = $result->UnixTimeStamp($time); $cWhereIsPerso = WHERE_IS_PERSO; if (!empty($cWhereIsPerso)) { include "modules/NS-Multisites/print.inc.php"; } else { $themesarein = ""; $ThemeSel = pnUserGetTheme(); } /* with this code there's no output if wiki is removed [larsneo] pnModAPILoad('Wiki', 'user'); list($title, $hometext, $bodytext, $notes) = pnModAPIFunc('wiki', 'user', 'transform', array('objectid' => $sid, 'extrainfo' => array($title, $hometext, $bodytext, $notes))); */ // call hooks list($title, $hometext, $bodytext, $notes) = pnModCallHooks('item', 'transform', '', array($title, $hometext, $bodytext, $notes)); echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n" . "<html>\n" . "<head><title>" . pnConfigGetVar('sitename') . "</title>\n"; if (defined("_CHARSET") && _CHARSET != "") { echo "<META HTTP-EQUIV=\"Content-Type\" " . "CONTENT=\"text/html; charset=" . _CHARSET . "\">\n"; } //changed to local stylesheet //echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"".$themesarein."themes/$ThemeSel/style/style.css\">"; echo "<style type=\"text/css\">\n" . "<!--\n" . ".print-title {\n" . "background-color: transparent;\n" . "color: #990000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 14px;\n" . "font-weight: bold;\n" . "text-decoration: none;\n" . "}\n" . ".print-sub {\n" . "background-color: transparent;\n" . "color: #000000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 11px;\n" . "font-weight: normal;\n" . "text-decoration: none;\n" . "}\n" . ".print-normal {\n" . "background-color: transparent;\n" . "color: #000000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 12px;\n" . "font-weight: normal;\n" . "text-decoration: none;\n" . "}\n" . ".print {\n" . "color: #000000;\n" . "background-color: #FFFFFF;\n" . "}\n" . "-->\n" . "</style>\n"; echo "</head>\n" . "<body class=\"print\" bgcolor=\"#FFFFFF\" text=\"#000000\">\n" . "\n<table border=\"0\" width=\"85%\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">\n" . "<tr><td>\n" . "<table border=\"0\" width=\"100%\" cellpadding=\"5\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">\n" . "<tr><td>\n" . "<img src=\"" . WHERE_IS_PERSO . "images/" . pnConfigGetVar('site_logo') . "\" border=\"0\" alt=\"" . pnConfigGetVar('sitename') . "\">\n" . "<br /><br />\n" . "<b><font class=\"print-title\">" . pnVarPrepHTMLDisplay($title) . "</font></b><br /><br />\n" . "<font class=\"print-sub\">" . pnVarPrepHTMLDisplay($cattitle) . " / " . pnVarPrepHTMLDisplay($topictext) . "<br />\n" . "<b>" . _DATE . ":</b> " . ml_ftime(_DATETIMEBRIEF, $time) . "</font>\n" . "</td></tr>\n" . "<tr><td>\n" . "<font class=\"print-normal\">" . pnVarPrepHTMLDisplay($hometext) . "<br /><br />\n"; if (!empty($bodytext)) { echo pnVarPrepHTMLDisplay($bodytext) . "<br />\n"; } if (!empty($notes)) { echo pnVarPrepHTMLDisplay($notes) . "<br />\n"; } else { echo "<br />\n"; } echo "</font>\n" . "</td></tr>\n" . "<tr><td>\n" . "<hr size=\"1\"><font class=\"print-normal\">\n" . "" . _COMESFROM . " " . pnConfigGetVar('sitename') . "<br />\n" . "<a class=\"print-normal\" href=\"" . pnGetBaseURL() . "\">" . pnGetBaseURL() . "</a>\n" . "<br /><br />\n" . "" . _THEURL . "" . "<br />\n" . "<a class=\"print-normal\" href=\"" . pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}\">" . pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}" . "</a>\n" . "</font>\n" . "</td></tr>\n" . "</table>\n</td></tr>\n</table>\n" . "</body>\n" . "</html>\n"; } else { // user is not authorised to view Stories::Story and Topics::Topic include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } }
function search_weblinks() { list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool'); if (empty($active_weblinks)) { return; } if (!pnModAvailable('Web_Links')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['links_links_column']; $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['url']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<dt><a href=\"" . pnVarPrepForDisplay($row['url']) . "\">" . pnVarPrepForDisplay($row['title']) . "</a></dt><dd>" . pnVarPrepHTMLDisplay($row['description']) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_LINKS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); $flag = false; $column =& $pntable['links_categories_column']; $query = "SELECT {$column['cat_id']} as cat_id, {$column['title']} as title, {$column['cdescription']} as description\n FROM {$pntable['links_categories']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['cdescription']} LIKE '" . pnVarPrepForStore($word) . "'\n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['cat_id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Web Links::Category', "{$title}:{$row['title']}:{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_WEBLINKSCATEGORIES . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Web Links::Category', "{$row['title']}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<dt><a href=\"index.php?name=Web_Links&req=viewlink&cid=" . pnVarPrepForDisplay($row['cat_id']) . "\">" . pnVarPrepForDisplay($row['title']) . "</a></dt><dd>" . pnVarPrepHTMLDisplay($row['description']) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_LINKSCATEGORIES); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function Lenses_admin_viewall_companies() { // Permission check. if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Start a new output object. $pnRender =& new pnRender('Lenses'); // Call API function to get all companies. $companies = pnModAPIFunc('Lenses', 'user', 'getall', array('item_type' => 'companies')); // Assign $companies to template. $pnRender->assign('companies', $companies); // Return templated output. return $pnRender->fetch('lenses_admin_viewall_companies.htm'); }
/** * run a module function * @author Jim McDonald <*****@*****.**> * @link http://www.mcdee.net * @param 'modname' the name of the module * @param 'type' the type of function to run * @param 'func' the specific function to run * @param 'args' the arguments to pass to the function * @returns mixed */ function pnModFunc($modname, $type = 'user', $func = 'main', $args = array()) { // define input, all numbers and booleans to strings $modname = isset($modname) ? (string) $modname : ''; // validate if (!pnVarValidate($modname, 'mod')) { return null; } list($osmodname, $ostype, $osfunc) = pnVarPrepForOS($modname, $type, $func); // Build function name and call function $modfunc = "{$modname}_{$type}_{$func}"; if (pnModLoad($modname, $type)) { if (function_exists($modfunc)) { return $modfunc($args); } else { if (file_exists("modules/{$osmodname}/pn{$ostype}/{$osfunc}.php")) { require_once "modules/{$osmodname}/pn{$ostype}/{$osfunc}.php"; if (function_exists($modfunc)) { return $modfunc($args); } } } } // if we get here, the function does not exist - show an error and die() // to-do: get execptions working for better handling of such errors include_once 'header.php'; echo pnVarPrepHTMLDisplay(_UNKNOWNFUNC) . " " . pnVarPrepForDisplay($modfunc) . "()<br />\n"; if (pnSecAuthAction(0, $modname . '.*', '.*', ACCESS_ADMIN)) { foreach ($args as $key => $value) { echo pnVarPrepForDisplay($key) . " => " . pnVarPrepForDisplay($value) . "<br />\n"; } } include_once 'footer.php'; exit; }
function &pcVarPrepHTMLDisplay($s) { return pnVarPrepHTMLDisplay(postcalendar_removeScriptTags($s)); }
