/**
* Filters the passed text to remove nasty html and turns urls to html links and embeds youtube and vimeo links
* @param [type] $content [description]
* @return [type] [description]
*/
function filter($content)
{
// strip bad stuff
$content = safe_html($content);
// convert links to embedable content TODO much more that that is needed
// taken from http://stackoverflow.com/questions/19050890/find-youtube-link-in-php-string-and-convert-it-into-embed-code
// and from http://stackoverflow.com/questions/28563706/how-to-convert-vimeo-url-to-embed-without-letting-go-of-the-text-around-it
/*
// 1. Youtube
$content = preg_replace(
"/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i",
"<div class=\"embed-responsive embed-responsive-16by9\">
<iframe src=\"//www.youtube.com/embed/$2\" allowfullscreen frameborder=\"0\" class=\"embed-responsive-item\">
</iframe></div>", $content);
// 2. Vimeo
$content = preg_replace('#https?://(www\.)?vimeo\.com/(\d+)#',
'<div class="embed-responsive embed-responsive-16by9">
<iframe class="videoFrame" src="//player.vimeo.com/video/$2" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen class="embed-responsive-item">
</iframe>
</div>',$content);
*/
// add links and returns
return linkUrlsInTrustedHtml($content);
}
function label_for($record, $attribute, $label)
{
if (!$record instanceof CustomPost\Base) {
throw new CustomPost\RecordNotCustomPost();
}
return safe_html(sprintf('<label for="%s">%s</label>', "{$record->post_type}_{$attribute}", $label));
}
function getSearchBox()
{
$CMS_TITLE = CMS_TITLE;
$lastquery = "";
if ($_GET['query'] != "") {
$lastquery = safe_html($_GET['query']);
}
if ($_POST['query'] != "") {
$lastquery = safe_html($_POST['query']);
}
global $cmsFolder, $urlRequestRoot, $ICONS;
$searchbox = <<<SEARCH
\t<style type="text/css">
\t\ttable.searchBox{border:1px solid #113377}
\t\t#result_report {
\t\t\ttext-align:center ;
\t\t\tpadding:3px;
\t\t\tbackground-color:#e5ecf9;
\t\t\tfont-weight: bold;
\t\t\tmargin-bottom:14px;
\t\t\tmargin-right: 10px;
\t\t}
\t</style>
\t<fieldset>
\t<legend>{$ICONS['Search']['small']}{$CMS_TITLE} Search</legend>
\t
\t<center>
\t<form action="./+search" method="POST">
\t<table cellspacing="1" cellpadding="5" class="searchBox">
\t\t<tr>
\t\t\t<td align="center">
\t\t\t\t<table>
\t\t\t\t\t<tr>
\t\t\t\t\t\t<td><div align="left"><input type="text" size="40" id="query" name="query" value="{$lastquery}" /></td>
\t\t\t\t\t\t<td><input type="submit" value="Search"/></td>
\t\t\t\t\t</tr>
\t\t\t\t</table>
\t\t\t\t
\t\t\t</td>
\t\t</tr>
\t</table>
\tPowered by <a href="http://www.sphider.eu/" target="_blank"><img src="{$urlRequestRoot}/{$cmsFolder}/templates/common/images/sphider-logo.png" border="0" style="vertical-align: middle" alt="Sphider"></a><br/><br/>
\t</form>
\t</center>
SEARCH;
return $searchbox;
}
function bold_tag($color, $content){
$string= sprintf('<b style="color: %s;">%s</b>', $color, $content);
return safe_html($string);
}
<?
require dirname(__DIR__) . "/vendor/autoload.php";
Artovenry\Haml::init("", ["debug"=>true]);
render("index", "hoge", ["var"=>safe_html("<i>hoge</i>")]);
/**
* fuction getQuizCorrectForm:
* returns form where user answers submissions will be displayed, marks can be alloted for subjective answers
*/
function getQuizCorrectForm($quizId, $userId)
{
$marks = mysql_fetch_array(mysql_query("SELECT SUM(`quiz_marksallotted`) AS `total`, MIN(`quiz_attemptstarttime`) AS `starttime`, MAX(`quiz_submissiontime`) AS `finishtime`, TIMEDIFF(MAX(`quiz_submissiontime`), MIN(`quiz_attemptstarttime`)) AS `timetaken` FROM `quiz_userattempts` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$quizId}'"));
$title = mysql_fetch_array(mysql_query("SELECT `quiz_title` FROM `quiz_descriptions` WHERE `page_modulecomponentid` = '{$quizId}'"));
$correctFormHtml = "";
$sectionHead = "";
$sections = mysql_query("SELECT `quiz_sections`.`quiz_sectiontitle` AS `quiz_sectiontitle`, `quiz_sections`.`quiz_sectionid` AS `quiz_sectionid`, `quiz_marksallotted` FROM `quiz_userattempts` JOIN `quiz_sections` ON `quiz_userattempts`.`quiz_sectionid` = `quiz_sections`.`quiz_sectionid` WHERE `user_id` = '{$userId}' AND `quiz_userattempts`.`page_modulecomponentid` = '{$quizId}' AND `quiz_sections`.`page_modulecomponentid` = '{$quizId}'");
while ($sectionsRow = mysql_fetch_array($sections)) {
$correctFormHtml .= "<h4>{$sectionsRow['quiz_sectiontitle']}(Marks: {$sectionsRow['quiz_marksallotted']})</h4>";
$sectionHead .= "<td><b>{$sectionsRow['quiz_sectiontitle']}</b> section marks: {$sectionsRow['quiz_marksallotted']}</td>";
$questionQuery = "SELECT `quiz_questions`.`quiz_questionid` AS `quiz_questionid`, " . "`quiz_questions`.`quiz_question` AS `quiz_question`, `quiz_questiontype`, " . "`quiz_rightanswer`, `quiz_submittedanswer`, `quiz_marksallotted`,`quiz_questions`.`quiz_sectionid` " . "FROM `quiz_questions`, `quiz_answersubmissions` WHERE " . "`quiz_questions`.`page_modulecomponentid` = '{$quizId}' AND " . "`quiz_questions`.`page_modulecomponentid` = `quiz_answersubmissions`.`page_modulecomponentid` AND " . "`quiz_questions`.`quiz_sectionid` = `quiz_answersubmissions`.`quiz_sectionid` AND " . "`quiz_questions`.`quiz_questionid` = `quiz_answersubmissions`.`quiz_questionid` AND " . "`quiz_questions`.`quiz_sectionid` = '{$sectionsRow['quiz_sectionid']}' AND " . "`user_id` = '{$userId}' ORDER BY `quiz_answersubmissions`.`quiz_questionrank`";
$questionResult = mysql_query($questionQuery);
if (!$questionResult) {
displayerror($questionQuery . '<br />' . mysql_error());
}
while ($questionRow = mysql_fetch_assoc($questionResult)) {
$correctFormHtml .= '<table class="quiz_' . (is_null($questionRow['quiz_marksallotted']) || floatval($questionRow['quiz_marksallotted']) <= 0 ? 'wrong' : 'right') . "answer\"><tr><td colspan=\"2\">{$questionRow['quiz_question']}</td></tr>\n";
if ($questionRow['quiz_questiontype'] == 'subjective') {
$submittedAnswers = array();
$submittedAnswers[] = $questionRow['quiz_submittedanswer'];
$correctAnswers = array();
$correctAnswers[] = $questionRow['quiz_rightanswer'];
$correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
$correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Correct Answer:</td><td>' . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
$correctFormHtml .= "<tr><td>Mark:</td><td><form method=POST action='./+correct&useremail=" . safe_html($_GET['useremail']) . "'><input type=hidden name=quizid value='{$quizId}'><input type=hidden name=sectionid value={$questionRow['quiz_sectionid']}><input type=hidden name=questionid value={$questionRow['quiz_questionid']}><input type=hidden name=userid value={$userId}><input type=text name=mark size=5 value='{$questionRow['quiz_marksallotted']}'><input type=submit value='Submit' name=btnSetMark></form></td></tr>";
} elseif ($questionRow['quiz_questiontype'] == 'sso' || $questionRow['quiz_questiontype'] == 'mso') {
$optionList = getQuestionOptionList($quizId, $sectionsRow['quiz_sectionid'], $questionRow['quiz_questionid']);
$options = array();
for ($i = 0; $i < count($optionList); ++$i) {
$options[$optionList[$i]['quiz_optionid']] = $optionList[$i];
}
$correctAnswers = array();
$rightAnswerIds = explode('|', $questionRow['quiz_rightanswer']);
for ($i = 0; $i < count($rightAnswerIds); ++$i) {
$correctAnswers[] = $options[$rightAnswerIds[$i]]['quiz_optiontext'];
}
$submittedAnswers = array();
$submittedAnswerIds = explode('|', $questionRow['quiz_submittedanswer']);
for ($i = 0; $i < count($submittedAnswerIds); ++$i) {
$submittedAnswers[] = $options[$submittedAnswerIds[$i]]['quiz_optiontext'];
}
$correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
$correctFormHtml .= "<tr><td nowrap=\"nowrap\" width=\"10%\">Correct Answer:</td><td>" . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
$correctFormHtml .= "<tr><td>Mark:</td><td>{$questionRow['quiz_marksallotted']}</td></tr>";
}
$correctFormHtml .= "</table>\n";
}
}
$quizcorrectinfo = "<h3>{$title['quiz_title']} - Quiz Answers Correct form for user: "******"</h3><form name='userclearform' method='POST' action='./+correct'><a href='./+correct'><<Back</a> <input type='hidden' name='hdnUserId' id='hdnUserId' value='{$userId}' /><input type='submit' name='btnDeleteUser' id='btnDeleteUser' value='Reject Submission' /></form><table width=100%><tr><td>Total marks: {$marks['total']}</td>{$sectionHead}<td>Start time: {$marks['starttime']}</td><td>Finish time: {$marks['finishtime']}</td><td>Time taken: {$marks['timetaken']}</td></tr></table>";
$correctFormHtml .= "<a href='./+correct'><<Back</a>";
return $quizcorrectinfo . $correctFormHtml;
}
function show_wall()
{
global $user, $config, $keyword, $search_mode, $page_name;
?>
<table>
<tr>
<td align="center"><b>Name</b></td>
<td align="center"><b>Message</b></td>
<td align="center"><b> </b></td>
</tr>
<form action="<?php
echo $page_name;
?>
" method="post">
<td align="center"><b><input type="text" value="<?php
echo $user->get_name();
?>
" name="author"></td>
<td align="center"><b><textarea rows="2" name="message" style="width:100%"></textarea></td>
<td align="center"><input type="submit" value="Post"><input type="hidden" name="post_message" value=true></td>
<input type="hidden" name="post_message" value=true>
</form>
<?php
$author_sql = 'select distinct ip,author from ( select * from ' . $config[dbwall] . ' ORDER BY time DESC limit 40) as foo ;';
$sql = 'SELECT author, message, time, ip FROM ' . $config[dbwall] . ' ORDER BY time DESC LIMIT 40';
#send query to mysql
$wall = MySQL_query($sql);
$wall_line_number = 0;
#show messages on wall
while ($row = MySQL_fetch_array($wall)) {
$class = $wall_line_number % 2 ? 'class="online_even"' : 'class="online_odd"';
