$useFCK = file_exists(PGV_ROOT . 'modules/FCKeditor/fckeditor.php'); if ($useFCK) { require PGV_ROOT . 'modules/FCKeditor/fckeditor.php'; } if (!PGV_USER_ID) { print_simple_header(""); print $pgv_lang["access_denied"]; print_simple_footer(); exit; } $action = safe_GET('action', array('compose', 'save', 'delete'), 'compose'); $news_id = safe_GET('news_id'); $username = safe_REQUEST($_REQUEST, 'username'); $date = safe_POST('date', PGV_REGEX_UNSAFE); $title = safe_POST('title', PGV_REGEX_UNSAFE); $text = safe_POST('text', PGV_REGEX_UNSAFE); print_simple_header($pgv_lang["edit_news"]); if (empty($username)) { $username = $GEDCOM; } if ($action == "compose") { print '<span class="subheaders">' . $pgv_lang["edit_news"] . '</span>'; ?> <script language="JavaScript" type="text/javascript"> function checkForm(frm) { if (frm.title.value=="") { alert('<?php print $pgv_lang["enter_title"]; ?> '); document.messageform.title.focus();
} } if ($error == "" && empty($_FILES["mediafile"]["name"]) && !empty($_FILES["thumbnail"]["name"])) { // Copy user-supplied thumbnail file into the main destination directory $whichFile1 = $realThumbFolderName . $mediaFile; $whichFile2 = $realFolderName . $mediaFile; if (!copy(filename_decode($whichFile1), filename_decode($whichFile2))) { // the file cannot be copied $error .= $pgv_lang["upload_error"] . "<br />" . print_text('copy_error', 0, 1) . "<br />"; } else { @chmod(filename_decode($whichFile2), PGV_PERM_FILE); AddToLog("Media file {$folderName}{$mediaFile} copied from {$thumbFolderName}{$mediaFile}"); } } if ($error == "" && !empty($_FILES["mediafile"]["name"]) && empty($_FILES["thumbnail"]["name"])) { if (safe_POST('genthumb', 'yes', 'no') == 'yes') { // Generate thumbnail from main image $parts = pathinfo_utf($mediaFile); if (!empty($parts["extension"])) { $ext = strtolower($parts["extension"]); if (isImageTypeSupported($ext)) { $thumbnail = $thumbFolderName . $mediaFile; $okThumb = generate_thumbnail($folderName . $mediaFile, $thumbnail, "OVERWRITE"); if (!$okThumb) { $error .= print_text("thumbgen_error", 0, 1); } else { print_text("thumb_genned"); print "<br />"; AddToLog("Media thumbnail {$thumbnail} generated"); } }
function addNewFact($fact) { global $tagSOUR, $ADVANCED_PLAC_FACTS; $FACT = safe_POST($fact, PGV_REGEX_UNSAFE); $DATE = safe_POST("{$fact}_DATE", PGV_REGEX_UNSAFE); $PLAC = safe_POST("{$fact}_PLAC", PGV_REGEX_UNSAFE); if ($DATE || $PLAC || $FACT && $FACT != 'Y') { if ($FACT && $FACT != 'Y') { $gedrec = "1 {$fact} {$FACT}\n"; } else { $gedrec = "1 {$fact}\n"; } if ($DATE) { $DATE = check_input_date($DATE); $gedrec .= "2 DATE {$DATE}\n"; } if ($PLAC) { $gedrec .= "2 PLAC {$PLAC}\n"; if (preg_match_all('/(' . PGV_REGEX_TAG . ')/', $ADVANCED_PLAC_FACTS, $match)) { foreach ($match[1] as $tag) { $TAG = safe_POST("{$fact}_{$tag}", PGV_REGEX_UNSAFE); if ($TAG) { $gedrec .= "3 {$tag} {$TAG}\n"; } } } $LATI = safe_POST("{$fact}_LATI", PGV_REGEX_UNSAFE); $LONG = safe_POST("{$fact}_LONG", PGV_REGEX_UNSAFE); if ($LATI || $LONG) { $gedrec .= "3 MAP\n4 LATI {$LATI}\n4 LONG {$LONG}\n"; } } if (safe_POST_bool("SOUR_{$fact}")) { return updateSOUR($gedrec, 2); } else { return $gedrec; } } elseif ($FACT == 'Y') { if (safe_POST_bool("SOUR_{$fact}")) { return updateSOUR("1 {$fact} Y\n", 2); } else { return "1 {$fact} Y\n"; } } else { return ''; } }
