function help_invoke_main()
{
$section = REQ('section');
$path = SKIN . '/help/sections/';
$scan = scan_dir($path);
$result = array();
foreach ($scan as $id) {
$id = str_replace('.tpl', '', $id);
if (!$section || $section && $section == $id) {
$result[$id] = proc_tpl("help/sections/{$id}");
}
}
cn_assign('help_sections', $result);
if ($section) {
echo exec_tpl('window', "style=help/style.css", "title=HELP - {$section}", 'content=' . exec_tpl('help/main'));
} else {
echoheader('-@help/style.css', 'Help section');
echo exec_tpl('help/main');
echofooter();
}
}
function cn_api_get_entry($id = NULL)
{
if (is_null($id)) {
$id = REQ('id');
}
$id = cn_id_alias($id);
$db = db_news_load(db_get_nloc($id));
// Other meta-information
if (isset($db[$id])) {
$_cot = array();
$_cat = cn_get_categories(true);
$_cts = spsep($db[$id]['c']);
foreach ($_cts as $cid) {
$_cot[$cid] = $_cat[$cid]['name'];
}
$db[$id][':cot'] = $_cot;
return $db[$id];
} else {
return array();
}
}
<?php
list($lang_token, $lang, $list, $tkn, $phraseid, $translate) = _GL('lang_token, lang, list, tkn, phraseid, translate');
$exid = REQ('exid');
cn_snippet_bc();
cn_snippet_messages();
?>
<!-- selection -->
<form action="<?php
echo PHP_SELF;
?>
" method="POST">
<?php
cn_form_open('mod, opt');
?>
<p>
Select language <sup><a href="#" title="Create new language file (e.g. fr.txt) in ./core/lang with 666, 664 or 644 permission" onclick="return(tiny_msg(this));">?</a></sup>
<select name="lang_token">
<?php
foreach ($list as $token) {
?>
<option <?php
if ($token == $lang_token) {
echo 'selected="selected"';
}
?>
><?php
echo $token;
?>
}
if ($member_db[UDB_ACL] > 3) {
msg("error", lang("Access Denied"), lang("You don't have permission to add news"));
}
// only show allowed categories
list($allowed_cats, $cat_lines, $cat) = get_allowed_cats($member_db);
// ON/OFF CKEditor
$use_wysiwyg = 0;
if ($config_use_wysiwyg == 'ckeditor' && is_dir(SERVDIR . '/core/ckeditor')) {
$implemented_ckeditor_filemanager = hook('implement_file_browser', "\n filebrowserBrowseUrl: '{$PHP_SELF}?&mod=images&action=quick&wysiwyg=true',\n filebrowserImageBrowseUrl: '{$PHP_SELF}?&mod=images&action=quick&wysiwyg=true'");
$use_wysiwyg = 1;
}
// ---------------------------------------------------------------------------------------------------------------------
if ($action == "addnews") {
$error_messages = false;
$preview = REQ('preview') == 'preview' ? 'preview' : false;
// ********************************************************************************
// Do add News to news.txt
// ********************************************************************************
if ($subaction == 'doaddnews') {
// Definition
$pack = $options = false;
// Format our categories variable
if (is_array($category)) {
// User has selected multiple categories
$nice_category = array();
$ccount = 0;
foreach ($category as $ckey => $cvalue) {
if (!in_array($cvalue, $allowed_cats) and isset($cat[$cvalue])) {
msg('error', lang('Error!'), lang('Not allowed category'), '#GOBACK');
}
<?php
if (!defined('EXEC_TIME')) {
die('Access restricted');
}
// Loading filters
require_once SERVDIR . '/core/modules/hooks/common.php';
// Require module -----
$_module = REQ('mod', 'GPG');
// Loading all modules (internal + external)
$_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => '')));
// Required module not exist
if (!isset($_init_modules[$_module])) {
// external module chk
$_module = hook('modules/init', 'main', $_module);
}
// Check restrictions, if user is authorized
if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') {
if (test($_init_modules[$_module]['acl'])) {
// Request module
$_mod_cfg = $_init_modules[$_module];
include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php';
} else {
//check user for ban group
if ($user['acl'] == ACL_LEVEL_BANNED) {
global $_SESS;
$_SESSION = array();
}
msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF);
}
}
function edit_news_action_edit()
{
$flatdb = new FlatDB();
$preview_html = $preview_html_full = '';
$ID = $gstamp = intval(REQ('id', 'GETPOST'));
list($status, $preview) = GET('m, preview');
list($vConcat, $vTags, $faddm, $archive_id, $source) = GET('concat, tags, faddm, archive_id, source', 'GETPOST');
// get news part by day
$news = db_news_load(db_get_nloc($ID));
if ($ID == 0) {
msg_info("Can't edit news without ID");
}
if (!isset($news[$ID])) {
msg_info("News entry not found!");
}
// load entry
$entry = $news[$ID];
$oldentry = $entry;
// disallowed by category
if (!test_cat($entry['c'])) {
msg_info("You can't view entry. Category disallow");
}
// set status message
if ($status == 'added') {
cn_throw_message('News was added');
}
if ($status == 'moved') {
cn_throw_message('Moved to another time');
}
// load more fields
list($morefields) = cn_get_more_fields($entry['mf']);
// do save news?
