<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; if (!Core_isAdmin()) { die('access denied'); } header('Content-type: text/json'); $rs = dbAll('select * from sitecredits_options'); $options = array(); foreach ($rs as $k => $v) { $options[$v['name']] = $v['value']; } if (!@$options['payment-recipient']) { $cr = DistConfig::get('credits-email'); $options['payment-recipient'] = $cr; dbQuery('insert into sitecredits_options values("payment-recipient", "' . $cr . '")'); } if (!@$options['currency']) { $options['currency'] = 'EUR'; $options['currency-symbol'] = '€'; } if (!@$options['credit-costs']) { $options['credit-costs'] = '[' . '[5000000,1]' . ']'; } $options['credit-costs'] = json_decode($options['credit-costs']); echo json_encode($options);
/** * get a list of projects * * @return array list */ function IssueTracker_projectsGet() { $hotels = array(); $rs = dbAll('select id,name,parent_id,meta from issuetracker_projects where parent_id=0'); foreach ($rs as $r) { if (Core_isAdmin()) { $hotels[] = $r; continue; } $p = json_decode($r['meta'], true); if (count($p['groups'])) { $ok = 0; foreach ($p['groups'] as $v) { if (in_array($v, $_SESSION['userdata']['groups'])) { $ok = 1; } } if (!$ok) { continue; } $hotels[] = $r; continue; } if (count($p['users'])) { $ok = 0; if (in_array($_SESSION['userdata']['id'], $p['users'])) { $ok = 1; } if (!$ok) { continue; } $hotels[] = $r; continue; } $hotels[] = $r; } return $hotels; }
/** * function for generating and returning a gallery's HTML * * @param array $PAGEDATA Page object * * @return string HTML of the gallery */ function ImageGallery_show($PAGEDATA) { $vars = $PAGEDATA->vars; if (!isset($vars['image_gallery_directory'])) { return __('gallery directory has not yet been set'); } $c = $PAGEDATA->render(); // { check to see if there are files in the directory $hasImages = false; $dirname = USERBASE . '/f/' . $vars['image_gallery_directory']; if (file_exists($dirname)) { $dir = new DirectoryIterator($dirname); foreach ($dir as $file) { if ($file->isDot()) { continue; } $hasImages = true; break; } } // } if (!isset($vars['footer'])) { $vars['footer'] = ''; } if ($hasImages) { // { if template doesn't exist, create it $template = USERBASE . '/ww.cache/image-gallery/'; @mkdir($template); $template .= $PAGEDATA->id; if (!file_exists($template) || !filesize($template)) { $thtml = @$PAGEDATA->vars['gallery-template']; if (!$thtml) { $thtml = file_get_contents(dirname(__FILE__) . '/../admin/types/list.tpl'); } file_put_contents($template, $thtml); } // } // { display the template require_once SCRIPTBASE . 'ww.incs/vendor/Smarty-3.1.19/libs/Smarty.class.php'; require_once SCRIPTBASE . 'ww.plugins/image-gallery/frontend/template-functions.php'; $smarty = new Smarty(); $smarty->compile_dir = USERBASE . '/ww.cache/templates_c'; @mkdir(USERBASE . '/ww.cache/templates_c'); @mkdir(USERBASE . '/ww.cache/templates_c/image-gallery'); $smarty->assign('pagedata', $PAGEDATA); $smarty->registerPlugin('function', 'GALLERY_IMAGE', 'ImageGallery_templateImage'); $smarty->registerPlugin('function', 'GALLERY_IMAGES', 'ImageGallery_templateImages'); $smarty->registerPlugin('function', 'GALLERY_NAV', 'ImageGallery_nav'); $smarty->left_delimiter = '{{'; $smarty->right_delimiter = '}}'; $c .= $smarty->fetch(USERBASE . '/ww.cache/image-gallery/' . $PAGEDATA->id); if (Core_isAdmin()) { WW_addScript('/j/jquery.ui.selectmenu/jquery.ui.selectmenu.js'); WW_addCSS('/j/jquery.ui.selectmenu/jquery.ui.selectmenu.css'); WW_addScript('/j/jquery.contextMenu/jquery.contextMenu.js'); WW_addCSS('/j/jquery.contextMenu/jquery.contextMenu.css'); } WW_addScript('image-gallery/frontend/gallery.js'); WW_addCSS('/ww.plugins/image-gallery/frontend/gallery.css'); // } return $c . $vars['footer']; } else { $dir = $vars['image_gallery_directory']; return $c . '<em>' . __('gallery "%1" not found.', array($dir), 'core') . $vars['footer']; } }
