示例#1
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
if (!Core_isAdmin()) {
    die('access denied');
}
header('Content-type: text/json');
$rs = dbAll('select * from sitecredits_options');
$options = array();
foreach ($rs as $k => $v) {
    $options[$v['name']] = $v['value'];
}
if (!@$options['payment-recipient']) {
    $cr = DistConfig::get('credits-email');
    $options['payment-recipient'] = $cr;
    dbQuery('insert into sitecredits_options values("payment-recipient", "' . $cr . '")');
}
if (!@$options['currency']) {
    $options['currency'] = 'EUR';
    $options['currency-symbol'] = '€';
}
if (!@$options['credit-costs']) {
    $options['credit-costs'] = '[' . '[5000000,1]' . ']';
}
$options['credit-costs'] = json_decode($options['credit-costs']);
echo json_encode($options);
示例#2
0
文件: api.php 项目: raylouis/kvwebme
/**
 * get a list of projects
 *
 * @return array list
 */
function IssueTracker_projectsGet()
{
    $hotels = array();
    $rs = dbAll('select id,name,parent_id,meta from issuetracker_projects where parent_id=0');
    foreach ($rs as $r) {
        if (Core_isAdmin()) {
            $hotels[] = $r;
            continue;
        }
        $p = json_decode($r['meta'], true);
        if (count($p['groups'])) {
            $ok = 0;
            foreach ($p['groups'] as $v) {
                if (in_array($v, $_SESSION['userdata']['groups'])) {
                    $ok = 1;
                }
            }
            if (!$ok) {
                continue;
            }
            $hotels[] = $r;
            continue;
        }
        if (count($p['users'])) {
            $ok = 0;
            if (in_array($_SESSION['userdata']['id'], $p['users'])) {
                $ok = 1;
            }
            if (!$ok) {
                continue;
            }
            $hotels[] = $r;
            continue;
        }
        $hotels[] = $r;
    }
    return $hotels;
}
示例#3
0
文件: show.php 项目: raylouis/kvwebme
/**
 * function for generating and returning a gallery's HTML
 *
 * @param array $PAGEDATA Page object
 *
 * @return string HTML of the gallery
 */
function ImageGallery_show($PAGEDATA)
{
    $vars = $PAGEDATA->vars;
    if (!isset($vars['image_gallery_directory'])) {
        return __('gallery directory has not yet been set');
    }
    $c = $PAGEDATA->render();
    // { check to see if there are files in the directory
    $hasImages = false;
    $dirname = USERBASE . '/f/' . $vars['image_gallery_directory'];
    if (file_exists($dirname)) {
        $dir = new DirectoryIterator($dirname);
        foreach ($dir as $file) {
            if ($file->isDot()) {
                continue;
            }
            $hasImages = true;
            break;
        }
    }
    // }
    if (!isset($vars['footer'])) {
        $vars['footer'] = '';
    }
    if ($hasImages) {
        // { if template doesn't exist, create it
        $template = USERBASE . '/ww.cache/image-gallery/';
        @mkdir($template);
        $template .= $PAGEDATA->id;
        if (!file_exists($template) || !filesize($template)) {
            $thtml = @$PAGEDATA->vars['gallery-template'];
            if (!$thtml) {
                $thtml = file_get_contents(dirname(__FILE__) . '/../admin/types/list.tpl');
            }
            file_put_contents($template, $thtml);
        }
        // }
        // { display the template
        require_once SCRIPTBASE . 'ww.incs/vendor/Smarty-3.1.19/libs/Smarty.class.php';
        require_once SCRIPTBASE . 'ww.plugins/image-gallery/frontend/template-functions.php';
        $smarty = new Smarty();
        $smarty->compile_dir = USERBASE . '/ww.cache/templates_c';
