示例#1
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
        return PLG_RET_AUTH_FAILED;
    }
    require_once $_CONF['path_system'] . 'lib-comment.php';
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    // Store the first CATEGORY as the Topic ID
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    // - START: Set all the defaults -
    /*
        if (empty($args['tid'])) {
            // see if we have a default topic
            $topic = DB_getItem($_TABLES['topics'], 'tid',
                                'is_default = 1' . COM_getPermSQL('AND'));
            if (!empty($topic)) {
                $args['tid'] = $topic;
            } else {
                // otherwise, just use the first one
                $o = array();
                $s = array();
                if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                    $args['tid'] = $o[0];
                } else {
                    $svc_msg['error_desc'] = 'No topics available';
                    return PLG_RET_ERROR;
                }
            }
        } */
    /* This is a solution for above but the above has issues
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topics selected or available';
            return PLG_RET_ERROR;
        }
       */
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    // - END: Set all the defaults -
    // TEST CODE
    /* foreach ($args as $k => $v) {
           if (!is_array($v)) {
               echo "$k => $v\r\n";
           } else {
               echo "$k => $v\r\n";
               foreach ($v as $k1 => $v1) {
                   echo "        $k1 => $v1\r\n";
               }
           }
       }*/
    // exit ();
    // END TEST CODE
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
            } else {
                $args['sid'] = COM_makeSid();
            }
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original story to check if it has been modified
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    // This function is also doing the security checks
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    // Check if topics selected if not prompt required field
    if ($result == STORY_LOADED_OK) {
        if (!TOPIC_checkTopicSelectionControl()) {
            $result = STORY_EMPTY_REQUIRED_FIELDS;
        }
    }
    switch ($result) {
        case STORY_DUPLICATE_SID:
            $output .= COM_errorLog($LANG24[24], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
            return PLG_RET_ERROR;
            break;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_EMPTY_REQUIRED_FIELDS:
            $output .= COM_errorLog($LANG24[31], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output);
            return PLG_RET_ERROR;
            break;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new Upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            if (!empty($_CONF['image_lib'])) {
                if ($_CONF['image_lib'] == 'imagemagick') {
                    // Using imagemagick
                    $upload->setMogrifyPath($_CONF['path_to_mogrify']);
                } elseif ($_CONF['image_lib'] == 'netpbm') {
                    // using netPBM
                    $upload->setNetPBM($_CONF['path_to_netpbm']);
                } elseif ($_CONF['image_lib'] == 'gdlib') {
                    // using the GD library
                    $upload->setGDLib();
                }
                $upload->setAutomaticResize(true);
                if ($_CONF['keep_unscaled_image'] == 1) {
                    $upload->keepOriginalImage(true);
                } else {
                    $upload->keepOriginalImage(false);
                }
                if (isset($_CONF['jpeg_quality'])) {
                    $upload->setJpegQuality($_CONF['jpeg_quality']);
                }
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $end_index = $index_start + $upload->numFiles() - 1;
            for ($z = $index_start; $z <= $end_index; $z++) {
                $curfile = current($_FILES);
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $z . '.' . $fextension;
                }
                next($_FILES);
            }
            $upload->setFileNames($filenames);
            reset($_FILES);
            $upload->uploadFiles();
            if ($upload->areErrors()) {
                $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $retval;
                exit;
            }
            reset($filenames);
            for ($z = $index_start; $z <= $end_index; $z++) {
                DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
                next($filenames);
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkAttachedImages();
            if (count($errors) > 0) {
                $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG24[55] . LB . '<ul>' . LB;
                foreach ($errors as $err) {
                    $output .= '<li>' . $err . '</li>' . LB;
                }
                $output .= '</ul>' . LB;
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= storyeditor($sid);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s)
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_rdfUpToDateCheck('comment');
        STORY_updateLastArticlePublished();
        CMT_updateCommentcodes();
        if ($story->type == 'submission') {
            $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
示例#2
0
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @return   string                  HTML redirect or error message
*
*/
function USER_save($uid)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering USER_save()****", 1);
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("group size at beginning = " . sizeof($groups), 1);
    }
    $uid = COM_applyFilter($_POST['uid'], true);
    if ($uid == 0) {
        $uid = '';
    }
    $regdate = COM_applyFilter($_POST['regdate'], true);
    $username = trim($_POST['new_username']);
    $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
    $userstatus = COM_applyFilter($_POST['userstatus'], true);
    $oldstatus = COM_applyFilter($_POST['oldstatus'], true);
    $passwd = isset($_POST['newp']) ? trim($_POST['newp']) : '';
    $passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : '';
    $cooktime = COM_applyFilter($_POST['cooktime'], true);
    $email = trim($_POST['email']);
    $email_conf = trim($_POST['email_conf']);
    $groups = $_POST['groups'];
    $homepage = trim($_POST['homepage']);
    $location = strip_tags(trim($_POST['location']));
    $photo = isset($_POST['photo']) ? $_POST['photo'] : '';
    $delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0;
    $sig = trim($_POST['sig']);
    $about = trim($_POST['about']);
    $pgpkey = trim($_POST['pgpkey']);
    $language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : '';
    $theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : '';
    $maxstories = COM_applyFilter($_POST['maxstories'], true);
    $tzid = COM_applyFilter($_POST['tzid']);
    $dfid = COM_applyFilter($_POST['dfid'], true);
    $search_fmt = COM_applyFilter($_POST['search_result_format']);
    $commentmode = COM_applyFilter($_POST['commentmode']);
    $commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC';
    $commentlimit = COM_applyFilter($_POST['commentlimit'], true);
    $emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0;
    $emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0;
    $noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0;
    $noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0;
    $showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0;
    $topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC';
    $maxstories = COM_applyFilter($_POST['maxstories'], true);
    $newuser = COM_applyFilter($_POST['newuser'], true);
    $remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0;
    $remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : '';
    $remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : '';
    $social_services = SOC_followMeProfile($uid);
    foreach ($social_services as $service) {
        $service_input = $service['service'] . '_username';
        $_POST[$service_input] = strip_tags($_POST[$service_input]);
    }
    if ($uid == 1) {
        return USER_list();
    }
    if ($uid == '' || $uid < 2 || $newuser == 1) {
        if (empty($passwd) && $remoteuser == 0) {
            return USER_edit($uid, 504);
        }
        if (empty($email)) {
            return USER_edit($uid, 505);
        }
    }
    if ($username == '') {
        return USER_edit($uid, 506);
    }
    if (!USER_validateUsername($username)) {
        return USER_edit($uid, 512);
    }
    if ($email == '') {
        return USER_edit($uid, 507);
    }
    if ($passwd != $passwd_conf && $remoteuser == 0) {
        // passwords don't match
        return USER_edit($uid, 67);
    }
    if ($email != $email_conf) {
        return USER_edit($uid, 508);
    }
    // remote user checks
    if ($remoteuser == 1) {
        if ($remoteusername == '') {
            return USER_edit($uid, 513);
        }
        if ($remoteservice == '') {
            return USER_edit($uid, 514);
        }
    }
    $validEmail = true;
    if (empty($username)) {
        $validEmail = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $validEmail = false;
        } else {
            $ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid));
            if (empty($ws_user)) {
                $validEmail = false;
            }
        }
    }
    if ($validEmail) {
        if (!empty($email) && !COM_isEmail($email)) {
            return USER_edit($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
            if ($uservice != '') {
                $uservice = DB_escapeString($uservice);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return USER_edit($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return USER_edit($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 97;
                }
                return USER_edit($uid, $ret['number']);
            }
        }
        // Let plugins have a chance to decide what to do before saving the user, return errors.
        $msg = PLG_itemPreSave('useredit', $username);
        if (!empty($msg)) {
            // need a numeric return value - otherwise use default message
            if (!is_numeric($msg)) {
                $msg = 97;
            }
            return USER_edit($uid, $msg);
        }
        if (empty($uid) || !empty($passwd)) {
            $passwd2 = SEC_encryptPassword($passwd);
        } else {
            $passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}");
        }
        // do we need to create the user?
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = USER_createPassword(8);
                $passwd2 = SEC_encryptPassword($passwd);
            }
            if ($remoteuser == 1) {
                $uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1);
            } else {
                $uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1);
            }
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
            if (isset($_POST['emailuser'])) {
                USER_createAndSendPassword($username, $email, $uid, $passwd);
            }
            if ($uid < 2) {
                return USER_edit('', 509);
            }
            $newuser = 1;
        }
        // at this point, we have a valid user...
        // Filter some of the text entry fields to ensure they don't cause problems...
        $fullname = strip_tags($fullname);
        $about = strip_tags($about);
        $pgpkey = strip_tags($pgpkey);
        $curphoto = USER_handlePhotoUpload($uid, $delete_photo);
        if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
            $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
            if ($curusername != $username) {
                // user has been renamed - rename the photo, too
                $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                $imgpath = $_CONF['path_images'] . 'userphotos/';
                if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                    $display = COM_siteHeader('menu', $LANG28[22]);
                    $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                    $display .= COM_siteFooter();
                    return $display;
                }
                $curphoto = $newphoto;
            }
        }
        // update users table
        $sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd   = '" . DB_escapeString($passwd2) . "'," . "email    = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig      = '" . DB_escapeString($sig) . "'," . "photo    = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme    = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status   = {$userstatus} WHERE uid = {$uid};";
        DB_query($sql);
        // update userprefs
        $sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid    = {$dfid}," . "tzid    = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser  = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};";
        DB_query($sql);
        // userinfo table
        $sql = "UPDATE {$_TABLES['userinfo']} SET " . "about      = '" . DB_escapeString($about) . "'," . "location   = '" . DB_escapeString($location) . "'," . "pgpkey     = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};";
        DB_query($sql);
        // userindex table
        $TIDS = @array_values($_POST['topics']);
        $AIDS = @array_values($_POST['selauthors']);
        $BOXES = @array_values($_POST['blocks']);
        $ETIDS = @array_values($_POST['dgtopics']);
        $allowed_etids = USER_buildTopicList();
        $AETIDS = explode(' ', $allowed_etids);
        $tids = '';
        if (sizeof($TIDS) > 0) {
            $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS)));
        }
        $aids = '';
        if (sizeof($AIDS) > 0) {
            foreach ($AIDS as $key => $val) {
                $AIDS[$key] = intval($val);
            }
            $aids = DB_escapeString(implode(' ', $AIDS));
        }
        $selectedblocks = '';
        $selectedBoxes = array();
        if (count($BOXES) > 0) {
            foreach ($BOXES as $key => $val) {
                $BOXES[$key] = intval($val);
            }
            $boxes = DB_escapeString(implode(',', $BOXES));
            $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
            $numRows = DB_numRows($blockresult);
            for ($x = 1; $x <= $numRows; $x++) {
                $row = DB_fetchArray($blockresult);
                if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
                    $selectedblocks .= $row['bid'];
                    if ($x != $numRows) {
                        $selectedblocks .= ' ';
                    }
                }
            }
        }
        $etids = '-';
        if (sizeof($ETIDS) > 0) {
            $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS)));
        } else {
            $etids = '-';
        }
        DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'");
        // usercomment
        DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit));
        if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
            CUSTOM_userSave($uid);
        }
        if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) {
            USER_createAndSendPassword($username, $email, $uid);
        }
        if ($userstatus == USER_ACCOUNT_DISABLED) {
            SESS_endUserSession($uid);
        }
        $userChanged = true;
        // if groups is -1 then this user isn't allowed to change any groups so ignore
        if (is_array($groups) && SEC_hasRights('group.edit')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        // subscriptions
        $subscription_deletes = @array_values($_POST['subdelete']);
        if (is_array($subscription_deletes)) {
            foreach ($subscription_deletes as $subid) {
                DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid);
            }
        }
        foreach ($social_services as $service) {
            $service_input = $service['service'] . '_username';
            $_POST[$service_input] = DB_escapeString($_POST[$service_input]);
            if ($_POST[$service_input] != '') {
                $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
                $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');";
                DB_query($sql, 1);
            } else {
                $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid;
                DB_query($sql, 1);
            }
        }
        if ($newuser == 0) {
            PLG_profileSave('', $uid);
        } else {
            PLG_createUser($uid);
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        CACHE_remove_instance('mbmenu');
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_siteHeader('menu', $LANG28[22]);
            $retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval .= COM_siteFooter();
            echo $retval;
            exit;
        }
    } else {
        $retval = COM_siteHeader('menu', $LANG28[1]);
        $retval .= COM_errorLog($LANG28[10]);
        if (DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= USER_edit($uid);
        } else {
            $retval .= USER_edit();
        }
        $retval .= COM_siteFooter();
        echo $retval;
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving USER_save()*****************", 1);
    }
    return $retval;
}
示例#3
0
/**
* Saves link to the database
*
* @param    string  $lid            ID for link
* @param    string  $old_lid        old ID for link
* @param    string  $cid            cid of category link belongs to
* @param    string  $categorydd     Category links belong to
* @param    string  $url            URL of link to save
* @param    string  $description    Description of link
* @param    string  $title          Title of link
* @param    int     $hits           Number of hits for link
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group link belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $cid = DB_escapeString($cid);
    if (empty($owner_id)) {
        // this is new link from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Links Admin'])) {
            $group_id = $_GROUPS['Links Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('links.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    $lid = COM_sanitizeID($lid);
    $old_lid = COM_sanitizeID($old_lid);
    if (empty($lid)) {
        if (empty($old_lid)) {
            $lid = COM_makeSid();
        } else {
            $lid = $old_lid;
        }
    }
    // check for link id change
    if (!empty($old_lid) && $lid != $old_lid) {
        // check if new lid is already in use
        if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
            // TBD: abort, display editor with all content intact again
            $lid = $old_lid;
            // for now ...