<?php /** * Deletes a comment * * PHP Version 5.3 * * @category CommentsPlugin * @package WebworksWebme * @subpackage CommentsPlugin * @author Belinda Hamilton <*****@*****.**> * @license GPL Version 2 * @link www.kvweb.me **/ require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; $id = $_REQUEST['id']; $allowed = Core_isAdmin() || in_array($id, $_SESSION['comment_ids']); if (!$allowed) { die('You do not have permission to delete this comment'); } if (!is_numeric($id)) { Core_quit('Invalid id'); } dbQuery('delete from comments where id = ' . $id); Core_cacheClear('comments'); if (dbOne('select id from comments where id = ' . $id, 'id')) { echo '{"status":0}'; } else { echo '{"status":1, "id":' . $id . '}'; }
<?php if (!defined('START_TIME')) { define('START_TIME', microtime(true)); } $ignore_cms_plugins = true; include_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; $GLOBALS['kfm_userfiles_address'] = $GLOBALS['DBVARS']['userbase'] . '/f/'; if (!session_id()) { if (isset($_GET['cms_session'])) { session_id($_GET['cms_session']); } session_start(); } if ($_SERVER['PHP_SELF'] != '/j/kfm/get.php' && (!isset($GLOBALS['kfm_api_auth_override']) || !$GLOBALS['kfm_api_auth_override']) && !Core_isAdmin()) { echo 'access denied!'; exit; } if ($_SERVER['PHP_SELF'] == '/j/kfm/get.php') { $GLOBALS['kfm_do_not_save_session'] = true; } $GLOBALS['kfm_api_auth_override'] = true; $GLOBALS['kfm']->defaultSetting('theme', 'default'); $GLOBALS['kfm']->defaultSetting('file_handler', 'return'); $GLOBALS['kfm']->defaultSetting('file_url', 'filename'); $GLOBALS['kfm']->defaultSetting('return_file_id_to_cms', $GLOBALS['kfm_return_file_id_to_cms']);
$smarty->template_dir = THEME_DIR . '/' . THEME . '/h/'; $smarty->assign('PAGECONTENT', '<div id="ww-pagecontent">' . $pagecontent . '</div>'); $smarty->assign('PAGEDATA', $PAGEDATA); $smarty->assign('THEMEDIR', '/ww.skins/' . THEME); // } // { build metadata // { page title $c = '<title>' . htmlspecialchars($PAGEDATA->title ? $PAGEDATA->title : str_replace('www.', '', $_SERVER['HTTP_HOST']) . ' > ' . __FromJson($PAGEDATA->name)) . '</title>'; // } // { show stylesheet and javascript links $c .= 'WW_CSS_GOES_HERE' . Core_getJQueryScripts() . '<script src="WW_SCRIPTS_GO_HERE"></script>'; // { generate inline javascript $tmp = 'var pagedata={id:' . $PAGEDATA->id . Core_trigger('displaying-pagedata') . ',ptop:' . $PAGEDATA->getTopParentId() . (isset($DBVARS['cdn']) && $DBVARS['cdn'] ? ', cdn:"' . $DBVARS['cdn'] . '"' : '') . ',sessid:"' . session_id() . '"' . ',lang:"' . @$_SESSION['language'] . '"' . '},' . 'CKEDITOR_BASEPATH="//cdn.ckeditor.com/4.4.3/standard/", ' . (isset($_SESSION['userdata']['id']) ? User::getAsScript() : 'userdata={isAdmin:0' . (isset($_SESSION['wasAdmin']) ? ',wasAdmin:1' : '') . '};'); array_unshift($scripts_inline, $tmp); // } if (Core_isAdmin()) { foreach ($GLOBALS['PLUGINS'] as $p) { if (isset($p['frontend']['admin-script'])) { WW_addScript($p['frontend']['admin-script']); } } } // } // { meta tags $c .= '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />'; if ($PAGEDATA->keywords) { $c .= '<meta http-equiv="keywords" content="' . htmlspecialchars($PAGEDATA->keywords) . '" />'; } if ($PAGEDATA->description) { $c .= '<meta http-equiv="description" content="' . htmlspecialchars($PAGEDATA->description) . '"/>'; }