$i = 0;
$query = MySQL_query($author_sql);
while ($author_row = MySQL_fetch_array($query)) {
if (strcasecmp($author_row['author'], $row['author']) == 0 and $author_row['ip'] == $row['ip']) {
$author_number = $i;
#so one color for each author
break;
}
$i++;
}
echo "<tr {$class}>";
echo "<td class='wallname wallcolour" . $author_number % 13 . "' >" . safe_html(stripslashes($row['author'])) . "</td>";
echo "<td align='center' >" . safe_html(stripslashes($row['message'])) . "</td>";
echo "<td align='center' style='font-size:x-small'>" . date("H:i", strtotime(stripslashes($row['time']))) . "<br>" . date("M d", strtotime(stripslashes($row['time']))) . "</td>";
echo "</tr>";
#produce readable HTML by having a new line here
echo "\r\n";
$wall_line_number++;
}
?>
</table>
<?php
}
?>
<?php
include 'common.php';
$sql = 'SELECT author, message, time, ip FROM ' . $config[dbwall] . ' ORDER BY time DESC LIMIT 40';
$wall = MySQL_query($sql);
?>
<rss version="2.0">
<channel>
<?php
echo "\r\n";
echo '<title>' . $config[website_name] . '</title>';
echo '<link>' . $config[web_address] . '</link>';
echo '<description>Feed for comments on the ' . $config[website_name] . ' wall</description>';
echo "\r\n";
while ($row = MySQL_fetch_array($wall)) {
echo '<item>';
echo '<title>' . safe_html($row['author']) . '</title>';
echo '<link> ' . $config[web_address] . '</link>';
echo '<description>' . safe_html(stripslashes($row['message'])) . '</description>';
echo '</item>';
echo "\r\n";
}
?>
</channel>
</rss>
connect();
///Authentication process begins here
require_once $sourceFolder . "/authenticate.lib.php";
$cookieSupported = checkCookieSupport();
if ($cookieSupported == true) {
session_start();
}
$userId = firstTimeGetUserId();
///Case 1 : request a page
if (isset($_GET['page'])) {
$_GET['page'] = escape($_GET['page']);
$pageFullPath = strtolower($_GET['page']);
} else {
if (isset($_GET['user'])) {
$publicPageRequest = true;
$userProfileId = safe_html(escape($_GET['user']));
//This is just to prevent parsing a NULL url when someone misplaces the code for User profile parser
$pageFullPath = "home";
} else {
$pageFullPath = "home";
}
}
///Retrieve the action, default is "view"
if (isset($_GET['action'])) {
$action = strtolower(escape($_GET['action']));
} else {
$action = "view";
}
///Just to check if server is alive, an alternative of Ping
if ($action == 'keepalive') {
die("OK: " . rand());
/**
* @package pragyan
* @copyright (c) 2010 Pragyan Team
* @license http://www.gnu.org/licenses/ GNU Public License
* For more details, see README
*/
function resetPasswd($allow_login)
{
if (!isset($_POST['user_email']) && !isset($_GET['key'])) {
$resetPasswd = <<<RESET
\t\t\t\t\t<form class="registrationform" method="POST" name="user_passreset" onsubmit="return checkForm(this)" action="./+login&subaction=resetPasswd">
\t\t\t\t\t\t<fieldset>
\t\t\t\t\t\t<legend>Reset Password</legend>
\t\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><label for="user_email" class="labelrequired">Email</label></td>
\t\t\t\t\t\t\t\t\t<td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td colspan="2"> </td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t\t\t\t\t\t\t<td>
RESET;
if ($allow_login) {
$resetPasswd .= "<a href='./+login&subaction=register'>Sign Up</a> ";
}
$resetPasswd .= "<a href='./+login'>Login</a></td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</fieldset>\n\t\t\t\t\t</form>";
return $resetPasswd;
} elseif (!isset($_GET['key'])) {
$user_email = escape($_GET['user_email']);
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", escape($_POST['user_email']))) {
displayerror("Invalid Email Id. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
} else {
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . escape($_POST[user_email]) . "' ";
$result = mysql_query($query);
$temp = mysql_fetch_assoc($result);
if (mysql_num_rows($result) == 0) {
displayerror("E-mail not in registered accounts list. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
} elseif ($temp['user_loginmethod'] === 'openid') {
displayerror("This email is registered as an OpenID user. You do not have a permanent account on our server. Hence, we do not keep or maintain your password. Please ask the parent OpenID provider to reset the password for you");
} elseif ($temp['user_activated'] == 0) {
displayerror("Account not yet activated.<b>Please check your email</b> and click on the activation link. <a href=\"./+login&subaction=register&reSendKey=1\">Resend activation mail?</a><br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
} else {
$key = md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2));
// send mail code starts here - see common.lib.php for more
// $from = "*****@*****.**";
$to = "{$temp['user_email']}";
$mailtype = "password_forgot_reset";
$language = "en";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('RESETPASS_URL' => "{$onlineSiteUrl}/+login&subaction=resetPasswd&resetPasswd={$temp['user_email']}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key)) {
displayinfo("Password reset link sent. Kindly check your e-mail. <br /><input type=\"button\" onclick=\"history.go(-2)\" value=\"Go back\" />");
} else {
displayerror("Password reset failed. Kindly contact webadmin@pragyan.org");
}
// send mail code ends here
}
}
} else {
$key = escape($_GET['key']);
$user_email = escape($_GET['resetPasswd']);
$password = rand();
$dbpassword = md5($password);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $user_email . "'";
$result = mysql_query($query);
$temp = mysql_fetch_assoc($result);
if ($key == md5($temp['user_password'] . 'xXc' . substr($temp['user_email'], 1, 2))) {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_password`='{$dbpassword}' WHERE `user_email`='{$user_email}'";
$result = mysql_query($query);
if (mysql_affected_rows() > 0) {
// send mail code starts here
// $from = "*****@*****.**";
$to = "{$temp['user_email']}";
$mailtype = "password_reset";
$language = "en";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('PASSWORD' => "{$password}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key)) {
displayinfo("Password reset. Kindly check your e-mail.");
} else {
displayerror("Password reset failed. Kindly contact administrator");
}
// send mail code ends here
}
} else {
displayinfo(safe_html("Authentication failure for password reset for {$user_email}"));
}
}
return "";
}
function updateGlobalSettings()
{
$global = array();
$global['allow_pagespecific_header'] = isset($_POST['allow_page_header']) ? 1 : 0;
$global['allow_pagespecific_template'] = isset($_POST['allow_page_template']) ? 1 : 0;
$global['default_user_activate'] = isset($_POST['activate_useronreg']) ? 1 : 0;
$global['default_mail_verify'] = isset($_POST['send_mail_on_reg']) ? 1 : 0;
$global['breadcrumb_submenu'] = isset($_POST['breadcrumb_submenu']) ? 1 : 0;
$global['allow_login'] = isset($_POST['allow_login']) ? 1 : 0;
$global['deadline_notify'] = $_POST['deadline_notify'];
$global['cms_title'] = escape($_POST['cms_title']);
$global['default_template'] = escape($_POST['default_template']);
$global['cms_email'] = escape($_POST['cms_email']);
$global['upload_limit'] = escape($_POST['upload_limit']);
$global['reindex_frequency'] = escape($_POST['reindex_frequency']);
$global['cms_desc'] = escape($_POST['cms_desc']);
$global['cms_keywords'] = escape($_POST['cms_keywords']);
$global['cms_footer'] = escape($_POST['cms_footer']);
$global['blacklist_domain'] = escape($_POST['blacklist_domain']);
$global['blacklist_ip'] = escape($_POST['blacklist_ip']);
$global['censor_words'] = safe_html($_POST['censor_words']);
$blacklist_domain = safe_html($_POST['blacklist_domain']);
$blacklist_ip = safe_html($_POST['blacklist_ip']);
if (!($blacklist_domain == "" && $blacklist_ip == "")) {
setblacklist($blacklist_domain, $blacklist_ip);
}
if (isset($_POST['openid_enabled']) && escape($_POST['openid_enabled'] == 'true')) {
if (iscurlinstalled()) {
//check if curl is enabled
$global['openid_enabled'] = 'true';
} else {
global $curl_message;
displaywarning($curl_message);
//dispaly warnning that curl is not enabled
$global['openid_enabled'] = 'false';
//disable openid
}
} else {
//if user submitted false
$global['openid_enabled'] = 'false';
}
//disable openid
if (isset($_POST['recaptcha_enable'])) {
if ($_POST['public_key'] != NULL && $_POST['private_key'] != NULL) {
$global['recaptcha'] = '1';
// enable recaptcha
$global['recaptcha_public'] = escape($_POST['public_key']);
$global['recaptcha_private'] = escape($_POST['private_key']);
} else {
displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled");
//dispaly warning
$global['recaptcha'] = '0';
//disable recaptcha
}
} else {
$global['recaptcha'] = '0';
}
setGlobalSettings($global);
displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
}
function mailer($to, $mailtype, $key, $from)
{
if (empty($from)) {
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
}
//init mail template file path
$mail_filepath = MAILPATH . "/" . LANGUAGE . "/email/{$mailtype}.txt";
$drop_header = '';
if (!file_exists($mail_filepath)) {
displayerror(safe_html("NO FILE called {$mail_filepath} FOUND !"));
}
//check file
if (($data = @file_get_contents($mail_filepath)) === false) {
displayerror("{$mail_filepath} FILE READ ERROR !");
}
//read contents
//escape quotes
$body = str_replace("'", "\\'", $data);
//replace the vars in file content with those defined
$body = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', "' . ((isset(\$this->vars['\\1'])) ? \$this->vars['\\1'] : '') . '", $body);
//Make the content parseable
eval("\$body = '{$body}';");