        }
    }
    $access = 0;
    $old_lid = DB_escapeString($old_lid);
    if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
        COM_output($display);
        exit;
    } elseif (!empty($title) && !empty($description) && !empty($url)) {
        if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
            $cid = DB_escapeString($categorydd);
        } else {
            if ($categorydd != $LANG_LINKS_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
            }
        }
        DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
        DB_delete($_TABLES['links'], 'lid', $old_lid);
        DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (empty($old_lid) || $old_lid == $lid) {
            PLG_itemSaved($lid, 'links');
        } else {
            PLG_itemSaved($lid, 'links', $old_lid);
        }
        // Get category for rdf check
        $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('links', $category, $lid);
        return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
    } else {
        // missing fields
        $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
        if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
            $retval .= editlink('edit', $old_lid);
        } else {
            $retval .= editlink('edit', '');
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
        return $retval;
    }
}
 function submitNewDownload(&$A)
 {
     global $_CONF, $_TABLES, $_DLM_CONF;
     $this->_initVars();
     $this->_loadFromArgs($A);
     $this->_secret_id = $this->_createSecretID();
     $this->_url = $_FILES['newfile']['name'];
     //        $this->_logourl = $_FILES['newfileshot']['name'];
     if (empty($this->_lid)) {
         $this->_lid = $this->_old_lid;
     }
     // Validate the input values ----------------------->
     if (empty($this->_title)) {
         $this->_errno[] = '1101';
     }
     if (empty($this->_url)) {
         $this->_errno[] = '1102';
     } else {
         if ($this->_lid != $this->_old_lid) {
             $count = DB_count($_TABLES['downloads'], 'lid', addslashes($this->_lid));
             if ($count > 0) {
                 $this->_errno[] = '1202';
             }
         }
     }
     if (empty($this->_description)) {
         $this->_errno[] = '1103';
     }
     if (!empty($this->_errno)) {
         $this->_retry = true;
         $this->_reedit('showEditor', array($this->_editor_mode));
     }
     // Validate the input values -----------------------<
     if (empty($this->_cid)) {
         $this->_cid = ROOTID;
     }
     $success = false;
     if (!SEC_hasRights('downloads.submit')) {
         // Upload New file
         if (!empty($this->_url)) {
             $tmpfilename = 'tmp' . date('YmdHis', $this->_date) . DLM_createSafeFileName($this->_url);
             $success = DLM_uploadNewFile($_FILES['newfile'], $_DLM_CONF['path_filestore'], $tmpfilename);
             if ($success) {
                 $this->_size = filesize($_DLM_CONF['path_filestore'] . $tmpfilename);
                 $this->_md5 = md5_file($_DLM_CONF['path_filestore'] . $tmpfilename);
             }
         }
         // Upload New file snapshot image
         if ($success && !empty($_FILES['newfileshot']['name'])) {
             $this->_logourl = $_FILES['newfileshot']['name'];
             $tmpshotname = 'tmp' . date('YmdHis', $this->_date) . DLM_createSafeFileName($this->_logourl);
             $success = DLM_uploadNewFile($_FILES['newfileshot'], $_DLM_CONF['path_snapstore'], $tmpshotname);
         }
         $mode = 'submission';
     } else {
         // Upload New file
         if (!empty($this->_url)) {
             $safename = DLM_createSafeFileName($this->_url, $this->_secret_id);
             $success = DLM_uploadNewFile($_FILES['newfile'], $_DLM_CONF['path_filestore'], $safename);
             if ($success) {
                 $this->_size = filesize($_DLM_CONF['path_filestore'] . $safename);
                 $this->_md5 = md5_file($_DLM_CONF['path_filestore'] . $safename);
             }
         }
         // Upload New file snapshot image
         if ($success) {
             $this->_uploadSnapImage();
             DLM_makeThumbnail(DLM_createSafeFileName($this->_logourl));
         }
         $mode = '';
     }
     if ($success) {
         $this->_addToDatabase($mode);
         $msg = $_DLM_CONF['download_emailoption'] ? 109 : 115;
         echo PLG_afterSaveSwitch('home', '', 'downloads', $msg);
     } else {
         echo PLG_afterSaveSwitch('home', '', 'downloads', 108);
     }
     exit;
 }
示例#5
0
function fncSave($edt_flg, $navbarMenu, $menuno)
{
    $pi_name = "userbox";
    global $_CONF;
    global $_TABLES;
    global $_USER;
    global $_USERBOX_CONF;
    global $LANG_USERBOX_ADMIN;
    global $_FILES;
    $addition_def = DATABOX_getadditiondef($pi_name);
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $fieldset_id = COM_applyFilter($_POST['fieldset'], true);
    //@@@@@ username fullname
    $username = COM_applyFilter($_POST['username']);
    $username = addslashes(COM_checkHTML(COM_checkWords($username)));
    $fullname = COM_applyFilter($_POST['fullname']);
    $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
    $page_title = COM_applyFilter($_POST['page_title']);
    $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
    $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
    $draft_flag = COM_applyFilter($_POST['draft_flag'], true);
    //            $hits =0;
    //            $comments=0;
    $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
    if ($comment_expire_flag) {
        $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
        $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
        $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
        $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
        $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
        if ($comment_expire_ampm == 'pm') {
            if ($comment_expire_hour < 12) {
                $comment_expire_hour = $comment_expire_hour + 12;
            }
        }
        if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
            $comment_expire_hour = '00';
        }
    } else {
        $comment_expire_month = 0;
        $comment_expire_day = 0;
        $comment_expire_year = 0;
        $comment_expire_hour = 0;
        $comment_expire_minute = 0;
    }
    $commentcode = COM_applyFilter($_POST['commentcode'], true);
    $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
    $cache_time = COM_applyFilter($_POST['cache_time'], true);
    $meta_description = $_POST['meta_description'];
    $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
    $meta_keywords = $_POST['meta_keywords'];
    $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
    $language_id = COM_applyFilter($_POST['language_id']);
    $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
    $category = $_POST['category'];
    //@@@@@
    $additionfields = $_POST['afield'];
    $additionfields_old = $_POST['afield'];
    $additionfields_fnm = $_POST['afield_fnm'];
    $additionfields_del = $_POST['afield_del'];
    $additionfields_alt = $_POST['afield_alt'];
    $additionfields_date = array();
    $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
    //
    $owner_id = COM_applyFilter($_POST['owner_id'], true);
    $group_id = COM_applyFilter($_POST['group_id'], true);
    //
    $array['perm_owner'] = $_POST['perm_owner'];
    $array['perm_group'] = $_POST['perm_group'];
    $array['perm_members'] = $_POST['perm_members'];
    $array['perm_anon'] = $_POST['perm_anon'];
    if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
    } else {
        $perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
        $perm_group = COM_applyBasicFilter($array['perm_group'], true);
        $perm_members = COM_applyBasicFilter($array['perm_members'], true);
        $perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
    }
    //編集日付
    $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
    if ($modified_autoupdate == 1) {
        //$udate = date('Ymd');
        $modified_month = date('m');
        $modified_day = date('d');
        $modified_year = date('Y');
        $modified_hour = date('H');
        $modified_minute = date('i');
    } else {
        $modified_month = COM_applyFilter($_POST['modified_month'], true);
        $modified_day = COM_applyFilter($_POST['modified_day'], true);
        $modified_year = COM_applyFilter($_POST['modified_year'], true);
        $modified_hour = COM_applyFilter($_POST['modified_hour'], true);
        $modified_minute = COM_applyFilter($_POST['modified_minute'], true);
        $modified_ampm = COM_applyFilter($_POST['modified_ampm']);
        if ($modified_ampm == 'pm') {
            if ($modified_hour < 12) {
                $modified_hour = $modified_hour + 12;
            }
        }
        if ($modified_ampm == 'am' and $modified_hour == 12) {
            $modified_hour = '00';
        }
    }
    //公開日
    $released_month = COM_applyFilter($_POST['released_month'], true);
    $released_day = COM_applyFilter($_POST['released_day'], true);
    $released_year = COM_applyFilter($_POST['released_year'], true);
    $released_hour = COM_applyFilter($_POST['released_hour'], true);
    $released_minute = COM_applyFilter($_POST['released_minute'], true);
    if ($released_ampm == 'pm') {
        if ($released_hour < 12) {
            $released_hour = $released_hour + 12;
        }
    }
    if ($released_ampm == 'am' and $released_hour == 12) {
        $released_hour = '00';
    }
    //公開終了日
    $expired_flag = COM_applyFilter($_POST['expired_flag'], true);
    if ($expired_flag) {
        $expired_month = COM_applyFilter($_POST['expired_month'], true);
        $expired_day = COM_applyFilter($_POST['expired_day'], true);
        $expired_year = COM_applyFilter($_POST['expired_year'], true);
        $expired_hour = COM_applyFilter($_POST['expired_hour'], true);
        $expired_minute = COM_applyFilter($_POST['expired_minute'], true);
        if ($expired_ampm == 'pm') {
            if ($expired_hour < 12) {
                $expired_hour = $expired_hour + 12;
            }
        }
        if ($expired_ampm == 'am' and $expired_hour == 12) {
            $expired_hour = '00';
        }
    } else {
        $expired_month = 0;
        $expired_day = 0;
        $expired_year = 0;
        $expired_hour = 0;
        $expired_minute = 0;
    }
    $created = COM_applyFilter($_POST['created_un']);
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //id
    if ($id == 0) {
        //$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB;
        }
    }
    //文字数制限チェック
    if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) {
        $err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) {
        $err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) {
        $err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    //----追加項目チェック
    $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
    //編集日付
    $modified = $modified_year . "-" . $modified_month . "-" . $modified_day;
    if (checkdate($modified_month, $modified_day, $modified_year) == false) {
        $err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB;
    }
    $modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00");
    //公開日
    $released = $released_year . "-" . $released_month . "-" . $released_day;
    if (checkdate($released_month, $released_day, $released_year) == false) {
        $err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB;
    }
    $released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00");
    //コメント受付終了日時
    if ($comment_expire_flag) {
        if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) {
            $err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB;
        }
        $comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00");
    } else {
        $comment_expire = '0000-00-00 00:00:00';
        //$comment_expire="";
    }
    //公開終了日
    if ($expired_flag) {
        if (checkdate($expired_month, $expired_day, $expired_year) == false) {