/** * approve a post * * @return array status */ function Forum_adminPostApprove() { $id = $_REQUEST['id']; $userID = $_SESSION['userdata']['id']; if (!($userID == 0 && Core_isAdmin())) { // not a superadmin $user = User::getInstance($userID); $usersGroups = $user->getGroups(); $thread = dbOne('select thread_id from forums_posts where id = ' . $id, 'thread_id'); $forum = dbOne('select forum_id from forums_threads where id = ' . $thread, 'forum_id'); $moderatorGroups = dbOne('select moderator_groups from forums where id = ' . $forum, 'moderator_groups'); $moderatorGroups = explode(',', $moderatorGroups); $isModerator = false; foreach ($usersGroups as $group) { if (in_array($group, $moderatorGroups)) { $isModerator = true; break; } } if (!$isModerator) { die('You do not have permission to approve posts for this forum'); } if (!is_numeric($id)) { Core_quit('Invalid id ' . $id); } } dbQuery('update forums_posts set moderated = 1 where id =' . $id); if (dbOne('select moderated from forums_posts where id = ' . $id, 'moderated')) { return array('id' => $id, 'action' => 'approved', 'status' => 1); } return array('status' => 0); }
/** * check a QR Code voucher to see if it's valid * * @return null */ function OnlineStore_checkQrCode() { global $DBVARS; echo '<table style="width:100%"><tr><td><img src="/f/skin_files/logo.png"/>' . '</td><td><h1>' . $DBVARS['site_title'] . '</h1><h3>' . $DBVARS['site_subtitle'] . '</h3></td></tr></table><hr/>'; $oid = (int) @$_REQUEST['oid']; $pid = @$_REQUEST['pid']; if (!$oid || !$pid) { echo '' . __('Product or order ID not found') . ''; Core_quit(); } $order = dbRow('select * from online_store_orders where id=' . $oid); if (!$order) { echo '' . __('Order ID not found.') . ''; Core_quit(); } $md5 = $_REQUEST['md5']; if ($md5 != md5($order['invoice'])) { echo '' . __('MD5 check failed. this voucher has been tampered with.') . ''; Core_quit(); } echo '<h1>' . __('Valid Voucher') . '</h1>'; $items = json_decode($order['items'], true); $item = $items[$pid]; echo '<h2>' . $item['short_desc'] . '</h2>' . $item['long_desc']; if (!isset($item['voucher_redeemed'])) { echo '<em>' . __('This voucher has not yet been redeemed. To redeem this voucher,' . ' please hand it in to the retailer with your purchase.') . '</em>'; } else { echo '<p class="warning">' . __('Warning: This voucher has already been redeemed.') . '</p>'; } if (!Core_isAdmin()) { echo '<br/><br/><br/>' . __('If you are the retailer, please <a href="/ww.admin/">log in</a>,' . ' then scan the QR code again.'); } else { echo '<br/><br/><br/><a href="/a/p=online-store/f=adminRedeemVoucher/' . 'oid=' . $oid . '/pid=' . $pid . '">' . __('Mark this voucher as redeemed.') . '</a>'; } Core_quit(); }
/** * delete a message from a forum * * @return array */ function Forum_delete() { if (!isset($_SESSION['userdata']) || !$_SESSION['userdata']['id']) { Core_quit(); } $post_id = (int) $_REQUEST['id']; $errs = array(); if (!$post_id) { $errs[] = 'no post selected'; } $post = dbRow('select author_id,thread_id from forums_posts where id=' . $post_id); if (!$post) { return array('error' => 'post does not exist'); } if (!Core_isAdmin() && $post['author_id'] != $_SESSION['userdata']['id']) { $errs[] = 'this is not your post, or post does not exist'; } if (count($errs)) { return array('errors' => $errs); } dbQuery('delete from forums_posts where id=' . $post_id); $sql = 'select count(id) from forums_posts where thread_id=' . $post['author_id']; if ((int) dbOne($sql, 'count(id)') < 1) { dbQuery('delete from forums_threads where id=' . $post['thread_id']); } dbQuery('update forums_threads set num_posts=' . '(select count(id) as ids from forums_posts ' . 'where thread_id=forums_threads.id)'); dbQuery('select from forums_threads where num_posts=0'); return array('ok' => 1); }