//Extract the SUBJECT from mail content
$match = array();
if (preg_match('#^(Subject:(.*?))$#m', $body, $match)) {
//Find SUBJECT
$subject = trim($match[2]) != '' ? trim($match[2]) : $subject;
$drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#');
}
if ($drop_header) {
//Remove SUBJECT from BODY of mail
$body = trim(preg_replace('#' . $drop_header . '#s', '', $body));
}
//Debug info
//echo displayinfo($from.' <br> '.$to.' <br> '.$subject.' <br> '.$body);
//Send mail
global $debugSet;
if ($debugSet == "on") {
displayinfo("Vars :" . arraytostring($this->vars));
displayinfo("Mail sent to {$to} from {$from} with subject {$subject} and body {$body}");
}
return mail($to, $subject, $body, $from);
}
install_head("设置管理员账号密码");
echo_start();
echo_msg("设置管理员账号密码" . HR);
form_start("install.php?act=admin_ok");
echo_msg("管理员账号:", "<input type='text' name='user' value='admin'>", true);
echo_msg("管理员密码:", "<input type='text' name='pass' value='admin'>", true);
echo_msg("管理员邮箱:", "<input type='text' name='email' value='*****@*****.**'>", true);
echo_msg(HR);
echo_msg(button("submit", "下一步"));
echo_end();
form_end();
install_foot();
} elseif ($sysact == "admin_ok") {
$user = safe_html($user);
$pass = safe_html($pass);
$email = safe_html($email);
if (!$user) {
error("管理员账号不能为空", "admin");
}
if (!$pass) {
error("管理员密码不能为空", "admin");
}
if (!file_exists("config.php")) {
error("config.php配置文件不存在,请返回修改", "setconfig", "设置config.php文件");
}
if (!file_exists("install.sql")) {
error("install.sql 文件不存在,请上传...", "incsql", "下一步");
}
include_once "config.php";
include_once "class/db/mysql.php";
$DB = new DB_SQL($dbHost, $dbUser, $dbPass);
function safe_html($var)
{
if (!is_array($var)) {
return $var === NULL ? NULL : htmlspecialchars($var, ENT_QUOTES, 'UTF-8');
// htmlspecialchars keeps ñ, á and all the UTF-8 valid chars
}
$safe_array = array();
foreach ($var as $k => $v) {
$safe_array[$k] = is_array($v) ? safe_html($v) : ($v === NULL ? NULL : htmlspecialchars($v, ENT_QUOTES, 'UTF-8'));
}
return $safe_array;
}
function handleTemplateManagement()
{
global $sourceFolder;
if (isset($_POST['btn_install'])) {
$uploadId = processUploaded("Template");
if ($uploadId != -1) {
return installModule($uploadId, "Template");
}
} else {
if (isset($_POST['btn_uninstall'])) {
$query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'";
$res = mysql_query($query);
$row1 = array();
$row1 = mysql_fetch_row($res);
if (!isset($_POST['Template']) || $_POST['Template'] == "") {
return "";
}
$toDelete = escape($_POST['Template']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
$query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10";
$result2 = mysql_query($query2) or displayerror(mysql_error());
if ($row1[0] == $toDelete) {
displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'.");
return "";
}
if (mysql_num_rows($result2) == 0 || isset($_POST['confirm'])) {
if ($row = mysql_fetch_array(mysql_query($query))) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
mysql_query($query);
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '" . $row1[0] . "' WHERE `page_template` = '" . $toDelete . "'";
mysql_query($query) or displayerror(mysql_error());
$templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
if (file_exists($templateDir)) {
delDir($templateDir);
}
displayinfo("Template " . safe_html($_POST['Template']) . " uninstalled!");
return "";
} else {
displayerror("Template uninstallation failed!");
return "";
}
}
$pageList = "";
while ($row = mysql_fetch_assoc($result2)) {
$pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
}
$templatename = safe_html($_POST['Template']);
$ret = <<<RET
<fieldset>
<legend>{$ICONS['Templates Management']['small']}Template Management</legend>
Some of the page with {$templatename} template are:<br>
{$pageList}
<div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div>
<form method=POST action='./+admin&subaction=template&subsubaction=uninstall'>
<input type=hidden value='{$templatename}' name='Template' />
<input type=submit value='Delete template' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
return $ret;
}
}
/*
this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
so template installation is also merged with module and widget installation,
but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
are missing in that installation, these will remain commented for reference till those features are implemented the other way
else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize')
{
$issues = "";
$ret = reportIssues(escape($_POST['path']),$issues);
if($ret[0] == 1)
{
displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
delDir(escape($_POST['del']));
unlink(escape($_POST['file']));
return "";
}
$templates=getAvailableTemplates();
$flag=false;
foreach ($templates as $template)
if($template==$_POST['template'])
{
$flag=true;
break;
}
if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/"))
{
displayerror("Template Installation failed : A folder by the template name already exists.");
$templatePath=safe_html($_POST['del']);
$str=safe_html($_POST['file']);
$ret=<<<RET
<form method=POST action='./+admin&subaction=canceltemplate'>
Please click the following button to start a fresh installation :
<input type=hidden name='path' value='{$templatePath}'>
<input type=hidden name='file' value='{$str}'>
<input type=submit value="Fresh Installation">
</form>
RET;
return $ret;
}
rename(escape($_POST['path']), $sourceFolder . "/templates/" . escape($_POST['template']) . "/");
delDir(escape($_POST['del']));
unlink(escape($_POST['file']));
mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates` VALUES('" . escape($_POST['template']) . "')");
displayinfo("Template installation complete");
return "";
}
else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel')
{
delDir(escape($_POST['path']));
unlink(escape($_POST['file']));
return "";
}*/
}
function handleModuleManagement()
{
global $sourceFolder;
if (isset($_POST['btn_install'])) {
$uploadId = processUploaded("Module");
if ($uploadId != -1) {
return installModule($uploadId, "Module");
}
} else {
if (isset($_POST['btn_uninstall'])) {
if (!isset($_POST['Module']) || $_POST['Module'] == "") {
return "";
}
if ($_POST['Module'] == 'article') {
displayerror("Article module can't be deleted for the home page itself is a article");
return "";
}
$toDelete = escape($_POST['Module']);
$query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '{$toDelete}' LIMIT 10";
$result = mysql_query($query) or displayerror(mysql_error());
if (mysql_num_rows($result) == 0 || isset($_POST['confirm'])) {
if (deleteModule($toDelete)) {
displayinfo("Module " . safe_html($_POST['Module']) . " uninstalled!");
return "";
} else {
displayerror("Module uninstallation failed!");
return "";
}
}
if (isset($_POST['confirm'])) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '" . $toDelete . "'";
mysql_query($query) or displayerror(mysql_error());
}
$pageList = "";
while ($row = mysql_fetch_assoc($result)) {
$pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
}
$modulename = safe_html($_POST['Module']);
$ret = <<<RET
<fieldset>
<legend>{$ICONS['Modules Management']['small']}Module Management</legend>
Some of the page of type {$modulename} are:<br>
{$pageList}
<div class='cms-error'>These pages will be removed and cant be recovered, If you proceed deleting the module.</div>
<form method=POST action='./+admin&subaction=module&subsubaction=uninstall'>
<input type=hidden value='{$modulename}' name='Module' />
<input type=submit value='Delete module' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
return $ret;
} else {
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') {
return finalizeInstallation(escape($_POST['id']), "Module");
} else {
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') {
$uploadId = escape($_POST['id']);
$result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'"));
if ($result != NULL) {
$zipFile = $result['filePath'];
$temp = explode(";", $result['info']);
$extractedPath = $temp[0];
$moduleActualPath = $temp[1];
$moduleName = $temp[2];
}
delDir($extractedPath);
unlink($zipFile);
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
return "";
}
}
}
}
}
public function actionEdit()
{
$module_ComponentId = $this->moduleComponentId;
if (isset($_POST['edit_share'])) {
$desc = safe_html($_POST['share_desc']);
$ftype = escape($_POST['file_type']);
if (strlen($desc) < 50 || strlen($ftype) == 0) {
displayerror("Could not update the page. Either the share description or file type doesnot meet the requirements!!");
} else {
$max_size = escape($_POST['file_size']);
$query = "UPDATE `share` SET `page_desc` = '{$desc}', `file_type` = '{$ftype}', `maxfile_size` = '{$max_size}' WHERE `page_modulecomponentid` = '{$module_ComponentId}'";
$result = mysql_query($query);
if (mysql_affected_rows() < 0) {
displayerror("Error in updating the database. Please Try again later");
} else {
displayinfo("All settings updated successfully");
}
}
}
$query = "SELECT * FROM `share` WHERE `page_modulecomponentid` = '{$module_ComponentId}'";
$result = mysql_query($query) or displayerror(mysql_error() . " Error in share.lib.php L:322");
$result = mysql_fetch_array($result) or displayerror(mysql_error() . "Error in share.lib.php L:323");
$edit_form = <<<EDIT
<script type="text/javascript" language="javascript">
function checkForm()
{
\tvar desc = document.edit_share.share_desc.value;
\tvar length = desc.length;
\tif(length<50)
\t{
\t\tdocument.getElementById('share_desc').focus();
\t\talert("Please enter the Share Description (min. 50 characters)");
\t\treturn false;
\t}
\tvar type = document.edit_share.file_type.value;