            $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
        }
        $expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00");
        if ($expired < $released) {
            $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
        }
    } else {
        $expired = '0000-00-00 00:00:00';
        //$expired="";
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
        $retval['display'] = fncEdit($id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
        $created_month = date('m');
        $created_day = date('d');
        $created_year = date('Y');
        $created_hour = date('H');
        $created_minute = date('i');
        $created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00");
    }
    $hits = 0;
    $comments = 0;
    $fields = "id";
    $values = "{$id}";
    $fields .= ",page_title";
    //
    $values .= ",'{$page_title}'";
    $fields .= ",description";
    //
    $values .= ",'{$description}'";
    $fields .= ",defaulttemplatesdirectory";
    //
    $values .= ",'{$defaulttemplatesdirectory}'";
    //$fields.=",hits";//
    //$values.=",$hits";
    $fields .= ",comments";
    //
    $values .= ",{$comments}";
    $fields .= ",meta_description";
    //
    $values .= ",'{$meta_description}'";
    $fields .= ",meta_keywords";
    //
    $values .= ",'{$meta_keywords}'";
    $fields .= ",commentcode";
    //
    $values .= ",{$commentcode}";
    $fields .= ",trackbackcode";
    //
    $values .= ",{$trackbackcode}";
    $fields .= ",cache_time";
    //
    $values .= ",{$cache_time}";
    $fields .= ",comment_expire";
    //
    if ($comment_expire == '0000-00-00 00:00:00') {
        $values .= ",'{$comment_expire}'";
    } else {
        $values .= ",FROM_UNIXTIME('{$comment_expire}')";
    }
    $fields .= ",language_id";
    //
    $values .= ",'{$language_id}'";
    $fields .= ",owner_id";
    $values .= ",{$owner_id}";
    $fields .= ",group_id";
    $values .= ",{$group_id}";
    $fields .= ",perm_owner";
    $values .= ",{$perm_owner}";
    $fields .= ",perm_group";
    $values .= ",{$perm_group}";
    $fields .= ",perm_members";
    $values .= ",{$perm_members}";
    $fields .= ",perm_anon";
    $values .= ",{$perm_anon}";
    $fields .= ",modified";
    $values .= ",FROM_UNIXTIME('{$modified}')";
    if ($created != "") {
        $fields .= ",created";
        $values .= ",FROM_UNIXTIME('{$created}')";
    }
    $fields .= ",expired";
    if ($expired == '0000-00-00 00:00:00') {
        $values .= ",'{$expired}'";
    } else {
        $values .= ",FROM_UNIXTIME('{$expired}')";
    }
    $fields .= ",released";
    $values .= ",FROM_UNIXTIME('{$released}')";
    $fields .= ",orderno";
    //
    $values .= ",{$orderno}";
    $fields .= ",fieldset_id";
    //
    $values .= ",{$fieldset_id}";
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    $fields .= ",draft_flag";
    $values .= ",{$draft_flag}";
    DB_save($_TABLES['USERBOX_base'], $fields, $values);
    //カテゴリ
    $rt = DATABOX_savecategorydatas($id, $category, $pi_name);
    //追加項目
    DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
    $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
    //user (コアのテーブル)
    //kokoka
    $sql = "UPDATE " . $_TABLES['users'] . " SET ";
    $sql .= " fullname ='" . $fullname . "'";
    $sql .= " WHERE uid=" . $id;
    DB_query($sql);
    $rt = fncsendmail('data', $id);
    $cacheInstance = 'userbox__' . $id . '__';
    CACHE_remove_instance($cacheInstance);
    //exit;// debug 用
    //    if ($edt_flg){
    //        $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
    //        $return_page.="?id=".$id;
    //    }else{
    //        $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
    //    }
    //    return COM_refresh ($return_page);
    if ($_USERBOX_CONF['aftersave_admin'] === 'no') {
        $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
        $retval['display'] .= fncEdit($id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($_USERBOX_CONF['aftersave_admin'] === 'list') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
        } else {
            $url = $_CONF['site_url'] . "/userbox/profile.php";
            $url .= "?";
            //コード使用の時
            if ($_USERBOX_CONF['datacode']) {
                $url .= "code=" . $username;
                $url .= "&amp;m=code";
            } else {
                $url .= "id=" . $id;
                $url .= "&amp;m=id";
            }
            $item_url = COM_buildUrl($url);
            $target = $_USERBOX_CONF['aftersave_admin'];
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1);
    echo $return_page;
    exit;
}
示例#6
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
        $output .= $LANG_STATIC['access_denied_msg'];
        $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
            $svc_msg['error_desc'] = 'Menu label missing';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
        if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
            $args['draft_flag'] = 'on';
        }
        if (empty($args['template_flag'])) {
            $args['template_flag'] = '';
        }
        if (empty($args['template_id'])) {
            $args['template_id'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_title = $args['sp_title'];
    $sp_page_title = $args['sp_page_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $meta_description = $args['meta_description'];
    $meta_keywords = $args['meta_keywords'];
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $draft_flag = $args['draft_flag'];
    $template_flag = $args['template_flag'];
    $template_id = $args['template_id'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        if ($draft_flag == 'on') {
            $draft_flag = 1;
        } else {
            $draft_flag = 0;
        }
        if ($template_flag == 'on') {
            $template_flag = 1;
        } else {
            $template_flag = 0;
        }
        // Remove any autotags the user doesn't have permission to use
        $sp_content = PLG_replaceTags($sp_content, '', true);
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_page_title = strip_tags($sp_page_title);
        $sp_label = strip_tags($sp_label);
        $meta_description = strip_tags($meta_description);
        $meta_keywords = strip_tags($meta_keywords);
        $sp_content = addslashes($sp_content);
        $sp_title = addslashes($sp_title);
        $sp_page_title = addslashes($sp_page_title);
        $sp_label = addslashes($sp_label);
        $meta_description = addslashes($meta_description);
        $meta_keywords = addslashes($meta_keywords);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // If marked as a template then set id to nothing and other default settings
        if ($template_flag == 1) {
            $template_id = '';
            $sp_onmenu = 0;
            $sp_label = "";
            $sp_centerblock = 0;
            $sp_php = 0;
            $sp_inblock = 0;
            $sp_nf = 0;
            $sp_hits = 0;
            $meta_description = "";
            $meta_keywords = "";
        } else {
            // See if it was a template before, if so and option changed, remove use from other pages
            if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            if ($template_id != '') {
                // If using a template, make sure php disabled
                $sp_php = 0;
                // Double check template id exists and is still a template
                $perms = SP_getPerms();
                if (!empty($perms)) {
                    $perms = ' AND ' . $perms;
                }
                if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
                    $template_id = '';
                }
            }
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
            // if we're in a multi-language setup, we need to allow one "entire
            // page" centerblock for 'all' or 'none' per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        // Retrieve created date
        $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
        if ($datecreated == '') {
            $datecreated = date('Y-m-d H:i:s');
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
        if ($delete_old_page && !empty($sp_old_id)) {
            // If a template and the id changed, update any staticpages that use it
            if ($template_flag == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
        }
        if (empty($sp_old_id) || $sp_id == $sp_old_id) {
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages');
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                }
            }
        } else {
            DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                }
            }
        }
        $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
示例#7
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    if (defined('DEMO_MODE')) {
        $output = COM_siteHeader('menu');
        $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
        $output .= COM_siteFooter();
        return PLG_REG_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_uid'])) {
        $args['sp_uid'] = $_USER['uid'];
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if ($args['sp_status'] != 1) {
        $args['sp_status'] = 0;
    }
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['sp_search'] != 1) {
        $args['sp_search'] = 0;
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } else {
            if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
                $svc_msg['error_desc'] = 'Menu label missing';
                return PLG_RET_ERROR;
            }
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_status = $args['sp_status'];
    $sp_uid = $args['sp_uid'];
    $sp_title = $args['sp_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    $sp_search = $args['sp_search'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_label = strip_tags($sp_label);
        $sp_content = DB_escapeString($sp_content);
        $sp_title = DB_escapeString($sp_title);
        $sp_label = DB_escapeString($sp_label);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
            // multi-language configuration - allow one entire page
            // centerblock for all or none per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
        if ($delete_old_page && !empty($sp_old_id)) {
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
            DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
            PLG_itemDeleted($sp_old_id, 'staticpages');
        }
        PLG_itemSaved($sp_id, 'staticpages');
        $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
示例#8
0
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
    global $_CONF;
    global $_TABLES;
    global $_USER;
    $box_conf = "_" . strtoupper($pi_name) . "_CONF";
    global ${$box_conf};
    $box_conf = ${$box_conf};
    $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
    global ${$lang_box_admin};
    $lang_box_admin = ${$lang_box_admin};
    $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
    global ${$lang_box_admin_menu};
    $lang_box_admin_menu = ${$lang_box_admin_menu};
    $table = $_TABLES[strtoupper($pi_name) . '_def_field'];
    $table1 = $_TABLES[strtoupper($pi_name) . '_base'];
    $table2 = $_TABLES[strtoupper($pi_name) . '_addition'];
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    if ($id == 0) {
        $new_flg = true;
    } else {
        $new_flg = false;
    }
    $name = COM_stripslashes($_POST['name']);
    $name = addslashes(COM_checkHTML(COM_checkWords($name)));
    $templatesetvar = COM_applyFilter($_POST['templatesetvar']);
    $templatesetvar = addslashes(COM_checkHTML(COM_checkWords($templatesetvar)));
    $description = COM_stripslashes($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $allow_display = COM_applyFilter($_POST['allow_display']);
    $allow_display = addslashes(COM_checkHTML(COM_checkWords($allow_display)));
    $allow_edit = COM_applyFilter($_POST['allow_edit']);
    $allow_edit = addslashes(COM_checkHTML(COM_checkWords($allow_edit)));
    $textcheck = COM_applyFilter($_POST['textcheck']);
