Пример #1
0
function page_delete()
{
    if (ps('name') == 'default') {
        return page_edit();
    }
    $name = doSlash(ps('name'));
    safe_delete("txp_page", "name='{$name}'");
    page_edit(messenger('page', $name, 'deleted'));
}
Пример #2
0
function page_delete()
{
    $name = doSlash(ps('name'));
    if ($name == 'default') {
        return page_edit();
    }
    safe_delete('txp_page', "name = '{$name}'");
    $message = gTxt('page_deleted', array('{name}' => $name));
    page_edit($message);
}
Пример #3
0
function section_prune($id)
{
    $s = safe_row('*', 'txp_section', "id='" . doSlash($id) . "'");
    // can't delete the default section
    if (!$s or empty($s['parent'])) {
        return false;
    }
    # FIXME: move articles to the parent section first?
    # what if the parent is 'default'?
    return safe_delete('txp_section', "lft between '" . $s['lft'] . "' and '" . $s['rgt'] . "'");
}
Пример #4
0
 /**
  * Delete the article given the id
  * @param mixed(string|integer) $article_id the ID of the article to delete
  * @return boolean true on success deletion
  */
 function deleteArticleID($article_id)
 {
     $article_id = assert_int($article_id);
     if ($this->loggedin && has_privs('article.delete', $this->txp_user)) {
         return safe_delete('textpattern', "ID = {$article_id}");
     } elseif ($this->loggedin && has_privs('article.delete.own', $this->txp_user)) {
         $r = safe_field('ID', 'textpattern', "ID = {$article_id} AND AuthorID='" . doSlash($this->txp_user) . "'");
         if ($r || has_privs('article.delete', $this->txp_user)) {
             return safe_delete('textpattern', "ID = {$article_id}");
         }
     }
     return false;
 }
Пример #5
0
function page_delete()
{
    $name = ps('name');
    $count = safe_count('txp_section', "page = '" . doSlash($name) . "'");
    if ($name == 'error_default') {
        return page_edit();
    }
    if ($count) {
        $message = gTxt('page_used_by_section', array('{name}' => $name, '{count}' => $count));
    } else {
        safe_delete('txp_page', "name = '" . doSlash($name) . "'");
        $message = gTxt('page_deleted', array('{name}' => $name));
    }
    page_edit($message);
}
Пример #6
0
function log_list()
{
    pagetop(gTxt('visitor_logs'));
    extract(get_prefs());
    safe_delete("txp_log", "`time` < date_sub(now(),interval " . $expire_logs_after . " day)");
    safe_optimize("txp_log");
    safe_repair("txp_log");
    $page = gps('page');
    $total = getCount('txp_log', "1");
    $limit = 50;
    $numPages = ceil($total / $limit);
    $page = !$page ? 1 : $page;
    $offset = ($page - 1) * $limit;
    $nav[] = $page > 1 ? PrevNextLink("log", $page - 1, gTxt('prev'), 'prev') : '';
    $nav[] = sp . small($page . '/' . $numPages) . sp;
    $nav[] = $page != $numPages ? PrevNextLink("log", $page + 1, gTxt('next'), 'next') : '';
    $rs = safe_rows_start("*, unix_timestamp(time) as stamp", "txp_log", "1 order by time desc limit {$offset},{$limit}");
    if ($rs) {
        echo startTable('list'), assHead('time', 'host', 'page', 'referrer');
        $stamp = '';
        while ($a = nextRow($rs)) {
            extract($a);
            if ($refer) {
                $referprint = preg_replace("/^www\\./", "", chunk(htmlspecialchars($refer), 50));
                $referprint = '<a href="http://' . htmlspecialchars($refer) . '">' . $referprint . '</a>';
            } else {
                $referprint = '&#160;';
            }
            $pageprint = preg_replace('/\\/$/', '', htmlspecialchars(substr($page, 1)));
            $pageprint = $pageprint == '' ? '' : '<a href="' . htmlspecialchars($page) . '" target="_blank">' . chunk($pageprint, 50) . '</a>';
            if ($method == 'POST') {
                $pageprint = '<b>' . $pageprint . '</b>';
            }
            $fstamp = date("n/j g:i a", $stamp + tz_offset());
            $hostprint = chunk($host, 40);
            echo tr(td($fstamp) . td($hostprint) . td($pageprint) . td($referprint));
            unset($refer, $referprint, $page, $pageprint);
        }
        echo '<tr><td colspan="4" align="right" style="padding:10px">', join('', $nav), "</td></tr>", endTable();
    } else {
        echo graf(gTxt('no_refers_recorded'), ' align="center"');
    }
}
Пример #7
0
 function multiedit_post()
 {
     $type = ps('type');
     $method = ps('method');
     $things = ps('selected');
     $root = tree_root_id('txp_category', "type='" . doSlash($type) . "'");
     if ($things) {
         foreach ($things as $catid) {
             $catid = assert_int($catid);
             if ($method == 'delete') {
                 if (safe_delete('txp_category', "id={$catid}")) {
                     safe_update('txp_category', "parent=" . doSlash($root), "type='" . doSlash($type) . "' and parent='" . doSlash($catid) . "'");
                     $categories[] = $catid;
                 }
             }
         }
         tree_rebuild_full('txp_category', "type='" . doSlash($type) . "'");
         $this->_message(gTxt($type . '_categories_deleted', array('{list}' => join(', ', $categories))));
     }
     $this->_set_view('list');
 }
Пример #8
0
 /**
  * Installer
  * @param string $event Admin-side event.