if (request_type('POST')) {
$flatdb->cache_clean();
// check exists news
if (isset($news[$ID])) {
// extract data
$entry = $storent = $news[$ID];
// Prepare text
list($title, $page, $category, $short_story, $full_story, $if_use_html, $postpone_draft) = GET('title, page, category, short_story, full_story, if_use_html, postpone_draft', 'GETPOST');
// Change date?
list($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year) = GET('from_date_hour, from_date_minutes, from_date_seconds, from_date_month, from_date_day, from_date_year', 'GETPOST');
$c_time = intval(mktime($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year));
// sanitize page name
$page = preg_replace('/[^a-z0-9_\\.]/i', '-', $page);
if (empty($page) && !empty($title) && getoption('auto_news_alias')) {
$page = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($title)));
}
// current source is archive, active (postponed) or draft news
$draft_target = $postpone_draft === 'draft';
// User can't post active news
if (test('Bd') && $draft_target !== 'draft') {
$draft_target = 'draft';
}
// if archive_id is present, unable send to draft
$current_source = $archive_id ? "archive-{$archive_id}" : ($source == 'draft' ? 'draft' : '');
$target_source = $archive_id ? "archive-{$archive_id}" : ($draft_target ? 'draft' : '');
$if_use_html = $if_use_html ? TRUE : (getoption('use_wysiwyg') ? TRUE : FALSE);
$entry['t'] = cn_htmlclear($title);
$entry['c'] = is_array($category) ? join(',', $category) : $category;
$entry['s'] = cn_htmlclear($short_story);
$entry['f'] = cn_htmlclear($full_story);
$entry['ht'] = $if_use_html;
$entry['st'] = $draft_target ? 'd' : '';
$entry['pg'] = $page;
$entry['cc'] = $vConcat ? TRUE : FALSE;
$entry['tg'] = strip_tags($vTags);
// apply more field (for news & frontend)
list($entry, $disallow_message) = cn_more_fields_apply($entry, $faddm);
list($morefields) = cn_get_more_fields($faddm);
// has message from function
if ($disallow_message) {
cn_throw_message($disallow_message, 'e');
}
// Make preview
if ($preview) {
//correct preview links
$gstamp = $entry['id'] = $c_time;
$preview_html = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'active'));
$preview_html_full = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'full'));
} elseif (REQ('do_editsave', 'POST')) {
if (!getoption('disable_title') && empty($title)) {
cn_throw_message('The title cannot be blank', 'e');
}
if (!getoption('disable_short') && empty($short_story)) {
cn_throw_message('The story cannot be blank', 'e');
}
// Check for change alias
$pgts = bt_get_id($ID, 'ts_pg');
if ($pgts && $pgts !== $page) {
if ($page) {
if (bt_get_id($page, 'pg_ts')) {
cn_throw_message('For other news page alias already exists!', 'e');
}
} else {
bt_del_id($pgts, 'pg_ts');
bt_del_id($ID, 'ts_pg');
}
}
// no errors in a[rticle] area
if (cn_get_message('e', 'c') == 0) {
$FlatDB = new FlatDB();
$ida = db_index_load($current_source);
$idd = db_index_load($target_source);
// Time is changed
if ($c_time != intval($ID)) {
// Load next block (or current)
$next = db_news_load(db_get_nloc($c_time));
if (isset($next[$c_time])) {
cn_throw_message('The article time already busy, select another', 'e');
} else {
// set new time
$entry['id'] = $c_time;
$next[$c_time] = $entry;
// remove old news [from source / dest]
if (isset($news[$ID])) {
unset($news[$ID]);
}
if (isset($next[$ID])) {
unset($next[$ID]);
}
// remove old index
if (isset($idd[$ID])) {
unset($idd[$ID]);
}
// Delete old indexes
$_ts_id = bt_get_id($ID, 'nts_id');
bt_del_id($ID, 'nts_id');
// Update
bt_set_id($_ts_id, $c_time, 'nid_ts');
bt_set_id($c_time, $_ts_id, 'nts_id');
// save 2 blocks
db_save_news($news, db_get_nloc($ID));
