/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } */ /* This is a solution for above but the above has issues if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topics selected or available'; return PLG_RET_ERROR; } */ if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH); } else { $args['sid'] = COM_makeSid(); } } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); // Check if topics selected if not prompt required field if ($result == STORY_LOADED_OK) { if (!TOPIC_checkTopicSelectionControl()) { $result = STORY_EMPTY_REQUIRED_FIELDS; } } switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5])); return PLG_RET_ERROR; break; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output); return PLG_RET_ERROR; break; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new Upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $output .= '<li>' . $err . '</li>' . LB; } $output .= '</ul>' . LB; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54])); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Saves user to the database * * @param int $uid user id * @return string HTML redirect or error message * */ function USER_save($uid) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering USER_save()****", 1); } if ($_USER_VERBOSE) { COM_errorLog("group size at beginning = " . sizeof($groups), 1); } $uid = COM_applyFilter($_POST['uid'], true); if ($uid == 0) { $uid = ''; } $regdate = COM_applyFilter($_POST['regdate'], true); $username = trim($_POST['new_username']); $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80); $userstatus = COM_applyFilter($_POST['userstatus'], true); $oldstatus = COM_applyFilter($_POST['oldstatus'], true); $passwd = isset($_POST['newp']) ? trim($_POST['newp']) : ''; $passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : ''; $cooktime = COM_applyFilter($_POST['cooktime'], true); $email = trim($_POST['email']); $email_conf = trim($_POST['email_conf']); $groups = $_POST['groups']; $homepage = trim($_POST['homepage']); $location = strip_tags(trim($_POST['location'])); $photo = isset($_POST['photo']) ? $_POST['photo'] : ''; $delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0; $sig = trim($_POST['sig']); $about = trim($_POST['about']); $pgpkey = trim($_POST['pgpkey']); $language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : ''; $theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : ''; $maxstories = COM_applyFilter($_POST['maxstories'], true); $tzid = COM_applyFilter($_POST['tzid']); $dfid = COM_applyFilter($_POST['dfid'], true); $search_fmt = COM_applyFilter($_POST['search_result_format']); $commentmode = COM_applyFilter($_POST['commentmode']); $commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC'; $commentlimit = COM_applyFilter($_POST['commentlimit'], true); $emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0; $emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0; $noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0; $noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0; $showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0; $topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC'; $maxstories = COM_applyFilter($_POST['maxstories'], true); $newuser = COM_applyFilter($_POST['newuser'], true); $remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0; $remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : ''; $remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : ''; $social_services = SOC_followMeProfile($uid); foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = strip_tags($_POST[$service_input]); } if ($uid == 1) { return USER_list(); } if ($uid == '' || $uid < 2 || $newuser == 1) { if (empty($passwd) && $remoteuser == 0) { return USER_edit($uid, 504); } if (empty($email)) { return USER_edit($uid, 505); } } if ($username == '') { return USER_edit($uid, 506); } if (!USER_validateUsername($username)) { return USER_edit($uid, 512); } if ($email == '') { return USER_edit($uid, 507); } if ($passwd != $passwd_conf && $remoteuser == 0) { // passwords don't match return USER_edit($uid, 67); } if ($email != $email_conf) { return USER_edit($uid, 508); } // remote user checks if ($remoteuser == 1) { if ($remoteusername == '') { return USER_edit($uid, 513); } if ($remoteservice == '') { return USER_edit($uid, 514); } } $validEmail = true; if (empty($username)) { $validEmail = false; } elseif (empty($email)) { if (empty($uid)) { $validEmail = false; } else { $ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid)); if (empty($ws_user)) { $validEmail = false; } } } if ($validEmail) { if (!empty($email) && !COM_isEmail($email)) { return USER_edit($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); if ($uservice != '') { $uservice = DB_escapeString($uservice); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return USER_edit($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return USER_edit($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 97; } return USER_edit($uid, $ret['number']); } } // Let plugins have a chance to decide what to do before saving the user, return errors. $msg = PLG_itemPreSave('useredit', $username); if (!empty($msg)) { // need a numeric return value - otherwise use default message if (!is_numeric($msg)) { $msg = 97; } return USER_edit($uid, $msg); } if (empty($uid) || !empty($passwd)) { $passwd2 = SEC_encryptPassword($passwd); } else { $passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}"); } // do we need to create the user? if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = USER_createPassword(8); $passwd2 = SEC_encryptPassword($passwd); } if ($remoteuser == 1) { $uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1); } else { $uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1); } if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } if (isset($_POST['emailuser'])) { USER_createAndSendPassword($username, $email, $uid, $passwd); } if ($uid < 2) { return USER_edit('', 509); } $newuser = 1; } // at this point, we have a valid user... // Filter some of the text entry fields to ensure they don't cause problems... $fullname = strip_tags($fullname); $about = strip_tags($about); $pgpkey = strip_tags($pgpkey); $curphoto = USER_handlePhotoUpload($uid, $delete_photo); if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG28[22]); $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } $curphoto = $newphoto; } } // update users table $sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd = '" . DB_escapeString($passwd2) . "'," . "email = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig = '" . DB_escapeString($sig) . "'," . "photo = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status = {$userstatus} WHERE uid = {$uid};"; DB_query($sql); // update userprefs $sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid = {$dfid}," . "tzid = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};"; DB_query($sql); // userinfo table $sql = "UPDATE {$_TABLES['userinfo']} SET " . "about = '" . DB_escapeString($about) . "'," . "location = '" . DB_escapeString($location) . "'," . "pgpkey = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};"; DB_query($sql); // userindex table $TIDS = @array_values($_POST['topics']); $AIDS = @array_values($_POST['selauthors']); $BOXES = @array_values($_POST['blocks']); $ETIDS = @array_values($_POST['dgtopics']); $allowed_etids = USER_buildTopicList(); $AETIDS = explode(' ', $allowed_etids); $tids = ''; if (sizeof($TIDS) > 0) { $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS))); } $aids = ''; if (sizeof($AIDS) > 0) { foreach ($AIDS as $key => $val) { $AIDS[$key] = intval($val); } $aids = DB_escapeString(implode(' ', $AIDS)); } $selectedblocks = ''; $selectedBoxes = array(); if (count($BOXES) > 0) { foreach ($BOXES as $key => $val) { $BOXES[$key] = intval($val); } $boxes = DB_escapeString(implode(',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})"); $numRows = DB_numRows($blockresult); for ($x = 1; $x <= $numRows; $x++) { $row = DB_fetchArray($blockresult); if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') { $selectedblocks .= $row['bid']; if ($x != $numRows) { $selectedblocks .= ' '; } } } } $etids = '-'; if (sizeof($ETIDS) > 0) { $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS))); } else { $etids = '-'; } DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'"); // usercomment DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit)); if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; // if groups is -1 then this user isn't allowed to change any groups so ignore if (is_array($groups) && SEC_hasRights('group.edit')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } // subscriptions $subscription_deletes = @array_values($_POST['subdelete']); if (is_array($subscription_deletes)) { foreach ($subscription_deletes as $subid) { DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid); } } foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = DB_escapeString($_POST[$service_input]); if ($_POST[$service_input] != '') { $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) "; $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');"; DB_query($sql, 1); } else { $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid; DB_query($sql, 1); } } if ($newuser == 0) { PLG_profileSave('', $uid); } else { PLG_createUser($uid); } if ($userChanged) { PLG_userInfoChanged($uid); } CACHE_remove_instance('mbmenu'); $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_siteHeader('menu', $LANG28[22]); $retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php'); $retval .= COM_siteFooter(); echo $retval; exit; } } else { $retval = COM_siteHeader('menu', $LANG28[1]); $retval .= COM_errorLog($LANG28[10]); if (DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= USER_edit($uid); } else { $retval .= USER_edit(); } $retval .= COM_siteFooter(); echo $retval; exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving USER_save()*****************", 1); } return $retval; }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
