/** * Delete Forum. * If Forum has Sub Forum, deletion will give you a move form. * If Forum has no Sub Forum, it will prune itself and delete itself. * */ private function validate_forum_removal() { global $aidlink; if (isset($_GET['forum_id']) && isnum($_GET['forum_id']) && isset($_GET['forum_cat']) && isnum($_GET['forum_cat'])) { $forum_count = dbcount("('forum_id')", DB_FORUMS, "forum_cat='" . $_GET['forum_id'] . "'"); if ($forum_count >= 1) { // Delete forum /** * $action_data * 'forum_id' - current forum id * 'forum_branch' - the branch id * 'threads_to_forum' - target destination where all threads should move to * 'delete_threads' - if delete threads are checked * 'subforum_to_forum' - target destination where all subforums should move to * 'delete_forum' - if delete all subforums are checked */ if (isset($_POST['forum_remove'])) { $action_data = array('forum_id' => isset($_POST['forum_id']) ? form_sanitizer($_POST['forum_id'], 0, 'forum_id') : 0, 'forum_branch' => isset($_POST['forum_branch']) ? form_sanitizer($_POST['forum_branch'], 0, 'forum_branch') : 0, 'threads_to_forum' => isset($_POST['move_threads']) ? form_sanitizer($_POST['move_threads'], 0, 'move_threads') : '', 'delete_threads' => isset($_POST['delete_threads']) ? 1 : 0, 'subforums_to_forum' => isset($_POST['move_forums']) ? form_sanitizer($_POST['move_forums'], 0, 'move_forums') : '', 'delete_forums' => isset($_POST['delete_forums']) ? 1 : 0); if (self::verify_forum($action_data['forum_id'])) { // Threads and Posts action if (!$action_data['delete_threads'] && $action_data['threads_to_forum']) { //dbquery("UPDATE ".DB_FORUM_THREADS." SET forum_id='".$action_data['threads_to_forum']."' WHERE forum_id='".$action_data['forum_id']."'"); dbquery("UPDATE " . DB_FORUM_POSTS . " SET forum_id='" . $action_data['threads_to_forum'] . "' WHERE forum_id='" . $action_data['forum_id'] . "'"); } elseif ($action_data['delete_threads']) { // remove all threads and all posts in this forum. self::prune_attachment($action_data['forum_id']); // wipe self::prune_posts($action_data['forum_id']); // wipe self::prune_threads($action_data['forum_id']); // wipe self::recalculate_post($action_data['forum_id']); // wipe } else { \defender::stop(); addNotice('danger', self::$locale['forum_notice_na']); } // Subforum action if (!$action_data['delete_forums'] && $action_data['subforums_to_forum']) { dbquery("UPDATE " . DB_FORUMS . " SET forum_cat='" . $action_data['subforums_to_forum'] . "', forum_branch='" . get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $action_data['subforums_to_forum']) . "'\n\t\t\t\t" . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $action_data['forum_id'] . "'"); } elseif (!$action_data['delete_forums']) { \defender::stop(); addNotice('danger', self::$locale['forum_notice_na']); } } else { \defender::stop(); addNotice('error', self::$locale['forum_notice_na']); } self::prune_forums($action_data['forum_id']); addNotice('info', self::$locale['forum_notice_5']); redirect(FUSION_SELF . $aidlink); } self::display_forum_move_form(); } else { self::prune_attachment($_GET['forum_id']); self::prune_posts($_GET['forum_id']); self::prune_threads($_GET['forum_id']); self::recalculate_post($_GET['forum_id']); dbquery("DELETE FROM " . DB_FORUMS . " WHERE forum_id='" . intval($_GET['forum_id']) . "'"); addNotice('info', self::$locale['forum_notice_5']); redirect(FUSION_SELF . $aidlink); } } }
/** * Theme Widget Page */ public function display_theme_widgets() { global $locale; if (Admin::theme_widget_exists($this->theme_name)) { echo "<div class='m-t-20 m-b-20'>\n"; require_once THEMES . $this->theme_name . "/theme_db.php"; /** * Infuse Widget Action */ if (isset($_POST['infuse_widget']) && fusion_get_settings('theme') == $_POST['infuse_widget'] && !dbcount("(settings_name)", DB_SETTINGS_THEME, "settings_theme='" . $this->theme_name . "'")) { if (isset($theme_newtable) && is_array($theme_newtable)) { foreach ($theme_newtable as $item) { $result = dbquery("CREATE TABLE " . $item); if (!$result) { \defender::stop(); } } } // insertion ok if (isset($theme_insertdbrow) && is_array($theme_insertdbrow)) { foreach ($theme_insertdbrow as $item) { $result = dbquery("INSERT INTO " . $item); if (!$result) { \defender::stop(); } } } $widgetData = array("settings_theme" => $this->theme_name, "settings_name" => $this->theme_name, "settings_value" => 1); dbquery_insert(DB_SETTINGS_THEME, $widgetData, "save"); addNotice('success', sprintf($locale['theme_1019'], ucwords($this->theme_name))); redirect(FUSION_REQUEST); } /** * Defuse Widget Action */ if (isset($_POST['defuse_widget']) && fusion_get_settings('theme') == $_POST['defuse_widget'] && dbcount("(settings_name)", DB_SETTINGS_THEME, "settings_theme='" . $this->theme_name . "'")) { if (isset($theme_droptable) && is_array($theme_droptable)) { foreach ($theme_droptable as $item) { $result = dbquery("DROP TABLE " . $item); if (!$result) { \defender::stop(); } } } // row deletion ok if (isset($theme_deldbrow) && is_array($theme_deldbrow)) { foreach ($theme_deldbrow as $item) { $result = dbquery("DELETE FROM " . $item); if (!$result) { \defender::stop(); } } } addNotice('success', sprintf($locale['theme_1019b'], ucwords($this->theme_name))); redirect(FUSION_REQUEST); } if ((isset($theme_newtable) || isset($theme_insertdbrow)) && !dbcount("(settings_name)", DB_SETTINGS_THEME, "settings_theme='" . $this->theme_name . "'")) { // show alert form $html = openform("widget_infuse", "post", FUSION_REQUEST); $html .= "<div>" . $locale['theme_1032'] . "</div>"; $html .= form_button("infuse_widget", $locale['theme_1016'], $this->theme_name, array("class" => "btn-primary m-t-10")); $html .= closeform(); echo alert("", $html); } else { $html = openform("widget_defuse", "post", FUSION_REQUEST, array("class" => "text-right")); $html .= form_button("defuse_widget", $locale['theme_1017'], $this->theme_name, array("class" => "btn-danger")); $html .= closeform(); $html .= "<hr/>\n"; add_to_jquery("\n\t\t\t\t\$('#defuse_widget').bind('click', function(e) {\n\t\t\t\t\tvar val = confirm('" . $locale['theme_1033'] . "');\n\t\t\t\t\tif (val == false) {\n\t\t\t\t\t\te.preventDefault();\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t\t"); echo $html; echo "<!---start widget form--->\n"; include THEMES . $this->theme_name . "/widget.php"; echo "<!---end widget form--->\n"; } echo "</div>\n"; } else { echo "<div class='m-t-20 well text-center'>" . $locale['theme_1031'] . "</div>\n"; } }