db_save_news($next, db_get_nloc($c_time));
cn_throw_message('News moved from <b>' . date('Y-m-d H:i:s', $ID) . '</b> to <b>' . date('Y-m-d H:i:s', $c_time) . '</b>');
}
} else {
$news[$ID] = $entry;
db_save_news($news, db_get_nloc($ID));
cn_throw_message('News was edited');
}
// Update page aliases
$_ts_pg = bt_get_id($ID, 'ts_pg');
bt_del_id($ID, 'ts_pg');
bt_del_id($_ts_pg, 'pg_ts');
if ($page) {
bt_set_id($c_time, $page, 'ts_pg');
bt_set_id($page, $c_time, 'pg_ts');
}
// 1) remove from old index
if (isset($ida[$ID])) {
unset($ida[$ID]);
}
// Fill probably unused
$storent['tg'] = isset($storent['tg']) ? $storent['tg'] : '';
// 2) add new index
$idd[$c_time] = db_index_create($entry);
// 3) sync indexes
db_index_save($ida, $current_source);
db_index_update_overall($current_source);
db_index_save($idd, $target_source);
db_index_update_overall($target_source);
// ------
// UPDATE categories
$FlatDB->cn_remove_categories($storent['c'], $storent['id']);
$FlatDB->cn_add_categories($entry['c'], $c_time);
// UPDATE tags
$FlatDB->cn_remove_tags($storent['tg'], $storent['id']);
$FlatDB->cn_add_tags($entry['tg'], $c_time);
// UPDATE date / id storage [with comments count]
$FlatDB->cn_update_date($entry['id'], $storent['id'], count($storent['co']));
// ------
}
}
} else {
msg_info("News entry not found or has been deleted");
}
}
if (empty($entry['pg']) && isset($entry['t']) && getoption('auto_news_alias')) {
$entry['pg'] = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($entry['t'])));
}
// Assign template vars
$category = spsep($entry['c']);
$categories = cn_get_categories(false);
$title = isset($entry['t']) ? $entry['t'] : '';
$short_story = isset($entry['s']) ? $entry['s'] : '';
$page = isset($entry['pg']) ? $entry['pg'] : '';
$full_story = isset($entry['f']) ? $entry['f'] : '';
$is_draft = isset($entry['st']) ? $entry['st'] == 'd' : false;
$vConcat = isset($entry['cc']) ? $entry['cc'] : '';
$vTags = isset($entry['tg']) ? $entry['tg'] : '';
$if_use_html = isset($entry['ht']) ? $entry['ht'] : false;
$is_active_html = test('Csr');
cn_assign('categories, vCategory, vTitle, vPage, vShort, vFull, vUseHtml, preview_html, preview_html_full, gstamp, is_draft, vConcat, vTags, morefields, archive_id, is_active_html', $categories, $category, $title, $page, $short_story, $full_story, $if_use_html, $preview_html, $preview_html_full, $gstamp, $is_draft, $vConcat, $vTags, $morefields, $archive_id, $is_active_html);
cn_assign("EDITMODE", 1);
// show edit page
echoheader("addedit@addedit/main.css", i18n("Edit news"));
echo exec_tpl('addedit/main');
echofooter();
}
function dashboard_script()
{
list($snippet, $text) = GET('snippet, text');
if ($snippet == '') {
$snippet = 'sandbox';
}
// Prevent subfoldering
$snippet = preg_replace('/[^a-z0-9\\-\\.]/i', '_', $snippet);
if (request_type('POST')) {
cn_dsi_check();
// Click select only
if (!REQ('select', 'POST')) {
if (REQ('delete', 'POST')) {
$_t = getoption('#snippets');
unset($_t[$snippet]);
setoption('#snippets', $_t);
$snippet = 'sandbox';
} else {
// Create new snippet
if (REQ('create', 'POST')) {
$snippet = REQ('create');
}
setoption('#snippets/' . $snippet, $text);
cn_throw_message('Changes saved');
}
} else {
cn_throw_message('Select snippet [' . cn_htmlspecialchars($snippet) . ']');
}
}
$list = getoption('#snippets');
if (empty($list)) {
$list['sandbox'] = '';
}
$opt_txt = getoption('#snippets/' . $snippet);
$params = array('list' => $list, 'text' => !empty($opt_txt) ? $opt_txt : '', 'can_delete' => $snippet !== 'sandbox' ? TRUE : FALSE, 'snippet' => $snippet, 'snippets' => getoption('#snippets'));
echoheader('-@dashboard/style.css', 'HTML Scripts');
echo exec_tpl('dashboard/script', $params);