function submitNewDownload(&$A) { global $_CONF, $_TABLES, $_DLM_CONF; $this->_initVars(); $this->_loadFromArgs($A); $this->_secret_id = $this->_createSecretID(); $this->_url = $_FILES['newfile']['name']; // $this->_logourl = $_FILES['newfileshot']['name']; if (empty($this->_lid)) { $this->_lid = $this->_old_lid; } // Validate the input values -----------------------> if (empty($this->_title)) { $this->_errno[] = '1101'; } if (empty($this->_url)) { $this->_errno[] = '1102'; } else { if ($this->_lid != $this->_old_lid) { $count = DB_count($_TABLES['downloads'], 'lid', addslashes($this->_lid)); if ($count > 0) { $this->_errno[] = '1202'; } } } if (empty($this->_description)) { $this->_errno[] = '1103'; } if (!empty($this->_errno)) { $this->_retry = true; $this->_reedit('showEditor', array($this->_editor_mode)); } // Validate the input values -----------------------< if (empty($this->_cid)) { $this->_cid = ROOTID; } $success = false; if (!SEC_hasRights('downloads.submit')) { // Upload New file if (!empty($this->_url)) { $tmpfilename = 'tmp' . date('YmdHis', $this->_date) . DLM_createSafeFileName($this->_url); $success = DLM_uploadNewFile($_FILES['newfile'], $_DLM_CONF['path_filestore'], $tmpfilename); if ($success) { $this->_size = filesize($_DLM_CONF['path_filestore'] . $tmpfilename); $this->_md5 = md5_file($_DLM_CONF['path_filestore'] . $tmpfilename); } } // Upload New file snapshot image if ($success && !empty($_FILES['newfileshot']['name'])) { $this->_logourl = $_FILES['newfileshot']['name']; $tmpshotname = 'tmp' . date('YmdHis', $this->_date) . DLM_createSafeFileName($this->_logourl); $success = DLM_uploadNewFile($_FILES['newfileshot'], $_DLM_CONF['path_snapstore'], $tmpshotname); } $mode = 'submission'; } else { // Upload New file if (!empty($this->_url)) { $safename = DLM_createSafeFileName($this->_url, $this->_secret_id); $success = DLM_uploadNewFile($_FILES['newfile'], $_DLM_CONF['path_filestore'], $safename); if ($success) { $this->_size = filesize($_DLM_CONF['path_filestore'] . $safename); $this->_md5 = md5_file($_DLM_CONF['path_filestore'] . $safename); } } // Upload New file snapshot image if ($success) { $this->_uploadSnapImage(); DLM_makeThumbnail(DLM_createSafeFileName($this->_logourl)); } $mode = ''; } if ($success) { $this->_addToDatabase($mode); $msg = $_DLM_CONF['download_emailoption'] ? 109 : 115; echo PLG_afterSaveSwitch('home', '', 'downloads', $msg); } else { echo PLG_afterSaveSwitch('home', '', 'downloads', 108); } exit; }
function fncSave($edt_flg, $navbarMenu, $menuno) { $pi_name = "userbox"; global $_CONF; global $_TABLES; global $_USER; global $_USERBOX_CONF; global $LANG_USERBOX_ADMIN; global $_FILES; $addition_def = DATABOX_getadditiondef($pi_name); $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $fieldset_id = COM_applyFilter($_POST['fieldset'], true); //@@@@@ username fullname $username = COM_applyFilter($_POST['username']); $username = addslashes(COM_checkHTML(COM_checkWords($username))); $fullname = COM_applyFilter($_POST['fullname']); $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname))); $page_title = COM_applyFilter($_POST['page_title']); $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']); $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory))); $draft_flag = COM_applyFilter($_POST['draft_flag'], true); // $hits =0; // $comments=0; $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true); if ($comment_expire_flag) { $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true); $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true); $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true); $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true); $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true); if ($comment_expire_ampm == 'pm') { if ($comment_expire_hour < 12) { $comment_expire_hour = $comment_expire_hour + 12; } } if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) { $comment_expire_hour = '00'; } } else { $comment_expire_month = 0; $comment_expire_day = 0; $comment_expire_year = 0; $comment_expire_hour = 0; $comment_expire_minute = 0; } $commentcode = COM_applyFilter($_POST['commentcode'], true); $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true); $cache_time = COM_applyFilter($_POST['cache_time'], true); $meta_description = $_POST['meta_description']; $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description))); $meta_keywords = $_POST['meta_keywords']; $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords))); $language_id = COM_applyFilter($_POST['language_id']); $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id))); $category = $_POST['category']; //@@@@@ $additionfields = $_POST['afield']; $additionfields_old = $_POST['afield']; $additionfields_fnm = $_POST['afield_fnm']; $additionfields_del = $_POST['afield_del']; $additionfields_alt = $_POST['afield_alt']; $additionfields_date = array(); $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt); // $owner_id = COM_applyFilter($_POST['owner_id'], true); $group_id = COM_applyFilter($_POST['group_id'], true); // $array['perm_owner'] = $_POST['perm_owner']; $array['perm_group'] = $_POST['perm_group']; $array['perm_members'] = $_POST['perm_members']; $array['perm_anon'] = $_POST['perm_anon']; if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); } else { $perm_owner = COM_applyBasicFilter($array['perm_owner'], true); $perm_group = COM_applyBasicFilter($array['perm_group'], true); $perm_members = COM_applyBasicFilter($array['perm_members'], true); $perm_anon = COM_applyBasicFilter($array['perm_anon'], true); } //編集日付 $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true); if ($modified_autoupdate == 1) { //$udate = date('Ymd'); $modified_month = date('m'); $modified_day = date('d'); $modified_year = date('Y'); $modified_hour = date('H'); $modified_minute = date('i'); } else { $modified_month = COM_applyFilter($_POST['modified_month'], true); $modified_day = COM_applyFilter($_POST['modified_day'], true); $modified_year = COM_applyFilter($_POST['modified_year'], true); $modified_hour = COM_applyFilter($_POST['modified_hour'], true); $modified_minute = COM_applyFilter($_POST['modified_minute'], true); $modified_ampm = COM_applyFilter($_POST['modified_ampm']); if ($modified_ampm == 'pm') { if ($modified_hour < 12) { $modified_hour = $modified_hour + 12; } } if ($modified_ampm == 'am' and $modified_hour == 12) { $modified_hour = '00'; } } //公開日 $released_month = COM_applyFilter($_POST['released_month'], true); $released_day = COM_applyFilter($_POST['released_day'], true); $released_year = COM_applyFilter($_POST['released_year'], true); $released_hour = COM_applyFilter($_POST['released_hour'], true); $released_minute = COM_applyFilter($_POST['released_minute'], true); if ($released_ampm == 'pm') { if ($released_hour < 12) { $released_hour = $released_hour + 12; } } if ($released_ampm == 'am' and $released_hour == 12) { $released_hour = '00'; } //公開終了日 $expired_flag = COM_applyFilter($_POST['expired_flag'], true); if ($expired_flag) { $expired_month = COM_applyFilter($_POST['expired_month'], true); $expired_day = COM_applyFilter($_POST['expired_day'], true); $expired_year = COM_applyFilter($_POST['expired_year'], true); $expired_hour = COM_applyFilter($_POST['expired_hour'], true); $expired_minute = COM_applyFilter($_POST['expired_minute'], true); if ($expired_ampm == 'pm') { if ($expired_hour < 12) { $expired_hour = $expired_hour + 12; } } if ($expired_ampm == 'am' and $expired_hour == 12) { $expired_hour = '00'; } } else { $expired_month = 0; $expired_day = 0; $expired_year = 0; $expired_hour = 0; $expired_minute = 0; } $created = COM_applyFilter($_POST['created_un']); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //id if ($id == 0) { //$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB; } else { if (!is_numeric($id)) { $err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB; } } //文字数制限チェック if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) { $err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) { $err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) { $err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } //----追加項目チェック $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt); //編集日付 $modified = $modified_year . "-" . $modified_month . "-" . $modified_day; if (checkdate($modified_month, $modified_day, $modified_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB; } $modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00"); //公開日 $released = $released_year . "-" . $released_month . "-" . $released_day; if (checkdate($released_month, $released_day, $released_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB; } $released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00"); //コメント受付終了日時 if ($comment_expire_flag) { if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB; } $comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00"); } else { $comment_expire = '0000-00-00 00:00:00'; //$comment_expire=""; } //公開終了日 if ($expired_flag) { if (checkdate($expired_month, $expired_day, $expired_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } $expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00"); if ($expired < $released) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } } else { $expired = '0000-00-00 00:00:00'; //$expired=""; } //errorのあるとき if ($err != "") { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] = fncEdit($id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; $created_month = date('m'); $created_day = date('d'); $created_year = date('Y'); $created_hour = date('H'); $created_minute = date('i'); $created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00"); } $hits = 0; $comments = 0; $fields = "id"; $values = "{$id}"; $fields .= ",page_title"; // $values .= ",'{$page_title}'"; $fields .= ",description"; // $values .= ",'{$description}'"; $fields .= ",defaulttemplatesdirectory"; // $values .= ",'{$defaulttemplatesdirectory}'"; //$fields.=",hits";// //$values.=",$hits"; $fields .= ",comments"; // $values .= ",{$comments}"; $fields .= ",meta_description"; // $values .= ",'{$meta_description}'"; $fields .= ",meta_keywords"; // $values .= ",'{$meta_keywords}'"; $fields .= ",commentcode"; // $values .= ",{$commentcode}"; $fields .= ",trackbackcode"; // $values .= ",{$trackbackcode}"; $fields .= ",cache_time"; // $values .= ",{$cache_time}"; $fields .= ",comment_expire"; // if ($comment_expire == '0000-00-00 00:00:00') { $values .= ",'{$comment_expire}'"; } else { $values .= ",FROM_UNIXTIME('{$comment_expire}')"; } $fields .= ",language_id"; // $values .= ",'{$language_id}'"; $fields .= ",owner_id"; $values .= ",{$owner_id}"; $fields .= ",group_id"; $values .= ",{$group_id}"; $fields .= ",perm_owner"; $values .= ",{$perm_owner}"; $fields .= ",perm_group"; $values .= ",{$perm_group}"; $fields .= ",perm_members"; $values .= ",{$perm_members}"; $fields .= ",perm_anon"; $values .= ",{$perm_anon}"; $fields .= ",modified"; $values .= ",FROM_UNIXTIME('{$modified}')"; if ($created != "") { $fields .= ",created"; $values .= ",FROM_UNIXTIME('{$created}')"; } $fields .= ",expired"; if ($expired == '0000-00-00 00:00:00') { $values .= ",'{$expired}'"; } else { $values .= ",FROM_UNIXTIME('{$expired}')"; } $fields .= ",released"; $values .= ",FROM_UNIXTIME('{$released}')"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",fieldset_id"; // $values .= ",{$fieldset_id}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",draft_flag"; $values .= ",{$draft_flag}"; DB_save($_TABLES['USERBOX_base'], $fields, $values); //カテゴリ $rt = DATABOX_savecategorydatas($id, $category, $pi_name); //追加項目 DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt); $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name); //user (コアのテーブル) //kokoka $sql = "UPDATE " . $_TABLES['users'] . " SET "; $sql .= " fullname ='" . $fullname . "'"; $sql .= " WHERE uid=" . $id; DB_query($sql); $rt = fncsendmail('data', $id); $cacheInstance = 'userbox__' . $id . '__'; CACHE_remove_instance($cacheInstance); //exit;// debug 用 // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } // return COM_refresh ($return_page); if ($_USERBOX_CONF['aftersave_admin'] === 'no') { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] .= fncEdit($id, $edt_flg, 1, ""); return $retval; } else { if ($_USERBOX_CONF['aftersave_admin'] === 'list') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php"; $item_url = COM_buildURL($url); $target = 'item'; } else { $url = $_CONF['site_url'] . "/userbox/profile.php"; $url .= "?"; //コード使用の時 if ($_USERBOX_CONF['datacode']) { $url .= "code=" . $username; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = $_USERBOX_CONF['aftersave_admin']; } } $return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1); echo $return_page; exit; }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['access_denied_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 3) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') { $args['draft_flag'] = 'on'; } if (empty($args['template_flag'])) { $args['template_flag'] = ''; } if (empty($args['template_id'])) { $args['template_id'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_title = $args['sp_title']; $sp_page_title = $args['sp_page_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $meta_description = $args['meta_description']; $meta_keywords = $args['meta_keywords']; $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $draft_flag = $args['draft_flag']; $template_flag = $args['template_flag']; $template_id = $args['template_id']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } if ($draft_flag == 'on') { $draft_flag = 1; } else { $draft_flag = 0; } if ($template_flag == 'on') { $template_flag = 1; } else { $template_flag = 0; } // Remove any autotags the user doesn't have permission to use $sp_content = PLG_replaceTags($sp_content, '', true); // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_page_title = strip_tags($sp_page_title); $sp_label = strip_tags($sp_label); $meta_description = strip_tags($meta_description); $meta_keywords = strip_tags($meta_keywords); $sp_content = addslashes($sp_content); $sp_title = addslashes($sp_title); $sp_page_title = addslashes($sp_page_title); $sp_label = addslashes($sp_label); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // If marked as a template then set id to nothing and other default settings if ($template_flag == 1) { $template_id = ''; $sp_onmenu = 0; $sp_label = ""; $sp_centerblock = 0; $sp_php = 0; $sp_inblock = 0; $sp_nf = 0; $sp_hits = 0; $meta_description = ""; $meta_keywords = ""; } else { // See if it was a template before, if so and option changed, remove use from other pages if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } if ($template_id != '') { // If using a template, make sure php disabled $sp_php = 0; // Double check template id exists and is still a template $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) { $template_id = ''; } } } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)"; // if we're in a multi-language setup, we need to allow one "entire // page" centerblock for 'all' or 'none' per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_{$lang_id}'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Retrieve created date $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'"); if ($datecreated == '') { $datecreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'"); if ($delete_old_page && !empty($sp_old_id)) { // If a template and the id changed, update any staticpages that use it if ($template_flag == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); } if (empty($sp_old_id) || $sp_id == $sp_old_id) { if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages'); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } else { DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages')); if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages', $sp_old_id); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF; $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } if (defined('DEMO_MODE')) { $output = COM_siteHeader('menu'); $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true); $output .