/** * Handle request for email verification * Sends Verification code when you change email * Sends Verification code when you register */ private function _setEmailVerification() { $settings = fusion_get_settings(); $locale = fusion_get_locale(); require_once INCLUDES . "sendmail_include.php"; $userCode = hash_hmac("sha1", PasswordAuth::getNewPassword(), $this->_userEmail); $activationUrl = $settings['siteurl'] . "register.php?email=" . $this->_userEmail . "&code=" . $userCode; $message = str_replace("USER_NAME", $this->_userName, $locale['u152']); $message = str_replace("SITENAME", fusion_get_settings("sitename"), $message); $message = str_replace("SITEUSERNAME", fusion_get_settings("siteusername"), $message); $message = str_replace("USER_PASSWORD", $this->_newUserPassword, $message); $message = str_replace("ACTIVATION_LINK", $activationUrl, $message); $subject = str_replace("[SITENAME]", fusion_get_settings("sitename"), $locale['u151']); if (sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], $subject, $message)) { $userInfo = base64_encode(serialize($this->data)); if (\defender::safe()) { dbquery("INSERT INTO " . DB_NEW_USERS . "\n\t\t\t\t\t(user_code, user_name, user_email, user_datestamp, user_info)\n\t\t\t\t\tVALUES\n\t\t\t\t\t('" . $userCode . "', '" . $this->data['user_name'] . "', '" . $this->data['user_email'] . "', NOW(), '" . $userInfo . "')\n\t\t\t\t\t"); } $this->_completeMessage = $locale['u150']; } else { \defender::stop(); $message = str_replace("[LINK]", "<a href='" . BASEDIR . "contact.php'><strong>", $locale['u154']); $message = str_replace("[/LINK]", "</strong></a>", $message); addNotice('danger', $locale['u153'] . "<br />" . $message); } }
/** * MYSQL update and save forum */ private function set_forumDB() { global $aidlink, $locale; if (isset($_POST['save_forum'])) { $this->data = array('forum_id' => form_sanitizer($_POST['forum_id'], 0, 'forum_id'), 'forum_name' => form_sanitizer($_POST['forum_name'], '', 'forum_name'), 'forum_description' => form_sanitizer($_POST['forum_description'], '', 'forum_description'), 'forum_cat' => form_sanitizer($_POST['forum_cat'], 0, 'forum_cat'), 'forum_type' => form_sanitizer($_POST['forum_type'], '', 'forum_type'), 'forum_language' => form_sanitizer($_POST['forum_language'], '', 'forum_language'), 'forum_alias' => form_sanitizer($_POST['forum_alias'], '', 'forum_alias'), 'forum_meta' => form_sanitizer($_POST['forum_meta'], '', 'forum_meta'), 'forum_rules' => form_sanitizer($_POST['forum_rules'], '', 'forum_rules'), 'forum_image_enable' => isset($_POST['forum_image_enable']) ? 1 : 0, 'forum_merge' => isset($_POST['forum_merge']) ? 1 : 0, 'forum_allow_attach' => isset($_POST['forum_allow_attach']) ? 1 : 0, 'forum_quick_edit' => isset($_POST['forum_quick_edit']) ? 1 : 0, 'forum_allow_poll' => isset($_POST['forum_allow_poll']) ? 1 : 0, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_users' => isset($_POST['forum_users']) ? 1 : 0, 'forum_lock' => isset($_POST['forum_lock']) ? 1 : 0, 'forum_permissions' => isset($_POST['forum_permissions']) ? form_sanitizer($_POST['forum_permissions'], 0, 'forum_permissions') : 0, 'forum_order' => isset($_POST['forum_order']) ? form_sanitizer($_POST['forum_order']) : '', 'forum_branch' => get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $this->data['forum_cat']), 'forum_image' => '', 'forum_mods' => ""); $this->data['forum_alias'] = $this->data['forum_alias'] ? str_replace(' ', '-', $this->data['forum_alias']) : ''; // Checks for unique forum alias if ($this->data['forum_alias']) { if ($this->data['forum_id']) { $alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "' AND alias_item_id !='" . $this->data['forum_id'] . "'"); } else { $alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "'"); } if ($alias_check) { \defender::stop(); addNotice('warning', $locale['forum_error_6']); } } // check forum name unique $this->data['forum_name'] = self::check_validForumName($this->data['forum_name'], $this->data['forum_id']); // Uploads or copy forum image or use back the forum image existing if (!empty($_FILES) && is_uploaded_file($_FILES['forum_image']['tmp_name'])) { $upload = form_sanitizer($_FILES['forum_image'], '', 'forum_image'); if ($upload['error'] == 0) { if (!empty($upload['thumb1_name'])) { $this->data['forum_image'] = $upload['thumb1_name']; } else { $this->data['forum_image'] = $upload['image_name']; } } } elseif (isset($_POST['forum_image_url']) && $_POST['forum_image_url'] != "") { require_once INCLUDES . "photo_functions_include.php"; // if forum_image_header is not empty $type_opts = array('0' => BASEDIR, '1' => ''); // the url $this->data['forum_image'] = $type_opts[intval($_POST['forum_image_header'])] . form_sanitizer($_POST['forum_image_url'], '', 'forum_image_url'); $upload = copy_file($this->data['forum_image'], FORUM . "images/"); if ($upload['error'] == TRUE) { \defender::stop(); addNotice('danger', $locale['forum_error_9']); } else { $this->data['forum_image'] = $upload['name']; } } else { $this->data['forum_image'] = isset($_POST['forum_image']) ? form_sanitizer($_POST['forum_image'], '', 'forum_image') : ""; } if (!