echofooter();
}
- {input_username}
- {input_email}
- {input_commentbox}
- {smiles}
- [captcha] ... {captcha} ... [/captcha] - if captcha enabled only
- [submit]..[/submit] - make submit box
*/
$member = member_get();
if ($member && test('Mac') || !$member) {
$comment_url = getoption('rw_engine') ? $_SERVER['REQUEST_URI'] : PHP_SELF;
echo '<form name="comment_frm" action="' . $comment_url . '" method="POST"/>';
echo '<input type="hidden" name="id" value="' . $id . '" />';
echo '<input type="hidden" name="subaction" value="addcomment" />';
echo '<input type="hidden" name="popup" value="' . cn_htmlspecialchars(REQ('popup')) . '" />';
echo '<input type="hidden" name="referer" value="' . cn_htmlspecialchars($_SERVER['REQUEST_URI']) . '" />';
$edit_id = intval(REQ('edit_id'));
if ($edit_id) {
echo '<input id="edt_comm_mode" type="hidden" name="edit_id" value="' . intval($edit_id) . '" />';
}
if ($is_encode) {
$comments = $entry['co'];
foreach ($comments as $item) {
$ni = iconv('UTF-8', $user_encoding . '//TRANSLIT', $item['c']);
if ($ni) {
$entry['co'][$item['id']]['c'] = $ni;
}
}
}
$echo = entry_make($entry, 'form', $template, 'comm');
// Keep [bb]codes[/bb]
if ($edit_id) {
<?php
/**
* @desc show_archives.php is DEPRECATED, use show_news.php instead
* In news is [archid] field, copied by migration script
*/
require_once 'core/init.php';
// Check including & init
check_direct_including('show_archives.php');
$_list_archives = db_get_archives();
if (isset($static) && $static) {
$_archive = 0;
} else {
$_archive = REQ('archive');
}
// Select
if (!$_archive) {
krsort($_list_archives);
foreach ($_list_archives as $id => $info) {
$count = intval($info['c']);
if ($url = cn_rewrite('archive', $id)) {
$arch_url = $url;
} else {
$arch_url = cn_url_modify('archive=' . $id);
}
echo "<a href=\"{$arch_url}\">" . date("d M Y", $info['min']) . " – " . date("d M Y", $info['max']) . " (<b>{$count}</b>)</a><br />";
}
$_found_archives = count($_list_archives);
unset($static, $id);
} else {
include 'show_news.php';
if ($enter_without_login) {
$is_loged_in = TRUE;
// Initial
$member_db = array(UDB_ID => time(), UDB_ACL => ACL_LEVEL_ADMIN, UDB_NAME => 'Administrator', UDB_PASS => md5('123456'), UDB_NICK => '', UDB_EMAIL => '*****@*****.**', UDB_COUNT => 0, UDB_CBYEMAIL => 1, UDB_AVATAR => '', UDB_LAST => time());
if (REQ('section') == 'main_area') {
$ht = hash_generate(REQ('admin_passwd'));
$member_db[UDB_NAME] = REQ('admin_name');
$member_db[UDB_EMAIL] = REQ('admin_email');
$member_db[UDB_PASS] = $ht[count($ht) - 1];
if (REQ('admin_name') == false) {
msg('error', lang('error'), lang('Enter name'), '#GOBACK');
}
if (REQ('admin_email') == false) {
msg('error', lang('error'), lang('Enter email'), '#GOBACK');
}
if (REQ('admin_passwd') == false) {
msg('error', lang('error'), lang('Enter password'), '#GOBACK');
}
// add user
user_add($member_db);
make_crypt_salt();
// Run Once
if (!file_exists(SERVDIR . '/cdata/installed.mark')) {
fclose(fopen(SERVDIR . '/cdata/installed.mark', 'w'));
relocation("http://www.cutephp.com/thanks.php?referer=" . urlencode(base64_encode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'])));
} else {
msg('info', 'Notification', lang('You have successfully installed Cutenews! Refresh page to login.'));
}
}
}
if (empty($is_loged_in)) {
<table>
<tr>
<td valign="top">
<table class="panel">
<tr>
<td>Username</td>
<td><input type="text" name="username" value="<?php
echo REQ('username', 'POST');
?>
"/></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="email" value="<?php
echo REQ('email', 'POST');
?>
"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password1" /></td>
</tr>
<tr>
<td>Confirm</td>