  * @param string $step Admin-side, plugin-lifecycle step.
  */
 public static function install($event = '', $step = '')
 {
     global $prefs;
     if ($step == 'deleted') {
         safe_delete('txp_prefs', "name like 'rah\\_bitly\\_%'");
         return;
     }
     if (isset($prefs['rah_bitly_version']) && $prefs['rah_bitly_version'] == self::$version) {
         return;
     }
     $position = 250;
     foreach (array('login', 'apikey', 'field') as $name) {
         if (!isset($prefs['rah_bitly_' . $name])) {
             $html = $name == 'field' ? 'rah_bitly_fields' : 'text_input';
             safe_insert('txp_prefs', "prefs_id=1,\n\t\t\t\t\tname='rah_bitly_" . $name . "',\n\t\t\t\t\tval='',\n\t\t\t\t\ttype=1,\n\t\t\t\t\tevent='rah_bitly',\n\t\t\t\t\thtml='{$html}',\n\t\t\t\t\tposition=" . $position);
             $prefs['rah_bitly_' . $name] = '';
         }
         $position++;
     }
     set_pref('rah_bitly_version', self::$version, 'rah_bitly', 2, '', 0);
     $prefs['rah_bitly_version'] = self::$version;
 }
Пример #9
0
safe_query("alter ignore table " . safe_pfx('txp_category') . " modify parent INT not null");
$types = safe_column('distinct type', 'txp_category', '1=1');
foreach ($types as $type) {
    $root = safe_field('id', 'txp_category', "type='" . doSlash($type) . "' and name='root' and parent=0");
    if (!$root) {
        $root = safe_insert('txp_category', "name='root', type='" . doSlash($type) . "', parent=0");
    }
    safe_update('txp_category', "parent='" . $root . "'", "type='" . doSlash($type) . "' and parent=0 and id != '" . $root . "'");
    tree_rebuild_full('txp_category', "type='" . doSlash($type) . "'");
}
// index on form type
safe_upgrade_index('txp_form', 'type_idx', '', 'type');
// dropdown ui for certain prefs
safe_upgrade_table('txp_prefs', array('choices' => 'varchar(64)'));
safe_update('txp_prefs', "html='checkbox'", "html='yesnoradio'");
safe_update('txp_prefs', "html='text'", "html='text_input'");
safe_update('txp_prefs', "choices='commentmode', html='select'", "html='commentmode'");
safe_update('txp_prefs', "choices='logging', html='select'", "html='logging'");
safe_update('txp_prefs', "choices='production_stati', html='radio'", "html='prod_levels'");
safe_update('txp_prefs', "choices='gmtoffsets', html='select'", "html='gmtoffset_select'");
safe_update('txp_prefs', "choices='weeks', html='select'", "html='weeks'");
safe_update('txp_prefs', "choices='languages', html='select'", "html='languages'");
safe_update('txp_prefs', "choices='permlinkmodes', html='radio'", "html='permlinkmodes'");
safe_update('txp_prefs', "choices='dateformats', html='select'", "html='dateformats'");
// change previous Textile prefs into matching markup class names from classMarkup.php
$use_textile = safe_field('val', 'txp_prefs', "name='use_textile'");
$markups = array('txprawxhtml', 'txptextile', 'txpnl2br');
if (!empty($markups[$use_textile])) {
    safe_insert('txp_prefs', "prefs_id = 1, event='publish', name = 'markup_default', val = '{$markups[$use_textile]}', type = '0', html='select', choices='markups'");
    safe_delete('txp_prefs', "name='use_textile'");
}
Пример #10
0
function author_delete()
{
    require_privs('admin.edit');
    $user_id = assert_int(ps('user_id'));
    $name = fetch('Realname', 'txp_users', 'user_id', $user_id);
    if ($name) {
        $rs = safe_delete('txp_users', "user_id = {$user_id}");
        if ($rs) {
            admin(gTxt('author_deleted', array('{name}' => $name)));
        }
    }
}
Пример #11
0
}