\tvar tlength = type.length;
\tif(tlength==0)
\t{
\t\tdocument.getElementById('file_type').focus();
\t\talert("Please enter the File types that can be uploaded");
\t\treturn false;
\t}
\treturn true;
}
</script>
\t<fieldset><legend>EDIT SHARE</legend>
\t<form method="POST" name="edit_share" action="./+edit">
\t<table>
\t<tr><td>Share Description </td><td><textarea name="share_desc" id="share_desc" cols="50" rows="5" class="textbox" >{$result['page_desc']}</textarea></td></tr>
\t<tr><td>Uploadable FIle types</td><td><input type='text' name="file_type" id="file_type" value={$result['file_type']}></td></tr>
\t<tr><td>Max File Size(in bytes)</td><td><input type='text' name="file_size" id="file_size" value={$result['maxfile_size']}></td></tr>
\t<tr><td colspan=2 style="text-align:center"><input type="submit" value="submit" name="edit_share" onclick="return checkForm();"><input type="reset" value="Reset"></td></tr>
\t</table>\t
\t</form>\t
\t</fieldset>
EDIT;
return $edit_form;
}
/**
* function actionEdit:
* Edit interface for all safedit module instances
* will be called from $this->getHtml function
*/
public function actionEdit()
{
$ret = <<<RET
<style type="text/css">
textarea {
\tfont-size: 130%;
\tbackground: white;
}
</style>
RET;
global $sourceFolder, $ICONS;
require_once $sourceFolder . "/upload.lib.php";
submitFileUploadForm($this->moduleComponentId, "safedit", $this->userId, UPLOAD_SIZE_LIMIT);
$end = "<fieldset id='uploadFile'><legend>{$ICONS['Uploaded Files']['small']}File Upload</legend>Upload files : <br />" . getFileUploadForm($this->moduleComponentId, "safedit", './+edit', UPLOAD_SIZE_LIMIT, 5) . getUploadedFilePreviewDeleteForm($this->moduleComponentId, "safedit", './+edit') . '</fieldset>';
$val = mysql_fetch_assoc(mysql_query("SELECT `page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit' AND `page_modulecomponentid` = '{$this->moduleComponentId}'"));
$ret .= "<h1>Editing '" . $val['page_title'] . "' page</h1>";
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "addSection") {
$show = isset($_POST['sectionShow']);
$heading = escape($_POST['heading']);
$result = mysql_query("SELECT MAX(`section_id`)+1 as `section_id` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'") or die(mysql_error());
$row = mysql_fetch_row($result);
$sectionId = $row[0];
$result = mysql_query("SELECT MAX(`section_priority`)+1 as `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'");
$row = mysql_fetch_row($result);
$priority = $row[0];
$query = "INSERT INTO `safedit_sections`(`page_modulecomponentid`,`section_id`,`section_heading`,`section_type`,`section_show`,`section_priority`) VALUES ('{$this->moduleComponentId}','{$sectionId}','{$heading}','" . escape($_POST['type']) . "','{$show}','{$priority}')";
mysql_query($query) or die($query . "<br>" . mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Section: {$heading}, created");
} else {
displayerror("Couldn't create section");
}
} else {
if ($_GET['subaction'] == 'deleteSection') {
$sectionId = escape($_GET['sectionId']);
$query = "DELETE FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
mysql_query($query) or die($query . "<br>" . mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Section deleted succesfully");
} else {
displayerror("Couldn't delete section");
}
} else {
if ($_GET['subaction'] == 'saveSection') {
$sectionId = escape($_POST['sectionId']);
$heading = escape($_POST['heading']);
$typeUpdate = isset($_POST['type']) ? ", `section_type` = '{$_POST['type']}'" : '';
$show = ", `section_show` = '" . isset($_POST['sectionShow']) . "'";
$result = mysql_query("SELECT `section_type` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'");
$row = mysql_fetch_row($result);
$type = $row[0];
if ($type == "para" || $type == "ulist" || $type == "olist") {
$sectionContent = escape($this->processSave($_POST['content']));
} else {
if ($type == "picture") {
$sectionContent = escape($_POST['selectFile']);
}
}
$query = "UPDATE `safedit_sections` SET `section_heading` = '{$heading}', `section_content` = '{$sectionContent}'{$typeUpdate}{$show} WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
mysql_query($query) or die($query . "<br>" . mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Section saved successfully");
}
} else {
if ($_GET['subaction'] == 'moveUp' || $_GET['subaction'] == 'moveDown') {
$compare = $_GET['subaction'] == 'moveUp' ? '<=' : '>=';
$arrange = $_GET['subaction'] == 'moveUp' ? 'DESC' : 'ASC';
$sectionId = escape($_GET['sectionId']);
$query = "SELECT `section_id`,`section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` '{$compare}' (SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}') ORDER BY `section_priority` '{$arrange}' LIMIT 2";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
$sid = $row[0];
$spr = $row[1];
if ($row = mysql_fetch_row($result)) {
mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$spr}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$row[0]}'");
mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$row[1]}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sid}'");
}
} else {
if ($_GET['subaction'] == 'moveTop' || $_GET['subaction'] == 'moveBottom') {
$sectionId = escape($_GET['sectionId']);
$cpri = mysql_fetch_row(mysql_query("SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'")) or die(mysql_error());
if ($_GET['subaction'] == 'moveTop') {
$sign = '+';
$cmpr = '<';
$set = '0';
} else {
$sign = '-';
$cmpr = '>';
$set = mysql_fetch_row(mysql_query("SELECT MAX(`section_priority`) FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'")) or die(mysql_error());
$set = isset($set[0]) ? $set[0] : '';
}
$cmpr = $_GET['subaction'] == 'moveTop' ? '<' : '>';
$query = "UPDATE `safedit_sections` SET `section_priority` = `section_priority`{$sign}1 WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` {$cmpr} '{$cpri[0]}'";
mysql_query($query) or die(mysql_error());
mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$set}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'") or die(mysql_error());
}
}
}
}
}
}
$result = mysql_query("SELECT `section_id`,`section_heading`,`section_type`,`section_content`,`section_show` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `section_priority`");
while ($row = mysql_fetch_assoc($result)) {
$show = $row['section_show'] ? 'checked ' : '';
$type = $row['section_type'];
$help = $type != "picture" ? " <a href='#help' title='Only Plain text allowed, Click to know more'>{$ICONS['Help']['small']}</a>" : '';
$ret .= <<<RET
<form action='./+edit&subaction=saveSection' method=POST><input type=hidden value='{$row['section_id']}' name='sectionId' /><fieldset><legend><input type=checkbox name='sectionShow' {$show}/><input type=text name=heading value='{$row['section_heading']}' style='border:0;background:none;' /> <a href='./+edit&subaction=moveUp§ionId={$row['section_id']}' title='Move one level Up'>{$ICONS['Up']['small']}</a> <a href='./+edit&subaction=moveDown§ionId={$row['section_id']}' title='Move one level Down'>{$ICONS['Down']['small']}</a> <a href='./+edit&subaction=moveTop§ionId={$row['section_id']}' title='Move to Top'>{$ICONS['Top']['small']}</a> <a href='./+edit&subaction=moveBottom§ionId={$row['section_id']}' title='Move to Bottom'>{$ICONS['Bottom']['small']}</a> <a href='./+edit&subaction=deleteSection§ionId={$row['section_id']}' title='Delete Section'>{$ICONS['Delete Section']['small']}</a>{$help}</legend><div class='safedit_section'>
RET;
$safeContent = safe_html($row['section_content']);
if ($type == "ulist" || $type == "olist" || $type == "para") {
$usel = $type == "ulist" ? ' selected' : '';
$osel = $type == "olist" ? ' selected' : '';
$psel = $type == "para" ? ' selected' : '';
$ret .= <<<PARA
<textarea name=content rows=7 style="width:100%">{$safeContent}</textarea>
<select name=type>
<option value="para"{$psel}>Paragraph</option>
<option value="ulist"{$usel}>List</option>
<option value="olist"{$osel}>Numbered List</option>
</select>
PARA;
} else {
if ($type == "picture") {
$files = getUploadedFiles($this->moduleComponentId, "safedit");
$ret .= "<a href='#uploadFile'>Upload File</a><br /><select name=selectFile><option value=''>No picture</option>";
foreach ($files as $currFile) {
$select = $row['section_content'] == $currFile['upload_filename'] ? ' selected' : '';
$ret .= "<option value='{$currFile['upload_filename']}'{$select}>{$currFile['upload_filename']}</option>";
}
$ret .= "</select>";
}
}
$ret .= <<<SUBMIT
<input type=submit value='Save section' /></div></fieldset></form>
SUBMIT;
}
$ret .= <<<RET
<fieldset>
<legend>{$ICONS['Add']['small']}Create New Section</legend>
<form action="./+edit&subaction=addSection" method=POST>
<select name='type'>
<option value="para">Paragraph</option>
<option value="ulist">List</option>
<option value="olist">Numbered List</option>
<option value="picture">Picture</option>
</select>
<input type=text name="heading" />
<input type=checkbox name="sectionShow" checked />
<input type=submit value="Add section" name="btnAddSection" />
</form>
</fieldset>
RET;
$ret .= $end;
$ret .= <<<RET
<small id="help"><ul><li>You can display only Plain text, any custom formatting will be prevented.<br />To make a link, enclose the text with '{' and '}' and add the target to the end of the line after '|'<br />For eg:<br />{This is a link}, and this is not a link|http://www.google.com<br />The above line will make a link to google.com</li><li>Leave section heading text box blank(without even spaces) to avoid displaying Heading</li></ul></small>
RET;
return $ret;
}
/**
* The actual registration form!!! For which we made all this preparation...