= COM_siteFooter(); return PLG_REG_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_uid'])) { $args['sp_uid'] = $_USER['uid']; } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if ($args['sp_status'] != 1) { $args['sp_status'] = 0; } if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 4) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['sp_search'] != 1) { $args['sp_search'] = 0; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } else { if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_status = $args['sp_status']; $sp_uid = $args['sp_uid']; $sp_title = $args['sp_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; $sp_search = $args['sp_search']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_label = strip_tags($sp_label); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); $sp_label = DB_escapeString($sp_label); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'"; // multi-language configuration - allow one entire page // centerblock for all or none per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}"); if ($delete_old_page && !empty($sp_old_id)) { DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages')); PLG_itemDeleted($sp_old_id, 'staticpages'); } PLG_itemSaved($sp_id, 'staticpages'); $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages'); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno) { global $_CONF; global $_TABLES; global $_USER; $box_conf = "_" . strtoupper($pi_name) . "_CONF"; global ${$box_conf}; $box_conf = ${$box_conf}; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu"; global ${$lang_box_admin_menu}; $lang_box_admin_menu = ${$lang_box_admin_menu}; $table = $_TABLES[strtoupper($pi_name) . '_def_field']; $table1 = $_TABLES[strtoupper($pi_name) . '_base']; $table2 = $_TABLES[strtoupper($pi_name) . '_addition']; $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); if ($id == 0) { $new_flg = true; } else { $new_flg = false; } $name = COM_stripslashes($_POST['name']); $name = addslashes(COM_checkHTML(COM_checkWords($name))); $templatesetvar = COM_applyFilter($_POST['templatesetvar']); $templatesetvar = addslashes(COM_checkHTML(COM_checkWords($templatesetvar))); $description = COM_stripslashes($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $allow_display = COM_applyFilter($_POST['allow_display']); $allow_display = addslashes(COM_checkHTML(COM_checkWords($allow_display))); $allow_edit = COM_applyFilter($_POST['allow_edit']); $allow_edit = addslashes(COM_checkHTML(COM_checkWords($allow_edit))); $textcheck = COM_applyFilter($_POST['textcheck']); $textcheck = addslashes(COM_checkHTML(COM_checkWords($textcheck))); $textconv = COM_applyFilter($_POST['textconv']); $textconv = addslashes(COM_checkHTML(COM_checkWords($textconv))); $searchtarget = COM_applyFilter($_POST['searchtarget']); $searchtarget = addslashes(COM_checkHTML(COM_checkWords($searchtarget))); $initial_value = COM_applyFilter($_POST['initial_value']); $initial_value = addslashes(COM_checkHTML(COM_checkWords($initial_value))); $range_start = COM_applyFilter($_POST['range_start']); $range_start = addslashes(COM_checkHTML(COM_checkWords($range_start))); $range_end = COM_applyFilter($_POST['range_end']); $range_end = addslashes(COM_checkHTML(COM_checkWords($range_end))); $dfid = COM_applyFilter($_POST['dfid']); $dfid = addslashes(COM_checkHTML(COM_checkWords($dfid))); $type = COM_applyFilter($_POST['type']); $type = addslashes(COM_checkHTML(COM_checkWords($type))); $selection = COM_applyFilter($_POST['selection']); $selection = addslashes(COM_checkHTML(COM_checkWords($selection))); $selectlist = COM_applyFilter($_POST['selectlist']); $selectlist = addslashes(COM_checkHTML(COM_checkWords($selectlist))); $checkrequried = COM_applyFilter($_POST['checkrequried']); $checkrequried = addslashes(COM_checkHTML(COM_checkWords($checkrequried))); $size = COM_applyFilter($_POST['size'], true); $size = addslashes(COM_checkHTML(COM_checkWords($size))); $maxlength = COM_applyFilter($_POST['maxlength'], true); $maxlength = addslashes(COM_checkHTML(COM_checkWords($maxlength))); $rows = COM_applyFilter($_POST['rows'], true); $rows = addslashes(COM_checkHTML(COM_checkWords($rows))); $br = COM_applyFilter($_POST['br'], true); $br = addslashes(COM_checkHTML(COM_checkWords($br))); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //ID if ($id == 0) { //$err.=$lang_box_admin['err_id']."<br/>".LB; } else { if (!is_numeric($id)) { $err .= $lang_box_admin['err_id'] . "<br/>" . LB; } } //名称必須 if (empty($name)) { $err .= $lang_box_admin['err_name'] . "<br/>" . LB; } //テーマ変数必須,二重チェック if (empty($templatesetvar)) { $err .= $lang_box_admin['err_templatesetvar'] . "<br/>" . LB; } else { $templatesetvar = rtrim(ltrim($templatesetvar)); $newtemplatesetvar = COM_sanitizeID($templatesetvar, false); if ($templatesetvar != $newtemplatesetvar) { $err .= $lang_box_admin['err_templatesetvar'] . "<br/>" . LB; } else { $cntsql = "SELECT field_id FROM {$table} "; $cntsql .= " WHERE "; $cntsql .= " templatesetvar='{$templatesetvar}' "; $cntsql .= " AND field_id<>{$id}"; $result = DB_query($cntsql); $numrows = DB_numRows($result); if ($numrows != 0) { $err .= $lang_box_admin['err_templatesetvar_w'] . "<br/>" . LB; } } } //7 = 'オプションリスト'; //8 = 'ラジオボタンリスト'; //14= 'マルチセレクトリスト'; if ($type == 7 or $type == 8 or $type == 14) { if ($selection == "") { $err .= $lang_box_admin['err_selection'] . "<br/>" . LB; } } //errorのあるとき if ($err != "") { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($table, "max(field_id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; } $fields = "field_id"; $values = "{$id}"; $fields .= ",name"; $values .= ",'{$name}'"; $fields .= ",templatesetvar"; $values .= ",'{$templatesetvar}'"; $fields .= ",description"; $values .= ",'{$description}'"; $fields .= ",type"; $values .= ",{$type}"; $fields .= ",selection"; $values .= ",'{$selection}'"; $fields .= ",selectlist"; $values .= ",'{$selectlist}'"; $fields .= ",checkrequried"; $values .= ",{$checkrequried}"; $fields .= ",size"; $values .= ",{$size}"; $fields .= ",maxlength"; $values .= ",{$maxlength}"; $fields .= ",rows"; $values .= ",{$rows}"; $fields .= ",br"; $values .= ",{$br}"; $fields .= ",orderno"; // $values .= ",'{$orderno}'"; $fields .= ",allow_display"; $values .= ",{$allow_display}"; $fields .= ",allow_edit"; $values .= ",{$allow_edit}"; $fields .= ",textcheck"; $values .= ",{$textcheck}"; $fields .= ",textconv"; $values .= ",{$textconv}"; $fields .= ",searchtarget"; $values .= ",{$searchtarget}"; $fields .= ",initial_value"; $values .= ",'{$initial_value}'"; $fields .= ",range_start"; $values .= ",'{$range_start}'"; $fields .= ",range_end"; $values .= ",'{$range_end}'"; $fields .= ",dfid"; $values .= ",{$dfid}"; $fields .= ",uuid"; $values .= ",{$uuid}"; DB_save($table, $fields, $values); // if ($new_flg){ $sql = "INSERT INTO " . $table2 . LB; $sql .= " (`id`,`field_id`,`value`)" . LB; $sql .= " SELECT id"; $sql .= " ," . $id; if ($initial_value != "") { $sql .= ",'" . $initial_value . "' "; } else { //7 = 'オプションリスト'; //8 = 'ラジオボタンリスト'; if (($type == 7 or $type == 8) and $selection != "") { $sql .= ",'0' "; } else { $sql .= ",NULL "; } } $sql .= " FROM " . $table1 . " AS t1" . LB; $sql .= " where fieldset_id=0 AND id NOT IN (select id from " . $table2 . LB; $sql .= " where field_id=" . $id . ")" . LB; //COM_errorLog( "sql= " . $sql, 1 ); DB_query($sql); // } // $rt=fncsendmail ($id); // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } //$return_page="";//@@@@@debug 用 $message = ""; if ($box_conf['aftersave_admin'] === 'no') { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, ""); return $retval; } else { if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/field.php"; $item_url = COM_buildURL($url); $target = 'item'; $message = 1; } else { if ($box_conf['aftersave_admin'] === 'admin') { $target = $box_conf['aftersave_admin']; $message = 1; } else { $item_url = $_CONF['site_url'] . $box_conf['top']; $target = $box_conf['aftersave_admin']; } } } $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message); echo $return_page; exit; }
require_once $_CONF['path'] . 'plugins/downloads/include/download.class.php'; $dldl = new DLDownload(); $dldl->initCatTree($mytree); if ($mode == $LANG_DLM['cancel']) { switch ($_page) { case 'item': $url = "{$_CONF['site_url']}/downloads/index.php?id={$lid}"; echo PLG_afterSaveSwitch('item', $url, 'downloads'); exit; break; case 'flist': $url = "{$_CONF['site_url']}/downloads/index.php"; if (!empty($listing_cid) && $listing_cid != ROOTID) { $url .= '?cid=' . $listing_cid; } echo PLG_afterSaveSwitch('item', $url, 'downloads'); exit; break; } $op = 'listDownloads'; } if ($mode == $LANG_DLM['preview']) { $editor_mode = !empty($_POST['editor_mode']) ? COM_applyFilter($_POST['editor_mode']) : ''; if (in_array($editor_mode, array('edit', 'create', 'clone', 'editsubmission'))) { $dldl->showPreview($editor_mode); } $op = 'listDownloads'; } } switch ($op) { case "uploadFile":