$this->data['forum_id']) { $this->data += array('forum_access' => USER_LEVEL_PUBLIC, 'forum_post' => USER_LEVEL_MEMBER, 'forum_reply' => USER_LEVEL_MEMBER, 'forum_post_ratings' => USER_LEVEL_MEMBER, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_vote' => USER_LEVEL_MEMBER, 'forum_mods' => ""); } // Set last order if (!$this->data['forum_order']) { $this->data['forum_order'] = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $this->data['forum_cat'] . "'"), 0) + 1; } if (\defender::safe()) { if (self::verify_forum($this->data['forum_id'])) { $result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', $this->data['forum_id'], 'forum_id', $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'update'); if ($result) { dbquery_insert(DB_FORUMS, $this->data, 'update'); } addNotice('success', $locale['forum_notice_9']); redirect(FUSION_SELF . $aidlink . $this->ext); } else { $new_forum_id = 0; $result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', FALSE, FALSE, $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'save'); if ($result) { dbquery_insert(DB_FORUMS, $this->data, 'save'); $new_forum_id = dblastid(); } if ($this->data['forum_cat'] == 0) { redirect(FUSION_SELF . $aidlink . "&action=p_edit&forum_id=" . $new_forum_id . "&parent_id=0"); } else { switch ($this->data['forum_type']) { case '1': addNotice('success', $locale['forum_notice_1']); break; case '2': addNotice('success', $locale['forum_notice_2']); break; case '3': addNotice('success', $locale['forum_notice_3']); break; case '4': addNotice('success', $locale['forum_notice_4']); break; } redirect(FUSION_SELF . $aidlink . $this->ext); } } } } }
public static function send_pm($to, $from, $subject, $message, $smileys = 'y', $to_group = FALSE, $save_sent = TRUE) { include LOCALE . LOCALESET . "messages.php"; require_once INCLUDES . "sendmail_include.php"; require_once INCLUDES . "flood_include.php"; $strict = FALSE; $locale = array(); $group_name = getgroupname($to); $to = isnum($to) || !empty($group_name) ? $to : 0; $from = isnum($from) ? $from : 0; $smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys; if (!$to_group) { // send to user $pmStatus = self::get_pm_settings($to); $myStatus = self::get_pm_settings($from); if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . intval($from) . "'")) { // find receipient $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level,\n\t\t\t\tCOUNT(m.message_id) 'message_count'\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " m ON m.message_user=u.user_id and message_folder='0'\n\t\t\t\tWHERE u.user_id='" . intval($to) . "' GROUP BY u.user_id\n\t\t\t\t"); if (dbrows($result) > 0) { $data = dbarray($result); $result2 = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . intval($from) . "'"); if (dbrows($result2) > 0) { $userdata = dbarray($result2); if ($to != $from) { if ($data['user_id'] == 1 || $data['user_level'] < USER_LEVEL_MEMBER || !$pmStatus['user_inbox'] || $data['message_count'] + 1 <= $pmStatus['user_inbox']) { $inputData = array("message_id" => 0, "message_to" => $to, "message_user" => $to, "message_from" => $from, "message_subject" => $subject, "message_message" => $message, "message_smileys" => $smileys, "message_read" => 0, "message_datestamp" => time(), "message_folder" => 0); dbquery_insert(DB_MESSAGES, $inputData, "save"); // this will flood the inbox when message is sent to group. -- fixed if ($myStatus['user_pm_save_sent'] == '2' && $save_sent == TRUE) { // user_outbox. $cdata = dbarray(dbquery("SELECT COUNT(message_id) AS outbox_count, MIN(message_id) AS last_message FROM\n\t\t\t\t\t\t\t\t\t" . DB_MESSAGES . " WHERE message_to='" . $userdata['user_id'] . "' AND message_user='******'user_id'] . "' AND message_folder='1' GROUP BY message_to")); // check my outbox limit and if surpass, remove oldest message if ($myStatus['user_outbox'] != "0" && $cdata['outbox_count'] + 1 > $myStatus['user_outbox']) { dbquery("DELETE FROM " . DB_MESSAGES . " WHERE message_id='" . $cdata['last_message'] . "' AND message_to='" . $userdata['user_id'] . "'"); } $inputData['message_user'] = $userdata['user_id']; $inputData['message_folder'] = 1; $inputData['message_from'] = $to; $inputData['message_to'] = $userdata['user_id']; dbquery_insert(DB_MESSAGES, $inputData, "save"); } $send_email = $pmStatus['user_pm_email_notify']; if ($send_email == "2") { $message_content = str_replace("[SUBJECT]", $subject, $locale['626']); $message_content = str_replace("[USER]", $userdata['user_name'], $message_content); $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1"); if (dbrows($template_result)) { $template_data = dbarray($template_result); if ($template_data['template_active'] == "1") { sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']); } else { sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content); } } else { sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content); } } } else { // Inbox is full if ($strict) { die("User inbox is full. Try delete it or upgrade it to 102 or 103 status"); } \defender::stop(); addNotice("danger", $locale['628']); } } } else { // Sender does not exist in DB if ($strict) { die("Sender User ID does not exist in DB. Sequence Aborted."); } \defender::stop(); addNotice("danger", $locale['482']); } } else { \defender::stop(); if ($strict) { die("Message Recepient User ID is invalid"); } addNotice("danger", $locale['482']); } } else { if ($strict) { die("You are flooding, send_pm halted"); } \defender::stop(); addNotice("danger", sprintf($locale['487'], fusion_get_settings("flood_interval"))); } } else { $result = NULL; if ($to <= -101 && $to >= -103) { // -101, -102, -103 only $result = dbquery("SELECT user_id from " . DB_USERS . " WHERE user_level <='" . intval($to) . "' AND user_status='0'"); } else { // ## --- deprecate -- WHERE user_groups REGEXP('^\\\.{$to}$|\\\.{$to}\\\.|\\\.{$to}$') # $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE " . in_group("user_groups", $to) . " AND user_status='0'"); } if (dbrows($result) > 0) { while ($data = dbarray($result)) { self::send_pm($data['user_id'], $from, $subject, $message, $smileys, FALSE, FALSE); } } else { \defender::stop(); addNotice("danger", $locale['492']); } } }