        @mkdir(USERBASE . '/ww.cache/templates_c');
        @mkdir(USERBASE . '/ww.cache/templates_c/image-gallery');
        $smarty->assign('pagedata', $PAGEDATA);
        $smarty->registerPlugin('function', 'GALLERY_IMAGE', 'ImageGallery_templateImage');
        $smarty->registerPlugin('function', 'GALLERY_IMAGES', 'ImageGallery_templateImages');
        $smarty->registerPlugin('function', 'GALLERY_NAV', 'ImageGallery_nav');
        $smarty->left_delimiter = '{{';
        $smarty->right_delimiter = '}}';
        $c .= $smarty->fetch(USERBASE . '/ww.cache/image-gallery/' . $PAGEDATA->id);
        if (Core_isAdmin()) {
            WW_addScript('/j/jquery.ui.selectmenu/jquery.ui.selectmenu.js');
            WW_addCSS('/j/jquery.ui.selectmenu/jquery.ui.selectmenu.css');
            WW_addScript('/j/jquery.contextMenu/jquery.contextMenu.js');
            WW_addCSS('/j/jquery.contextMenu/jquery.contextMenu.css');
        }
        WW_addScript('image-gallery/frontend/gallery.js');
        WW_addCSS('/ww.plugins/image-gallery/frontend/gallery.css');
        // }
        return $c . $vars['footer'];
    } else {
        $dir = $vars['image_gallery_directory'];
        return $c . '<em>' . __('gallery "%1" not found.', array($dir), 'core') . $vars['footer'];
    }
}
示例#4
0
<?php

/**
 * Deletes a comment
 *
 * PHP Version 5.3
 *
 * @category   CommentsPlugin
 * @package    WebworksWebme
 * @subpackage CommentsPlugin
 * @author     Belinda Hamilton <*****@*****.**>
 * @license    GPL Version 2
 * @link       www.kvweb.me
 **/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$id = $_REQUEST['id'];
$allowed = Core_isAdmin() || in_array($id, $_SESSION['comment_ids']);
if (!$allowed) {
    die('You do not have permission to delete this comment');
}
if (!is_numeric($id)) {
    Core_quit('Invalid id');
}
dbQuery('delete from comments where id = ' . $id);
Core_cacheClear('comments');
if (dbOne('select id from comments where id  = ' . $id, 'id')) {
    echo '{"status":0}';
} else {
    echo '{"status":1, "id":' . $id . '}';
}
示例#5
0
<?php

if (!defined('START_TIME')) {
    define('START_TIME', microtime(true));
}
$ignore_cms_plugins = true;
include_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$GLOBALS['kfm_userfiles_address'] = $GLOBALS['DBVARS']['userbase'] . '/f/';
if (!session_id()) {
    if (isset($_GET['cms_session'])) {
        session_id($_GET['cms_session']);
    }
    session_start();
}
if ($_SERVER['PHP_SELF'] != '/j/kfm/get.php' && (!isset($GLOBALS['kfm_api_auth_override']) || !$GLOBALS['kfm_api_auth_override']) && !Core_isAdmin()) {
    echo 'access denied!';
    exit;
}
if ($_SERVER['PHP_SELF'] == '/j/kfm/get.php') {
    $GLOBALS['kfm_do_not_save_session'] = true;
}
$GLOBALS['kfm_api_auth_override'] = true;
$GLOBALS['kfm']->defaultSetting('theme', 'default');
$GLOBALS['kfm']->defaultSetting('file_handler', 'return');
$GLOBALS['kfm']->defaultSetting('file_url', 'filename');
$GLOBALS['kfm']->defaultSetting('return_file_id_to_cms', $GLOBALS['kfm_return_file_id_to_cms']);
示例#6
0
$smarty->template_dir = THEME_DIR . '/' . THEME . '/h/';
$smarty->assign('PAGECONTENT', '<div id="ww-pagecontent">' . $pagecontent . '</div>');
$smarty->assign('PAGEDATA', $PAGEDATA);
$smarty->assign('THEMEDIR', '/ww.skins/' . THEME);
// }
// { build metadata
// { page title
$c = '<title>' . htmlspecialchars($PAGEDATA->title ? $PAGEDATA->title : str_replace('www.', '', $_SERVER['HTTP_HOST']) . ' > ' . __FromJson($PAGEDATA->name)) . '</title>';
// }
// { show stylesheet and javascript links
$c .= 'WW_CSS_GOES_HERE' . Core_getJQueryScripts() . '<script src="WW_SCRIPTS_GO_HERE"></script>';
// { generate inline javascript