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } /* Store the first CATEGORY as the Topic ID */ if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } /* Apply filters to the parameters passed by the webservice */ if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } /* - START: Set all the defaults - */ if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) { $args['alternate_id'] = NULL; } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { /* Permissions */ if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } /* - END: Set all the defaults - */ if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH); } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { /* First load the original story to check if it has been modified */ $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } /* This function is also doing the security checks */ $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); switch ($result) { case STORY_DUPLICATE_SID: if (!$args['gl_svc']) { if (isset($args['type']) && $args['type'] == 'submission') { $output .= STORY_edit($sid, 'moderate'); } else { $output .= STORY_edit($sid, 'error'); } } return PLG_RET_ERROR; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_EMPTY_REQUIRED_FIELDS: if (!$args['gl_svc']) { $output .= STORY_edit($sid, 'error'); } return PLG_RET_ERROR; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete']))); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'"); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); $upload->setFieldName('file'); //@TODO - better error handling... if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'"; $result = DB_query($sql, 1); $row = DB_fetchArray($result); $ai_img_num = $row['ai_img_num']; if ($ai_img_num < 1) { $ai_img_num = 1; } for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) { $curfile['name'] = ''; if (isset($_FILES['file']['name'][$z])) { $curfile['name'] = $_FILES['file']['name'][$z]; } if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension; $ai_img_num++; } else { $filenames[] = ''; } } $upload->setFileNames($filenames); $upload->uploadFiles(); //@TODO - better error handling if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true); $retval .= STORY_edit($sid, 'error'); $retval .= COM_siteFooter(); echo $retval; exit; } for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) { if ($filenames[$z] != '') { $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'"; $result = DB_query($sql, 1); $row = DB_fetchArray($result); $ai_img_num = $row['ai_img_num']; if ($ai_img_num < 1) { $ai_img_num = 1; } DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')"); } } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkImages(); if (count($errors) > 0) { $output = COM_siteHeader('menu', $LANG24[54]); $eMsg = $LANG24[55] . '<p>'; for ($i = 1; $i <= count($errors); $i++) { $eMsg .= current($errors) . '<br />'; next($errors); } //@TODO - use return here... $output .= COM_showMessageText($eMsg, $LANG24[54], true); $output .= STORY_edit($sid, 'error'); $output .= COM_siteFooter(); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_olderStuff(); if ($story->type == 'submission') { COM_setMessage(9); echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); exit; } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
function fncSave($edt_flg, $navbarMenu, $menuno, $template) { $pi_name = "databox"; global $_CONF; global $LANG_DATABOX_ADMIN; global $_TABLES; global $_USER; global $_DATABOX_CONF; global $LANG_DATABOX_user_menu; $addition_def = DATABOX_getadditiondef(); $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); if ($id == 0) { $new_flg = true; } else { $new_flg = false; } $fieldset_id = COM_applyFilter($_POST['fieldset'], true); $code = COM_applyFilter($_POST['code']); $code = addslashes(COM_checkHTML(COM_checkWords($code))); $title = COM_stripslashes($_POST['title']); $title = addslashes(COM_checkHTML(COM_checkWords($title))); $page_title = COM_applyFilter($_POST['page_title']); $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $language_id = COM_applyFilter($_POST['language_id']); $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id))); $category = $_POST['category']; //@@@@@ $additionfields = $_POST['afield']; $additionfields_old = $_POST['afield']; $additionfields_fnm = $_POST['afield_fnm']; $additionfields_del = $_POST['afield_del']; $additionfields_alt = $_POST['afield_alt']; $additionfields_date = array(); $additionfields = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt); // $hits =0; // $comments=0; $old_mode = COM_applyFilter($_POST['old_mode']); $old_mode = addslashes(COM_checkHTML(COM_checkWords($old_mode))); //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //id if ($id == 0) { //$err.=$LANG_DATABOX_ADMIN['err_uid']."<br/>".LB; } else { if (!is_numeric($id)) { $err .= $LANG_DATABOX_ADMIN['err_id'] . "<br/>" . LB; } } //タイトル必須 if (empty($title)) { $err .= $LANG_DATABOX_ADMIN['err_title'] . "<br/>" . LB; } //文字数制限チェック if (mb_strlen($description, 'UTF-8') > $_DATABOX_CONF['maxlength_description']) { $err .= $LANG_DATABOX_ADMIN['description'] . $_DATABOX_CONF['maxlength_description'] . $LANG_DATABOX_ADMIN['err_maxlength'] . "<br/>" . LB; } //----追加項目チェック $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt); //errorのあるとき if ($err != "") { $retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit']; $retval['display'] = fncEdit($id, $edt_flg, 3, $err, "edit", $fieldset_id, $template, $old_mode); return $retval; } // CHECK おわり //----- // 新規登録時 if ($new_flg) { $w = DB_getItem($_TABLES['DATABOX_base'], "max(id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; } $fields = LB . "id"; $values = LB . "{$id}"; if ($new_flg) { if ($_DATABOX_CONF['datacode']) { $code = "000000" . date(Ymdhis); } $created = COM_convertDate2Timestamp(date("Y-m-d"), date("H:i::00")); $modified = $created; $released = $created; $commentcode = $_DATABOX_CONF['commentcode']; $trackbackcode = $_CONF[trackback_code]; $comment_expire = '0000-00-00 00:00:00'; $expired = '0000-00-00 00:00:00'; // $defaulttemplatesdirectory = null; $draft_flag = $_DATABOX_CONF['user_draft_default']; $draft_flag = $_DATABOX_CONF['user_draft_default']; //--- $meta_description = ""; $meta_keywords = ""; $owner_id = $_USER['uid']; $group_id = SEC_getFeatureGroup('databox.admin', $_USER['uid']); $array = array(); SEC_setDefaultPermissions($array, $_DATABOX_CONF['default_permissions']); $perm_owner = $array['perm_owner']; $perm_group = $array['perm_group']; $perm_anon = $array['perm_anon']; $perm_members = $array['perm_members']; $draft_flag = $_DATABOX_CONF['user_draft_default']; $cache_time = $_DATABOX_CONF['default_cache_time']; //----- $fields .= ",defaulttemplatesdirectory"; // $values .= ",'{$defaulttemplatesdirectory}'"; $fields .= ",draft_flag"; $values .= ",{$draft_flag}"; $fields .= ",cache_time"; $values .= ",{$cache_time}"; $fields .= ",meta_description"; // $values .= ",'{$meta_description}'"; $fields .= ",meta_keywords"; // $values .= ",'{$meta_keywords}'"; $fields .= ",commentcode"; // $values .= ",{$commentcode}"; $fields .= ",trackbackcode"; // $values .= ",{$trackbackcode}"; $fields .= ",comment_expire"; // if ($comment_expire == '0000-00-00 00:00:00') { $values .= ",'{$comment_expire}'"; } else { $values .= ",FROM_UNIXTIME('{$comment_expire}')"; } $fields .= ",language_id"; // $values .= ",'{$language_id}'"; $fields .= ",owner_id"; $values .= ",{$owner_id}"; $fields .= ",group_id"; $values .= ",{$group_id}"; $fields .= ",perm_owner"; $values .= ",{$perm_owner}"; $fields .= ",perm_group"; $values .= ",{$perm_group}"; $fields .= ",perm_members"; $values .= ",{$perm_members}"; $fields .= ",perm_anon"; $values .= ",{$perm_anon}"; $fields .= ",modified"; $values .= ",FROM_UNIXTIME('{$modified}')"; $fields .= ",created"; $values .= ",FROM_UNIXTIME('{$created}')"; $fields .= ",expired"; if ($expired == '0000-00-00 00:00:00') { $values .= ",'{$expired}'"; } else { $values .= ",FROM_UNIXTIME('{$expired}')"; } $fields .= ",released"; $values .= ",FROM_UNIXTIME('{$released}')"; $hits = 0; $comments = 0; $fields .= ",code"; $values .= ",'{$code}'"; $fields .= ",title"; // $values .= ",'{$title}'"; $fields .= ",page_title"; // $values .= ",'{$page_title}'"; $fields .= ",description"; // $values .= ",'{$description}'"; // $fields.=",hits";// // $values.=",$hits"; $fields .= ",comments"; // $values .= ",{$comments}"; $fields .= ",fieldset_id"; // $values .= ",{$fieldset_id}"; $fields .= ",uuid"; $values .