safe_update('textpattern', "Keywords=TRIM(BOTH ',' FROM REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(Keywords,'\n',','),'\r',','),'\t',','),'    ',' '),'  ',' '),'  ',' '),' ,',','),', ',','),',,,,',','),',,',','),',,',','))", "Keywords != ''");
// shift preferences to more intuitive spots
// give positions, leave enough room for later additions
safe_update('txp_prefs', "position = 20", "name in(\n\t\t'sitename',\n\t\t'comments_on_default',\n\t\t'img_dir',\n\t\t'comments_require_name',\n\t\t'syndicate_body_or_excerpt',\n\t\t'title_no_widow'\n\t)");
safe_update('txp_prefs', "position = 40", "name in(\n\t\t'siteurl',\n\t\t'comments_default_invite',\n\t\t'file_base_path',\n\t\t'comments_require_email',\n\t\t'rss_how_many',\n\t\t'articles_use_excerpts'\n\t)");
safe_update('txp_prefs', "position = 60", "name in('\n\t\tsite_slogan',\n\t\t'comments_moderate',\n\t\t'never_display_email',\n\t\t'file_max_upload_size',\n\t\t'show_comment_count_in_feed',\n\t\t'allow_form_override'\n\t)");
safe_update('txp_prefs', "position = 80", "name in(\n\t\t'production_status',\n\t\t'comments_disabled_after',\n\t\t'tempdir',\n\t\t'comment_nofollow',\n\t\t'include_email_atom',\n\t\t'attach_titles_to_permalinks'\n\t)");
safe_update('txp_prefs', "position = 100", "name in(\n\t\t'gmtoffset',\n\t\t'comments_auto_append',\n\t\t'plugin_cache_dir',\n\t\t'permalink_title_format',\n\t\t'use_mail_on_feeds_id'\n\t)");
safe_update('txp_prefs', "position = 120", "name in(\n\t\t'is_dst',\n\t\t'comments_mode',\n\t\t'override_emailcharset'\n\t)");
safe_update('txp_prefs', "position = 120, event = 'publish'", "name = 'send_lastmod'");
safe_update('txp_prefs', "position = 140", "name in(\n\t\t'dateformat',\n\t\t'comments_dateformat',\n\t\t'spam_blacklists',\n\t\t'lastmod_keepalive'\n\t)");
safe_update('txp_prefs', "position = 160", "name in(\n\t\t'archive_dateformat',\n\t\t'comments_are_ol',\n\t\t'comment_means_site_updated',\n\t\t'ping_weblogsdotcom'\n\t)");
safe_update('txp_prefs', "position = 180", "name in('permlink_mode','comments_sendmail','ping_textpattern_com')");
safe_update('txp_prefs', "position = 200", "name in('use_textile','expire_logs_after')");
safe_update('txp_prefs', "position = 220", "name in('logging','use_dns')");
safe_update('txp_prefs', "position = 240", "name in('use_comments','max_url_len')");
safe_update('txp_prefs', "position = 260", "name = 'use_plugins'");
safe_update('txp_prefs', "position = 280", "name = 'admin_side_plugins'");
safe_update('txp_prefs', "position = 300", "name = 'allow_page_php_scripting'");
safe_update('txp_prefs', "position = 320", "name = 'allow_article_php_scripting'");
safe_update('txp_prefs', "position = 340", "name = 'allow_raw_php_scripting'");
safe_update('txp_prefs', "position = 120, type = 1", "name = 'comments_disallow_images'");
safe_update('txp_prefs', "event = 'comments'", "name in(\n\t\t'never_display_email',\n\t\t'comment_nofollow',\n\t\t'spam_blacklists',\n\t\t'comment_means_site_updated'\n\t)");
safe_update('txp_prefs', "event = 'feeds'", "name in(\n\t\t'syndicate_body_or_excerpt',\n\t\t'rss_how_many',\n\t\t'show_comment_count_in_feed',\n\t\t'include_email_atom',\n\t\t'use_mail_on_feeds_id'\n\t)");
# 'Textile links' feature removed due to unclear specs.
safe_delete('txp_prefs', "event='link' and name='textile_links'");
#  Use TextileRestricted lite/fat in comments?
if (!safe_field('name', 'txp_prefs', "name = 'comments_use_fat_textile'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'comments_use_fat_textile', val = '0', type = '1', event='comments', html='yesnoradio', position='130'");
}
Пример #12
0
/**
 * The main panel listing all log hits.