$tmp = 'var pagedata={id:' . $PAGEDATA->id . Core_trigger('displaying-pagedata') . ',ptop:' . $PAGEDATA->getTopParentId() . (isset($DBVARS['cdn']) && $DBVARS['cdn'] ? ', cdn:"' . $DBVARS['cdn'] . '"' : '') . ',sessid:"' . session_id() . '"' . ',lang:"' . @$_SESSION['language'] . '"' . '},' . 'CKEDITOR_BASEPATH="//cdn.ckeditor.com/4.4.3/standard/", ' . (isset($_SESSION['userdata']['id']) ? User::getAsScript() : 'userdata={isAdmin:0' . (isset($_SESSION['wasAdmin']) ? ',wasAdmin:1' : '') . '};');
array_unshift($scripts_inline, $tmp);
// }
if (Core_isAdmin()) {
    foreach ($GLOBALS['PLUGINS'] as $p) {
        if (isset($p['frontend']['admin-script'])) {
            WW_addScript($p['frontend']['admin-script']);
        }
    }
}
// }
// { meta tags
$c .= '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />';
if ($PAGEDATA->keywords) {
    $c .= '<meta http-equiv="keywords" content="' . htmlspecialchars($PAGEDATA->keywords) . '" />';
}
if ($PAGEDATA->description) {
    $c .= '<meta http-equiv="description" content="' . htmlspecialchars($PAGEDATA->description) . '"/>';
}
示例#7
0
/**
 * approve a post
 *
 * @return array status
 */
function Forum_adminPostApprove()
{
    $id = $_REQUEST['id'];
    $userID = $_SESSION['userdata']['id'];
    if (!($userID == 0 && Core_isAdmin())) {
        // not a superadmin
        $user = User::getInstance($userID);
        $usersGroups = $user->getGroups();
        $thread = dbOne('select thread_id from forums_posts where id = ' . $id, 'thread_id');
        $forum = dbOne('select forum_id from forums_threads where id = ' . $thread, 'forum_id');
        $moderatorGroups = dbOne('select moderator_groups from forums where id = ' . $forum, 'moderator_groups');
        $moderatorGroups = explode(',', $moderatorGroups);
        $isModerator = false;
        foreach ($usersGroups as $group) {
            if (in_array($group, $moderatorGroups)) {
                $isModerator = true;
                break;
            }
        }
        if (!$isModerator) {
            die('You do not have permission to approve posts for this forum');
        }
        if (!is_numeric($id)) {
            Core_quit('Invalid id ' . $id);
        }
    }
    dbQuery('update forums_posts set moderated = 1 where id =' . $id);
    if (dbOne('select moderated from forums_posts where id = ' . $id, 'moderated')) {
        return array('id' => $id, 'action' => 'approved', 'status' => 1);
    }
    return array('status' => 0);
}
示例#8
0
文件: api.php 项目: raylouis/kvwebme
/**
 * check a QR Code voucher to see if it's valid
 *
 * @return null
 */
function OnlineStore_checkQrCode()
{
    global $DBVARS;
    echo '<table style="width:100%"><tr><td><img src="/f/skin_files/logo.png"/>' . '</td><td><h1>' . $DBVARS['site_title'] . '</h1><h3>' . $DBVARS['site_subtitle'] . '</h3></td></tr></table><hr/>';
    $oid = (int) @$_REQUEST['oid'];
    $pid = @$_REQUEST['pid'];
    if (!$oid || !$pid) {
        echo '' . __('Product or order ID not found') . '';
        Core_quit();
    }
    $order = dbRow('select * from online_store_orders where id=' . $oid);
    if (!$order) {
        echo '' . __('Order ID not found.') . '';
        Core_quit();
    }
    $md5 = $_REQUEST['md5'];
    if ($md5 != md5($order['invoice'])) {
        echo '' . __('MD5 check failed. this voucher has been tampered with.') . '';
        Core_quit();
    }
    echo '<h1>' . __('Valid Voucher') . '</h1>';
    $items = json_decode($order['items'], true);
    $item = $items[$pid];
    echo '<h2>' . $item['short_desc'] . '</h2>' . $item['long_desc'];
    if (!isset($item['voucher_redeemed'])) {