/** Field Creation */ private function create_fields($data, $type = 'dynamics') { global $aidlink; // Build a field Attr $field_attr = ''; if ($type == 'dynamics') { $field_attr = $this->dynamics_fieldinfo($data['field_type'], $data['field_default']); } elseif ($type == 'module') { $field_attr = $this->user_field_dbinfo; } $max_order = dbresult(dbquery("SELECT MAX(field_order) FROM " . $this->field_db . " WHERE field_cat='" . $data['field_cat'] . "'"), 0) + 1; if ($data['field_order'] == 0 or $data['field_order'] > $max_order) { $data['field_order'] = $max_order; } if (self::validate_field($data['field_id'])) { if ($this->debug) { print_p('Update mode'); } // update // Alter $this->field_db table - change and modify column. $old_record = dbquery("SELECT uf.*, cat.field_cat_id, cat.field_parent, cat.field_cat_order, root.field_cat_db, root.field_cat_index\n\t\t\t\t\t\t\t\t\tFROM " . $this->field_db . " uf\n\t\t\t\t\t\t\t\t\tLEFT JOIN " . $this->category_db . " cat ON (cat.field_cat_id = uf.field_cat)\n\t\t\t\t\t\t\t\t\tLEFT JOIN " . $this->category_db . " root ON (cat.field_parent = root.field_cat_id)\n\t\t\t\t\t\t\t\t\tWHERE uf.field_id='" . $data['field_id'] . "'"); // old database. if (dbrows($old_record) > 0) { // got old field cat $oldRows = dbarray($old_record); $old_table = $oldRows['field_cat_db'] ? DB_PREFIX . $oldRows['field_cat_db'] : DB_USERS; // this was old database $old_table_columns = fieldgenerator($old_table); // Get current updated field_cat - to compare new cat_db and old cat_db $new_result = dbquery("\n\t\t\t\tSELECT cat.field_cat_id, cat.field_cat_name, cat.field_parent, cat.field_cat_order,\n\t\t\t\troot.field_cat_db, root.field_cat_index\n FROM " . $this->category_db . " cat\n\t\t\t\tLEFT JOIN " . $this->category_db . " root on cat.field_parent = root.field_cat_id\n\t\t\t\tWHERE cat.field_cat_id='" . intval($data['field_cat']) . "'\n\t\t\t\t"); $newRows = array(); if (dbrows($new_result) > 0) { $newRows = dbarray($new_result); $new_table = $newRows['field_cat_db'] ? DB_PREFIX . $newRows['field_cat_db'] : DB_USERS; } else { $new_table = DB_USERS; } if ($this->debug) { print_p("Old table information -"); print_p($oldRows); print_p("New table information -"); print_p($newRows); } if ($data['field_cat'] !== $oldRows['field_cat']) { // old and new mismatch - move to another category if ($this->debug) { print_p("Fork No.1 - Update Field on a different table"); } // drop the old one if target database aren't the same. // @todo: Improvements: need to move the whole column along with data instead of just dropping and creating new if ($new_table !== $old_table) { print_p($old_table); $new_table_columns = fieldgenerator($new_table); if (!$this->debug) { if (!in_array($data['field_name'], $new_table_columns)) { // this is new database check, if not exist, then add the column //self::add_column($new_table, $data['field_name'], $field_attr); self::move_column($old_table, $new_table, $data['field_name']); self::drop_column($old_table, $oldRows['field_name']); if (\defender::safe()) { // sort the fields. if 2, greater than 2 all +1 on the new category dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); // since change table. fix all which is greater than link order. dbquery("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order >= '" . $oldRows['field_order'] . "' AND field_cat='" . $oldRows['field_cat'] . "'"); } } else { \defender::stop(); addNotice("danger", "Column conflict. There are columns on " . $old_table . " existed in " . $new_table); } } else { // DEBUG MODE if (!in_array($data['field_name'], $new_table_columns)) { print_p("Move " . $data['field_name'] . " from " . $old_table . " to " . $new_table); print_p("Dropping column " . $oldRows['field_name'] . " on " . $old_table); print_p("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); // since change table. fix all which is greater than link order. print_p("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order >= '" . $oldRows['field_order'] . "' AND field_cat='" . $oldRows['field_cat'] . "'"); } else { print_p("Column conflict. There are columns on " . $old_table . " existed in " . $new_table); } } } else { if (\defender::safe()) { dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); dbquery("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order >= '" . $oldRows['field_order'] . "' AND field_cat='" . $oldRows['field_cat'] . "'"); } } } else { // same table. // check if same title. // if not same, change column name. if ($this->debug) { print_p("Fork No.2 - Update Field on the same table"); } if ($data['field_name'] !== $oldRows['field_name']) { // not same as old record on dbcolumn // Check for possible duplicates in the new field name if (!in_array($data['field_name'], $old_table_columns)) { if (!$this->debug) { self::rename_column($old_table, $oldRows['field_name'], $data['field_name'], $field_attr); } else { print_p("Renaming column " . $oldRows['field_name'] . " on " . $old_table . " to " . $data['field_name'] . " with attributes of " . $field_attr); } } else { \defender::stop(); addNotice('danger', sprintf($this->locale['fields_0104'], "({$new_table})")); } } if (!