    $textcheck = addslashes(COM_checkHTML(COM_checkWords($textcheck)));
    $textconv = COM_applyFilter($_POST['textconv']);
    $textconv = addslashes(COM_checkHTML(COM_checkWords($textconv)));
    $searchtarget = COM_applyFilter($_POST['searchtarget']);
    $searchtarget = addslashes(COM_checkHTML(COM_checkWords($searchtarget)));
    $initial_value = COM_applyFilter($_POST['initial_value']);
    $initial_value = addslashes(COM_checkHTML(COM_checkWords($initial_value)));
    $range_start = COM_applyFilter($_POST['range_start']);
    $range_start = addslashes(COM_checkHTML(COM_checkWords($range_start)));
    $range_end = COM_applyFilter($_POST['range_end']);
    $range_end = addslashes(COM_checkHTML(COM_checkWords($range_end)));
    $dfid = COM_applyFilter($_POST['dfid']);
    $dfid = addslashes(COM_checkHTML(COM_checkWords($dfid)));
    $type = COM_applyFilter($_POST['type']);
    $type = addslashes(COM_checkHTML(COM_checkWords($type)));
    $selection = COM_applyFilter($_POST['selection']);
    $selection = addslashes(COM_checkHTML(COM_checkWords($selection)));
    $selectlist = COM_applyFilter($_POST['selectlist']);
    $selectlist = addslashes(COM_checkHTML(COM_checkWords($selectlist)));
    $checkrequried = COM_applyFilter($_POST['checkrequried']);
    $checkrequried = addslashes(COM_checkHTML(COM_checkWords($checkrequried)));
    $size = COM_applyFilter($_POST['size'], true);
    $size = addslashes(COM_checkHTML(COM_checkWords($size)));
    $maxlength = COM_applyFilter($_POST['maxlength'], true);
    $maxlength = addslashes(COM_checkHTML(COM_checkWords($maxlength)));
    $rows = COM_applyFilter($_POST['rows'], true);
    $rows = addslashes(COM_checkHTML(COM_checkWords($rows)));
    $br = COM_applyFilter($_POST['br'], true);
    $br = addslashes(COM_checkHTML(COM_checkWords($br)));
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //ID
    if ($id == 0) {
        //$err.=$lang_box_admin['err_id']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $lang_box_admin['err_id'] . "<br/>" . LB;
        }
    }
    //名称必須
    if (empty($name)) {
        $err .= $lang_box_admin['err_name'] . "<br/>" . LB;
    }
    //テーマ変数必須,二重チェック
    if (empty($templatesetvar)) {
        $err .= $lang_box_admin['err_templatesetvar'] . "<br/>" . LB;
    } else {
        $templatesetvar = rtrim(ltrim($templatesetvar));
        $newtemplatesetvar = COM_sanitizeID($templatesetvar, false);
        if ($templatesetvar != $newtemplatesetvar) {
            $err .= $lang_box_admin['err_templatesetvar'] . "<br/>" . LB;
        } else {
            $cntsql = "SELECT field_id FROM {$table} ";
            $cntsql .= " WHERE ";
            $cntsql .= " templatesetvar='{$templatesetvar}' ";
            $cntsql .= " AND field_id<>{$id}";
            $result = DB_query($cntsql);
            $numrows = DB_numRows($result);
            if ($numrows != 0) {
                $err .= $lang_box_admin['err_templatesetvar_w'] . "<br/>" . LB;
            }
        }
    }
    //7 = 'オプションリスト';
    //8 = 'ラジオボタンリスト';
    //14= 'マルチセレクトリスト';
    if ($type == 7 or $type == 8 or $type == 14) {
        if ($selection == "") {
            $err .= $lang_box_admin['err_selection'] . "<br/>" . LB;
        }
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($table, "max(field_id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = "field_id";
    $values = "{$id}";
    $fields .= ",name";
    $values .= ",'{$name}'";
    $fields .= ",templatesetvar";
    $values .= ",'{$templatesetvar}'";
    $fields .= ",description";
    $values .= ",'{$description}'";
    $fields .= ",type";
    $values .= ",{$type}";
    $fields .= ",selection";
    $values .= ",'{$selection}'";
    $fields .= ",selectlist";
    $values .= ",'{$selectlist}'";
    $fields .= ",checkrequried";
    $values .= ",{$checkrequried}";
    $fields .= ",size";
    $values .= ",{$size}";
    $fields .= ",maxlength";
    $values .= ",{$maxlength}";
    $fields .= ",rows";
    $values .= ",{$rows}";
    $fields .= ",br";
    $values .= ",{$br}";
    $fields .= ",orderno";
    //
    $values .= ",'{$orderno}'";
    $fields .= ",allow_display";
    $values .= ",{$allow_display}";
    $fields .= ",allow_edit";
    $values .= ",{$allow_edit}";
    $fields .= ",textcheck";
    $values .= ",{$textcheck}";
    $fields .= ",textconv";
    $values .= ",{$textconv}";
    $fields .= ",searchtarget";
    $values .= ",{$searchtarget}";
    $fields .= ",initial_value";
    $values .= ",'{$initial_value}'";
    $fields .= ",range_start";
    $values .= ",'{$range_start}'";
    $fields .= ",range_end";
    $values .= ",'{$range_end}'";
    $fields .= ",dfid";
    $values .= ",{$dfid}";
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    DB_save($table, $fields, $values);
    //    if ($new_flg){
    $sql = "INSERT INTO " . $table2 . LB;
    $sql .= " (`id`,`field_id`,`value`)" . LB;
    $sql .= " SELECT id";
    $sql .= " ," . $id;
    if ($initial_value != "") {
        $sql .= ",'" . $initial_value . "' ";
    } else {
        //7 = 'オプションリスト';
        //8 = 'ラジオボタンリスト';
        if (($type == 7 or $type == 8) and $selection != "") {
            $sql .= ",'0' ";
        } else {
            $sql .= ",NULL ";
        }
    }
    $sql .= " FROM " . $table1 . " AS t1" . LB;
    $sql .= " where  fieldset_id=0 AND id NOT IN (select id from " . $table2 . LB;
    $sql .= " where field_id=" . $id . ")" . LB;
    //COM_errorLog( "sql= " . $sql, 1 );
    DB_query($sql);
    //    }
    //    $rt=fncsendmail ($id);
    //    if ($edt_flg){
    //        $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
    //        $return_page.="?id=".$id;
    //    }else{
    //        $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
    //    }
    //$return_page="";//@@@@@debug 用
    $message = "";
    if ($box_conf['aftersave_admin'] === 'no') {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/field.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
            $message = 1;
        } else {
            if ($box_conf['aftersave_admin'] === 'admin') {
                $target = $box_conf['aftersave_admin'];
                $message = 1;
            } else {
                $item_url = $_CONF['site_url'] . $box_conf['top'];
                $target = $box_conf['aftersave_admin'];
            }
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
    echo $return_page;
    exit;
}
示例#9
0
    require_once $_CONF['path'] . 'plugins/downloads/include/download.class.php';
    $dldl = new DLDownload();
    $dldl->initCatTree($mytree);
    if ($mode == $LANG_DLM['cancel']) {
        switch ($_page) {
            case 'item':
                $url = "{$_CONF['site_url']}/downloads/index.php?id={$lid}";
                echo PLG_afterSaveSwitch('item', $url, 'downloads');
                exit;
                break;
            case 'flist':
                $url = "{$_CONF['site_url']}/downloads/index.php";
                if (!empty($listing_cid) && $listing_cid != ROOTID) {
                    $url .= '?cid=' . $listing_cid;
                }
                echo PLG_afterSaveSwitch('item', $url, 'downloads');
                exit;
                break;
        }
        $op = 'listDownloads';
    }
    if ($mode == $LANG_DLM['preview']) {
        $editor_mode = !empty($_POST['editor_mode']) ? COM_applyFilter($_POST['editor_mode']) : '';
        if (in_array($editor_mode, array('edit', 'create', 'clone', 'editsubmission'))) {
            $dldl->showPreview($editor_mode);
        }
        $op = 'listDownloads';
    }
}
switch ($op) {
    case "uploadFile":
示例#10
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    /* Store the first CATEGORY as the Topic ID */
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    /* Apply filters to the parameters passed by the webservice */
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    /* - START: Set all the defaults - */
    if (empty($args['tid'])) {
        // see if we have a default topic
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
        if (!empty($topic)) {
            $args['tid'] = $topic;
        } else {
            // otherwise, just use the first one
            $o = array();
            $s = array();
            if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                $args['tid'] = $o[0];
            } else {
                $svc_msg['error_desc'] = 'No topics available';
                return PLG_RET_ERROR;
            }
        }
    }
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
        $args['alternate_id'] = NULL;
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        /* Permissions */
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    /* - END: Set all the defaults - */
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        /* First load the original story to check if it has been modified */
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    /* This function is also doing the security checks */
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    switch ($result) {
        case STORY_DUPLICATE_SID:
            if (!$args['gl_svc']) {
                if (isset($args['type']) && $args['type'] == 'submission') {
                    $output .= STORY_edit($sid, 'moderate');
                } else {
                    $output .= STORY_edit($sid, 'error');
                }
            }
            return PLG_RET_ERROR;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_EMPTY_REQUIRED_FIELDS:
            if (!$args['gl_svc']) {
                $output .= STORY_edit($sid, 'error');
            }
            return PLG_RET_ERROR;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            $upload->setAutomaticResize(true);
            if ($_CONF['keep_unscaled_image'] == 1) {
                $upload->keepOriginalImage(true);
            } else {
                $upload->keepOriginalImage(false);
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            $upload->setFieldName('file');
            //@TODO - better error handling...
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_siteHeader('menu', $LANG24[30]);
                $output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
            $result = DB_query($sql, 1);
            $row = DB_fetchArray($result);
            $ai_img_num = $row['ai_img_num'];
            if ($ai_img_num < 1) {
                $ai_img_num = 1;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                $curfile['name'] = '';
                if (isset($_FILES['file']['name'][$z])) {
                    $curfile['name'] = $_FILES['file']['name'][$z];
                }
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
                    $ai_img_num++;
                } else {
                    $filenames[] = '';
                }
            }
            $upload->setFileNames($filenames);
            $upload->uploadFiles();
            //@TODO - better error handling
            if ($upload->areErrors()) {
                $retval = COM_siteHeader('menu', $LANG24[30]);
                $retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $retval .= STORY_edit($sid, 'error');
                $retval .= COM_siteFooter();
                echo $retval;
                exit;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                if ($filenames[$z] != '') {
                    $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
                    $result = DB_query($sql, 1);
                    $row = DB_fetchArray($result);
                    $ai_img_num = $row['ai_img_num'];
                    if ($ai_img_num < 1) {
                        $ai_img_num = 1;
                    }
                    DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
                }
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkImages();
            if (count($errors) > 0) {
                $output = COM_siteHeader('menu', $LANG24[54]);
                $eMsg = $LANG24[55] . '<p>';
                for ($i = 1; $i <= count($errors); $i++) {
                    $eMsg .= current($errors) . '<br />';
                    next($errors);
                }
                //@TODO - use return here...