 *
 * @param string|array $message The activity message
 */
function log_list($message = '')
{
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('tab_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    } else {
        if (!in_array($sort, array('ip', 'host', 'page', 'refer', 'method', 'status'))) {
            $sort = 'time';
        }
        set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    }
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    } else {
        $dir = $dir == 'asc' ? "asc" : "desc";
        set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    }
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL {$expire_logs_after} DAY)");
    switch ($sort) {
        case 'ip':
            $sort_sql = "ip {$dir}";
            break;
        case 'host':
            $sort_sql = "host {$dir}";
            break;
        case 'page':
            $sort_sql = "page {$dir}";
            break;
        case 'refer':
            $sort_sql = "refer {$dir}";
            break;
        case 'method':
            $sort_sql = "method {$dir}";
            break;
        case 'status':
            $sort_sql = "status {$dir}";
            break;
        default:
            $sort = 'time';
            $sort_sql = "time {$dir}";
            break;
    }
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $search = new Filter($event, array('ip' => array('column' => 'txp_log.ip', 'label' => gTxt('IP')), 'host' => array('column' => 'txp_log.host', 'label' => gTxt('host')), 'page' => array('column' => 'txp_log.page', 'label' => gTxt('page')), 'refer' => array('column' => 'txp_log.refer', 'label' => gTxt('referrer')), 'method' => array('column' => 'txp_log.method', 'label' => gTxt('method')), 'status' => array('column' => 'txp_log.status', 'label' => gTxt('status'), 'type' => 'integer')));
    list($criteria, $crit, $search_method) = $search->getFilter(array('status' => array('can_list' => true)));
    $search_render_options = array('placeholder' => 'search_logs');
    $total = safe_count('txp_log', "{$criteria}");
    echo n . tag(hed(gTxt('tab_logs'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
    $searchBlock = n . tag($search->renderForm('log_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control'));
    $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container'));
    if ($total < 1) {
        if ($criteria != 1) {
            echo $searchBlock . $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information'));
        } else {
            echo $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_refers_recorded'), array('class' => 'alert-block information'));
        }
        echo n . tag_end('div');
        return;
    }
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo $searchBlock . $contentBlockStart;
    $rs = safe_rows_start("*, UNIX_TIMESTAMP(time) AS uTime", 'txp_log', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
    if ($rs) {
        echo n . tag(toggle_box('log_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'log_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'txp-list-col-time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'txp-list-col-ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'txp-list-col-host log_detail') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'txp-list-col-page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'txp-list-col-refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'txp-list-col-method log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status log_detail')) . n . tag_end('thead') . n . tag_start('tbody');
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' target="_blank"');
            }
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = href(txpspecialchars($log_anchor), txpspecialchars($log_page), ' target="_blank"');
                if ($log_method == 'POST') {
                    $log_page = strong($log_page);
                }
            }
            echo tr(td(fInput('checkbox', 'selected[]', $log_id), '', 'txp-list-col-multi-edit') . hCell(gTime($log_uTime), '', ' class="txp-list-col-time" scope="row"') . td(href(txpspecialchars($log_ip), 'https://whois.domaintools.com/' . rawurlencode($log_ip), array('rel' => 'external', 'target' => '_blank')), '', 'txp-list-col-ip') . td(txpspecialchars($log_host), '', 'txp-list-col-host log_detail') . td($log_page, '', 'txp-list-col-page') . td($log_refer, '', 'txp-list-col-refer') . td(txpspecialchars($log_method), '', 'txp-list-col-method log_detail') . td($log_status, '', 'txp-list-col-status log_detail'));
        }
        echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . log_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('log', $log_list_pageby) . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div');
    }
    echo n . tag_end('div');
}
Пример #13
0
    if ((include txpath . DS . 'update' . DS . '_to_4.3.0.php') !== false) {
        $dbversion = '4.3.0';
    }
}
if (version_compare($dbversion, '4.4.0', '<')) {
    if ((include txpath . DS . 'update' . DS . '_to_4.4.0.php') !== false) {
        $dbversion = '4.4.0';
    }
}
if (version_compare($dbversion, '4.4.1', '<')) {
    if ((include txpath . DS . 'update' . DS . '_to_4.4.1.php') !== false) {
        $dbversion = '4.4.1';
    }
}
if (version_compare($dbversion, '4.4.2', '<')) {
    if ((include txpath . DS . 'update' . DS . '_to_4.4.2.php') !== false) {
        $dbversion = '4.4.2';
    }
}
// keep track of updates for svn users
safe_delete('txp_prefs', "name = 'dbupdatetime'");
safe_insert('txp_prefs', "prefs_id=1, name='dbupdatetime',val='" . max(newest_file(), time()) . "', type='2'");
// update version
safe_delete('txp_prefs', "name = 'version'");
safe_insert('txp_prefs', "prefs_id=1, name='version',val='{$dbversion}', type='2'");
// updated, baby. So let's get the fresh prefs and send them to languages
define('TXP_UPDATE_DONE', 1);
$event = 'prefs';
$step = 'list_languages';
$prefs = get_prefs();
extract($prefs);
Пример #14
0
/**
 * Commits prefs to the database.