// Default values if (isset($GEDCOM) && array_key_exists($GEDCOM, $all_geds)) { $default_ged = $GEDCOM; } else { $tmp = array_keys($all_geds); $default_ged = $tmp[0]; // First gedcom in directory } $ged = safe_POST('ged', array_keys($all_geds), $default_ged); $err_level = safe_POST('err_level', '[0-3]', $critical); // Higher numbers are more picky. $openinnew = safe_POST('openinnew', '[01]', '0'); // Open links in same/new tab/window $context_lines = safe_POST('context_lines', '[0-5]', '2'); // Lines of context to display $showall = safe_POST('showall', '[01]', '0'); // Show details of records with no problems echo '<form method="post" name="gedcheck" action="gedcheck.php">'; echo '<table class="list_table ', $TEXT_DIRECTION, '">'; echo '<tr><td class="list_label">', $pgv_lang['gedcom_file'], '</td>'; echo '<td class="optionbox"><select name="ged">'; foreach ($all_geds as $key => $value) { echo '<option value="', htmlspecialchars($key), '"', $key == $ged ? ' selected="selected"' : '', '>', htmlspecialchars($key), '</option>'; } echo '</select></td></tr>'; echo '<tr><td class="list_label">', $pgv_lang['level'], '</td>'; echo '<td class="optionbox"><select name="err_level">'; for ($i = 0; $i < count($levels); $i++) { echo '<option value="', $i, '"', $i == $err_level ? ' selected="selected"' : '', '>', $levels[$i], '</option>'; } echo '</select></td></tr>';
include_once PHPGEDVIEW_PKG_PATH . 'BitGEDCOM.php'; $gGedcom = new BitGEDCOM(); // leave manual config until we can move it to bitweaver table require "config.php"; require_once './includes/functions/functions_edit.php'; require_once './includes/functions/functions_import.php'; if (file_exists($factsfile[$LANGUAGE])) { require $factsfile[$LANGUAGE]; } $ged = $GEDCOM; $gid1 = safe_POST_xref('gid1'); $gid2 = safe_POST_xref('gid2'); $action = safe_POST('action', PGV_REGEX_ALPHA, 'choose'); $ged2 = safe_POST('ged2', PGV_REGEX_NOSCRIPT, $GEDCOM); $keep1 = safe_POST('keep1', PGV_REGEX_UNSAFE); $keep2 = safe_POST('keep2', PGV_REGEX_UNSAFE); if (empty($keep1)) { $keep1 = array(); } if (empty($keep2)) { $keep2 = array(); } print_header($pgv_lang["merge_records"]); if ($ENABLE_AUTOCOMPLETE) { require './js/autocomplete.js.htm'; } //-- make sure they have accept access privileges if (!PGV_USER_CAN_ACCEPT) { print "<span class=\"error\">" . $pgv_lang["access_denied"] . "</span>"; print_footer(); exit;
function safe_POST_xref($var, $default = null) { return safe_POST($var, PGV_REGEX_XREF, $default); }