        echo '<em>' . __('This voucher has not yet been redeemed. To redeem this voucher,' . ' please hand it in to the retailer with your purchase.') . '</em>';
    } else {
        echo '<p class="warning">' . __('Warning: This voucher has already been redeemed.') . '</p>';
    }
    if (!Core_isAdmin()) {
        echo '<br/><br/><br/>' . __('If you are the retailer, please <a href="/ww.admin/">log in</a>,' . ' then scan the QR code again.');
    } else {
        echo '<br/><br/><br/><a href="/a/p=online-store/f=adminRedeemVoucher/' . 'oid=' . $oid . '/pid=' . $pid . '">' . __('Mark this voucher as redeemed.') . '</a>';
    }
    Core_quit();
}
示例#9
0
文件: api.php 项目: raylouis/kvwebme
/**
 * delete a message from a forum
 *
 * @return array
 */
function Forum_delete()
{
    if (!isset($_SESSION['userdata']) || !$_SESSION['userdata']['id']) {
        Core_quit();
    }
    $post_id = (int) $_REQUEST['id'];
    $errs = array();
    if (!$post_id) {
        $errs[] = 'no post selected';
    }
    $post = dbRow('select author_id,thread_id from forums_posts where id=' . $post_id);
    if (!$post) {
        return array('error' => 'post does not exist');
    }
    if (!Core_isAdmin() && $post['author_id'] != $_SESSION['userdata']['id']) {
        $errs[] = 'this is not your post, or post does not exist';
    }
    if (count($errs)) {
        return array('errors' => $errs);
    }
    dbQuery('delete from forums_posts where id=' . $post_id);
    $sql = 'select count(id) from forums_posts where thread_id=' . $post['author_id'];
    if ((int) dbOne($sql, 'count(id)') < 1) {
        dbQuery('delete from forums_threads where id=' . $post['thread_id']);
    }
    dbQuery('update forums_threads set num_posts=' . '(select count(id) as ids from forums_posts ' . 'where thread_id=forums_threads.id)');
    dbQuery('select from forums_threads where num_posts=0');
    return array('ok' => 1);
}
示例#10
0
文件: User.php 项目: raylouis/kvwebme
 /**
  * get user details for page usage
  *
  * @return string
  */
 public static function getAsScript()
 {
     $email = isset($_SESSION['userdata']['email']) ? $_SESSION['userdata']['email'] : '';
     $tmp = 'userdata={isAdmin:' . (Core_isAdmin() ? 1 : 0) . ',id:' . $_SESSION['userdata']['id'] . (isset($_SESSION['wasAdmin']) ? ',wasAdmin:1' : '') . ',name:"' . addslashes($_SESSION['userdata']['name']) . '"' . ',email:"' . addslashes($email) . '"' . ',lat:' . (double) @$_SESSION['userdata']['location_lat'] . ',lng:' . (double) @$_SESSION['userdata']['location_lng'];
     if (isset($_SESSION['userdata']['discount'])) {
         $tmp .= ',discount:' . (int) $_SESSION['userdata']['discount'];
     }
     if (isset($_SESSION['userdata']['address'])) {
         $tmp .= ',address:1';
     }
     if (isset($_SESSION['userdata']['id']) && $_SESSION['userdata']['id']) {
         $user = User::getInstance($_SESSION['userdata']['id']);
         $groups = $user ? $user->getGroups() : array();
         $tmp .= ',groups:[' . join(',', $groups) . ']';
     }
     return $tmp . '};';
 }
示例#11
0
文件: api.php 项目: raylouis/kvwebme
/**
 * Updates a review, calculates the new total and average
 *
 * @return array the updated review
 */
function Products_reviewUpdate()
{
    $id = (int) $_REQUEST['id'];
    $loggedInUser = $_SESSION['userdata']['id'];
    $userWhoLeftReview = dbOne('select user_id from products_reviews where id=' . $id, 'user_id');
    if (!(Core_isAdmin() || $loggedInUser == $userWhoLeftReview)) {
        die('You do not have sufficent privileges to edit this review');
    }
    $timeExpired = dbOne('select now()>
				date_add("' . $_REQUEST['cdate'] . '", interval 15 minute) as can_edit', 'can_edit');