/** * get user details for page usage * * @return string */ public static function getAsScript() { $email = isset($_SESSION['userdata']['email']) ? $_SESSION['userdata']['email'] : ''; $tmp = 'userdata={isAdmin:' . (Core_isAdmin() ? 1 : 0) . ',id:' . $_SESSION['userdata']['id'] . (isset($_SESSION['wasAdmin']) ? ',wasAdmin:1' : '') . ',name:"' . addslashes($_SESSION['userdata']['name']) . '"' . ',email:"' . addslashes($email) . '"' . ',lat:' . (double) @$_SESSION['userdata']['location_lat'] . ',lng:' . (double) @$_SESSION['userdata']['location_lng']; if (isset($_SESSION['userdata']['discount'])) { $tmp .= ',discount:' . (int) $_SESSION['userdata']['discount']; } if (isset($_SESSION['userdata']['address'])) { $tmp .= ',address:1'; } if (isset($_SESSION['userdata']['id']) && $_SESSION['userdata']['id']) { $user = User::getInstance($_SESSION['userdata']['id']); $groups = $user ? $user->getGroups() : array(); $tmp .= ',groups:[' . join(',', $groups) . ']'; } return $tmp . '};'; }
/** * Updates a review, calculates the new total and average * * @return array the updated review */ function Products_reviewUpdate() { $id = (int) $_REQUEST['id']; $loggedInUser = $_SESSION['userdata']['id']; $userWhoLeftReview = dbOne('select user_id from products_reviews where id=' . $id, 'user_id'); if (!(Core_isAdmin() || $loggedInUser == $userWhoLeftReview)) { die('You do not have sufficent privileges to edit this review'); } $timeExpired = dbOne('select now()> date_add("' . $_REQUEST['cdate'] . '", interval 15 minute) as can_edit', 'can_edit'); if ($timeExpired) { return array('status' => 0, 'message' => 'time has expired'); } $body = addslashes($_REQUEST['text']); $rating = (int) $_REQUEST['rating']; if ($rating < 1 || $rating > 5 || $id <= 0) { return array('status' => 0, 'message' => 'Invalid Rating'); } dbQuery('update products_reviews set body="' . $body . '", rating=' . $rating . ' where id=' . $id); $productid = dbOne('select product_id from products_reviews where id=' . $id, 'product_id'); $average = dbOne('select avg(rating) from products_reviews where product_id=' . $productid . ' group by product_id', 'avg(rating)'); $total = dbOne('select count(id) from products_reviews where product_id=' . $productid, 'count(id)'); $review = dbRow('select rating,body,cdate from products_reviews where id = ' . $id); $rating = $review['rating']; $body = $review['body']; $date = $review['cdate']; $name = dbOne('select name from user_accounts where id=' . $userWhoLeftReview, 'name'); return array('status' => 1, 'id' => $id, 'product' => $productid, 'user_id' => $userWhoLeftReview, 'user' => $name, 'date' => $date, 'rating' => $rating, 'body' => $body, 'avg' => $average, 'total' => $total); }
$c .= '<div id="reviews_display">'; $c .= '<div id="average' . $productid . '">'; $c .= __('The average rating for this product over %1 review(s) was %2', array(count($reviews), $average), 'core'); $c .= '</div>'; foreach ($reviews as $review) { $name = dbOne('select name from user_accounts where id=' . (int) $review['user_id'], 'name'); $c .= '<div id="' . $review['id'] . '">'; $date = $review['cdate']; $date = substr_replace($date, '', strpos($date, ' ')); $c .= __('Posted by %1 on %2', array(htmlspecialchars($name), $date), 'core'); $body = htmlspecialchars($body); $body = str_replace("\n", '<br />', $review['body']); $c .= ' '; $c .= '<b>' . __('Rated') . ': </b>' . $review['rating'] . '<br/>'; $c .= $body . '<br/>'; if (Core_isAdmin() || $userid == $review['user_id']) { // { Edit Review Link $timeReviewMayBeEditedUntil = dbOne('select date_add("' . $review['cdate'] . '", interval 15 minute) ' . 'as last_edit_time', 'last_edit_time'); $reviewMayBeEdited = dbOne('select "' . $timeReviewMayBeEditedUntil . '">now() as can_edit_review', 'can_edit_review'); if ($reviewMayBeEdited) { $c .= '<a href="javascript:;" onClick="edit_review(' . $review['id'] . ', \'' . addslashes($body) . '\', ' . $review['rating'] . ', \'' . addslashes($review['cdate']) . '\');">' . __('Edit') . '</a> '; } // } // { Delete Review Link $c .= '<a href="javascript:;" onClick="delete_review(' . $review['id'] . ', ' . $review['user_id'] . ', ' . $productid . ');">' . __('[x]') . '</a><br/>'; // } } $c .= '<br/></div>'; } $c .= '</div>'; $userHasNotReviewedThisProduct = !dbOne('select id from products_reviews where user_id=' . $userid . ' and product_id=' . $productid, 'id');