* @param $action is the form action
*
* In case it is blank, it means this function was called by actionView
* in that case, action is "."
*
* In case it is ./+editregistrants&subaction=editregistrant&useremail=<useremail>, it means
* this function was called by edit registrants
*
* @uses getFormElementInputField to get the input fields
*
* TODO : If the form is associated with a group, the form HAS to give the user the option to unregister from it.
*/
function generateRegistrationForm($moduleCompId, $userId, $action = "", $disableCaptcha = false)
{
if ($action != '') {
$userId = getUserIdFromEmail(escape($_GET['useremail']));
} else {
$action = './+view';
}
if (!isset($userId)) {
displayerror('Could not load information for user with e-mail address ' . safe_html(escape($_GET['useremail'])));
return '';
}
/// Initialize the form body
global $cmsFolder;
global $moduleFolder;
global $urlRequestRoot;
$jsPath2 = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/form/validation.js";
//validation.js
$jsPath = "{$urlRequestRoot}/{$cmsFolder}/templates/common/scripts/formValidator.js";
//validation.js
$calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}";
$jsPathMooTools = "{$urlRequestRoot}/{$cmsFolder}/templates/common/scripts/mootools-1.11-allCompressed.js";
$body = '<script language="javascript" type="text/javascript" src="' . $jsPath2 . '"></script>';
/// Get HTML for all the fields for the form
$jsValidationFunctions = array();
$containsFileUploadFields = false;
$formElements = getFormElementsHtmlAsArray($moduleCompId, $userId, $jsValidationFunctions, $containsFileUploadFields);
$jsValidationFunctions = join($jsValidationFunctions, ' && ');
$body .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>';
$body .= '<br /><br /><div class="registrationform"><form class="fValidator-form cms-registrationform" action="' . $action . '" method="post"';
if ($containsFileUploadFields) {
$body .= ' enctype="multipart/form-data"';
}
$body .= '>';
/// SELECT form details
$formQuery = 'SELECT `form_heading`, `form_headertext`, `form_footertext`, `form_usecaptcha` FROM `form_desc` WHERE ' . "`page_modulecomponentid` = '{$moduleCompId}'";
$formResult = mysql_query($formQuery);
if (!$formResult) {
displayerror('E52 : Invalid query: ' . mysql_error());
return false;
}
if ($formRow = mysql_fetch_assoc($formResult)) {
$body .= '<fieldset><legend><h2>' . $formRow['form_heading'] . '</h2></legend><br /><div style="text-align:center;font-size:20px;">' . $formRow['form_headertext'] . '</div><br />';
} else {
displayerror('Could not load form data.');
return '';
}
$body .= "\n<table cellspacing=\"8px\"><tr>";
$body .= join($formElements, "</tr>\n<tr>") . '</tr>';
if (!$disableCaptcha && $formRow['form_usecaptcha'] == 1) {
$body .= getCaptchaHtml();
}
$req_query = "SELECT count(*) FROM `form_elementdesc` WHERE `form_elementisrequired`=1 AND `page_modulecomponentid`='{$moduleCompId}'";
$res_req = mysql_fetch_array(mysql_query($req_query)) or displayerror("Error at registrationformgenerate.lib.php Line 85 " . mysql_error());
if ($res_req[0] > 0) {
$body .= '<tr>' . '<td colspan="2">* - Required Fields </td></tr>';
}
$body .= '</table></fieldset>' . '<br /><div style="text-align:center"><input type="submit" name="submitreg_form_' . $moduleCompId . '" value="Submit" />' . '<br /><br />' . $formRow['form_footertext'] . '</div></form></div>';
$body .= <<<SCRIPT
\t\t\t<script language="javascript" type="text/javascript">
\t\t\t<!--
\t\t\t\tfunction validate_form(thisform) {
\t\t\t\t\treturn ({$jsValidationFunctions});
\t\t\t\t}
\t\t\t-->
\t\t\t</script>
SCRIPT;
return $body;
}
/**
* function submitQuestionEditForm:
* updates question properties in database when a question edit form is submitted.
* for objective answers also the options are updated
*/
function submitQuestionEditForm($quizId, $sectionId, $questionId)
{
$updates = array();
$done = true;
if (isset($_POST['txtQuestion'])) {
$updates[] = "`quiz_question` = '" . escape($_POST['txtQuestion']) . "'";
}
if (isset($_POST['selQuestionType']) && in_array($_POST['selQuestionType'], array_keys(getQuestionTypes()))) {
$updates[] = "`quiz_questiontype` = '" . escape($_POST['selQuestionType']) . "'";
} else {
displayerror('No or invalid question type specified.');
return false;
}
if (isset($_POST['txtQuestionWeight']) && is_numeric($_POST['txtQuestionWeight']) && $_POST['txtQuestionWeight'] > 0) {
$updates[] = "`quiz_questionweight` = " . escape($_POST['txtQuestionWeight']);
}
deleteQuestionOptions($quizId, $sectionId, $questionId);
$questionType = escape($_POST['selQuestionType']);
if ($questionType != 'subjective') {
$i = 0;
$rightAnswer = array();
while (true) {
if (!isset($_POST['txtOptionText' . $i]) || $_POST["txtOptionText{$i}"] == '') {
break;
}
$optionText = escape($_POST['txtOptionText' . $i]);
$insertQuery = "INSERT INTO `quiz_objectiveoptions`(`page_modulecomponentid`, `quiz_sectionid`, `quiz_questionid`, `quiz_optiontext`, `quiz_optionrank`) " . "SELECT '{$quizId}', '{$sectionId}', '{$questionId}', '{$optionText}', IFNULL(MAX(`quiz_optionrank`), 0) + 1 FROM `quiz_objectiveoptions` WHERE `page_modulecomponentid` = '{$quizId}' AND `quiz_sectionid` = '{$sectionId}' AND `quiz_questionid` = '{$questionId}' LIMIT 1";
if (!mysql_query($insertQuery)) {
displayerror('Database Error. Could not insert options.');
return false;
}
$optionId = mysql_insert_id();
if ($questionType == 'sso' && isset($_POST['optOption']) && $_POST['optOption'] == $i || $questionType == 'mso' && isset($_POST['chkOption' . $i])) {
$rightAnswer[] = $optionId;
}
++$i;
}
if (!isset($rightAnswer[0])) {
displayerror('No options specified for objective answer');
$done = false;
}
$rightAnswer = implode('|', $rightAnswer);
} else {
$rightAnswer = isset($_POST['txtRightAnswer']) ? safe_html($_POST['txtRightAnswer']) : '';
}
$updates[] = "`quiz_rightanswer` = '{$rightAnswer}'";
$updateQuery = "UPDATE `quiz_questions` SET " . implode(', ', $updates) . " WHERE `page_modulecomponentid` = {$quizId} AND `quiz_sectionid` = '{$sectionId}' AND `quiz_questionid` = '{$questionId}'";
if (!mysql_query($updateQuery)) {
displayerror('Database Error. Could not save section details. ' . $updateQuery . ' ' . mysql_error());
return false;
}
return $done;
}
public function actionView($text = "")
{
if (isset($_GET['draft']) && isset($_POST['CKEditor1'])) {
//$query = "UPDATE `article_draft` SET `draft_content` = '" . $_POST["CKEditor1"] . "' WHERE `page_modulecomponentid` =".$this->moduleComponentId;
$query = "SELECT MAX(draft_number) AS MAX FROM `article_draft` WHERE page_modulecomponentid ='{$this->moduleComponentId}'";
$result = mysql_query($query);
if (!$result) {
displayerror(mysql_error() . "article.lib L:44");
return;
}
if (mysql_num_rows($result)) {
$drow = mysql_fetch_assoc($result);
$draftId = $drow['MAX'] + 1;
} else {
$draftId = 1;
}
$query = "INSERT INTO `article_draft` (`page_modulecomponentid`,`draft_number`,`draft_content`,`draft_lastsaved`,`user_id`) VALUES ('" . $this->moduleComponentId . "','" . $draftId . "','" . $_POST['CKEditor1'] . "',now(),'" . $this->userId . "')";
$result = mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() < 1) {
displayerror("Unable to draft the article");
}
}
if ($this->isCommentsEnabled() && isset($_POST['btnSubmit'])) {
$id = mysql_fetch_array(mysql_query("SELECT MAX(`comment_id`) AS MAX FROM `article_comments`"));
$id = $id['MAX'] + 1;
$user = getUserName($this->userId);
$comment = escape(safe_html($_POST['comment']));
mysql_query("INSERT INTO `article_comments`(`comment_id`,`page_modulecomponentid`,`user`,`comment`) VALUES('{$id}','{$this->moduleComponentId}','{$user}','{$comment}')");
if (mysql_affected_rows()) {
displayinfo("Post successful");
} else {
displayerror("Error in posting comment");
}
}
if ($text == "") {
$query = "SELECT article_content,article_lastupdated FROM article_content WHERE page_modulecomponentid='" . $this->moduleComponentId . "'";
$result = mysql_query($query);
if ($row = mysql_fetch_assoc($result)) {
$text = $row['article_content'];
$text = censor_words($text);
global $PAGELASTUPDATED;
$PAGELASTUPDATED = $row['article_lastupdated'];