= ",{$uuid}"; if ($edt_flg) { $return_page = $_CONF['site_url'] . "/" . THIS_SCRIPT; $return_page .= "?id=" . $id; } else { $return_page = $_CONF['site_url'] . '/' . THIS_SCRIPT . '?msg=1'; } DB_save($_TABLES['DATABOX_base'], $fields, $values); } else { $sql = "UPDATE {$_TABLES['DATABOX_base']} set "; $sql .= " title = '{$title}'"; $sql .= " ,page_title = '{$page_title}'"; $sql .= " ,description = '{$description}'"; $sql .= " ,language_id = '{$language_id}'"; $sql .= " ,modified = FROM_UNIXTIME('{$modified}')"; $sql .= ",uuid='{$uuid}' WHERE id={$id}"; DB_query($sql); } //カテゴリ //$rt=DATABOX_savedatas("category_id",$_TABLES['DATABOX_category'],$id,$category); $rt = DATABOX_savecategorydatas($id, $category); //追加項目 if ($old_mode == "copy") { DATABOX_uploadaddtiondatas_cpy($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt); } else { DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt); } if ($new_flg) { $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name); } else { $rt = DATABOX_saveaddtiondatas_update($id, $additionfields, $addition_def, $pi_name); } $rt = fncsendmail('data', $id); $cacheInstance = 'databox__' . $id . '__'; CACHE_remove_instance($cacheInstance); //exit;//@@@@@debug 用 if ($_DATABOX_CONF['aftersave'] === 'no') { $retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit']; $retval['display'] .= fncEdit($id, $edt_flg, 1, $err, "edit", $fieldset_id, $template); return $retval; } else { if ($_DATABOX_CONF['aftersave'] === 'list' or $_DATABOX_CONF['aftersave'] === 'admin') { $url = $_CONF['site_url'] . "/databox/mydata/data.php"; $item_url = COM_buildURL($url); $target = 'item'; } else { $url = $_CONF['site_url'] . "/databox/data.php"; $url .= "?"; //コード使用の時 if ($_DATABOX_CONF['datacode']) { $url .= "code=" . $code; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = $_DATABOX_CONF['aftersave_admin']; } } $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, 1); echo $return_page; exit; }
/** * Saves banner to the database * * @param string $bid ID for banner * @param string $old_bid old ID for banner * @param string $cid cid of category banner belongs to * @param string $categorydd Category banner belong to * @param string $url URL of banner to save * @param string $description Description of banner * @param string $title Title of banner * @param int $hits Number of hits for banner * @param int $owner_id ID of owner * @param int $group_id ID of group banner belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array banner plugin lang admin vars * */ function savebanner($bid, $old_bid, $cid, $categorydd, $url, $description, $title, $publishstart, $publishend, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_BANNER_ADMIN, $_BAN_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description))); $title = addslashes(COM_checkHTML(COM_checkWords($title))); $cid = addslashes($cid); //$description = str_replace('<p>','',$description); //$description = str_replace('</p>','',$description); if (empty($owner_id)) { // this is new banner from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Banner Admin'])) { $group_id = $_GROUPS['Banner Admin']; } else { $group_id = SEC_getFeatureGroup('banner.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } if (empty($publishstart)) { $publishstart = 'NULL'; } else { $publishstart = "'" . $publishstart . "'"; } if (empty($publishend)) { $publishend = 'NULL'; } else { $publishend = "'" . $publishend . "'"; } $bid = COM_sanitizeID($bid); $old_bid = COM_sanitizeID($old_bid); if (empty($bid)) { if (empty($old_bid)) { $bid = COM_makeSid(); } else { $bid = $old_bid; } } // check for banner id change if (!empty($old_bid) && $bid != $old_bid) { // check if new bid is already in use if (DB_count($_TABLES['banner'], 'bid', $bid) > 0) { // TBD: abort, display editor with all content intact again $bid = $old_bid; // for now ... } } $access = 0; $old_bid = addslashes($old_bid); if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE bid = '{$old_bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[31], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}."); echo $display; exit; } elseif (!empty($title) && !empty($description)) { if ($categorydd != $LANG_BANNER_ADMIN[7] && !empty($categorydd)) { $cid = addslashes($categorydd); } else { if ($categorydd != $LANG_BANNER_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/banner/index.php'); } } DB_delete($_TABLES['bannersubmission'], 'bid', $old_bid); DB_delete($_TABLES['banner'], 'bid', $old_bid); DB_save($_TABLES['banner'], 'bid,cid,url,description,title,date,publishstart,publishend,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$bid}','{$cid}','{$url}','{$description}','{$title}',NOW(),{$publishstart},{$publishend},'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); // Get category for rdf check $category = DB_getItem($_TABLES['bannercategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('banner', $category, $bid); return PLG_afterSaveSwitch($_BAN_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/banner/portal.php?what=banner&item={$bid}"), 'banner', 2); } else { // missing fields $retval .= COM_siteHeader('menu', $LANG_BANNER_ADMIN[1]); $retval .= COM_errorLog($LANG_BANNER_ADMIN[10], 2); if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) { $retval .= editbanner('edit', $old_bid); } else { $retval .= editbanner('edit', ''); } $retval .= COM_siteFooter(); return $retval; } }
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno) { global $_CONF; global $_TABLES; global $_USER; $box_conf = "_" . strtoupper($pi_name) . "_CONF"; global ${$box_conf}; $box_conf = ${$box_conf}; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu"; global ${$lang_box_admin_menu}; $lang_box_admin_menu = ${$lang_box_admin_menu}; $table = $_TABLES[strtoupper($pi_name) . '_mst']; $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $kind = COM_applyFilter($_POST['kind']); $kind = addslashes(COM_checkHTML(COM_checkWords($kind))); $no = COM_applyFilter($_POST['no'], true); $no = addslashes(COM_checkHTML(COM_checkWords($no))); $value = COM_applyFilter($_POST['value']); $value = addslashes(COM_checkHTML(COM_checkWords($value))); $value2 = COM_applyFilter($_POST['value2']); $value2 = addslashes(COM_checkHTML(COM_checkWords($value2))); $disp = $_POST['disp']; $disp = addslashes(COM_checkHTML(COM_checkWords($disp))); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); $relno = COM_applyFilter($_POST['relno']); $relno = addslashes(COM_checkHTML(COM_checkWords($relno))); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //ID コード if ($id == 0) { //$err.=$lang_box_admin['err_uid']."<br/>".LB; } else { if (!is_numeric($id)) { $err .= $lang_box_admin['err_id'] . "<br/>" . LB; } } //kind必須 if (empty($kind)) { $err .= $lang_box_admin['err_kind'] . "<br/>" . LB; } //no必須 二重チェック if ($no == "") { $err .= $lang_box_admin['err_no'] . "<br/>" . LB; } else { $cntsql = "SELECT id FROM {$table} "; $cntsql .= " WHERE "; $cntsql .= " no={$no} "; $cntsql .= " AND kind='{$kind}'"; $cntsql .= " AND id<>{$id}"; $result = DB_query($cntsql); $numrows = DB_numRows($result); if ($numrows != 0) { $err .= $lang_box_admin['err_no_w'] . "<br/>" . LB; } } //errorのあるとき if ($err != "") { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($table, "max(id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; } $fields = "id"; $values = "{$id}"; $fields .= ",kind"; $values .= ",'{$kind}'"; $fields .= ",no"; $values .= ",{$no}"; $fields .= ",value"; $values .= ",'{$value}'"; $fields .= ",value2"; if ($value2 == "") { $values .= ",NULL"; } else { $values .= ",'{$value2}'"; } $fields .= ",disp"; if ($disp == "") { $values .= ",NULL"; } else { $values .= ",'{$disp}'"; } $fields .= ",orderno"; // if ($orderno == "") { $values .= ",NULL"; } else { $values .= ",{$orderno}"; } $fields .= ",relno"; // if ($relno == "") { $values .= ",NULL"; } else { $values .= ",{$relno}"; } $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",udatetime"; $values .= ",NOW( )"; // DB_save($table, $fields, $values, $return_page); // $rt=fncsendmail ($id); $message = ""; if ($box_conf['aftersave_admin'] === 'no') { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, ""); return $retval; } else { if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/mst.php"; $item_url = COM_buildURL($url); $target = 'item'; $message = 1; } else { if ($box_conf['aftersave_admin'] === 'admin') { $target = $box_conf['aftersave_admin']; $message = 1; } else { $item_url = $_CONF['site_url'] . $box_conf['top']; $target = $box_conf['aftersave_admin']; } } } $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message); echo $return_page; exit; }