 */
function prefs_save()
{
    global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user;
    // Update custom fields count from database schema and cache it as a hidden pref.
    // TODO: move this when custom fields are refactored.
    $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe ' . safe_pfx('textpattern'))));
    set_pref('max_custom_fields', $max_custom_fields, 'publish', 2);
    $sql = array();
    $sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ', ' . PREF_HIDDEN . ')';
    $sql[] = "(user_name = '' or (user_name='" . doSlash($txp_user) . "' and name not in(\n            select name from " . safe_pfx('txp_prefs') . " where user_name = ''\n        )))";
    if (!get_pref('use_comments', 1, 1)) {
        $sql[] = "event != 'comments'";
    }
    $prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(' and ', $sql));
    $post = stripPost();
    if (isset($post['tempdir']) && empty($post['tempdir'])) {
        $post['tempdir'] = find_temp_dir();
    }
    if (!empty($post['file_max_upload_size'])) {
        $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']);
    }
    if (isset($post['auto_dst'])) {
        $prefs['auto_dst'] = $auto_dst = $post['auto_dst'];
        if (isset($post['is_dst']) && !$post['auto_dst']) {
            $is_dst = $post['is_dst'];
        }
    }
    // Forge $gmtoffset and $is_dst from $timezone_key if present.
    if (isset($post['timezone_key'])) {
        $key = $post['timezone_key'];
        $tzd = Txp::get('Textpattern_Date_Timezone')->getTimeZones();
        if (isset($tzd[$key])) {
            $prefs['timezone_key'] = $timezone_key = $key;
            $post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset'];
            $post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('Textpattern_Date_Timezone')->isDst(null, $key);
        }
    }
    if (isset($post['siteurl'])) {
        $post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ '));
    }
    while ($a = nextRow($prefnames)) {
        extract($a);
        if (!isset($post[$name]) || !has_privs('prefs.' . $event)) {
            continue;
        }
        if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) {
            safe_truncate('txp_log');
        }
        if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) {
            safe_delete('txp_log', 'time < date_sub(now(), interval ' . intval($post[$name]) . ' day)');
        }
        update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name);
    }
    update_lastmod();
    prefs_list(gTxt('preferences_saved'));
}
Пример #15
0
/**
 * Remove all language strings for the given lang code.
 *
 * Removed language code is specified with 'lang_code' HTTP POST
 * parameter.
 */
function remove_language()
{
    $lang_code = ps('lang_code');
    $ret = safe_delete('txp_lang', "lang = '" . doSlash($lang_code) . "'");
    if ($ret) {
        callback_event('lang_deleted', '', 0, $lang_code);
        $msg = gTxt($lang_code) . sp . gTxt('deleted');
    } else {
        $msg = gTxt('cannot_delete', array('{thing}' => $lang_code));
    }
    list_languages($msg);
}
Пример #16
0
function plugin_multi_edit()
{
    $selected = ps('selected');
    $method = ps('edit_method');
    if (!$selected or !is_array($selected)) {
        return plugin_list();
    }
    $where = "name IN ('" . join("','", doSlash($selected)) . "')";
    switch ($method) {
        case 'delete':
            foreach ($selected as $name) {
                if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
                    load_plugin($name, true);
                    callback_event("plugin_lifecycle.{$name}", 'disabled');
                    callback_event("plugin_lifecycle.{$name}", 'deleted');
                }
            }
            safe_delete('txp_plugin', $where);
            break;
        case 'changestatus':
            foreach ($selected as $name) {
                if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
                    $status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'");
                    load_plugin($name, true);
                    // NB: won't show returned messages anywhere due to potentially overwhelming verbiage.