                $output .= COM_showMessageText($eMsg, $LANG24[54], true);
                $output .= STORY_edit($sid, 'error');
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_olderStuff();
        if ($story->type == 'submission') {
            COM_setMessage(9);
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
            exit;
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
示例#11
0
function fncSave($edt_flg, $navbarMenu, $menuno, $template)
{
    $pi_name = "databox";
    global $_CONF;
    global $LANG_DATABOX_ADMIN;
    global $_TABLES;
    global $_USER;
    global $_DATABOX_CONF;
    global $LANG_DATABOX_user_menu;
    $addition_def = DATABOX_getadditiondef();
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    if ($id == 0) {
        $new_flg = true;
    } else {
        $new_flg = false;
    }
    $fieldset_id = COM_applyFilter($_POST['fieldset'], true);
    $code = COM_applyFilter($_POST['code']);
    $code = addslashes(COM_checkHTML(COM_checkWords($code)));
    $title = COM_stripslashes($_POST['title']);
    $title = addslashes(COM_checkHTML(COM_checkWords($title)));
    $page_title = COM_applyFilter($_POST['page_title']);
    $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $language_id = COM_applyFilter($_POST['language_id']);
    $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
    $category = $_POST['category'];
    //@@@@@
    $additionfields = $_POST['afield'];
    $additionfields_old = $_POST['afield'];
    $additionfields_fnm = $_POST['afield_fnm'];
    $additionfields_del = $_POST['afield_del'];
    $additionfields_alt = $_POST['afield_alt'];
    $additionfields_date = array();
    $additionfields = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
    //            $hits =0;
    //            $comments=0;
    $old_mode = COM_applyFilter($_POST['old_mode']);
    $old_mode = addslashes(COM_checkHTML(COM_checkWords($old_mode)));
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //id
    if ($id == 0) {
        //$err.=$LANG_DATABOX_ADMIN['err_uid']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $LANG_DATABOX_ADMIN['err_id'] . "<br/>" . LB;
        }
    }
    //タイトル必須
    if (empty($title)) {
        $err .= $LANG_DATABOX_ADMIN['err_title'] . "<br/>" . LB;
    }
    //文字数制限チェック
    if (mb_strlen($description, 'UTF-8') > $_DATABOX_CONF['maxlength_description']) {
        $err .= $LANG_DATABOX_ADMIN['description'] . $_DATABOX_CONF['maxlength_description'] . $LANG_DATABOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    //----追加項目チェック
    $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
        $retval['display'] = fncEdit($id, $edt_flg, 3, $err, "edit", $fieldset_id, $template, $old_mode);
        return $retval;
    }
    // CHECK おわり
    //-----
    // 新規登録時
    if ($new_flg) {
        $w = DB_getItem($_TABLES['DATABOX_base'], "max(id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = LB . "id";
    $values = LB . "{$id}";
    if ($new_flg) {
        if ($_DATABOX_CONF['datacode']) {
            $code = "000000" . date(Ymdhis);
        }
        $created = COM_convertDate2Timestamp(date("Y-m-d"), date("H:i::00"));
        $modified = $created;
        $released = $created;
        $commentcode = $_DATABOX_CONF['commentcode'];
        $trackbackcode = $_CONF[trackback_code];
        $comment_expire = '0000-00-00 00:00:00';
        $expired = '0000-00-00 00:00:00';
        //
        $defaulttemplatesdirectory = null;
        $draft_flag = $_DATABOX_CONF['user_draft_default'];
        $draft_flag = $_DATABOX_CONF['user_draft_default'];
        //---
        $meta_description = "";
        $meta_keywords = "";
        $owner_id = $_USER['uid'];
        $group_id = SEC_getFeatureGroup('databox.admin', $_USER['uid']);
        $array = array();
        SEC_setDefaultPermissions($array, $_DATABOX_CONF['default_permissions']);
        $perm_owner = $array['perm_owner'];
        $perm_group = $array['perm_group'];
        $perm_anon = $array['perm_anon'];
        $perm_members = $array['perm_members'];
        $draft_flag = $_DATABOX_CONF['user_draft_default'];
        $cache_time = $_DATABOX_CONF['default_cache_time'];
        //-----
        $fields .= ",defaulttemplatesdirectory";
        //
        $values .= ",'{$defaulttemplatesdirectory}'";
        $fields .= ",draft_flag";
        $values .= ",{$draft_flag}";
        $fields .= ",cache_time";
        $values .= ",{$cache_time}";
        $fields .= ",meta_description";
        //
        $values .= ",'{$meta_description}'";
        $fields .= ",meta_keywords";
        //
        $values .= ",'{$meta_keywords}'";
        $fields .= ",commentcode";
        //
        $values .= ",{$commentcode}";
        $fields .= ",trackbackcode";
        //
        $values .= ",{$trackbackcode}";
        $fields .= ",comment_expire";
        //
        if ($comment_expire == '0000-00-00 00:00:00') {
            $values .= ",'{$comment_expire}'";
        } else {
            $values .= ",FROM_UNIXTIME('{$comment_expire}')";
        }
        $fields .= ",language_id";
        //
        $values .= ",'{$language_id}'";
        $fields .= ",owner_id";
        $values .= ",{$owner_id}";
        $fields .= ",group_id";
        $values .= ",{$group_id}";
        $fields .= ",perm_owner";
        $values .= ",{$perm_owner}";
        $fields .= ",perm_group";
        $values .= ",{$perm_group}";
        $fields .= ",perm_members";
        $values .= ",{$perm_members}";
        $fields .= ",perm_anon";
        $values .= ",{$perm_anon}";
        $fields .= ",modified";
        $values .= ",FROM_UNIXTIME('{$modified}')";
        $fields .= ",created";
        $values .= ",FROM_UNIXTIME('{$created}')";
        $fields .= ",expired";
        if ($expired == '0000-00-00 00:00:00') {
            $values .= ",'{$expired}'";
        } else {
            $values .= ",FROM_UNIXTIME('{$expired}')";
        }
        $fields .= ",released";
        $values .= ",FROM_UNIXTIME('{$released}')";
        $hits = 0;
        $comments = 0;
        $fields .= ",code";
        $values .= ",'{$code}'";
        $fields .= ",title";
        //
        $values .= ",'{$title}'";
        $fields .= ",page_title";
        //
        $values .= ",'{$page_title}'";
        $fields .= ",description";
        //
        $values .= ",'{$description}'";
        //        $fields.=",hits";//
        //        $values.=",$hits";
        $fields .= ",comments";
        //
        $values .= ",{$comments}";
        $fields .= ",fieldset_id";
        //
        $values .= ",{$fieldset_id}";
        $fields .= ",uuid";
        $values .= ",{$uuid}";
        if ($edt_flg) {
            $return_page = $_CONF['site_url'] . "/" . THIS_SCRIPT;
            $return_page .= "?id=" . $id;
        } else {
            $return_page = $_CONF['site_url'] . '/' . THIS_SCRIPT . '?msg=1';
        }
        DB_save($_TABLES['DATABOX_base'], $fields, $values);
    } else {
        $sql = "UPDATE {$_TABLES['DATABOX_base']} set ";
        $sql .= " title = '{$title}'";
        $sql .= " ,page_title = '{$page_title}'";
        $sql .= " ,description = '{$description}'";
        $sql .= " ,language_id = '{$language_id}'";
        $sql .= " ,modified = FROM_UNIXTIME('{$modified}')";
        $sql .= ",uuid='{$uuid}' WHERE id={$id}";
        DB_query($sql);
    }
    //カテゴリ
    //$rt=DATABOX_savedatas("category_id",$_TABLES['DATABOX_category'],$id,$category);
    $rt = DATABOX_savecategorydatas($id, $category);
    //追加項目
    if ($old_mode == "copy") {
        DATABOX_uploadaddtiondatas_cpy($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
    } else {
        DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
    }
    if ($new_flg) {
        $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
    } else {
        $rt = DATABOX_saveaddtiondatas_update($id, $additionfields, $addition_def, $pi_name);
    }
    $rt = fncsendmail('data', $id);
    $cacheInstance = 'databox__' . $id . '__';
    CACHE_remove_instance($cacheInstance);
    //exit;//@@@@@debug 用
    if ($_DATABOX_CONF['aftersave'] === 'no') {
        $retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
        $retval['display'] .= fncEdit($id, $edt_flg, 1, $err, "edit", $fieldset_id, $template);
        return $retval;
    } else {
        if ($_DATABOX_CONF['aftersave'] === 'list' or $_DATABOX_CONF['aftersave'] === 'admin') {
            $url = $_CONF['site_url'] . "/databox/mydata/data.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
        } else {
            $url = $_CONF['site_url'] . "/databox/data.php";
            $url .= "?";
            //コード使用の時
            if ($_DATABOX_CONF['datacode']) {
                $url .= "code=" . $code;
                $url .= "&amp;m=code";
            } else {
                $url .= "id=" . $id;
                $url .= "&amp;m=id";
            }
            $item_url = COM_buildUrl($url);
            $target = $_DATABOX_CONF['aftersave_admin'];
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, 1);
    echo $return_page;
    exit;
}
示例#12
0
/**
* Saves banner to the database
*
* @param    string  $bid            ID for banner
* @param    string  $old_bid        old ID for banner
* @param    string  $cid            cid of category banner belongs to
* @param    string  $categorydd     Category banner belong to
* @param    string  $url            URL of banner to save
* @param    string  $description    Description of banner
* @param    string  $title          Title of banner
* @param    int     $hits           Number of hits for banner
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group banner belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array banner plugin lang admin vars
*
*/
function savebanner($bid, $old_bid, $cid, $categorydd, $url, $description, $title, $publishstart, $publishend, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_BANNER_ADMIN, $_BAN_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // clean 'em up
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $title = addslashes(COM_checkHTML(COM_checkWords($title)));
    $cid = addslashes($cid);
    //$description = str_replace('<p>','',$description);
    //$description = str_replace('</p>','',$description);
    if (empty($owner_id)) {
        // this is new banner from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Banner Admin'])) {
            $group_id = $_GROUPS['Banner Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('banner.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    if (empty($publishstart)) {
        $publishstart = 'NULL';
    } else {
        $publishstart = "'" . $publishstart . "'";
    }
    if (empty($publishend)) {
        $publishend = 'NULL';
    } else {
        $publishend = "'" . $publishend . "'";
    }
    $bid = COM_sanitizeID($bid);
    $old_bid = COM_sanitizeID($old_bid);
    if (empty($bid)) {
        if (empty($old_bid)) {
            $bid = COM_makeSid();
        } else {
            $bid = $old_bid;
        }
    }
    // check for banner id change
    if (!empty($old_bid) && $bid != $old_bid) {
        // check if new bid is already in use
        if (DB_count($_TABLES['banner'], 'bid', $bid) > 0) {
            // TBD: abort, display editor with all content intact again
            $bid = $old_bid;
            // for now ...