    if ($timeExpired) {
        return array('status' => 0, 'message' => 'time has expired');
    }
    $body = addslashes($_REQUEST['text']);
    $rating = (int) $_REQUEST['rating'];
    if ($rating < 1 || $rating > 5 || $id <= 0) {
        return array('status' => 0, 'message' => 'Invalid Rating');
    }
    dbQuery('update products_reviews set body="' . $body . '", rating=' . $rating . ' where id=' . $id);
    $productid = dbOne('select product_id from products_reviews where id=' . $id, 'product_id');
    $average = dbOne('select avg(rating) from products_reviews where product_id=' . $productid . ' group by product_id', 'avg(rating)');
    $total = dbOne('select count(id) from products_reviews where product_id=' . $productid, 'count(id)');
    $review = dbRow('select rating,body,cdate from products_reviews where id = ' . $id);
    $rating = $review['rating'];
    $body = $review['body'];
    $date = $review['cdate'];
    $name = dbOne('select name from user_accounts where id=' . $userWhoLeftReview, 'name');
    return array('status' => 1, 'id' => $id, 'product' => $productid, 'user_id' => $userWhoLeftReview, 'user' => $name, 'date' => $date, 'rating' => $rating, 'body' => $body, 'avg' => $average, 'total' => $total);
}
示例#12
0
 $c .= '<div id="reviews_display">';
 $c .= '<div id="average' . $productid . '">';
 $c .= __('The average rating for this product over %1 review(s) was %2', array(count($reviews), $average), 'core');
 $c .= '</div>';
 foreach ($reviews as $review) {
     $name = dbOne('select name from user_accounts where id=' . (int) $review['user_id'], 'name');
     $c .= '<div id="' . $review['id'] . '">';
     $date = $review['cdate'];
     $date = substr_replace($date, '', strpos($date, ' '));
     $c .= __('Posted by %1 on %2', array(htmlspecialchars($name), $date), 'core');
     $body = htmlspecialchars($body);
     $body = str_replace("\n", '<br />', $review['body']);
     $c .= '   ';
     $c .= '<b>' . __('Rated') . ': </b>' . $review['rating'] . '<br/>';
     $c .= $body . '<br/>';
     if (Core_isAdmin() || $userid == $review['user_id']) {
         // { Edit Review Link
         $timeReviewMayBeEditedUntil = dbOne('select date_add("' . $review['cdate'] . '", interval 15 minute) ' . 'as last_edit_time', 'last_edit_time');
         $reviewMayBeEdited = dbOne('select "' . $timeReviewMayBeEditedUntil . '">now() as can_edit_review', 'can_edit_review');
         if ($reviewMayBeEdited) {
             $c .= '<a href="javascript:;" onClick="edit_review(' . $review['id'] . ', \'' . addslashes($body) . '\', ' . $review['rating'] . ', \'' . addslashes($review['cdate']) . '\');">' . __('Edit') . '</a> ';
         }
         // }
         // { Delete Review Link
         $c .= '<a href="javascript:;" onClick="delete_review(' . $review['id'] . ', ' . $review['user_id'] . ', ' . $productid . ');">' . __('[x]') . '</a><br/>';
         // }
     }
     $c .= '<br/></div>';
 }
 $c .= '</div>';
 $userHasNotReviewedThisProduct = !dbOne('select id from products_reviews where user_id=' . $userid . ' and product_id=' . $productid, 'id');
示例#13
0
文件: api.php 项目: raylouis/kvwebme
/**
 * get a post
 *
 * @return array the post
 */
function Blog_postGet()
{
    $id = (int) $_REQUEST['id'];
    if (Core_isAdmin()) {
        return dbRow('select * from blog_entry where id=' . $id);
    }
    if (isset($_SESSION['userdata']['id'])) {
        return dbRow('select * from blog_entry where id=' . $id . ' and userid=' . $_SESSION['userdata']['id']);
    }
    return dbRow('select id,body from blog_entry where id=' . $id . ' and status');
}
示例#14
0
/**
 * The main display function
 *