                    callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled');
                }
            }
            safe_update('txp_plugin', 'status = (1-status)', $where);
            break;
        case 'changeorder':
            $order = min(max(intval(ps('order')), 1), 9);
            safe_update('txp_plugin', 'load_order = ' . $order, $where);
            break;
    }
    $message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected)));
    plugin_list($message);
}
Пример #17
0
function checkNonce($nonce)
{
    if (!$nonce && !preg_match('#^[a-zA-Z0-9]*$#', $nonce)) {
        return false;
    }
    // delete expired nonces
    safe_delete("txp_discuss_nonce", "issue_time < date_sub(now(),interval 10 minute)");
    // check for nonce
    return safe_row("*", "txp_discuss_nonce", "nonce='" . doSlash($nonce) . "' and used = 0") ? true : false;
}
Пример #18
0
/**
 * Deletes a page template.
 */
function page_delete()
{
    $name = ps('name');
    $count = safe_count('txp_section', "page = '" . doSlash($name) . "'");
    $message = '';
    if ($name == 'error_default') {
        return page_edit();
    }
    if ($count) {
        $message = array(gTxt('page_used_by_section', array('{name}' => $name, '{count}' => $count)), E_WARNING);
    } else {
        if (safe_delete('txp_page', "name = '" . doSlash($name) . "'")) {
            callback_event('page_deleted', '', 0, $name);
            $message = gTxt('page_deleted', array('{name}' => $name));
        }
    }
    page_edit($message);
}
Пример #19
0
function link_multi_edit()
{
    $selected = ps('selected');
    if (!$selected or !is_array($selected)) {
        return link_edit();
    }
    $selected = array_map('assert_int', $selected);
    $method = ps('edit_method');
    $changed = array();
    if ($method == 'delete') {
        foreach ($selected as $id) {
            if (safe_delete('txp_link', 'id = ' . $id)) {
                $changed[] = $id;
            }
        }
    } elseif ($method == 'changecategory') {
        foreach ($selected as $id) {
            if (safe_update('txp_link', "category = '" . doSlash(ps('category')) . "'", "id = {$id}")) {
                $changed[] = $id;
            }
        }
    }
    if ($changed) {
        return link_edit(gTxt($method == 'delete' ? 'links_deleted' : 'link_updated', array($method == 'delete' ? '{list}' : '{name}' => join(', ', $changed))));
    }
    return link_edit();
}
Пример #20
0
function log_list($message = '')
{
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('visitor_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    }
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    }
    $dir = $dir == 'asc' ? 'asc' : 'desc';
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
    switch ($sort) {
        case 'ip':
            $sort_sql = 'ip ' . $dir;
            break;
        case 'host':
            $sort_sql = 'host ' . $dir;
            break;
        case 'page':
            $sort_sql = 'page ' . $dir;
            break;
        case 'refer':
            $sort_sql = 'refer ' . $dir;
            break;
        case 'method':
            $sort_sql = 'method ' . $dir;
            break;
        case 'status':
            $sort_sql = 'status ' . $dir;
            break;
        default:
            $sort = 'time';
            $sort_sql = 'time ' . $dir;
            break;
    }
    set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = 1;
    if ($search_method and $crit) {
        $crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
        $critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
        if (array_key_exists($search_method, $critsql)) {
            $criteria = $critsql[$search_method];
            $limit = 500;
        } else {
            $search_method = '';
            $crit = '';
        }
    } else {
        $search_method = '';
        $crit = '';
    }
    $total = safe_count('txp_log', "{$criteria}");
    echo '<div id="' . $event . '_control" class="txp-control-panel">';
    if ($total < 1) {
        if ($criteria != 1) {
            echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
        } else {
            echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
        }
        return;
    }
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo n . log_search_form($crit, $search_method) . '</div>';
    $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
    if ($rs) {
        echo n . '<div id="' . $event . '_container" class="txp-container txp-list">';
        echo n . n . '<form action="index.php" id="log_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list', '', '90%') . n . '<thead>' . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status') . hCell('', '', ' class="multi-edit"')) . n . '</thead>';
        $tfoot = n . '<tfoot>' . tr(tda(toggle_box('log_detail'), ' class="detail-toggle" colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' class="multi-edit" colspan="6" style="text-align: right; border: none;"')) . n . '</tfoot>';
        echo $tfoot;
        echo '<tbody>';
        $ctr = 1;
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = 'http://' . $log_refer;
                $log_refer = '<a href="' . htmlspecialchars($log_refer) . '" target="_blank">' . htmlspecialchars(soft_wrap($log_refer, 30)) . '</a>';
            }
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = '<a href="' . htmlspecialchars($log_page) . '" target="_blank">' . htmlspecialchars($log_anchor) . '</a>';
                if ($log_method == 'POST') {
                    $log_page = '<strong>' . $log_page . '</strong>';
                }
            }
            echo tr(n . td(gTime($log_uTime), 85, 'date time') . td($log_ip, 20, 'log_detail ip') . td(soft_wrap($log_host, 30), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(htmlspecialchars($log_method), 60, 'log_detail method') . td($log_status, 60, 'log_detail status') . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
            $ctr++;
        }
        echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="' . $event . '_navigation" class="txp-navigation">' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . pageby_form('log', $log_list_pageby) . n . '</div>' . n . '</div>';
    }
}
Пример #21
0
<?php

if (!defined('TXP_UPDATE')) {
    exit("Nothing here. You can't access this file directly.");
}
// Support for per-user private prefs.