$this->debug) { if (\defender::safe()) { // make ordering of the same table. if ($data['field_order'] > $oldRows['field_order']) { dbquery("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order > " . $oldRows['field_order'] . " AND field_order <= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); } elseif ($data['field_order'] < $oldRows['field_order']) { dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order < " . $oldRows['field_order'] . " AND field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); } } } else { print_p("Old field order is " . $oldRows['field_order']); print_p("New field order is " . $data['field_order']); if ($data['field_order'] > $oldRows['field_order']) { print_p("UPDATE " . $this->field_db . " SET field_order=field_order-1 WHERE field_order > '" . $oldRows['field_order'] . "' AND field_order <= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); } else { print_p("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order < '" . $oldRows['field_order'] . "' AND field_order >= '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); } } } if (!$this->debug) { if (\defender::safe()) { dbquery_insert($this->field_db, $data, 'update'); addNotice('success', $this->locale['field_0203']); redirect(FUSION_SELF . $aidlink); } } else { print_p($data); } } else { \defender::stop(); addNotice('danger', $this->locale['fields_0105']); } } else { if ($this->debug) { print_p('Save Mode'); } // Alter $this->field_db table - add column. $cresult = dbquery("SELECT cat.field_cat_id, cat.field_parent, cat.field_cat_order, root.field_cat_db, root.field_cat_index\n\t\t\t\t\t\t\t\tFROM " . $this->category_db . " cat\n\t\t\t\t\t\t\t\tLEFT JOIN " . $this->category_db . " root ON (cat.field_parent = root.field_cat_id)\n\t\t\t\t\t\t\t\tWHERE cat.field_cat_id='" . $data['field_cat'] . "'"); if (dbrows($cresult) > 0) { $cat_data = dbarray($cresult); $new_table = $cat_data['field_cat_db'] ? DB_PREFIX . $cat_data['field_cat_db'] : DB_USERS; $field_arrays = fieldgenerator($new_table); if (!in_array($data['field_name'], $field_arrays)) { // safe to execute alter. if (!$this->debug && !empty($data['field_name'])) { self::add_column($new_table, $data['field_name'], $field_attr); } else { if ($this->debug) { print_p("ALTER TABLE " . $new_table . " ADD " . $data['field_name'] . " " . $field_attr); } } } else { \defender::stop(); addNotice('danger', $this->locale['fields_0106']); } // ordering if (!$this->debug) { if (\defender::safe()) { dbquery("UPDATE " . $this->field_db . " SET field_order=field_order+1 WHERE field_order > '" . $data['field_order'] . "' AND field_cat='" . $data['field_cat'] . "'"); dbquery_insert($this->field_db, $data, 'save'); addNotice('success', $this->locale['field_0204']); redirect(FUSION_SELF . $aidlink); } } else { print_p($data); } } else { \defender::stop(); addNotice('danger', $this->locale['fields_0107']); } } }
if (isset($_POST['save_download'])) { $data = array('download_id' => form_sanitizer($_POST['download_id'], '0', 'download_id'), 'download_user' => form_sanitizer($_POST['download_user'], "", "download_user"), 'download_homepage' => form_sanitizer($_POST['download_homepage'], '', 'download_homepage'), 'download_title' => form_sanitizer($_POST['download_title'], '', 'download_title'), 'download_cat' => form_sanitizer($_POST['download_cat'], '0', 'download_cat'), 'download_description_short' => form_sanitizer($_POST['download_description_short'], '', 'download_description_short'), 'download_description' => form_sanitizer($_POST['download_description'], '', 'download_description'), 'download_keywords' => form_sanitizer($_POST['download_keywords'], '', 'download_keywords'), 'download_image' => isset($_POST['download_image']) ? form_sanitizer($_POST['download_image'], '', 'download_image') : '', 'download_image_thumb' => isset($_POST['download_image_thumb']) ? form_sanitizer($_POST['download_image_thumb'], '', 'download_image_thumb') : '', "download_url" => "", 'download_file' => isset($_POST['download_file']) ? form_sanitizer($_POST['download_file'], '', 'download_file') : '', 'download_license' => form_sanitizer($_POST['download_license'], '', 'download_license'), 'download_copyright' => form_sanitizer($_POST['download_copyright'], '', 'download_copyright'), 'download_os' => form_sanitizer($_POST['download_os'], '', 'download_os'), 'download_version' => form_sanitizer($_POST['download_version'], '', 'download_version'), 'download_filesize' => form_sanitizer($_POST['download_filesize'], '', 'download_filesize'), 'download_visibility' => form_sanitizer($_POST['download_visibility'], '0', 'download_visibility'), 'download_allow_comments' => isset($_POST['download_allow_comments']) ? 1 : 0, 'download_allow_ratings' => isset($_POST['download_allow_ratings']) ? 1 : 0, 'download_datestamp' => isset($_POST['update_datestamp']) ? time() : $data['download_datestamp']); /** Bugs with having Link and File together -- File will take precedence **/ if ($defender::safe() && !empty($_FILES['download_file']['name']) && is_uploaded_file($_FILES['download_file']['tmp_name'])) { $upload = form_sanitizer($_FILES['download_file'], '', 'download_file'); if ($upload['error'] == 0) { $data['download_file'] = !empty($upload['target_file']) ? $upload['target_file'] : $upload['name']; if ($data['download_filesize'] == "" || isset($_POST['calc_upload'])) { $data['download_filesize'] = parsebytesize($upload['source_size']); } } } elseif (!empty($_POST['download_url']) && empty($data['download_file'])) { $data['download_url'] = form_sanitizer($_POST['download_url'], "", "download_url"); $data['download_file'] = ''; } elseif (empty($data['download_file']) && empty($data['download_url'])) { defender::stop(); addNotice('danger', $locale['download_0111']); } /** * Image Section */ if (defender::safe() && isset($_POST['del_image']) && isset($_GET['download_id']) && isnum($_GET['download_id'])) { $result = dbquery("SELECT download_image, download_image_thumb FROM " . DB_DOWNLOADS . " WHERE download_id='" . $_GET['download_id'] . "'"); if (dbrows($result)) { $data += dbarray($result); if (!empty($data['download_image']) && file_exists(DOWNLOADS . "images/" . $data['download_image'])) { @unlink(DOWNLOADS . "images/" . $data['download_image']); } if (!empty($data['download_image_thumb']) && file_exists(DOWNLOADS . "images/" . $data['download_image_thumb'])) { @unlink(DOWNLOADS . "images/" . $data['download_image_thumb']); }