} else {
return "Article not yet created.";
}
}
global $sourceFolder;
global $moduleFolder;
require_once $sourceFolder . "/pngRender.class.php";
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
$render = new pngrender();
$ret = $render->transform($text);
require_once $sourceFolder . "/googleMaps.class.php";
$maps = new googlemaps();
$ret = $maps->render($ret);
if ($this->isCommentsEnabled()) {
$comments = mysql_query("SELECT `comment_id`,`user`,`timestamp`,`comment` FROM `article_comments` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `timestamp`");
if (mysql_num_rows($comments) > 0) {
$ret .= "<fieldset><legend>Comments</legend>";
}
while ($row = mysql_fetch_array($comments)) {
$ret .= $this->renderComment($row['comment_id'], $row['user'], $row['timestamp'], censor_words($row['comment']));
}
if (mysql_num_rows($comments) > 0) {
$ret .= "</fieldset>";
}
$ret .= $this->commentBox();
}
return $ret;
}
$array[] = "../data/" . $myfile;
}
}
closedir($handle);
foreach ($array as $key => $value) {
if (file_exists($value) && is_file($value)) {
if (substr(basename($value), 0, 6) == "system") {
$content = file_get_contents($value);
$content = preg_replace("/[\$]_sys\\[\"siteurl\"\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_sys[\"siteurl\"] = \"" . $siteurl . "\";", $content);
$content = preg_replace("/[\$]_sys\\[\"shareyeslink\"\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_sys[\"shareyeslink\"] = \"" . $siteurl . "\";", $content);
$content = preg_replace("/[\$]_sys\\[\"wx_link\"\\]\\s*\\=\\s*[\"'].*?[\"'];/is", "\$_sys[\"wx_link\"] = \"" . $siteurl . "\";", $content);
file_put_msg($value, $content);
}
}
}
//导入数据库
$sql = file_get_contents("install.sql");
if ($prefix != "YuanTest_") {
$sql = str_replace("YuanTest_", $prefix, $sql);
}
format_sql($sql);
//更新管理员信息
$admin_user = safe_html($admin_user);
$admin_pass = safe_html($admin_pass);
$sql = "TRUNCATE TABLE `" . $prefix . "admin`";
$db->query($sql);
$sql = "INSERT INTO " . $prefix . "admin(name,email,pass,status,if_system,popedom) VALUES('" . $admin_user . "','*****@*****.**','" . sys_md5($admin_pass) . "','1','1','')";
$db->query($sql);
@touch("lock.php");
$tpl->display("success.html");
}
public function actionEdit()
{
$editPageContent = '';
$paramSqlQuery = '';
$paramPageTitle = '';
$useParams = false;
if (isset($_POST['btnSubmitQueryData'])) {
if (!isset($_POST['pagetitle']) || !isset($_POST['sqlquery'])) {
displayerror('Error. Incomplete form data.');
}
$pageTitle = $_POST['pagetitle'];
$sqlQuery = $_POST['sqlquery'];
if ($this->saveQueryEditForm($pageTitle, $sqlQuery)) {
displayinfo('Changes saved successfully.');
}
} elseif (isset($_POST['btnPreviewResults'])) {
if (!isset($_POST['pagetitle']) || !isset($_POST['sqlquery'])) {
displayerror('Error. Incomplete form data.');
}
$pageTitle = $_POST['pagetitle'];
$sqlQuery = $_POST['sqlquery'];
$editPageContent = "<h2>{$pageTitle} (Preview)</h2><br />\n" . $this->generatePageData(stripslashes($sqlQuery)) . "<br />\n";
$useParams = true;
$paramSqlQuery = stripslashes($sqlQuery);
$paramPageTitle = $pageTitle;
}
$editPageContent .= $this->getQueryEditForm($paramPageTitle, $paramSqlQuery, $useParams);
$helptext = "";
if (isset($_POST['btnListTables']) || isset($_GET['subaction']) && $_GET['subaction'] == "listalltables") {
$helptext .= "<h2>Tables of Database " . MYSQL_DATABASE . "</h2><br/><table id='sqlhelptable' name='sqlhelptable' class='display'><thead></tr><tr><th>Table Name</th><th>Columns Information</th><th>Rows Information</th></tr></thead><tbody>";
$query = "SHOW TABLES";
$res = mysql_query($query);
while ($row = mysql_fetch_row($res)) {
$helptext .= "<tr><td>{$row[0]}</td><td><a href='./+edit&subaction=tablecols&tablename={$row[0]}'>View Columns</a></td><td><a href='./+edit&subaction=tablerows&tablename={$row[0]}'>View Rows</a></td></tr>";
}
$helptext .= "</tbody></table>";
}
if (isset($_POST['btnListRows']) && $_POST['tablename'] != "" || isset($_GET['subaction']) && $_GET['subaction'] == "tablerows") {
if (isset($_POST['tablename'])) {
$tablename = escape(safe_html($_POST['tablename']));
} else {
if (isset($_GET['tablename'])) {
$tablename = escape(safe_html($_GET['tablename']));
} else {
displayerror("Table name missing");
return $editPageContent;
}
}
$query = "SELECT * FROM '{$tablename}'";
$res = mysql_query($query);
$numfields = mysql_num_fields($res);
$helptext .= "<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=" . $numfields . ">Rows of Table {$tablename} <br/><a href='./+edit&subaction=tablecols&tablename={$tablename}'>View Columns</a> <a href='./+edit&subaction=listalltables'>View All Tables</a></th></tr>";
$helptext .= "<tr>";
for ($i = 0; $i < $numfields; $i++) {
$name = mysql_field_name($res, $i);
if (!$name) {
displayerror("Field name could not be retrieved");
break;
}
$helptext .= "<th>{$name}</th>";
}
$helptext .= "</tr></thead><tbody>";
while ($row = mysql_fetch_row($res)) {
$helptext .= "<tr>";
for ($i = 0; $i < $numfields; $i++) {
$helptext .= "<td>{$row[$i]}</td>";
}
$helptext .= "</tr>";
}
$helptext .= "</tbody></table>";
}
if (isset($_POST['btnListColumns']) && $_POST['tablename'] != "" || isset($_GET['subaction']) && $_GET['subaction'] == "tablecols") {
if (isset($_POST['tablename'])) {
$tablename = escape(safe_html($_POST['tablename']));
} else {
if (isset($_GET['tablename'])) {
$tablename = escape(safe_html($_GET['tablename']));
} else {
displayerror("Table name missing");
return $editPageContent;
}
}
$helptext .= "<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=6>Column Information of Table {$tablename} <br/><a href='./+edit&subaction=tablerows&tablename={$tablename}'>View Rows</a> <a href='./+edit&subaction=listalltables'>View All Tables</a> </th></tr>";
$helptext .= "<tr><th>Column Name</th><th>Column Type</th><th>Maximum Length</th><th>Default Value</th><th>Not Null</th><th>Primary Key</th></tr></thead><tbody>";
$query = "SELECT * FROM '{$tablename}' LIMIT 1";
$res = mysql_query($query);
for ($i = 0; $i < mysql_num_fields($res); $i++) {
$meta = mysql_fetch_field($res, $i);
if (!$meta) {
displayerror("Field information could not be retrieved");
break;
}
$helptext .= "<tr><td>{$meta->name}</td><td>{$meta->type}</td><td>{$meta->max_length}</td><td>{$meta->def}</td><td>{$meta->not_null}</td><td>{$meta->primary_key}</td></tr>";
}
$helptext .= "</tbody></table>";
}
global $urlRequestRoot, $cmsFolder, $STARTSCRIPTS;
$smarttable = smarttable::render(array('sqlhelptable'), null);
$STARTSCRIPTS .= "initSmartTable();";
global $ICONS;
if ($helptext != "") {
$helptext = "<fieldset><legend>{$ICONS['Database Information']['small']}Database Information</legend>{$smarttable} {$helptext}</fieldset>";
}
return $helptext . $editPageContent;
}
function migrate($title, $time, $tags, $content, $url, $user, $source)
{
$post_date = date('Y-m-d-H-i-s', $time);
$post_title = safe_html($title);
$pt = safe_tag($tags);
$post_tag = strtolower(preg_replace(array('/[^a-zA-Z0-9,. \\-\\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($pt)));
$post_tagmd = preg_replace(array('/[^a-zA-Z0-9,. \\-\\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', ' ', ''), $pt);
$post_tag = rtrim($post_tag, ',');
$post_tagmd = rtrim($post_tagmd, ',');
$post_url = strtolower(preg_replace(array('/[^a-zA-Z0-9 \\-\\p{L}]/u', '/[ -]+/', '/^-|-$/'), array('', '-', ''), remove_accent($url)));
if (!empty($source)) {
$post_content = '<!--t ' . $post_title . ' t-->' . "\n" . '<!--tag' . $post_tagmd . 'tag-->' . "\n\n" . $content . "\n\n" . 'Source: <a target="_blank" href="' . $source . '">' . $title . '</a>';
} else {
$post_content = '<!--t ' . $post_title . ' t-->' . "\n" . '<!--tag' . $post_tagmd . 'tag-->' . "\n\n" . $content;
}
if (!empty($post_title) && !empty($post_tag) && !empty($post_url) && !empty($post_content)) {
if (get_magic_quotes_gpc()) {
$post_content = stripslashes($post_content);
}
$filename = $post_date . '_' . $post_tag . '_' . $post_url . '.md';
$dir = 'content/' . $user . '/blog/uncategorized/post/';
if (is_dir($dir)) {
file_put_contents($dir . $filename, print_r($post_content, true));
} else {
mkdir($dir, 0775, true);