$ALL_THEME_DIRS[] = $themedir; } // Extract form variables $form_action = safe_POST('form_action'); $form_username = safe_POST('form_username', PGV_REGEX_USERNAME); $form_firstname = safe_POST('form_firstname'); $form_lastname = safe_POST('form_lastname'); $form_pass1 = safe_POST('form_pass1', PGV_REGEX_PASSWORD); $form_pass2 = safe_POST('form_pass2', PGV_REGEX_PASSWORD); $form_email = safe_POST('form_email', PGV_REGEX_EMAIL, '*****@*****.**'); $form_rootid = safe_POST('form_rootid', PGV_REGEX_XREF, PGV_USER_ROOT_ID); $form_theme = safe_POST('form_theme', $ALL_THEME_DIRS, $THEME_DIR); $form_language = safe_POST('form_language', array_keys($pgv_language), $LANGUAGE); $form_contact_method = safe_POST('form_contact_method', $ALL_CONTACT_METHODS, $CONTACT_METHOD); $form_default_tab = safe_POST('form_default_tab', array_keys($ALL_DEFAULT_TABS), $GEDCOM_DEFAULT_TAB); $form_visible_online = safe_POST('form_visible_online', 'Y', 'N'); // Respond to form action if ($form_action == 'update') { if ($form_username != PGV_USER_NAME && get_user_id($form_username)) { print_header($pgv_lang['user_admin']); echo '<span class="error">', $pgv_lang['duplicate_username'], '</span><br />'; } else { $alphabet = getAlphabet() . '_-. '; $i = 1; $pass = true; while (strlen($form_username) > $i) { if (stristr($alphabet, $form_username[$i]) === false) { $pass = false; break; } $i++;
function init() { // Cannot edit with a "remember me" login. if ($_SESSION["cookie_login"]) { header('Location: ' . encode_url("login.php?type=simple&url=" . urlencode("edit_interface.php?" . decode_url($QUERY_STRING)), false)); exit; } // Coming soon ??? $this->has_familysearch = file_exists('modules/FamilySearch/familySearchWrapper.php'); if ($this->has_familysearch) { require_once 'modules/FamilySearch/familySearchWrapper.php'; } // The PID can come from a URL or a form $this->pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $this->person = Person::getInstance($this->pid); $this->server_list = get_server_list(); $this->gedcom_list = get_all_gedcoms(); unset($this->gedcom_list[PGV_GED_ID]); // Other input values come from the form $this->form_txtPID = safe_POST('txtPID', PGV_REGEX_XREF); $this->form_cbRelationship = safe_POST('cbRelationship'); $this->form_location = safe_POST('location'); $this->form_txtURL = safe_POST('txtURL', PGV_REGEX_URL); $this->form_txtTitle = safe_POST('txtTitle', '[^<>"%{};]+'); $this->form_txtGID = safe_POST('txtGID', $this->gedcom_list); $this->form_txtUsername = safe_POST('txtUsername', PGV_REGEX_USERNAME); $this->form_txtPassword = safe_POST('txtPassword', PGV_REGEX_PASSWORD); $this->form_cbExistingServers = safe_POST('cbExistingServers', array_keys($this->server_list)); $this->form_txtCB_Title = safe_POST('txtCB_Title', '[^<>"%{};]+'); $this->form_txtCB_GID = safe_POST('txtCB_GID', $this->gedcom_list); $this->form_txtFS_URL = safe_POST('txtFS_URL', PGV_REGEX_URL); $this->form_txtFS_Title = safe_POST('txtFS_Title', '[^<>"%{};]+'); $this->form_txtFS_GID = safe_POST('txtFS_GID', $this->gedcom_list); $this->form_txtFS_Username = safe_POST('txtFS_Username', PGV_REGEX_USERNAME); $this->form_txtFS_Password = safe_POST('txtFS_Password', PGV_REGEX_PASSWORD); if (is_null($this->form_location)) { if ($this->server_list) { $this->form_location = 'existing'; } else { $this->form_location = 'remote'; } } }