function user_user_userinfo() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $uname = pnVarCleanFromInput('uname'); // some input checking if (!$uname || $uname == "" || !!preg_match("/[[:space:]]/", $uname)) { include 'header.php'; OpenTable(); echo _MODARGSERROR; CloseTable(); include 'footer.php'; } // End of check $column =& $pntable['users_column']; $sql = "SELECT {$column['femail']} AS femail,\n {$column['url']} AS url,\n {$column['bio']} AS bio,\n {$column['user_avatar']} AS user_avatar,\n {$column['user_icq']} AS user_icq,\n {$column['user_aim']} AS user_aim,\n {$column['user_yim']} AS user_yim,\n {$column['user_msnm']} AS user_msnm,\n {$column['user_from']} AS user_from,\n {$column['user_occ']} AS user_occ,\n {$column['user_intrest']} AS user_intrest,\n {$column['user_sig']} AS user_sig,\n {$column['uid']} AS pn_uid,\n {$column['pass']} AS pass FROM {$pntable['users']} WHERE {$column['uname']}='" . pnVarPrepForStore($uname) . "'"; $result = $dbconn->Execute($sql); $userinfo = $result->GetRowAssoc(false); include 'header.php'; if (!pnSecAuthAction(0, 'UserInfo::', '::', ACCESS_READ)) { echo _BADAUTHKEY; include 'footer.php'; exit; } OpenTable(); echo "<center><font class=\"pn-title\">" . pnVarPrepForDisplay($uname) . "</font></center><br>"; if (!$result->EOF && ($userinfo['url'] || $userinfo['femail'] || $userinfo['bio'] || $userinfo['user_avatar'] || $userinfo['user_icq'] || $userinfo['user_aim'] || $userinfo['user_yim'] || $userinfo['user_msnm'] || $userinfo['user_from'] || $userinfo['user_occ'] || $userinfo['user_intrest'] || $userinfo['user_sig'] || $userinfo['pn_uid'])) { echo "<center>"; $userinfo['user_sig'] = nl2br($userinfo['user_sig']); if ($userinfo['user_avatar']) { echo "<img src=\"images/avatar/{$userinfo['user_avatar']}\" alt=\"\"><br>\n"; } echo "<font class=\"pn-normal\"><br>" . _REGISTEREDUSER . " " . pnVarPrepForDisplay($userinfo['pn_uid']) . "<br></font>\n"; if ($userinfo['url']) { echo "<font class=\"pn-normal\">" . _MYHOMEPAGE . " <a class=\"pn-normal\" href=\"{$userinfo['url']}\">" . pnVarPrepForDisplay($userinfo['url']) . "</a><br></font>\n"; } if ($userinfo['femail']) { echo "<font class=\"pn-normal\">" . _MYEMAIL . " <a class=\"pn-normal\" href=\"mailto:{$userinfo['femail']}\">" . pnVarPrepForDisplay($userinfo['femail']) . "</a><br></font>\n"; } if ($userinfo['user_icq']) { echo "<font class=\"pn-normal\">" . _ICQ . ": " . pnVarPrepForDisplay($userinfo['user_icq']) . "<br></font>\n"; } if ($userinfo['user_aim']) { echo "<font class=\"pn-normal\">" . _AIM . ": " . pnVarPrepForDisplay($userinfo['user_aim']) . "<br></font>\n"; } if ($userinfo['user_yim']) { echo "<font class=\"pn-normal\">" . _YIM . ": " . pnVarPrepForDisplay($userinfo['user_yim']) . "<br></font>\n"; } if ($userinfo['user_msnm']) { echo "<font class=\"pn-normal\">" . _MSNM . ": " . pnVarPrepForDisplay($userinfo['user_msnm']) . "<br></font>\n"; } if ($userinfo['user_from']) { echo "<font class=\"pn-normal\">" . _LOCATION . ": " . pnVarPrepForDisplay($userinfo['user_from']) . "<br></font>\n"; } if ($userinfo['user_occ']) { echo "<font class=\"pn-normal\">" . _OCCUPATION . ": " . pnVarPrepForDisplay($userinfo['user_occ']) . "<br></font>\n"; } if ($userinfo['user_intrest']) { echo "<font class=\"pn-normal\">" . _INTERESTS . ": " . pnVarPrepForDisplay($userinfo['user_intrest']) . "<br></font>\n"; } if ($userinfo['user_sig']) { echo "<font class=\"pn-normal\"><br>" . _SIGNATURE . ":<br>" . pnVarPrepHTMLDisplay($userinfo['user_sig']) . "<br></font>\n"; } if ($userinfo['bio']) { echo "<font class=\"pn-normal\"><br>" . _EXTRAINFO . ":<br>" . pnVarPrepForDisplay($userinfo['bio']) . "<br></font>\n"; } // $column = &$pntable['session_column']; // $result = $dbconn->Execute("SELECT $column[username] // FROM $pntable[session] // WHERE $column[username]='".pnVarPrepForStore($uname)."'"); // list($username) = $result->fields; // if ($username == "") { // $online = _OFFLINE; // } else { // $online = _ONLINE; // } // echo ""._REGISTEREDUSER." ".pnVarPrepForDisplay($userinfo['pn_uid']).""; // if (pnUserLoggedIn()) { // echo "<font class=\"pn-normal\"><br>"._USERSTATUS.": ".pnVarPrepForDisplay($online)."<br></font>\n"; // } $activetime = time() - pnConfigGetVar('secinactivemins') * 60; $userhack = "SELECT pn_uid\n\t\t\t\t\tFROM " . $pntable['session_info'] . "\n\t\t\t\t\tWHERE pn_uid = '{$userinfo['pn_uid']}'\n\t\t\t\t\tAND pn_lastused > '" . pnVarPrepForStore($activetime) . "'"; $userresult = $dbconn->Execute($userhack); $online_state = $userresult->GetRowAssoc(false); if (isset($online_state['pn_uid'])) { $online = _ONLINE; } else { $online = _OFFLINE; } echo "<font class=\"pn-normal\"><br>" . _USERSTATUS . ": " . pnVarPrepForDisplay($online) . "<br></font>\n"; if (pnModAvailable('Messages')) { echo "<font class=\"pn-normal\"><br>[ <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=replypmsg&send=1&uname={$uname}\">" . _USENDPRIVATEMSG . " " . pnVarPrepForDisplay($uname) . "</a> ]<br></font>\n"; } echo "</center>"; if (pnModAvailable('Comments')) { user_main_last10com($uname); echo "<br>"; } if (pnModAvailable('News')) { user_main_last10submit($uname); } } else { echo "<center><font class=\"pn-normal\">" . _NOINFOFOR . " " . pnVarPrepForDisplay($uname) . "</font></center>"; } CloseTable(); include "footer.php"; }
// echo " <title>Search ".$title."</title>\n"; // echo " <name>op=modload&name=Search&file=index&action=search&active_stories=1&Search</name>\n"; // echo " <link>".$link."/modules.php</link>\n"; // echo "</textinput>\n"; echo "<image>\n"; echo " <title>{$image_title}</title>\n"; echo " <url>{$image_url}</url>\n"; echo " <link>{$image_link}</link>\n"; echo "</image>\n"; echo "<webMaster>{$webmaster}</webMaster>\n"; if ($managingeditor != "") { echo "<managingEditor>{$managingeditor}</managingEditor>\n"; } // while(list($sid, $title) = $result->fields) { while (list($sid, $title, $ihome, $hometext) = $result->fields) { $title = pnVarPrepHTMLDisplay($title); $link = pnVarPrepForDisplay(pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}"); $content = pnVarPrepForDisplay($hometext); echo "<item>\n"; echo "<title>{$title}</title>\n"; echo "<link>{$link}</link>\n"; if ($show_content) { echo "<description>\n"; echo $content; echo "</description>\n"; } echo "</item>\n"; $result->MoveNext(); } echo "</channel>\n"; echo "</rss>\n";
/** * Update module config. */ function Meds_admin_update_config() { // Permission check. if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Clean arguments from URL. $per_page = pnVarCleanFromInput('per_page'); // Confirm authorizaton to carry out this function's action. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Meds', 'admin', 'main')); } // Ensure a default. if (empty($per_page) || !is_numeric($per_page) || $per_page < 1) { $per_page = 10; } // Set the module variable. pnModSetVar('Meds', 'per_page', (int) $per_page); // Start a new output object. $pnRender =& new pnRender('Meds'); // Dump module cache. $pnRender->clear_cache(); // Set a status message. pnSessionSetVar('statusmsg', _CONFIGUPDATED); // Let any hooks know that something occurred. pnModCallHooks('module', 'updateconfig', 'Meds', array('module' => 'Meds')); // Redirect user. return pnRedirect(pnModURL('Meds', 'admin', 'main')); }