file_put_contents($dir . $filename, print_r($post_content, true));
}
save_tag_i18n($post_tag, $post_tagmd);
$redirect = site_url() . 'admin/clear-cache';
header("Location: {$redirect}");
}
}
/**
* Displays a page settings form, as well as handles its submission, given a page id and a user id
* @param $pageId Page id of the page where the user is trying to modify settings
* @param $userId User id of the current user
* @return HTML content for the page (the form, or the notifications after the form handling)
*/
function pagesettings($pageId, $userId)
{
$pageId = escape($pageId);
$userId = escape($userId);
global $sourceFolder;
$chkquery = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute`='allow_pagespecific_template'";
$row = mysql_fetch_row(mysql_query($chkquery));
$allow_pagespecific_templates = $row[0];
// 0 if disabled, 1 if enabled
require_once $sourceFolder . "/tree.lib.php";
if (isset($_GET['displayinfo'])) {
displayinfo(safe_html($_GET['displayinfo']));
}
if (isset($_GET['displayerror'])) {
displayerror(safe_html($_GET['displayerror']));
}
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "pagesettings") {
$childPageName = escape($_GET['pageName']);
if (isset($_POST['btnSubmit'])) {
global $sourceFolder;
require_once $sourceFolder . "/parseurl.lib.php";
if (isset($_POST['link'])) {
$lpageIdArray = array();
$linkpageid = parseUrlReal(escape($_POST['link']), $lpageIdArray);
} else {
if (isset($_POST['exlink'])) {
$exlink = escape($_POST['exlink']);
}
}
$visibleChildList = array();
$visibleiChildList = array();
$visiblesChildList = array();
if (isset($_POST['menubarshowchildren']) && is_array($_POST['menubarshowchildren'])) {
for ($i = 0; $i < count($_POST['menubarshowchildren']); $i++) {
$visibleChildList[] = escape($_POST['menubarshowchildren'][$i]);
}
}
if (isset($_POST['sitemapshowchildren']) && is_array($_POST['sitemapshowchildren'])) {
for ($i = 0; $i < count($_POST['sitemapshowchildren']); $i++) {
$visiblesChildList[] = escape($_POST['sitemapshowchildren'][$i]);
}
}
if (isset($_POST['childrenshowicon']) && is_array($_POST['childrenshowicon'])) {
for ($i = 0; $i < count($_POST['childrenshowicon']); $i++) {
$visibleiChildList[] = escape($_POST['childrenshowicon'][$i]);
}
}
$pageInfoRow = getPageInfo($pageId);
if (isset($_POST['default_template']) || $allow_pagespecific_templates == 0) {
$page_template = DEF_TEMPLATE;
} else {
$page_template = escape($_POST['page_template']);
}
$template_propogate = isset($_POST['template_propogate']) ? true : false;
$menu_propogate = isset($_POST['menustyle_propogate']) ? true : false;
$icon_propogate = isset($_POST['icon_propogate']) ? true : false;
$_POST['pagename'] = isset($_POST['pagename']) ? $_POST['pagename'] : "";
$_POST['pagetitle'] = isset($_POST['pagetitle']) ? $_POST['pagetitle'] : "";
$var = isset($_POST['allowComments']) ? 1 : 0;
$modulecomponentid = mysql_fetch_array(mysql_query("SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageId}'"));
$modulecomponentid = $modulecomponentid['page_modulecomponentid'];
mysql_query("UPDATE `article_content` SET `allowComments` = {$var} WHERE `page_modulecomponentid` = '{$modulecomponentid}'");
if (isset($_POST['exlink'])) {
mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "external` SET `page_extlink` = '{$exlink}' WHERE `page_modulecomponentid`= '{$modulecomponentid}'");
} else {
if (isset($_POST['link'])) {
mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_modulecomponentid` = '{$linkpageid}' WHERE `page_id`= '{$pageId}'");
}
}
$updateErrors = updateSettings($pageId, $userId, escape($_POST['pagename']), escape($_POST['pagetitle']), isset($_POST['showinmenu']), isset($_POST['showheading']), isset($_POST['showmenubar']), isset($_POST['showsiblingmenu']), $visibleChildList, $visiblesChildList, $visibleiChildList, $page_template, $template_propogate, escape($_POST['menutype']), isset($_POST['menudepth']) ? escape($_POST['menudepth']) : NULL, $menu_propogate, isset($_POST['showinsitemap']), isset($_POST['displayicon']), $icon_propogate);
$pageInfoRow = getPageInfo($pageId);
if ($updateErrors == '') {
//disconnect();
//header("Location: ../{$pageInfoRow['page_name']}+settings&displayinfo=".rawurlencode('Page settings updated successfully!'));
displayinfo("Page settings updated successfully!");
} else {
//disconnect();
//header("Location: ../{$pageInfoRow['page_name']}+settings&displayerror=".rawurlencode($updateErrors));
displayerror("Could not update page settings : " . $updateErrors);
}
}
if (isset($_POST['moveUp']) || isset($_POST['moveDn'])) {
if (isset($_POST['moveUp'])) {
$comparison = "<=";
$sortOrder = "DESC";
} else {
$comparison = ">=";
$sortOrder = "ASC";
}
$childPageName = escape($_GET['pageName']);
$query = "SELECT `page_menurank`,`page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' AND `page_name`='{$childPageName}' AND `page_id` != '{$pageId}' ORDER BY `page_menurank` {$sortOrder} LIMIT 0,1 ";
$result = mysql_query($query);
$temp = mysql_fetch_assoc($result);
$childPageId = $temp['page_id'];
$query = "SELECT `page_menurank`,`page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`={$pageId} AND `page_menurank` {$comparison}(SELECT `page_menurank` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' AND `page_name`='{$childPageName}') AND `page_id` != '{$childPageId}' AND `page_parentid` != `page_id` ORDER BY `page_menurank` {$sortOrder} LIMIT 0,1 ";
$result = mysql_query($query) or displayinfo(mysql_error());
if (mysql_num_rows($result) == 0) {
displayerror("You cannot move up/down the first/last page in menu");
}
$tempTarg = mysql_fetch_assoc($result);
$query = "SELECT `page_menurank`,`page_parentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`='{$childPageId}'";
$result = mysql_query($query);
$tempSrc = mysql_fetch_assoc($result);
if ($tempTarg['page_menurank'] == $tempSrc['page_menurank']) {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_menurank` = `page_id` WHERE `page_parentid`='{$tempSrc['page_parentid']}'";
mysql_query($query);
displayinfo("Error in menu rank corrected. Please reorder the pages");
} else {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_menurank` ='{$tempSrc['page_menurank']}' WHERE `page_id` = '{$tempTarg['page_id']}' ";
mysql_query($query);
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_menurank` ='{$tempTarg['page_menurank']}' WHERE `page_id` = '{$childPageId}' ";
mysql_query($query);
}
}
if (isset($_POST['deletePage'])) {
if (isset($_GET['pageName']) && $_GET['pageName'] != "") {
$childPageName = escape($_GET['pageName']);
$query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' AND `page_name`='{$childPageName}'";
$result = mysql_query($query);
$temp = mysql_fetch_assoc($result);
$childPageId = $temp['page_id'];
if (deletePage($childPageId, $userId)) {
displayinfo("Page deleted successfully.");
}
} else {
displayerror("Not enough information available");
}
}
} elseif ($_GET['subaction'] == "move") {
if ($_POST['parentpagepath'] == '') {
$updateErrors = "Null page id";
} else {
global $sourceFolder;
require_once $sourceFolder . "/parseurl.lib.php";
$pageIdArray = array();
$parentId = parseUrlReal(escape($_POST['parentpagepath']), $pageIdArray);
$updateErrors = move_page($userId, $pageId, $parentId, escape($_POST['destinationpagetitle']), escape($_POST['destinationpagename']), isset($_POST['deleteoriginalpage']));
}
if ($updateErrors != '') {
displayerror($updateErrors);
}
} elseif ($_GET['subaction'] == "create") {
/**
* Have page rank equal to page id to ensure unique ranks
* for links, rank equals to page id of the target sure, coz we can sure the pageid of parent page is unique at destination
* check if there is any child page with same name
* page name should not contain any special characters. (esp space)
* ask for page name only and page title = ucfirst(pagename)
* check if the guy has permission to create the page of that type
* call modules createModule function
*/
if (isset($_POST['childpagetype']) && isset($_POST['childpagename'])) {
if (isset($_POST['default_template']) || $allow_pagespecific_templates == 0) {
$page_template = DEF_TEMPLATE;
} else {