/** * ID is required only for update mode. * @param $dbname * @param int $current_order * @param $order_col * @param int $current_id * @param bool $id_col * @param int $current_category * @param bool $cat_col * @param string $multilang_prefix * @param string $multilang_col * @param string $mode * @return bool|mixed|PDOStatement|resource */ function dbquery_order($dbname, $current_order, $order_col, $current_id = 0, $id_col = FALSE, $current_category = 0, $cat_col = FALSE, $multilang = false, $multilang_col = '', $mode = 'update') { $multilang_sql_1 = $multilang && $multilang_col ? "WHERE {$multilang_col}='" . LANGUAGE . "'" : ''; $multilang_sql_2 = $multilang && $multilang_col ? "AND {$multilang_col}='" . LANGUAGE . "'" : ''; if (!$current_order) { $current_order = dbresult(dbquery("SELECT MAX({$order_col}) FROM " . $dbname . " " . $multilang_sql_1), 0) + 1; } switch ($mode) { case 'save': if ($order_col && $current_order && $dbname) { if (!empty($current_category) && !empty($cat_col)) { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } else { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } } else { defender::stop(); } break; case 'update': if ($id_col && $current_id && $order_col && $current_order && $dbname) { $old_order = dbresult(dbquery("SELECT {$order_col} FROM " . $dbname . " WHERE {$id_col}='" . intval($current_id) . "' {$multilang_sql_2}"), 0); if (!empty($current_category) && !empty($cat_col)) { if ($current_order > $old_order) { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}>'{$old_order}' AND {$order_col}<='" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } elseif ($current_order < $old_order) { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}<'{$old_order}' AND {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } else { return true; } } else { if ($current_order > $old_order) { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'{$old_order}' AND {$order_col}<='" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } elseif ($current_order < $old_order) { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}+1 WHERE {$order_col}<'{$old_order}' AND {$order_col}>='" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } else { return true; } } } else { defender::stop(); } break; case 'delete': if ($order_col && $current_order && $dbname) { if (!empty($current_category) && !empty($cat_col)) { // in nested mode, $cat and $cat_col is REQUIRED. $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='" . intval($current_category) . "' AND {$order_col}>'" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } else { $result = dbquery("UPDATE " . $dbname . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'" . intval($current_order) . "' {$multilang_sql_2}"); return $result; } } else { defender::stop(); } break; default: defender::stop(); } }
/** * Display Comments * @param $comment_type * @param $comment_db * @param $comment_col * @param $comment_item_id * @param $clink */ public function showComments($comment_type, $comment_db, $comment_col, $comment_item_id, $clink) { global $aidlink; $locale = fusion_get_locale(); $locale += fusion_get_locale('', LOCALE . LOCALESET . "user_fields.php"); $cpp = $this->settings['comments_per_page']; $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => '', 'comment_message' => '', 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => 0, 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); /** Delete */ if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "delete") && (isset($_GET['comment_id']) && isnum($_GET['comment_id']))) { if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $_GET['comment_id'] . "' AND comment_name='" . $this->userdata['user_id'] . "'")) { $result = dbquery("\n DELETE FROM " . DB_COMMENTS . "\n\t\t\t\tWHERE comment_id='" . $_GET['comment_id'] . "'" . (iADMIN ? "" : "\n\t\t\t\tAND comment_name='" . $this->userdata['user_id'] . "'")); } redirect($clink . ($this->settings['comments_sorting'] == "ASC" ? "" : "&c_start=0")); } if ($this->settings['comments_enabled'] == "1") { $this->c_arr['c_info']['comments_count'] = format_word(0, $this->locale['fmt_comment']); // Handle Comment Posts if ((iMEMBER || $this->settings['guestposts']) && isset($_POST['post_comment'])) { if (!iMEMBER && $this->settings['guestposts']) { // Process Captchas $_CAPTCHA_IS_VALID = FALSE; include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_check.php"; if (!isset($_POST['captcha_code']) && $_CAPTCHA_IS_VALID == FALSE) { \defender::stop(); addNotice("danger", $locale['u194']); } } $comment_data = array('comment_id' => isset($_GET['comment_id']) && isnum($_GET['comment_id']) ? $_GET['comment_id'] : 0, 'comment_name' => iMEMBER ? $this->userdata['user_id'] : form_sanitizer($_POST['comment_name'], '', 'comment_name'), 'comment_message' => form_sanitizer($_POST['comment_message'], '', 'comment_message'), 'comment_datestamp' => time(), 'comment_item_id' => $comment_item_id, 'comment_type' => $comment_type, 'comment_cat' => form_sanitizer($_POST['comment_cat'], 0, 'comment_cat'), 'comment_ip' => USER_IP, 'comment_ip_type' => USER_IP_TYPE, 'comment_hidden' => 0); if (iMEMBER && (isset($_GET['c_action']) && $_GET['c_action'] == "edit") && $comment_data['comment_id']) { // Update comment if (iADMIN && checkrights("C") || iMEMBER && dbcount("(comment_id)", DB_COMMENTS, "comment_id='" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'\n