$cols = getThings('describe `' . PFX . 'txp_prefs`');
if (!in_array('user_name', $cols)) {
    safe_alter('txp_prefs', "ADD `user_name` varchar(64) NOT NULL default '', DROP INDEX `prefs_idx`, ADD UNIQUE `prefs_idx` (`prefs_id`, `name`, `user_name`), ADD INDEX `user_name` (`user_name`)");
}
// Remove a few global prefs in favour of future private ones.
safe_delete('txp_prefs', "user_name = '' AND name in ('article_list_pageby', 'author_list_pageby', 'comment_list_pageby', 'file_list_pageby', 'image_list_pageby', 'link_list_pageby', 'log_list_pageby')");
// Use dedicated prefs function for setting custom fields.
safe_update('txp_prefs', "html='custom_set'", "name IN ('custom_1_set', 'custom_2_set', 'custom_3_set', 'custom_4_set', 'custom_5_set', 'custom_6_set', 'custom_7_set', 'custom_8_set', 'custom_9_set', 'custom_10_set') AND html='text_input'");
// Send comments prefs.
safe_update('txp_prefs', "html='commentsendmail'", "name='comments_sendmail' AND html='yesnoradio'");
// Timezone prefs.
safe_update('txp_prefs', "html='is_dst'", "name='is_dst' AND html='yesnoradio'");
if (!safe_field('name', 'txp_prefs', "name = 'auto_dst'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'auto_dst', val = '0', type = '0', event = 'publish', html = 'yesnoradio', position = '115'");
}
if (!safe_field('name', 'txp_prefs', "name = 'timezone_key'")) {
    $tz = new timezone();
    $tz = $tz->key($gmtoffset);
    safe_insert('txp_prefs', "prefs_id = 1, name = 'timezone_key', val = '{$tz}', type = '2', event = 'publish', html = 'textinput', position = '0'");
}
// Default event admin pref.
if (!safe_field('name', 'txp_prefs', "name = 'default_event'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'default_event', val = 'article', type = '1', event = 'admin', html = 'default_event', position = '150'");
}
// Add columns for thumbnail dimensions.