        }
    }
    $access = 0;
    $old_bid = addslashes($old_bid);
    if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE bid = '{$old_bid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[31], $MESSAGE[30]) . COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}.");
        echo $display;
        exit;
    } elseif (!empty($title) && !empty($description)) {
        if ($categorydd != $LANG_BANNER_ADMIN[7] && !empty($categorydd)) {
            $cid = addslashes($categorydd);
        } else {
            if ($categorydd != $LANG_BANNER_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/banner/index.php');
            }
        }
        DB_delete($_TABLES['bannersubmission'], 'bid', $old_bid);
        DB_delete($_TABLES['banner'], 'bid', $old_bid);
        DB_save($_TABLES['banner'], 'bid,cid,url,description,title,date,publishstart,publishend,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$bid}','{$cid}','{$url}','{$description}','{$title}',NOW(),{$publishstart},{$publishend},'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        // Get category for rdf check
        $category = DB_getItem($_TABLES['bannercategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('banner', $category, $bid);
        return PLG_afterSaveSwitch($_BAN_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/banner/portal.php?what=banner&item={$bid}"), 'banner', 2);
    } else {
        // missing fields
        $retval .= COM_siteHeader('menu', $LANG_BANNER_ADMIN[1]);
        $retval .= COM_errorLog($LANG_BANNER_ADMIN[10], 2);
        if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) {
            $retval .= editbanner('edit', $old_bid);
        } else {
            $retval .= editbanner('edit', '');
        }
        $retval .= COM_siteFooter();
        return $retval;
    }
}
示例#13
0
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
    global $_CONF;
    global $_TABLES;
    global $_USER;
    $box_conf = "_" . strtoupper($pi_name) . "_CONF";
    global ${$box_conf};
    $box_conf = ${$box_conf};
    $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
    global ${$lang_box_admin};
    $lang_box_admin = ${$lang_box_admin};
    $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
    global ${$lang_box_admin_menu};
    $lang_box_admin_menu = ${$lang_box_admin_menu};
    $table = $_TABLES[strtoupper($pi_name) . '_mst'];
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $kind = COM_applyFilter($_POST['kind']);
    $kind = addslashes(COM_checkHTML(COM_checkWords($kind)));
    $no = COM_applyFilter($_POST['no'], true);
    $no = addslashes(COM_checkHTML(COM_checkWords($no)));
    $value = COM_applyFilter($_POST['value']);
    $value = addslashes(COM_checkHTML(COM_checkWords($value)));
    $value2 = COM_applyFilter($_POST['value2']);
    $value2 = addslashes(COM_checkHTML(COM_checkWords($value2)));
    $disp = $_POST['disp'];
    $disp = addslashes(COM_checkHTML(COM_checkWords($disp)));
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    $relno = COM_applyFilter($_POST['relno']);
    $relno = addslashes(COM_checkHTML(COM_checkWords($relno)));
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //ID コード
    if ($id == 0) {
        //$err.=$lang_box_admin['err_uid']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $lang_box_admin['err_id'] . "<br/>" . LB;
        }
    }
    //kind必須
    if (empty($kind)) {
        $err .= $lang_box_admin['err_kind'] . "<br/>" . LB;
    }
    //no必須 二重チェック
    if ($no == "") {
        $err .= $lang_box_admin['err_no'] . "<br/>" . LB;
    } else {
        $cntsql = "SELECT id FROM {$table} ";
        $cntsql .= " WHERE ";
        $cntsql .= " no={$no} ";
        $cntsql .= " AND kind='{$kind}'";
        $cntsql .= " AND id<>{$id}";
        $result = DB_query($cntsql);
        $numrows = DB_numRows($result);
        if ($numrows != 0) {
            $err .= $lang_box_admin['err_no_w'] . "<br/>" . LB;
        }
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($table, "max(id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = "id";
    $values = "{$id}";
    $fields .= ",kind";
    $values .= ",'{$kind}'";
    $fields .= ",no";
    $values .= ",{$no}";
    $fields .= ",value";
    $values .= ",'{$value}'";
    $fields .= ",value2";
    if ($value2 == "") {
        $values .= ",NULL";
    } else {
        $values .= ",'{$value2}'";
    }
    $fields .= ",disp";
    if ($disp == "") {
        $values .= ",NULL";
    } else {
        $values .= ",'{$disp}'";
    }
    $fields .= ",orderno";
    //
    if ($orderno == "") {
        $values .= ",NULL";
    } else {
        $values .= ",{$orderno}";
    }
    $fields .= ",relno";
    //
    if ($relno == "") {
        $values .= ",NULL";
    } else {
        $values .= ",{$relno}";
    }
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    $fields .= ",udatetime";
    $values .= ",NOW( )";
    //
    DB_save($table, $fields, $values, $return_page);
    //    $rt=fncsendmail ($id);
    $message = "";
    if ($box_conf['aftersave_admin'] === 'no') {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/mst.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
            $message = 1;
        } else {
            if ($box_conf['aftersave_admin'] === 'admin') {
                $target = $box_conf['aftersave_admin'];
                $message = 1;
            } else {
                $item_url = $_CONF['site_url'] . $box_conf['top'];
                $target = $box_conf['aftersave_admin'];
            }
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
    echo $return_page;
    exit;
}
示例#14
0
function fncSave($navbarMenu, $menuno)
{
    global $_CONF;
    global $_TABLES;
    global $_USER;
    global $_USERBOX_CONF;
    global $LANG_USERBOX_user_menu;
    global $LANG_USERBOX_ADMIN;
    $pi_name = "userbox";
    $retval = '';
    //
    $groups = $_POST['groups'];
    $uid = $_USER['uid'];
    $groupsforuser = fncGetGroupsForUser();
    $whereGroups = 'ug_main_grp_id IN (' . implode(',', $groupsforuser) . ')';
    $sql = "DELETE FROM {$_TABLES['group_assignments']} WHERE ";
    $sql .= "(ug_uid = {$uid})  ";
    $sql .= " AND " . $whereGroups;
    DB_query($sql);
    if (is_array($groups)) {
        foreach ($groups as $userGroup) {
            //foreach( $groups as $fid => $fvalue ){
            //echo "fid=".$fid."  fvalue=".$fvalue."<br>";
            $sql = "INSERT INTO {$_TABLES['group_assignments']} ";
            $sql .= "(ug_main_grp_id, ug_uid) ";
            $sql .= "VALUES (";
            $sql .= " {$userGroup}";
            $sql .= ", {$uid}";
            $sql .= ")";
            DB_query($sql);
        }
    }
    //exit;// debug 用
    $id = $uid;
    if ($_USERBOX_CONF['aftersave'] === 'no') {
        $page_title = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
        $retval .= DATABOX_siteHeader($pi_name, '_admin', $page_title);
        $retval .= ppNavbarjp($navbarMenu, $LANG_USERBOX_user_menu[$menuno]);
        //$retval .= fncEdit($id, $edt_flg,1,$err);
        $retval .= fncEdit(1);
        $retval .= DATABOX_siteFooter($pi_name, '_admin');
        return $retval;
    } else {
        if ($_USERBOX_CONF['aftersave'] === 'list' or $_USERBOX_CONF['aftersave'] === 'admin') {
            $url = $_CONF['site_url'] . "/userbox/profile.php";
            $url .= "?";
            //コード使用の時
            if ($_USERBOX_CONF['datacode']) {
                $url .= "code=" . $username;
                $url .= "&amp;m=code";
            } else {
                $url .= "id=" . $id;
                $url .= "&amp;m=id";
            }
            $item_url = COM_buildUrl($url);
            $target = 'item';
        } else {
            $url = $_CONF['site_url'] . "/userbox/profile.php";
            $url .= "?";
            //コード使用の時
            if ($_USERBOX_CONF['datacode']) {
                $url .= "code=" . $username;
                $url .= "&amp;m=code";
            } else {
                $url .= "id=" . $id;
                $url .= "&amp;m=id";
            }
            $item_url = COM_buildUrl($url);
            $target = $_USERBOX_CONF['aftersave_admin'];
        }
    }
    // $return_page="";
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, 1);
    echo $return_page;
    return;
}
示例#15
0
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param    string  $pid            Poll topic ID
* @param    string  $old_pid        Previous poll topic ID
* @param    array   $Q              Array of poll questions
* @param    string  $mainpage       Checkbox: poll appears on homepage
* @param    string  $topic          The text for the topic
* @param    string  $meta_description
* @param    string  $meta_keywords
* @param    int     $statuscode     (unused)
* @param    string  $open           Checkbox: poll open for voting
* @param    string  $hideresults    Checkbox: hide results until closed
* @param    int     $commentcode    Indicates if users can comment on poll
* @param    array   $A              Array of possible answers
* @param    array   $V              Array of vote per each answer
* @param    array   $R              Array of remark per each answer
* @param    int     $owner_id       ID of poll owner
* @param    int     $group_id       ID of group poll belongs to
* @param    int     $perm_owner     Permissions the owner has on poll
* @param    int     $perm_grup      Permissions the group has on poll
* @param    int     $perm_members   Permissions logged in members have on poll
* @param    int     $perm_anon      Permissions anonymous users have on poll
* @return   string                  HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $topic = COM_stripslashes($topic);
    $meta_description = strip_tags(COM_stripslashes($meta_description));
    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    $pid = COM_sanitizeID($pid);
    $old_pid = COM_sanitizeID($old_pid);
    if (empty($pid)) {
        if (empty($old_pid)) {
            $pid = COM_makeSid();
        } else {
            $pid = $old_pid;
        }
    }
    // check if any question was entered
    if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
        $retval .= COM_siteHeader('menu', $LANG25[5]);
        $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
        $retval .= $LANG25[2];
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $retval .= COM_siteFooter();
        return $retval;
    }
    if (!SEC_checkToken()) {
        COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
        return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
    }
    // check for poll id change
    if (!empty($old_pid) && $pid != $old_pid) {
        // check if new pid is already in use
        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
            // TBD: abort, display editor with all content intact again
            $pid = $old_pid;
            // for now ...
        }
    }
    // start processing the poll topic
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    $access = 0;
    if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
        $P = DB_fetchArray($result);
        $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
        COM_output($display);
        exit;
    }
    if (empty($voters)) {
        $voters = 0;
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('owner permissions: ' . $perm_owner, 1);
        COM_errorLog('group permissions: ' . $perm_group, 1);
        COM_errorLog('member permissions: ' . $perm_members, 1);
        COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
    }
    // we delete everything and re-create it with the input from the form
    $del_pid = $pid;
    if (!empty($old_pid) && $pid != $old_pid) {
        $del_pid = $old_pid;
        // delete by old pid, create using new pid below
    }
    DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
    DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
    DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
    $topic = addslashes($topic);
    $meta_description = addslashes($meta_description);
    $meta_keywords = addslashes($meta_keywords);
    $k = 0;
    // set up a counter to make sure we do assign a straight line of question id's
    $v = 0;
    // re-count votes sine they might have been changed
    // first dimension of array are the questions
    $num_questions = count($Q);
    for ($i = 0; $i < $num_questions; $i++) {
        $Q[$i] = COM_stripslashes($Q[$i]);
        if (strlen($Q[$i]) > 0) {
            // only insert questions that exist
            $Q[$i] = addslashes($Q[$i]);
            DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
            // within the questions, we have another dimensions with answers,
            // votes and remarks
            $num_answers = count($A[$i]);
            for ($j = 0; $j < $num_answers; $j++) {
                $A[$i][$j] = COM_stripslashes($A[$i][$j]);
                if (strlen($A[$i][$j]) > 0) {
                    // only insert answers etc that exist
                    if (!is_numeric($V[$i][$j])) {
                        $V[$i][$j] = "0";
                    }
                    $A[$i][$j] = addslashes($A[$i][$j]);
                    $R[$i][$j] = addslashes($R[$i][$j]);
                    $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
                    DB_query($sql);
                    $v = $v + $V[$i][$j];
                }
            }
            $k++;
        }
    }
    // save topics after the questions so we can include question count into table
    $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
    if ($mainpage == 'on') {
        $sql .= "',1";
    } else {
        $sql .= "',0";
    }
    if ($open == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    if ($hideresults == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
    // Save poll topic
    DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
    if (empty($old_pid) || $old_pid == $pid) {
        PLG_itemSaved($pid, 'polls');
    } else {
        DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
        PLG_itemSaved($pid, 'polls', $old_pid);
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
    return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
示例#16
0
/**
 * Saves a poll
 * Saves a poll topic and potential answers to the database
 *
 * @param    string $pid          Poll topic ID
 * @param    string $old_pid      Previous poll topic ID
 * @param    array  $Q            Array of poll questions
 * @param    string $mainPage     Checkbox: poll appears on homepage
 * @param    string $topic        The text for the topic
 * @param    string $meta_description
 * @param    string $meta_keywords
 * @param    int    $statusCode   (unused)
 * @param    string $open         Checkbox: poll open for voting
 * @param    string $hideResults  Checkbox: hide results until closed
 * @param    int    $commentCode  Indicates if users can comment on poll
 * @param    array  $A            Array of possible answers
 * @param    array  $V            Array of vote per each answer
 * @param    array  $R            Array of remark per each answer
 * @param    int    $owner_id     ID of poll owner
 * @param    int    $group_id     ID of group poll belongs to
 * @param    int    $perm_owner   Permissions the owner has on poll
 * @param    int    $perm_group   Permissions the group has on poll
 * @param    int    $perm_members Permissions logged in members have on poll
 * @param    int    $perm_anon    Permissions anonymous users have on poll
 * @param    bool   $allow_multipleanswers
 * @param    string $topic_description
 * @param    string $description
 * @return   string|void
 */
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
    global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $topic = COM_stripslashes($topic);
    $topic = COM_checkHTML($topic);
    $topic_description = strip_tags(COM_stripslashes($topic_description));
    $meta_description = strip_tags(COM_stripslashes($meta_description));
    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    $pid = COM_sanitizeID($pid);
    $old_pid = COM_sanitizeID($old_pid);
    if (empty($pid)) {
        if (empty($old_pid)) {
            $pid = COM_makeSid();
        } else {
            $pid = $old_pid;
        }
    }
    // check if any question was entered
    if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
        $retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
        return $retval;
    }
    if (!SEC_checkToken()) {
        COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
        COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
    }
    // check for poll id change
    if (!empty($old_pid) && $pid != $old_pid) {
        // check if new pid is already in use
        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
            // TBD: abort, display editor with all content intact again
            $pid = $old_pid;
            // for now ...