AND comment_name='" . $this->userdata['user_id'] . "'\n AND comment_hidden='0'") && \defender::safe()) { $c_name_query = "SELECT comment_name FROM " . DB_COMMENTS . " WHERE comment_id='" . $comment_data['comment_id'] . "'"; $comment_data['comment_name'] = dbresult(dbquery($c_name_query), 0); dbquery_insert(DB_COMMENTS, $comment_data, 'update'); if ($this->settings['comments_sorting'] == "ASC") { $c_operator = "<="; } else { $c_operator = ">="; } $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_id" . $c_operator . "'" . $comment_data['comment_id'] . "'\n AND comment_item_id='" . $comment_item_id . "'\n AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; addNotice("success", $locale['global_027']); redirect(self::format_clink($clink) . "&c_start=" . (isset($c_start) && isnum($c_start) ? $c_start : "")); } } else { // Save New comment if (!dbcount("(" . $comment_col . ")", $comment_db, $comment_col . "='" . $comment_item_id . "'")) { redirect(BASEDIR . "index.php"); } if (\defender::safe()) { $c_start = 0; $id = 0; if ($comment_data['comment_name'] && $comment_data['comment_message']) { require_once INCLUDES . "flood_include.php"; if (!flood_control("comment_datestamp", DB_COMMENTS, "comment_ip='" . USER_IP . "'")) { dbquery_insert(DB_COMMENTS, $comment_data, 'save'); $id = dblastid(); if ($this->settings['comments_sorting'] == "ASC") { $c_count = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "'"); $c_start = (ceil($c_count / $cpp) - 1) * $cpp; } } redirect(self::format_clink($clink) . "&c_start=" . $c_start . "#c" . $id); } } } } $c_rows = dbcount("(comment_id)", DB_COMMENTS, "comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'"); if (!isset($_GET['c_start']) && $c_rows > $cpp) { $_GET['c_start'] = (ceil($c_rows / $cpp) - 1) * $cpp; } if (!isset($_GET['c_start']) || !isnum($_GET['c_start'])) { $_GET['c_start'] = 0; } $comment_query = "\n SELECT tcm.*, tcu.user_id, tcu.user_name, tcu.user_avatar, tcu.user_status\n FROM " . DB_COMMENTS . " tcm\n LEFT JOIN " . DB_USERS . " tcu ON tcm.comment_name=tcu.user_id\n WHERE comment_item_id='" . $comment_item_id . "' AND comment_type='" . $comment_type . "' AND comment_hidden='0'\n ORDER BY comment_datestamp " . $this->settings['comments_sorting'] . ", comment_cat DESC"; $query = dbquery($comment_query); if (dbrows($query) > 0) { $i = $this->settings['comments_sorting'] == "ASC" ? $_GET['c_start'] + 1 : $c_rows - $_GET['c_start']; if ($c_rows > $cpp) { $this->c_arr['c_info']['c_makepagenav'] = makepagenav($_GET['c_start'], $cpp, $c_rows, 3, $clink . "&", "c_start"); } if (iADMIN && checkrights("C")) { $this->c_arr['c_info']['admin_link'] = "<!--comment_admin-->\n"; $this->c_arr['c_info']['admin_link'] .= "<a href='" . ADMIN . "comments.php" . $aidlink . "&ctype=" . $comment_type . "&comment_item_id=" . $comment_item_id . "'>" . $this->locale['c106'] . "</a>"; } while ($row = dbarray($query)) { $actions = array("edit_dell" => "", "edit_link" => "", "delete_link" => ""); if (iADMIN && checkrights("C") || iMEMBER && $row['comment_name'] == $this->userdata['user_id'] && isset($row['user_name'])) { $edit_link = clean_request('c_action=edit&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false) . "#edit_comment"; $delete_link = clean_request('c_action=delete&comment_id=' . $row['comment_id'], array('c_action', 'comment_id'), false); $comment_actions = "<!---comment_actions--><div class='btn-group'>\n <a class='btn btn-xs btn-default' href='{$edit_link}'>" . $this->locale['c108'] . "</a>\n <a class='btn btn-xs btn-default' href='{$delete_link}' onclick=\"return confirm('" . $this->locale['c110'] . "');\"><i class='fa fa-trash'></i>" . $this->locale['c109'] . "</a>\n </div><!---//comment_actions-->\n "; $actions = array("edit_link" => array('link' => $edit_link, 'name' => $this->locale['c108']), "delete_link" => array('link' => $delete_link, 'name' => $this->locale['c109']), "edit_dell" => $comment_actions); } $reply_form = ""; if (isset($_GET['comment_reply']) && $_GET['comment_reply'] == $row['comment_id']) { $locale = fusion_get_locale(); $comment_data['comment_cat'] = $row['comment_id']; $reply_form = openform("comments_reply_form", "post", FUSION_REQUEST, array("class" => "comments_reply_form")); if (iGUEST) { $reply_form .= form_text('comment_name', fusion_get_locale('c104'), $comment_data['comment_name'], array('max_length' => 30)); } $reply_form .= form_hidden("comment_cat", "", $comment_data['comment_cat']); $reply_form .= form_textarea("comment_message", "", $comment_data['comment_message'], array("tinymce" => "simple", "type" => fusion_get_settings("tinymce_enabled") ? "tinymce" : "bbcode", "input_id" => "comment_message-" . $i, "required" => true)); if (iGUEST && (!isset($_CAPTCHA_HIDE_INPUT) || isset($_CAPTCHA_HIDE_INPUT) && !$_CAPTCHA_HIDE_INPUT)) { $_CAPTCHA_HIDE_INPUT = FALSE; $reply_form .= "<div class='m-t-10 m-b-10'>"; $reply_form .= "<label class='col-xs-12 col-sm-3'>" . $locale['global_150'] . "</label><div class='col-xs-12 col-sm-9'>\n"; ob_start(); include INCLUDES . "captchas/" . $this->settings['captcha'] . "/captcha_display.php"; $reply_form .= ob_get_contents(); ob_end_clean(); if (!$_CAPTCHA_HIDE_INPUT) { $reply_form .= "<br />\n<label for='captcha_code'>" . $locale['global_151'] . "</label>"; $reply_form .= "<br />\n<input type='text' id='captcha_code' name='captcha_code' class='textbox' autocomplete='off' style='width:100px' />\n"; } $reply_form .= "</div>\n"; $reply_form .= "</div>\n"; } $reply_form .= form_button('post_comment', $locale['c102'], $locale['c102'], array('class' => 'btn-success m-t-10')); $reply_form .