Пример #22
0
function css_delete()
{
    $name = ps('name');
    $count = safe_count('txp_section', "css = '" . doSlash($name) . "'");
    if ($count) {
        $message = gTxt('css_used_by_section', array('{name}' => $name, '{count}' => $count));
    } else {
        safe_delete('txp_css', "name = '" . doSlash($name) . "'");
        $message = gTxt('css_deleted', array('{name}' => $name));
    }
    css_edit($message);
}
Пример #23
0
function form_delete($name)
{
    global $essential_forms;
    if (in_array($name, $essential_forms)) {
        return false;
    }
    $name = doSlash($name);
    if (safe_delete("txp_form", "name='{$name}'")) {
        return true;
    }
    return false;
}
Пример #24
0
function section_delete()
{
    $selected = ps('selected');
    $with_articles = safe_rows('Section, Count(*) AS count', 'textpattern', "Section in ('" . join("','", doSlash($selected)) . "') GROUP BY Section");
    $protected[] = 'default';
    $del['success'] = $del['error'] = array();
    foreach ($with_articles as $row) {
        $protected[] = $row['Section'];
    }
    $protected = array_unique($protected);
    foreach ($selected as $item) {
        if (in_array($item, $protected)) {
            $del['error'][] = $item;
        } else {
            $ret = safe_delete('txp_section', "name = '" . doSlash($item) . "'");
            if ($ret) {
                $del['success'][] = $item;
            } else {
                $del['error'][] = $item;
            }
        }
    }
    if ($del['success']) {
        callback_event('sections_deleted', '', 0, $del['success']);
    }
    $message = $del['success'] ? gTxt('section_deleted', array('{name}' => join(', ', $del['success']))) : '';
    sec_section_list($message);
}
Пример #25
0
}
// doctype prefs
if (!safe_field('name', 'txp_prefs', "name = 'doctype'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'doctype', val = 'xhtml', type = '0', event = 'publish', html = 'doctypes', position = '190'");
}
// publisher's email address
if (!safe_field('name', 'txp_prefs', "name = 'publisher_email'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'publisher_email', val = '', type = 1, event = 'admin', position = 115");
}
// goodbye raw ?php support
if (safe_field('name', 'txp_prefs', "name = 'allow_raw_php_scripting'")) {
    safe_delete('txp_prefs', "name = 'allow_raw_php_scripting'");
}
safe_alter('txp_users', "MODIFY RealName VARCHAR(255) NOT NULL default '', MODIFY email VARCHAR(254) NOT NULL default ''");
// Remove any setup strings from lang table
safe_delete('txp_lang', "event='setup'");
$has_idx = 0;
$rs = getRows('show index from `' . PFX . 'textpattern`');
foreach ($rs as $row) {
    if ($row['Key_name'] == 'url_title_idx') {
        $has_idx = 1;
    }
}
if (!$has_idx) {
    safe_query('alter ignore table `' . PFX . 'textpattern` add index url_title_idx(`url_title`)');
}
// Remove is_default from txp_section table and make it a preference
if (!safe_field('name', 'txp_prefs', "name = 'default_section'")) {
    $current_default_section = safe_field('name', 'txp_section', 'is_default=1');
    safe_insert('txp_prefs', "prefs_id = 1, name = 'default_section', val = '" . doSlash($current_default_section) . "', type = '2', event = 'section', html = 'text_input', position = '0'");
}
Пример #26
0
function article_delete()
{
    $dID = ps('dID');
    $rs = safe_delete("textpattern", "ID={$dID}");
    if ($rs) {
        article_list(messenger('article', $dID, 'deleted'), 1);
    }
}
Пример #27
0
function event_multi_edit($table, $id_key)
{
    $method = ps('edit_method');
    $selected = ps('selected');
    if ($selected) {
        if ($method == 'delete') {
            foreach ($selected as $id) {
                $id = assert_int($id);
                if (safe_delete($table, "{$id_key} = {$id}")) {
                    $ids[] = $id;
                }
            }
            return join(', ', $ids);
        }
    }
    return '';
}
Пример #28
0
function admin_multi_edit()
{
    global $txp_user;
    require_privs('admin.edit');
    $selected = ps('selected');
    $method = ps('edit_method');
    $changed = array();
    if (!$selected or !is_array($selected)) {
        return admin();
    }
    $names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'");
    if (!$names) {
        return admin();
    }
    switch ($method) {
        case 'delete':
            if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) {
                $changed = $names;
                $msg = 'author_deleted';
            }
            break;
        case 'changeprivilege':
            global $levels;
            $privilege = ps('privs');
            if (!isset($levels[$privilege])) {
                return admin();
            }
            if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) {
                $changed = $names;
                $msg = 'author_updated';
            }
            break;
        case 'resetpassword':
            $failed = array();
            foreach ($names as $name) {
                $passwd = generate_password(6);
                if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) {
                }
                $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
                if (send_new_password($passwd, $email, $name)) {
                    $changed[] = $name;
                    $msg = 'author_updated';
                } else {
                    return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name));
                }
            }
            break;
    }
    if ($changed) {
        return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed)))));
    }
    admin();
}
Пример #29
0
function customer_delete($event, $step)
{
    global $txp_user, $vars, $txpcfg, $prefs;
    extract($prefs);
    extract(doSlash($_REQUEST));
    $user_id = assert_int($user_id);
    safe_delete("txp_users", "user_id = {$user_id}");
    customers_list('', '', "customer deleted");
}
Пример #30
0
function ign_user_delete()
{
    global $ign_user_db;
    $user_id = ps('user_id');
    $name = fetch('Realname', $ign_user_db, 'user_id', $user_id);
    if ($name) {
        $rs = safe_delete($ign_user_db, "user_id = '{$user_id}'");
        if ($rs) {
            ign_admin(messenger('user', $name, 'deleted'));
        }
    }
}