 * @param Object $page Page Info
 *
 * @return $html The comments and an add comment form
 **/
function Comments_displayComments($page)
{
    if (!$GLOBALS['access_allowed']) {
        return '';
    }
    // { order of display
    $commentboxfirst = isset($page->vars['comments_show_box_at_top']) && $page->vars['comments_show_box_at_top'];
    // }
    // { get list of existing comments
    $hideComments = isset($page->vars['hide_comments']) && $page->vars['hide_comments'];
    if ($hideComments) {
        if (count(@$_SESSION['comment_ids'])) {
            $query = 'select * from comments where objectid=' . $page->id . ' and id in (' . join(', ', $_SESSION['comment_ids']) . ')';
        } else {
            $query = '';
        }
    } else {
        if (count(@$_SESSION['comment_ids'])) {
            $query = 'select * from comments where objectid=' . $page->id . ' and (isvalid=1 or id in (' . join(', ', $_SESSION['comment_ids']) . '))';
        } else {
            $query = 'select * from comments where objectid=' . $page->id . ' and isvalid=1';
        }
    }
    if ($query) {
        $sql = $query . ' order by cdate ' . ($commentboxfirst ? 'desc' : 'asc');
        $md5 = md5($sql);
        $comments = Core_cacheLoad('comments', $md5);
        if ($comments === false) {
            $comments = dbAll($sql);
            Core_cacheSave('comments', $md5, $comments);
        }
    }
    // }
    $clist = '';
    if (count($comments)) {
        $clist = '<div id="start-comments" class="comments-list"><a name="comments"></a>' . '<strong>Comments</strong>';
        foreach ($comments as $comment) {
            $id = $comment['id'];
            $datetime = $comment['cdate'];
            $allowedToEdit = Core_isAdmin() || isset($_SESSION['comment_ids']) && is_array($_SESSION['comment_ids']) && in_array($id, $_SESSION['comment_ids'], false);
            $clist .= '<div class="comment-wrapper';
            if ($allowedToEdit) {
                $clist .= ' comment-editable" ' . 'cdate="' . $datetime . '" comment="' . htmlspecialchars($comment['comment']) . '"';
            } else {
                $clist .= '" ';
            }
            $clist .= 'id="comment-wrapper-' . $comment['id'] . '"' . '><a name="comments-' . $id . '"></a>' . '<div class="comment-info" id="comment-info-' . $id . '">Posted by ';
            if (!empty($comment['site'])) {
                $clist .= '<a href="' . $comment['site'] . '" target=_blank>' . htmlspecialchars($comment['name']) . '</a>';
            } else {
                $clist .= htmlspecialchars($comment['name']);
            }
            $clist .= ' on ' . Core_dateM2H($datetime) . '</div>' . '<div id="comment-' . $id . '" class="comments-comment">' . htmlspecialchars($comment['comment']) . '</div></div>';
        }
        $clist .= '</div>';
    } else {
        $clist .= '';
    }
    // { get comment box HTML
    $allowComments = Core_cacheLoad('comments', 'allow-' . $page->id, -1);
    if ($allowComments === -1) {
        $allowComments = dbOne('select value from page_vars where name="allow_comments" and page_id=' . $page->id, 'value');
        Core_cacheSave('comments', 'allow-' . $page->id, $allowComments);
    }
    $cbhtml = $allowComments == 'on' ? Comments_showCommentForm($page->id) : '';
    if ($allowComments == 'on') {
        WW_addScript('comments/frontend/comments-frontend.js');
        $cbhtml .= '<script src="//ajax.aspnetcdn.com/ajax/jquery.validate/1.9/' . 'jquery.validate.min.js"></script>';
    }
    WW_addCSS('/ww.plugins/comments/frontend/comments.css');
    // }
    return $commentboxfirst ? $cbhtml . $clist : $clist . $cbhtml;
}