= closeform(); } /** formats $row */ $row = array("comment_id" => $row['comment_id'], "comment_cat" => $row['comment_cat'], "i" => $i, "user_avatar" => display_avatar($row, '50px', '', false, 'img-rounded'), "user" => array("user_id" => $row['user_id'], "user_name" => $row['user_name'], "user_avatar" => $row['user_avatar'], "status" => $row['user_status']), "reply_link" => clean_request("comment_reply=" . $row['comment_id'], array("comment_reply"), false), "reply_form" => $reply_form, "comment_datestamp" => showdate('shortdate', $row['comment_datestamp']), "comment_time" => timer($row['comment_datestamp']), "comment_message" => "<!--comment_message-->\n" . nl2br(parseubb(parsesmileys($row['comment_message']))) . "<!--//comment_message-->\n", "comment_name" => $row['user_name'] ? profile_link($row['comment_name'], $row['user_name'], $row['user_status'], 'strong text-dark') : $row['comment_name']); $row += $actions; $id = $row['comment_id']; $parent_id = $row['comment_cat'] === NULL ? "0" : $row['comment_cat']; $data[$id] = $row; $this->c_arr['c_con'][$parent_id][$id] = $row; $this->settings['comments_sorting'] == "ASC" ? $i++ : $i--; } // Paginate the array $this->c_arr['c_con'][0] = array_chunk($this->c_arr['c_con'][0], $cpp, true); // Pass cpp settings $this->c_arr['c_info']['comments_per_page'] = $cpp; $this->c_arr['c_info']['comments_count'] = format_word(number_format($i - 1, 0), $this->locale['fmt_comment']); } echo "<a id='comments' name='comments'></a>"; render_comments($this->c_arr['c_con'], $this->c_arr['c_info']); render_comments_form($comment_type, $clink, $comment_item_id, isset($_CAPTCHA_HIDE_INPUT) ? $_CAPTCHA_HIDE_INPUT : FALSE); } }
/** * Move a single column from one table to another * @param $old_table * @param $new_table * @param $column_name */ protected static function move_column($old_table, $new_table, $column_name) { $result = dbquery("SHOW COLUMNS FROM " . $old_table); $data = array(); if (dbrows($result) > 0) { $i = 1; while ($data = dbarray($result)) { if ($data['Field'] == $column_name) { break; } } } if (!empty($data)) { $result = dbquery("ALTER TABLE " . $new_table . " ADD COLUMN " . $data['Field'] . " " . $data['Type'] . " " . ($data['Null'] == "NO" ? "NOT NULL" : "NULL") . " DEFAULT '" . $data['Default'] . "'"); if (!$result) { \defender::stop(); } if ($result && \defender::safe()) { dbquery("INSERT INTO " . $new_table . " (" . $data['Field'] . ") SELECT " . $data['Field'] . " FROM " . $old_table); } if (!$result && \defender::safe()) { \defender::stop(); } if (!\defender::safe()) { addNotice("danger", "Cannot move " . $column_name); } } }
public static function validateAuthAdmin($pass = "") { global $userdata, $locale; if (iADMIN) { // Validate existing admin cookie if ($pass == "" && isset($_COOKIE[COOKIE_ADMIN]) && $_COOKIE[COOKIE_ADMIN] != "") { $cookieDataArr = explode(".", $_COOKIE[COOKIE_ADMIN]); if (count($cookieDataArr) == 3) { list($userID, $cookieExpiration, $cookieHash) = $cookieDataArr; if ($cookieExpiration > time() && $userID == $userdata['user_id']) { $result = dbquery("SELECT user_admin_algo, user_admin_salt FROM " . DB_USERS . "\n\t\t\t\t\t\t\tWHERE user_id='" . (isnum($userID) ? $userID : 0) . "' AND user_level < -101 AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\t\t\tLIMIT 1"); if (dbrows($result) == 1) { $user = dbarray($result); $key = hash_hmac($user['user_admin_algo'], $userID . $cookieExpiration, $user['user_admin_salt']); $hash = hash_hmac($user['user_admin_algo'], $userID . $cookieExpiration, $key); if ($cookieHash == $hash) { $error = FALSE; /** * New 2nd factor session authentication */ if (empty($_SESSION['aid'])) { return FALSE; } else { $password_algo = fusion_get_settings("password_algorithm"); $token_data = explode(".", $_SESSION['aid']); // check if the token has the correct format if (count($token_data) == 3) { list($tuser_id, $token_time, $hash) = $token_data; $user_id = iMEMBER ? $userdata['user_id'] : 0; $algo = $password_algo; $key = $userdata['user_id'] . $token_time . iAUTH . SECRET_KEY; $salt = md5($userdata['user_admin_salt'] . SECRET_KEY_SALT); // check if the logged user has the same ID as the one in token if ($tuser_id != $user_id) { $error = $locale['token_error_4']; // make sure the token datestamp is a number } elseif (!isnum($token_time)) { $error = $locale['token_error_5']; // check if the hash is valid } elseif ($hash != hash_hmac($algo, $key, $salt)) { $error = $locale['token_error_7']; // check if a post wasn't made too fast. Set $post_time to 0 for instant. Go for System Settings later. } } else { // token format is incorrect $error = $locale['token_error_8']; } // Check if any error was set if ($error !== FALSE) { \defender::stop(); addNotice("warning", $error); return FALSE; } } return TRUE; } } } } // Validate a provided password } elseif ($pass != "") { $result = dbquery("SELECT user_admin_algo, user_admin_salt, user_admin_password FROM " . DB_USERS . "\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "' AND user_level < -101 AND user_status='0' AND user_actiontime='0'\n\t\t\t\t\tLIMIT 1"); if (dbrows($result) == 1) { $user = dbarray($result); if ($user['user_admin_algo'] != "md5") { $inputHash = hash_hmac($user['user_admin_algo'], $pass, $user['user_admin_salt']); } else { $inputHash = md5(md5($pass)); } if ($inputHash == $user['user_admin_password']) { return TRUE; } } } } return FALSE; }
/** * Return a valid forum name without duplicate * @param $forum_name * @param int $forum_id * @return mixed */ protected static function check_validForumName($forum_name, $forum_id = 0) { if ($forum_name) { if ($forum_id) { $name_check = dbcount("('forum_name')", DB_FORUMS, "forum_name='" . $forum_name . "' AND forum_id !='" . $forum_id . "'"); } else { $name_check = dbcount("('forum_name')", DB_FORUMS, "forum_name='" . $forum_name . "'"); } if ($name_check) { \defender::stop(); addNotice('danger', self::$locale['forum_error_7']); } else { return $forum_name; } } return FALSE; }