* You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * @package PhpGedView * @subpackage Charts * @version $Id: addremotelink.php 6879 2010-01-30 11:35:46Z fisharebest $ */ define('PGV_SCRIPT_NAME', 'addremotelink.php'); require './config.php'; require PGV_ROOT . 'includes/controllers/remotelink_ctrl.php'; $controller = new RemoteLinkController(); $controller->init(); print_simple_header($pgv_lang['title_remote_link']); $pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF); $action = safe_POST('action', array('addlink')); //-- only allow gedcom admins to create remote links if (!$controller->canAccess()) { echo '<span class="error">', $pgv_lang['access_denied'], '<br />'; if (!PGV_USER_GEDCOM_ADMIN) { echo $pgv_lang['user_cannot_edit']; } else { if (!$ALLOW_EDIT_GEDCOM) { echo $pgv_lang['gedcom_editing_disabled']; } else { echo $pgv_lang['privacy_prevented_editing']; if ($pid) { echo '<br />', $pgv_lang['privacy_not_granted'], ' ', $pid; } } }
$v_new_user_privacy_username = safe_POST('v_new_user_privacy_username', get_all_users()); $v_new_user_privacy_access_ID = safe_POST('v_new_user_privacy_access_ID', PGV_REGEX_XREF); $v_new_user_privacy_access_option = safe_POST('v_new_user_privacy_access_option', $PRIVACY_CONSTANTS); $v_user_privacy_del = safe_POST('v_user_privacy_del', '1'); $v_user_privacy = safe_POST('v_user_privacy'); $v_new_global_facts_abbr = safe_POST('v_new_global_facts_abbr', array_keys($factarray)); $v_new_global_facts_choice = safe_POST('v_new_global_facts_choice', array('show', 'details')); $v_new_global_facts_access_option = safe_POST('v_new_global_facts_access_option', $PRIVACY_CONSTANTS); $v_global_facts_del = safe_POST('v_global_facts_del', '1'); $v_global_facts = safe_POST('v_global_facts'); $v_new_person_facts_access_ID = safe_POST('v_new_person_facts_access_ID', PGV_REGEX_XREF); $v_new_person_facts_abbr = safe_POST('v_new_person_facts_abbr', array_keys($factarray)); $v_new_person_facts_choice = safe_POST('v_new_person_facts_choice', array('show', 'details')); $v_new_person_facts_access_option = safe_POST('v_new_person_facts_access_option', $PRIVACY_CONSTANTS); $v_person_facts_del = safe_POST('v_person_facts_del', '1'); $v_person_facts = safe_POST('v_person_facts'); // These values may not be present in privacy files created by old versions of PGV if (!isset($PRIVACY_BY_YEAR)) { $PRIVACY_BY_YEAR = false; } if (!isset($MAX_ALIVE_AGE)) { $MAX_ALIVE_AGE = 120; } /** * print yes/no select option * * @param string $checkVar */ function write_yes_no($checkVar) { global $pgv_lang;
} if (PGV_DEBUG) { echo "<pre>{$gedrec}</pre>"; } $xref = append_gedrec($gedrec, $update_CHAN); $link = "individual.php?pid={$xref}&show_changes=yes"; if ($xref) { echo "<br /><br />", $pgv_lang["update_successful"]; } else { exit; } $spouserec = $gedrec; $success = true; if ($famid == "new") { $famrec = "0 @new@ FAM\n"; $SEX = safe_POST('SEX', '[MF]', 'U'); if ($SEX == "M") { $famtag = "HUSB"; } if ($SEX == "F") { $famtag = "WIFE"; } if ($famtag == "HUSB") { $famrec .= "1 HUSB @{$xref}@\n"; $famrec .= "1 WIFE @{$pid}@\n"; } else { $famrec .= "1 WIFE @{$xref}@\n"; $famrec .= "1 HUSB @{$pid}@\n"; } if (preg_match_all('/([A-Z0-9_]+)/', $QUICK_REQUIRED_FAMFACTS, $matches)) { foreach ($matches[1] as $match) {