/** * get a post * * @return array the post */ function Blog_postGet() { $id = (int) $_REQUEST['id']; if (Core_isAdmin()) { return dbRow('select * from blog_entry where id=' . $id); } if (isset($_SESSION['userdata']['id'])) { return dbRow('select * from blog_entry where id=' . $id . ' and userid=' . $_SESSION['userdata']['id']); } return dbRow('select id,body from blog_entry where id=' . $id . ' and status'); }
/** * The main display function * * @param Object $page Page Info * * @return $html The comments and an add comment form **/ function Comments_displayComments($page) { if (!$GLOBALS['access_allowed']) { return ''; } // { order of display $commentboxfirst = isset($page->vars['comments_show_box_at_top']) && $page->vars['comments_show_box_at_top']; // } // { get list of existing comments $hideComments = isset($page->vars['hide_comments']) && $page->vars['hide_comments']; if ($hideComments) { if (count(@$_SESSION['comment_ids'])) { $query = 'select * from comments where objectid=' . $page->id . ' and id in (' . join(', ', $_SESSION['comment_ids']) . ')'; } else { $query = ''; } } else { if (count(@$_SESSION['comment_ids'])) { $query = 'select * from comments where objectid=' . $page->id . ' and (isvalid=1 or id in (' . join(', ', $_SESSION['comment_ids']) . '))'; } else { $query = 'select * from comments where objectid=' . $page->id . ' and isvalid=1'; } } if ($query) { $sql = $query . ' order by cdate ' . ($commentboxfirst ? 'desc' : 'asc'); $md5 = md5($sql); $comments = Core_cacheLoad('comments', $md5); if ($comments === false) { $comments = dbAll($sql); Core_cacheSave('comments', $md5, $comments); } } // } $clist = ''; if (count($comments)) { $clist = '<div id="start-comments" class="comments-list"><a name="comments"></a>' . '<strong>Comments</strong>'; foreach ($comments as $comment) { $id = $comment['id']; $datetime = $comment['cdate']; $allowedToEdit = Core_isAdmin() || isset($_SESSION['comment_ids']) && is_array($_SESSION['comment_ids']) && in_array($id, $_SESSION['comment_ids'], false); $clist .= '<div class="comment-wrapper'; if ($allowedToEdit) { $clist .= ' comment-editable" ' . 'cdate="' . $datetime . '" comment="' . htmlspecialchars($comment['comment']) . '"'; } else { $clist .= '" '; } $clist .= 'id="comment-wrapper-' . $comment['id'] . '"' . '><a name="comments-' . $id . '"></a>' . '<div class="comment-info" id="comment-info-' . $id . '">Posted by '; if (!empty($comment['site'])) { $clist .= '<a href="' . $comment['site'] . '" target=_blank>' . htmlspecialchars($comment['name']) . '</a>'; } else { $clist .= htmlspecialchars($comment['name']); } $clist .= ' on ' . Core_dateM2H($datetime) . '</div>' . '<div id="comment-' . $id . '" class="comments-comment">' . htmlspecialchars($comment['comment']) . '</div></div>'; } $clist .= '</div>'; } else { $clist .= ''; } // { get comment box HTML $allowComments = Core_cacheLoad('comments', 'allow-' . $page->id, -1); if ($allowComments === -1) { $allowComments = dbOne('select value from page_vars where name="allow_comments" and page_id=' . $page->id, 'value'); Core_cacheSave('comments', 'allow-' . $page->id, $allowComments); } $cbhtml = $allowComments == 'on' ? Comments_showCommentForm($page->id) : ''; if ($allowComments == 'on') { WW_addScript('comments/frontend/comments-frontend.js'); $cbhtml .= '<script src="//ajax.aspnetcdn.com/ajax/jquery.validate/1.9/' . 'jquery.validate.min.js"></script>'; } WW_addCSS('/ww.plugins/comments/frontend/comments.css'); // } return $commentboxfirst ? $cbhtml . $clist : $clist . $cbhtml; }