        }
    }
    // start processing the poll topic
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
        $P = DB_fetchArray($result);
        $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
        COM_output($display);
        exit;
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('owner permissions: ' . $perm_owner, 1);
        COM_errorLog('group permissions: ' . $perm_group, 1);
        COM_errorLog('member permissions: ' . $perm_members, 1);
        COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
    }
    // we delete everything and re-create it with the input from the form
    $del_pid = $pid;
    if (!empty($old_pid) && $pid != $old_pid) {
        $del_pid = $old_pid;
        // delete by old pid, create using new pid below
    }
    // Retrieve Created Date before delete
    $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
    if ($created_date == '') {
        $created_date = date('Y-m-d H:i:s');
    }
    DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
    DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
    DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
    $topic = GLText::remove4byteUtf8Chars($topic);
    $topic = DB_escapeString($topic);
    $topic_description = GLText::remove4byteUtf8Chars($topic_description);
    $topic_description = DB_escapeString($topic_description);
    $meta_description = GLText::remove4byteUtf8Chars($meta_description);
    $meta_description = DB_escapeString($meta_description);
    $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
    $meta_keywords = DB_escapeString($meta_keywords);
    $k = 0;
    // set up a counter to make sure we do assign a straight line of question id's
    // first dimension of array are the questions
    $num_questions = count($Q);
    $num_total_votes = 0;
    $num_questions_exist = 0;
    for ($i = 0; $i < $num_questions; $i++) {
        $Q[$i] = COM_stripslashes($Q[$i]);
        $Q[$i] = COM_checkHTML($Q[$i]);
        $Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
        $allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
        $description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
        if ($allow_multipleanswers[$i] == 'on') {
            $allow_multipleanswers[$i] = 1;
        } else {
            $allow_multipleanswers[$i] = 0;
        }
        if (strlen($Q[$i]) > 0) {
            // only insert questions that exist
            $num_questions_exist++;
            $Q[$i] = DB_escapeString($Q[$i]);
            DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
            // within the questions, we have another dimensions with answers,
            // votes and remarks
            $num_answers = count($A[$i]);
            for ($j = 0; $j < $num_answers; $j++) {
                $A[$i][$j] = COM_stripslashes($A[$i][$j]);
                $A[$i][$j] = COM_checkHTML($A[$i][$j]);
                $A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
                $R[$i][$j] = COM_stripslashes($R[$i][$j]);
                $R[$i][$j] = COM_checkHTML($R[$i][$j]);
                $R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
                if (strlen($A[$i][$j]) > 0) {
                    // only insert answers etc that exist
                    if (!is_numeric($V[$i][$j])) {
                        $V[$i][$j] = "0";
                    }
                    $A[$i][$j] = DB_escapeString($A[$i][$j]);
                    $R[$i][$j] = DB_escapeString($R[$i][$j]);
                    $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
                    DB_query($sql);
                    $num_total_votes = $num_total_votes + $V[$i][$j];
                }
            }
            $k++;
        }
    }
    // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
    if ($num_questions_exist > 0) {
        $numVoters = $num_total_votes / $num_questions_exist;
    } else {
        // This shouldn't happen
        $numVoters = $num_total_votes;
    }
    // save topics after the questions so we can include question count into table
    $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
    if ($mainPage == 'on') {
        $sql .= "',1";
    } else {
        $sql .= "',0";
    }
    if ($open == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    if ($hideResults == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    $sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
    // Save poll topic
    DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
    if (empty($old_pid) || $old_pid == $pid) {
        PLG_itemSaved($pid, 'polls');
    } else {
        DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
        DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
        PLG_itemSaved($pid, 'polls', $old_pid);
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
示例#17
0
 function deleteCategory($cid)
 {
     global $_CONF, $mytree;
     $this->_loadFromDatabase($cid);
     $this->_checkHasAccess();
     //get all subcategories under the specified category
     $arr = $mytree->getAllChildId($cid);
     for ($i = 0; $i < sizeof($arr); $i++) {
         $this->_deleteFile($arr[$i]);
     }
     $this->_deleteFile($cid);
     return PLG_afterSaveSwitch('item', "{$_CONF['site_admin_url']}/plugins/downloads/index.php?op=listCategories", 'downloads', 107);
 }
示例#18
0
/**
* Saves an event to the database
*
* @param    array       $_POST fields
* @return   string      HTML redirect or error message
*
*/
function CALENDAR_save($eid, $C)
{
    global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
    $allday = isset($C['allday']) ? COM_applyFilter($C['allday']) : '';
    $hour_mode = isset($C['hour_mode']) && $C['hour_mode'] == 24 ? 24 : 12;
    if ($hour_mode == 24) {
        // these aren't set in 24 hour mode
        $C['start_ampm'] = '';
        $C['end_ampm'] = '';
    }
    $status = $C['status'];
    $title = $C['title'];
    $event_type = $C['event_type'];
    $url = $C['url'];
    $start_month = COM_applyFilter($C['start_month'], true);
    $start_day = COM_applyFilter($C['start_day'], true);
    $start_year = COM_applyFilter($C['start_year'], true);
    $start_hour = COM_applyFilter($C['start_hour'], true);
    $start_minute = COM_applyFilter($C['start_minute'], true);
    $start_ampm = $C['start_ampm'];
    $end_month = COM_applyFilter($C['end_month'], true);
    $end_day = COM_applyFilter($C['end_day'], true);
    $end_year = COM_applyFilter($C['end_year'], true);
    $end_hour = COM_applyFilter($C['end_hour'], true);
    $end_minute = COM_applyFilter($C['end_minute'], true);
    $end_ampm = $C['end_ampm'];
    $location = $C['location'];
    $address1 = $C['address1'];
    $address2 = $C['address2'];
    $city = $C['city'];
    $state = $C['state'];
    $zipcode = $C['zipcode'];
    $description = $C['description'];
    $postmode = $C['postmode'];
    $owner_id = COM_applyFilter($C['owner_id'], true);
    $group_id = COM_applyFilter($C['group_id'], true);
    $perm_owner = $C['perm_owner'];
    $perm_group = $C['perm_group'];
    $perm_members = isset($C['perm_members']) ? $C['perm_members'] : '';
    $perm_anon = isset($C['perm_anon']) ? $C['perm_anon'] : '';
    $type = isset($C['type']) ? COM_applyFilter($C['type']) : '';
    $C['datestart'] = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
    $C['timestart'] = $start_hour . ':' . $start_minute . ':00';
    $C['dateend'] = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
    $C['timeend'] = $end_hour . ':' . $end_minute . ':00';
    $C['allday'] = $allday;
    $C['hits'] = 0;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $access = 0;
    if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_siteHeader('menu', $MESSAGE[30]);
        $retval .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
        $retval .= COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
        return $retval;
    }
    if ($hour_mode == 24) {
        // to avoid having to mess with the tried and tested code below, map
        // the 24-hour values onto their 12-hour counterparts and use those
        if ($start_hour >= 12) {
            $start_ampm = 'pm';
            $start_hour = $start_hour - 12;
        } else {
            $start_ampm = 'am';
            $start_hour = $start_hour;
        }
        if ($start_hour == 0) {
            $start_hour = 12;
        }
        if ($end_hour >= 12) {
            $end_ampm = 'pm';
            $end_hour = $end_hour - 12;
        } else {
            $end_ampm = 'am';
            $end_hour = $end_hour;
        }
        if ($end_hour == 0) {
            $end_hour = 12;
        }
    }
    if ($allday == 'on') {
        $allday = 1;
    } else {
        $allday = 0;
    }
    // Make sure start date is before end date
    if (checkdate($start_month, $start_day, $start_year)) {
        $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
        $timestart = $start_hour . ':' . $start_minute . ':00';
    } else {
        $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2], true);
        $retval .= CALENDAR_edit('edit', $C, '');
        $retval .= COM_siteFooter();
        return $retval;
    }
    if (checkdate($end_month, $end_day, $end_year)) {
        $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
        $timeend = $end_hour . ':' . $end_minute . ':00';
    } else {
        $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2], true);
        $retval .= CALENDAR_edit('edit', $C, '');
        $retval .= COM_siteFooter();
        return $retval;
    }
    if ($allday == 0) {
        if ($dateend < $datestart) {
            $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
            $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2], true);
            $retval .= CALENDAR_edit('edit', $C, '');
            $retval .= COM_siteFooter();
            return $retval;
        }
    } else {
        if ($dateend < $datestart) {
            // Force end date to be same as start date
            $dateend = $datestart;
        }
    }
    // clean 'em up
    if ($postmode == 'html') {
        $description = COM_checkHTML(COM_checkWords($description));
    } else {
        $postmode = 'plaintext';
        $description = @htmlspecialchars(COM_checkWords($description));
    }
    $description = DB_escapeString($description);
    $title = DB_escapeString(COM_checkHTML(COM_checkWords($title)));
    $location = DB_escapeString(COM_checkHTML(COM_checkWords($location)));
    $address1 = DB_escapeString(COM_checkHTML(COM_checkWords($address1)));
    $address2 = DB_escapeString(COM_checkHTML(COM_checkWords($address2)));
    $city = DB_escapeString(COM_checkHTML(COM_checkWords($city)));
    $state = DB_escapeString(COM_checkHTML(COM_checkWords($state)));
    $zipcode = DB_escapeString(COM_checkHTML(COM_checkWords($zipcode)));
    $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
    $url = DB_escapeString(strip_tags($url));
    if ($allday == 0) {
        // Add 12 to make time on 24 hour clock if needed
        if ($start_ampm == 'pm' and $start_hour != 12) {
            $start_hour = $start_hour + 12;
        }
        // If 12AM set hour to 00
        if ($start_ampm == 'am' and $start_hour == 12) {
            $start_hour = '00';
        }
        // Add 12 to make time on 24 hour clock if needed
        if ($end_ampm == 'pm' and $end_hour != 12) {
            $end_hour = $end_hour + 12;
        }
        // If 12AM set hour to 00
        if ($end_ampm == 'am' and $end_hour == 12) {
            $end_hour = '00';
        }
        $timestart = $start_hour . ':' . $start_minute . ':00';
        $timeend = $end_hour . ':' . $end_minute . ':00';
    }
    if (!empty($eid) and !empty($description) and !empty($title)) {
        DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
        DB_save($_TABLES['events'], 'eid,status,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon', "'{$eid}',{$status},'{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
            $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
            $numrows = DB_numRows($result);
            for ($i = 1; $i <= $numrows; $i++) {
                $P = DB_fetchArray($result);
                DB_save($_TABLES['personal_events'], 'eid,status,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}',{$status},'{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
            }
        }
        PLG_itemSaved($eid, 'calendar');
        COM_rdfUpToDateCheck('calendar', $event_type, $eid);
        // if we just saved a submission, then return to the submissions page
        if ($type == 'submission') {
            return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
        } else {
            return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
        }
    } else {
        $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2], true);
        $retval .= CALENDAR_edit('edit', $C, '');
        $retval .= COM_siteFooter();
        return $retval;
    }
}
示例#19
0
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @param    string  $usernmae       (short) username
* @param    string  $fullname       user's full name
* @param    string  $email          user's email address
* @param    string  $regdate        date the user registered with the site
* @param    string  $homepage       user's homepage URL
* @param    array   $groups         groups the user belongs to
* @param    string  $delete_photo   delete user's photo if == 'on'