function fncSave($navbarMenu, $menuno) { global $_CONF; global $_TABLES; global $_USER; global $_USERBOX_CONF; global $LANG_USERBOX_user_menu; global $LANG_USERBOX_ADMIN; $pi_name = "userbox"; $retval = ''; // $groups = $_POST['groups']; $uid = $_USER['uid']; $groupsforuser = fncGetGroupsForUser(); $whereGroups = 'ug_main_grp_id IN (' . implode(',', $groupsforuser) . ')'; $sql = "DELETE FROM {$_TABLES['group_assignments']} WHERE "; $sql .= "(ug_uid = {$uid}) "; $sql .= " AND " . $whereGroups; DB_query($sql); if (is_array($groups)) { foreach ($groups as $userGroup) { //foreach( $groups as $fid => $fvalue ){ //echo "fid=".$fid." fvalue=".$fvalue."<br>"; $sql = "INSERT INTO {$_TABLES['group_assignments']} "; $sql .= "(ug_main_grp_id, ug_uid) "; $sql .= "VALUES ("; $sql .= " {$userGroup}"; $sql .= ", {$uid}"; $sql .= ")"; DB_query($sql); } } //exit;// debug 用 $id = $uid; if ($_USERBOX_CONF['aftersave'] === 'no') { $page_title = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval .= DATABOX_siteHeader($pi_name, '_admin', $page_title); $retval .= ppNavbarjp($navbarMenu, $LANG_USERBOX_user_menu[$menuno]); //$retval .= fncEdit($id, $edt_flg,1,$err); $retval .= fncEdit(1); $retval .= DATABOX_siteFooter($pi_name, '_admin'); return $retval; } else { if ($_USERBOX_CONF['aftersave'] === 'list' or $_USERBOX_CONF['aftersave'] === 'admin') { $url = $_CONF['site_url'] . "/userbox/profile.php"; $url .= "?"; //コード使用の時 if ($_USERBOX_CONF['datacode']) { $url .= "code=" . $username; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = 'item'; } else { $url = $_CONF['site_url'] . "/userbox/profile.php"; $url .= "?"; //コード使用の時 if ($_USERBOX_CONF['datacode']) { $url .= "code=" . $username; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = $_USERBOX_CONF['aftersave_admin']; } } // $return_page=""; $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, 1); echo $return_page; return; }
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_siteHeader('menu', $LANG25[5]); $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[2]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if (empty($voters)) { $voters = 0; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = addslashes($topic); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's $v = 0; // re-count votes sine they might have been changed // first dimension of array are the questions $num_questions = count($Q); for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); if (strlen($Q[$i]) > 0) { // only insert questions that exist $Q[$i] = addslashes($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = addslashes($A[$i][$j]); $R[$i][$j] = addslashes($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $v = $v + $V[$i][$j]; } } $k++; } } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls')); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
/** * Saves a poll * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainPage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statusCode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideResults Checkbox: hide results until closed * @param int $commentCode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_group Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @param bool $allow_multipleanswers * @param string $topic_description * @param string $description * @return string|void */ function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $topic = COM_checkHTML($topic); $topic_description = strip_tags(COM_stripslashes($topic_description)); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) { $retval .= COM_showMessageText($LANG25[2], $LANG21[32]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5])); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } // Retrieve Created Date before delete $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'"); if ($created_date == '') { $created_date = date('Y-m-d H:i:s'); } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = GLText::remove4byteUtf8Chars($topic); $topic = DB_escapeString($topic); $topic_description = GLText::remove4byteUtf8Chars($topic_description); $topic_description = DB_escapeString($topic_description); $meta_description = GLText::remove4byteUtf8Chars($meta_description); $meta_description = DB_escapeString($meta_description); $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords); $meta_keywords = DB_escapeString($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's // first dimension of array are the questions $num_questions = count($Q); $num_total_votes = 0; $num_questions_exist = 0; for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); $Q[$i] = COM_checkHTML($Q[$i]); $Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]); $allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i])); $description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i]))); if ($allow_multipleanswers[$i] == 'on') { $allow_multipleanswers[$i] = 1; } else { $allow_multipleanswers[$i] = 0; } if (strlen($Q[$i]) > 0) { // only insert questions that exist $num_questions_exist++; $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); $A[$i][$j] = COM_checkHTML($A[$i][$j]); $A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]); $R[$i][$j] = COM_stripslashes($R[$i][$j]); $R[$i][$j] = COM_checkHTML($R[$i][$j]); $R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $num_total_votes = $num_total_votes + $V[$i][$j]; } } $k++; } } // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime']) if ($num_questions_exist > 0) { $numVoters = $num_total_votes / $num_questions_exist; } else { // This shouldn't happen $numVoters = $num_total_votes; } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s'); if ($mainPage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideResults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid)); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); }
function deleteCategory($cid) { global $_CONF, $mytree; $this->_loadFromDatabase($cid); $this->_checkHasAccess(); //get all subcategories under the specified category $arr = $mytree->getAllChildId($cid); for ($i = 0; $i < sizeof($arr); $i++) { $this->_deleteFile($arr[$i]); } $this->_deleteFile($cid); return PLG_afterSaveSwitch('item', "{$_CONF['site_admin_url']}/plugins/downloads/index.php?op=listCategories", 'downloads', 107); }
/** * Saves an event to the database * * @param array $_POST fields * @return string HTML redirect or error message * */ function CALENDAR_save($eid, $C) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $allday = isset($C['allday']) ? COM_applyFilter($C['allday']) : ''; $hour_mode = isset($C['hour_mode']) && $C['hour_mode'] == 24 ? 24 : 12; if ($hour_mode == 24) { // these aren't set in 24 hour mode $C['start_ampm'] = ''; $C['end_ampm'] = ''; } $status = $C['status']; $title = $C['title']; $event_type = $C['event_type']; $url = $C['url']; $start_month = COM_applyFilter($C['start_month'], true); $start_day = COM_applyFilter($C['start_day'], true); $start_year = COM_applyFilter($C['start_year'], true); $start_hour = COM_applyFilter($C['start_hour'], true); $start_minute = COM_applyFilter($C['start_minute'], true); $start_ampm = $C['start_ampm']; $end_month = COM_applyFilter($C['end_month'], true); $end_day = COM_applyFilter($C['end_day'], true); $end_year = COM_applyFilter($C['end_year'], true); $end_hour = COM_applyFilter($C['end_hour'], true); $end_minute = COM_applyFilter($C['end_minute'], true); $end_ampm = $C['end_ampm']; $location = $C['location']; $address1 = $C['address1']; $address2 = $C['address2']; $city = $C['city']; $state = $C['state']; $zipcode = $C['zipcode']; $description = $C['description']; $postmode = $C['postmode']; $owner_id = COM_applyFilter($C['owner_id'], true); $group_id = COM_applyFilter($C['group_id'], true); $perm_owner = $C['perm_owner']; $perm_group = $C['perm_group']; $perm_members = isset($C['perm_members']) ? $C['perm_members'] : ''; $perm_anon = isset($C['perm_anon']) ? $C['perm_anon'] : ''; $type = isset($C['type']) ? COM_applyFilter($C['type']) : ''; $C['datestart'] = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $C['timestart'] = $start_hour . ':' . $start_minute . ':00'; $C['dateend'] = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $C['timeend'] = $end_hour . ':' . $end_minute . ':00'; $C['allday'] = $allday; $C['hits'] = 0; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description)); } else { $postmode = 'plaintext'; $description = @htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(COM_checkHTML(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location))); $address1 = DB_escapeString(COM_checkHTML(COM_checkWords($address1))); $address2 = DB_escapeString(COM_checkHTML(COM_checkWords($address2))); $city = DB_escapeString(COM_checkHTML(COM_checkWords($city))); $state = DB_escapeString(COM_checkHTML(COM_checkWords($state))); $zipcode = DB_escapeString(COM_checkHTML(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,status,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon', "'{$eid}',{$status},'{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,status,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}',{$status},'{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); // if we just saved a submission, then return to the submissions page if ($type == 'submission') { return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } }
/** * Saves user to the database * * @param int $uid user id * @param string $usernmae (short) username * @param string $fullname user's full name * @param string $email user's email address * @param string $regdate date the user registered with the site * @param string $homepage user's homepage URL * @param array $groups groups the user belongs to * @param string $delete_photo delete user's photo if == 'on' * @return string HTML redirect or error message * */ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering saveusers****", 1); COM_errorLog("group size at beginning = " . count($groups), 1); } $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); // If remote service then assume blank password if (!empty($service)) { $passwd = ''; $passwd_conf = ''; } $passwd_changed = true; if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') { $passwd_changed = false; } if ($passwd_changed && $passwd != $passwd_conf) { // passwords don't match return edituser($uid, 67); } $nameAndEmailOkay = true; if (empty($username)) { $nameAndEmailOkay = false; } elseif (empty($email)) { if (empty($uid)) { $nameAndEmailOkay = false; // new users need an email address } else { if (empty($service)) { $nameAndEmailOkay = false; // not a remote user - needs email } } } if ($nameAndEmailOkay) { if (!empty($email) && !COM_isEmail($email)) { return edituser($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { if (!empty($service)) { $uservice = DB_escapeString($service); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return edituser($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return edituser($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return edituser($uid, $ret['number']); } } if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = SEC_generateRandomPassword(); } $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage); if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } } else { $fullname = DB_escapeString($fullname); $homepage = DB_escapeString($homepage); $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}"); if (!empty($curphoto) && $delete_photo == 'on') { USER_deletePhoto($curphoto); $curphoto = ''; } if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); return $retval; } $curphoto = $newphoto; } } $curphoto = DB_escapeString($curphoto); DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}"); if ($passwd_changed && !empty($passwd)) { SEC_updateUserPassword($passwd, $uid); } if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; } // check that the user is allowed to change group assignments if (is_array($groups) && SEC_hasRights('group.assign')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } if ($userChanged) { PLG_userInfoChanged($uid); } $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php'); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); echo $retval; exit; } } else { $retval .= COM_showMessageText($LANG28[10]); if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= edituser($uid); } else { $retval .= edituser(); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1])); COM_output($retval); exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving saveusers*****************", 1); } return $retval; }
/** * Saves an event to the database * * (parameters should be obvious - old list was incomplete anyway) * @return string HTML redirect or error message * */ function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit'); } else { $postmode = 'plaintext'; $description = htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit')); $address1 = DB_escapeString(strip_tags(COM_checkWords($address1))); $address2 = DB_escapeString(strip_tags(COM_checkWords($address2))); $city = DB_escapeString(strip_tags(COM_checkWords($city))); $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php'); } $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'"); if (empty($hits)) { $hits = 0; } DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } }
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno) { global $_CONF; global $_TABLES; global $_USER; $box_conf = "_" . strtoupper($pi_name) . "_CONF"; global ${$box_conf}; $box_conf = ${$box_conf}; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu"; global ${$lang_box_admin_menu}; $lang_box_admin_menu = ${$lang_box_admin_menu}; $lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE"; global ${$lang_box_inputtype}; $lang_box_inputtype = ${$lang_box_inputtype}; $table = $_TABLES[strtoupper($pi_name) . '_def_group']; $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $code = COM_applyFilter($_POST['code']); $code = addslashes(COM_checkHTML(COM_checkWords($code))); $name = COM_applyFilter($_POST['name']); $name = addslashes(COM_checkHTML(COM_checkWords($name))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $parent_flg = COM_applyFilter($_POST['parent_flg'], true); $input_type = COM_applyFilter($_POST['input_type'], true); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //ID コード if ($id == 0) { //$err.=$lang_box_admin['err_uid']."<br/>".LB; } else { if (!is_numeric($id)) { $err .= $lang_box_admin['err_id'] . "<br/>" . LB; } } //コード if ($code != "") { $cntsql = "SELECT code FROM {$table} "; $cntsql .= " WHERE "; $cntsql .= " code='{$code}' "; $cntsql .= " AND group_id<>{$id}"; $result = DB_query($cntsql); $numrows = DB_numRows($result); if ($numrows != 0) { $err .= $lang_box_admin['err_code_w'] . "<br/>" . LB; } } //タイトル必須 if (empty($name)) { $err .= $lang_box_admin['err_name'] . "<br/>" . LB; } //errorのあるとき if ($err != "") { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($table, "max(group_id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; } $fields = "group_id"; $values = "{$id}"; $fields .= ",code"; $values .= ",'{$code}'"; $fields .= ",name"; $values .= ",'{$name}'"; $fields .= ",description"; $values .= ",'{$description}'"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",parent_flg"; // $values .= ",{$parent_flg}"; $fields .= ",input_type"; // $values .= ",{$input_type}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",udatetime"; $values .= ",NOW( )"; // // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } DB_save($table, $fields, $values, $return_page); // $rt=fncsendmail ($id); $message = ""; if ($box_conf['aftersave_admin'] === 'no') { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, ""); return $retval; } else { if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php"; $item_url = COM_buildURL($url); $target = 'item'; $message = 1; } else { if ($box_conf['aftersave_admin'] === 'admin') { $target = $box_conf['aftersave_admin']; $message = 1; } else { $item_url = $_CONF['site_url'] . $box_conf['top']; $target = $box_conf['aftersave_admin']; } } } $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message); echo $return_page; exit; }
// Check if ANONYMOUS user is trying to vote more than once per day. if ($uid == 1) { $yesterday = time() - 86400 * $anonwaitdays; $result = DB_query("SELECT COUNT(*) FROM {$_TABLES['downloadvotes']} " . "WHERE lid = '" . addslashes($lid) . "' " . "AND ratinguser = 1 AND ratinghostname = '{$ip}' AND ratingtimestamp > {$yesterday}"); list($anonvotecount) = DB_fetchArray($result); if ($anonvotecount >= 1) { echo DLM_showErrorMessage('voteonce'); exit; } } //All is well. Add to Line Item Rate to DB. $datetime = time(); DB_query("INSERT INTO {$_TABLES['downloadvotes']} " . "(lid, ratinguser, rating, ratinghostname, ratingtimestamp) " . "VALUES ('" . addslashes($lid) . "', {$uid}, {$rating}, '{$ip}', {$datetime})"); //All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB. DLM_updaterating($lid); echo PLG_afterSaveSwitch('home', '', 'downloads', 113); exit; } $lid = COM_applyFilter($_GET['lid']); $result = DB_query("SELECT title FROM {$_TABLES['downloads']} WHERE lid='" . addslashes($lid) . "'"); list($title) = DB_fetchArray($result); $title = DLM_htmlspecialchars($title); $pagetitle = $LANG_DLM['plugin_name']; $display = ''; $display .= COM_startBlock($LANG_DLM['plugin_name']); $T = new Template($_DLM_CONF['path_layout']); $T->set_file(array('t_vote' => 'vote.thtml')); DLM_setDefaultTemplateVars($T); $T->set_var('val_lid', $lid); $T->set_var('lang_file', $LANG_DLM['file']); $T->set_var('val_title', $title);