$page_template = escape($_POST['page_template']);
}
$maxquery = "SELECT MAX( page_id ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "pages";
$maxqueryresult = mysql_query($maxquery);
$maxqueryrow = mysql_fetch_array($maxqueryresult);
$maxpageid = $maxqueryrow[0] + 1;
$menutypequery = "SELECT `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu` FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id=" . $pageId;
$menutyperesult = mysql_query($menutypequery);
$menutyperow = mysql_fetch_array($menutyperesult);
$alreadyexistquery = "SELECT page_name FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_parentid='{$pageId}' AND page_name='" . escape($_POST['childpagename']) . "'";
$alreadyexistqueryresult = mysql_query($alreadyexistquery);
$alreadyexistquerynumrows = mysql_num_rows($alreadyexistqueryresult);
$childPageName = str_replace(' ', '_', escape(strtolower($_POST['childpagename'])));
$childPageTitle = escape($_POST['childpagename']);
if (!preg_match('/^[a-z][\\_a-z0-9]*$/', $childPageName)) {
displayerror("Invalid page name.");
} elseif ($alreadyexistquerynumrows >= 1) {
displayerror("A page with the given name already exists at this location.");
} elseif ($_POST['childpagetype'] == "menu") {
$menuquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '" . $childPageName . "', '{$pageId}', '" . $childPageTitle . "', '" . escape($_POST['childpagetype']) . "', '0', '{$page_template}', '{$maxpageid}', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')";
mysql_query($menuquery);
if (mysql_affected_rows() != 1) {
displayerror('Unable to create a new page');
} else {
displayinfo("Menu successfully created! <a href='./{$childPageName}+settings'>Click here</a> to go to its page-settings and start creating links in the menu.");
}
} elseif ($_POST['childpagetype'] == "link") {
global $sourceFolder;
require_once $sourceFolder . "/parseurl.lib.php";
$pageIdArray = array();
$parentId = parseUrlReal(escape($_POST['childpagelink']), $pageIdArray);
if (getPermissions($userId, $parentId, "settings")) {
if ($_POST['linkselect'] == "Same Tab") {
$parentId = parseUrlReal(escape($_POST['childpagelink']), $pageIdArray);
$linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '{$childPageName}', '{$pageId}', '{$childPageTitle}', '" . escape($_POST['childpagetype']) . "', '{$parentId}', '{$page_template}', '{$maxpageid}', '0', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')";
mysql_query($linkquery);
if (mysql_affected_rows() != 1) {
displayerror('Unable to create a new page');
}
}
if ($_POST['linkselect'] == "New Tab") {
$parentId = parseUrlReal(escape($_POST['childpagelink']), $pageIdArray);
$linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '{$childPageName}', '{$pageId}', '{$childPageTitle}', '" . escape($_POST['childpagetype']) . "', '{$parentId}', '{$page_template}', '{$maxpageid}', '1', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')";
mysql_query($linkquery);
if (mysql_affected_rows() != 1) {
displayerror('Unable to create a new page');
}
}
} else {
displayerror("Not enough permission to create a link for that location.");
}
} elseif ($_POST['childpagetype'] == "external") {
$extquery = "SELECT MAX( page_modulecomponentid ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "external";
$extqueryresult = mysql_query($extquery);
$extqueryrow = mysql_fetch_array($extqueryresult);
$extpageid = $extqueryrow[0] + 1;
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "external` (`page_modulecomponentid`,`page_extlink`) " . "VALUES('{$extpageid}','" . escape($_POST['externallink']) . "')";
if (!($result = mysql_query($query))) {
displayerror("Unable to create an external link.");
return false;
}
if ($_POST['linkselectex'] == "New Tab") {
$linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`,`page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '" . escape($_POST['childpagename']) . "', '{$pageId}', '" . escape(ucfirst(escape($_POST['childpagename']))) . "', '" . escape($_POST['childpagetype']) . "', '{$extpageid}', '{$page_template}' ,'{$maxpageid}','1', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')";
mysql_query($linkquery);
if (mysql_affected_rows() != 1) {
displayerror('Unable to create a new page');
return false;
}
} else {
$linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`,`page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '" . escape($_POST['childpagename']) . "', '{$pageId}', '" . escape(ucfirst(escape($_POST['childpagename']))) . "', '" . escape($_POST['childpagetype']) . "', '{$extpageid}', '{$page_template}' ,'{$maxpageid}','0', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')";
mysql_query($linkquery);
if (mysql_affected_rows() != 1) {
displayerror('Unable to create a new page');
return false;
}
}
displayinfo("External link has been created!");
} else {
$moduleType = escape($_POST['childpagetype']);
global $sourceFolder;
global $moduleFolder;
require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php";
$page = new $moduleType();
$newId = createInstance($moduleType);
$page->createModule($newId);
$createquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '{$childPageName}', '{$pageId}', '{$childPageTitle}', '" . escape($_POST['childpagetype']) . "', '{$newId}', '{$page_template}', '{$maxpageid}', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')";
mysql_query($createquery);
if (mysql_affected_rows() != 1) {
displayerror('Unable to create a new page.');
}
}
} else {
displayerror("One or more parameters not set.");
}
} else {
if ($_GET['subaction'] == 'editinheritedinfo') {
updatePageInheritedInfo($pageId, escape($_POST['txtInheritedInfo']));
} else {
if ($_GET['subaction'] == 'tags') {
if (isset($_GET['delTag']) && $_GET['delTag'] != "") {
//DELETING THE TAG
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "pagetags` WHERE `tag_id` = '" . escape($_GET['delTag']) . "'");
if (mysql_affected_rows()) {
displayinfo("Tag deleted!");
} else {
displayerror("Error in deleting tag.");
}
}
if (isset($_POST[newTag]) && $_POST[newTag] != "") {
//INSERTING THE TAG
$newTagQuery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pagetags` (`tag_id`, `page_id`, `tag_text`) VALUES (NULL, " . $pageId . ", '" . escape($_POST[newTag]) . "');";
$newTagResult = mysql_query($newTagQuery);
if ($newTagResult) {
displayinfo("Tag added!");
} else {
displayerror("Error in adding tag.");
}
}
}
}
}
}
if ($settingsForm = getSettingsForm($pageId, $userId)) {
return $settingsForm;
} else {
displayerror('Could not find page settings for the requested page.');
return '';
}
}
function get_description($string, $char = null)
{
if (empty($char)) {
$char = config('description.char');
if (empty($char)) {
$char = 150;
}
}
if (strlen(strip_tags($string)) < $char) {
return safe_html(strip_tags($string));
} else {
$string = safe_html(strip_tags($string));
$string = substr($string, 0, $char);
$string = substr($string, 0, strrpos($string, ' '));
return $string;
}
}
function safesql($theValue, $theType, $striptags = true, $addshlashes = true, $notpost = false, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = $striptags && $theType == "text" ? strip_tags($theValue) : ($theType == "text" ? safe_html($theValue) : $theValue);
if ($notpost == false) {
$theValue = !get_magic_quotes_gpc() ? addslashes(stripslashes($theValue)) : $theValue;
} else {
$theValue = addslashes($theValue);
}
if ($addshlashes) {
switch ($theType) {
case "text":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = $theValue != "" ? intval($theValue) : 0;
break;
case "double":
$theValue = $theValue != "" ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = $theValue != "" ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
} else {
switch ($theType) {
case "text":
$theValue = $theValue != "" ? $theValue : "NULL";
break;
case "long":
case "int":
$theValue = $theValue != "" ? intval($theValue) : "NULL";
break;
case "double":
$theValue = $theValue != "" ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = $theValue != "" ? $theValue : "NULL";
break;
case "defined":
$theValue = $theValue != "" ? $theDefinedValue : $theNotDefinedValue;
break;
}
}
return $theValue;
}