* @return   string                  HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering saveusers****", 1);
        COM_errorLog("group size at beginning = " . count($groups), 1);
    }
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
    // If remote service then assume blank password
    if (!empty($service)) {
        $passwd = '';
        $passwd_conf = '';
    }
    $passwd_changed = true;
    if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
        $passwd_changed = false;
    }
    if ($passwd_changed && $passwd != $passwd_conf) {
        // passwords don't match
        return edituser($uid, 67);
    }
    $nameAndEmailOkay = true;
    if (empty($username)) {
        $nameAndEmailOkay = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $nameAndEmailOkay = false;
            // new users need an email address
        } else {
            if (empty($service)) {
                $nameAndEmailOkay = false;
                // not a remote user - needs email
            }
        }
    }
    if ($nameAndEmailOkay) {
        if (!empty($email) && !COM_isEmail($email)) {
            return edituser($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            if (!empty($service)) {
                $uservice = DB_escapeString($service);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return edituser($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return edituser($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 400;
                }
                return edituser($uid, $ret['number']);
            }
        }
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = SEC_generateRandomPassword();
            }
            $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
        } else {
            $fullname = DB_escapeString($fullname);
            $homepage = DB_escapeString($homepage);
            $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
            if (!empty($curphoto) && $delete_photo == 'on') {
                USER_deletePhoto($curphoto);
                $curphoto = '';
            }
            if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
                $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
                if ($curusername != $username) {
                    // user has been renamed - rename the photo, too
                    $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                    $imgpath = $_CONF['path_images'] . 'userphotos/';
                    if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                        $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                        return $retval;
                    }
                    $curphoto = $newphoto;
                }
            }
            $curphoto = DB_escapeString($curphoto);
            DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
            if ($passwd_changed && !empty($passwd)) {
                SEC_updateUserPassword($passwd, $uid);
            }
            if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                CUSTOM_userSave($uid);
            }
            if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
                USER_createAndSendPassword($username, $email, $uid);
            }
            if ($userstatus == USER_ACCOUNT_DISABLED) {
                SESS_endUserSession($uid);
            }
            $userChanged = true;
        }
        // check that the user is allowed to change group assignments
        if (is_array($groups) && SEC_hasRights('group.assign')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
            echo $retval;
            exit;
        }
    } else {
        $retval .= COM_showMessageText($LANG28[10]);
        if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= edituser($uid);
        } else {
            $retval .= edituser();
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
        COM_output($retval);
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving saveusers*****************", 1);
    }
    return $retval;
}
示例#20
0
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return   string                  HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
    global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $access = 0;
    if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
        return $retval;
    }
    if ($hour_mode == 24) {
        // to avoid having to mess with the tried and tested code below, map
        // the 24-hour values onto their 12-hour counterparts and use those
        if ($start_hour >= 12) {
            $start_ampm = 'pm';
            $start_hour = $start_hour - 12;
        } else {
            $start_ampm = 'am';
            $start_hour = $start_hour;
        }
        if ($start_hour == 0) {
            $start_hour = 12;
        }
        if ($end_hour >= 12) {
            $end_ampm = 'pm';
            $end_hour = $end_hour - 12;
        } else {
            $end_ampm = 'am';
            $end_hour = $end_hour;
        }
        if ($end_hour == 0) {
            $end_hour = 12;
        }
    }
    if ($allday == 'on') {
        $allday = 1;
    } else {
        $allday = 0;
    }
    // Make sure start date is before end date
    if (checkdate($start_month, $start_day, $start_year)) {
        $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
        $timestart = $start_hour . ':' . $start_minute . ':00';
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
    if (checkdate($end_month, $end_day, $end_year)) {
        $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
        $timeend = $end_hour . ':' . $end_minute . ':00';
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
    if ($allday == 0) {
        if ($dateend < $datestart) {
            $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
            return $retval;
        }
    } else {
        if ($dateend < $datestart) {
            // Force end date to be same as start date
            $dateend = $datestart;
        }
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    if ($postmode == 'html') {
        $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
    } else {
        $postmode = 'plaintext';
        $description = htmlspecialchars(COM_checkWords($description));
    }
    $description = DB_escapeString($description);
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
    $address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
    $address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
    $city = DB_escapeString(strip_tags(COM_checkWords($city)));
    $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
    $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
    $url = DB_escapeString(strip_tags($url));
    if ($allday == 0) {
        // Add 12 to make time on 24 hour clock if needed
        if ($start_ampm == 'pm' and $start_hour != 12) {
            $start_hour = $start_hour + 12;
        }
        // If 12AM set hour to 00
        if ($start_ampm == 'am' and $start_hour == 12) {
            $start_hour = '00';
        }
        // Add 12 to make time on 24 hour clock if needed
        if ($end_ampm == 'pm' and $end_hour != 12) {
            $end_hour = $end_hour + 12;
        }
        // If 12AM set hour to 00
        if ($end_ampm == 'am' and $end_hour == 12) {
            $end_hour = '00';
        }
        $timestart = $start_hour . ':' . $start_minute . ':00';
        $timeend = $end_hour . ':' . $end_minute . ':00';
    }
    if (!empty($eid) and !empty($description) and !empty($title)) {
        if (!SEC_checkToken()) {
            COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks.");
            COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
        }
        $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'");
        if (empty($hits)) {
            $hits = 0;
        }
        DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
        DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}");
        if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
            $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
            $numrows = DB_numRows($result);
            for ($i = 1; $i <= $numrows; $i++) {
                $P = DB_fetchArray($result);
                DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
            }
        }
        PLG_itemSaved($eid, 'calendar');
        COM_rdfUpToDateCheck('calendar', $event_type, $eid);
        return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
}
示例#21
0
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
    global $_CONF;
    global $_TABLES;
    global $_USER;
    $box_conf = "_" . strtoupper($pi_name) . "_CONF";
    global ${$box_conf};
    $box_conf = ${$box_conf};
    $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
    global ${$lang_box_admin};
    $lang_box_admin = ${$lang_box_admin};
    $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
    global ${$lang_box_admin_menu};
    $lang_box_admin_menu = ${$lang_box_admin_menu};
    $lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE";
    global ${$lang_box_inputtype};
    $lang_box_inputtype = ${$lang_box_inputtype};
    $table = $_TABLES[strtoupper($pi_name) . '_def_group'];
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $code = COM_applyFilter($_POST['code']);
    $code = addslashes(COM_checkHTML(COM_checkWords($code)));
    $name = COM_applyFilter($_POST['name']);
    $name = addslashes(COM_checkHTML(COM_checkWords($name)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $parent_flg = COM_applyFilter($_POST['parent_flg'], true);
    $input_type = COM_applyFilter($_POST['input_type'], true);
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //ID コード
    if ($id == 0) {
        //$err.=$lang_box_admin['err_uid']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $lang_box_admin['err_id'] . "<br/>" . LB;
        }
    }
    //コード
    if ($code != "") {
        $cntsql = "SELECT code FROM {$table} ";
        $cntsql .= " WHERE ";
        $cntsql .= " code='{$code}' ";
        $cntsql .= " AND group_id<>{$id}";
        $result = DB_query($cntsql);
        $numrows = DB_numRows($result);
        if ($numrows != 0) {
            $err .= $lang_box_admin['err_code_w'] . "<br/>" . LB;
        }
    }
    //タイトル必須
    if (empty($name)) {
        $err .= $lang_box_admin['err_name'] . "<br/>" . LB;
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($table, "max(group_id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = "group_id";
    $values = "{$id}";
    $fields .= ",code";
    $values .= ",'{$code}'";
    $fields .= ",name";
    $values .= ",'{$name}'";
    $fields .= ",description";
    $values .= ",'{$description}'";
    $fields .= ",orderno";
    //
    $values .= ",{$orderno}";
    $fields .= ",parent_flg";
    //
    $values .= ",{$parent_flg}";
    $fields .= ",input_type";
    //
    $values .= ",{$input_type}";
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    $fields .= ",udatetime";
    $values .= ",NOW( )";
    //
    //    if ($edt_flg){
    //        $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
    //        $return_page.="?id=".$id;
    //    }else{
    //        $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
    //    }
    DB_save($table, $fields, $values, $return_page);
    //    $rt=fncsendmail ($id);
    $message = "";
    if ($box_conf['aftersave_admin'] === 'no') {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
            $message = 1;
        } else {
            if ($box_conf['aftersave_admin'] === 'admin') {
                $target = $box_conf['aftersave_admin'];
                $message = 1;
            } else {
                $item_url = $_CONF['site_url'] . $box_conf['top'];
                $target = $box_conf['aftersave_admin'];
            }
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
    echo $return_page;
    exit;
}
示例#22
0
    // Check if ANONYMOUS user is trying to vote more than once per day.
    if ($uid == 1) {
        $yesterday = time() - 86400 * $anonwaitdays;
        $result = DB_query("SELECT COUNT(*) FROM {$_TABLES['downloadvotes']} " . "WHERE lid = '" . addslashes($lid) . "' " . "AND ratinguser = 1 AND ratinghostname = '{$ip}' AND ratingtimestamp > {$yesterday}");
        list($anonvotecount) = DB_fetchArray($result);
        if ($anonvotecount >= 1) {
            echo DLM_showErrorMessage('voteonce');
            exit;
        }
    }
    //All is well.  Add to Line Item Rate to DB.
    $datetime = time();
    DB_query("INSERT INTO {$_TABLES['downloadvotes']} " . "(lid, ratinguser, rating, ratinghostname, ratingtimestamp) " . "VALUES ('" . addslashes($lid) . "', {$uid}, {$rating}, '{$ip}', {$datetime})");
    //All is well.  Calculate Score & Add to Summary (for quick retrieval & sorting) to DB.
    DLM_updaterating($lid);
    echo PLG_afterSaveSwitch('home', '', 'downloads', 113);
    exit;
}
$lid = COM_applyFilter($_GET['lid']);
$result = DB_query("SELECT title FROM {$_TABLES['downloads']} WHERE lid='" . addslashes($lid) . "'");
list($title) = DB_fetchArray($result);
$title = DLM_htmlspecialchars($title);
$pagetitle = $LANG_DLM['plugin_name'];
$display = '';
$display .= COM_startBlock($LANG_DLM['plugin_name']);
$T = new Template($_DLM_CONF['path_layout']);
$T->set_file(array('t_vote' => 'vote.thtml'));
DLM_setDefaultTemplateVars($T);
$T->set_var('val_lid', $lid);
$T->set_var('lang_file', $LANG_DLM['file']);
$T->set_var('val_title', $title);