<td><input type="password" name="password2" /></td>
</tr>
<?php
if ($permission_ok) {
?>
<tr>
echo $id;
?>
) <?php
echo $cat['name'];
?>
</option>
<?php
}
}
?>
</select>
<br>
<label for="allcategory">
<input id="allcategory" <?php
if (REQ('rss_allcategory')) {
echo "checked=''";
}
?>
onclick="if (this.checked) { getElementById('category').style.display='none';} else {getElementById('category').style.display='';}" type="checkbox" value="yes" name="rss_allcategory"> Or show from all allowed categories
</label>
<?php
} else {
?>
<em>All</em><?php
}
?>
</td>
function media_invoke()
{
$popup_form = '';
list($path, $opt) = GET('folder, opt', 'GETPOST');
list($do_action, $pending) = GET('do_action, pending', 'POST');
// Change default uploads dir
$udir = cn_path_construct(SERVDIR, 'uploads');
if (getoption('uploads_dir')) {
$udir = preparation_path(getoption('uploads_dir'));
}
$edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads';
$dfile = cn_path_construct($udir, $path);
// Remove root identifier
$path = preparation_path($path);
// Path detection
$path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path);
$root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR;
$just_uploaded = array();
// Get path struct
$pathes = spsep($path, DIRECTORY_SEPARATOR);
if (isset($pathes[0]) && $pathes[0] === '') {
unset($pathes[0]);
}
// Do upload files
if (request_type('POST')) {
cn_dsi_check();
// Allowed Exts.
$AE = spsep(getoption('allowed_extensions'));
// Generate thumbnail after upload
$thumbnail_with_upload = getoption('thumbnail_with_upload');
// UPLOAD FILES
if (REQ('upload', 'POST')) {
list($overwrite) = GET('overwrite');
$is_uploaded = FALSE;
// Try for fopen url upload
if ($upload_from_inet = REQ('upload_from_inet')) {
if (ini_get('allow_url_fopen')) {
// Get filename
$url_name = spsep($upload_from_inet, '/');
$url_name = $url_name[count($url_name) - 1];
$url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name);
$url_name = str_replace('%', '_', $url_name);
// resolve filename
$c_file = $dfile . $url_name;
// Overwrite [if can], or add file
if ($overwrite && file_exists($c_file) || !file_exists($c_file)) {
// Use context for disable error notices
if (function_exists('stream_context_create')) {
$context = stream_context_create(array('http' => array('ignore_errors' => true)));
$fw = fopen($upload_from_inet, 'rb', false, $context);
} else {
// Read file
$fw = fopen($upload_from_inet, 'rb');
}
// --------- (fetch content) ------
ob_start();
fpassthru($fw);
$file_image = ob_get_clean();
fclose($fw);
// ---------
// write2disk
if ($wf = fopen($c_file, 'w')) {
fwrite($wf, $file_image);
fclose($wf);
}
// check image
list($w, $h) = getimagesize($c_file);
if ($w && $h) {
cn_throw_message('File uploaded');
$max_width = getoption('max_thumbnail_width');
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
$is_uploaded = TRUE;
$just_uploaded[$url_name] = TRUE;
} else {
cn_throw_message("Wrong image file", 'e');
unlink($c_file);
}
} else {
cn_throw_message("Can't overwrite or save", 'e');
}
} else {
cn_throw_message('allow_url_fopen=0, check server configurations');
}
}
// Upload from local
foreach ($_FILES['upload_file']['name'] as $id => $name) {
if ($name) {
$ext = NULL;
if (preg_match('/\\.(\\w+)$/i', $name, $c)) {
$ext = strtolower($c[1]);
}
// Check allowed ext
if ($ext && in_array($ext, $AE)) {
// encode url
$name = str_replace('%2F', '/', urlencode($name));
// encoded? replace filename
if (strpos($name, '%') !== FALSE) {
$name = str_replace('%', '', strtolower($name));
}
// check file for exist
if (file_exists($c_file = $dfile . $name)) {
if ($overwrite) {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e');
continue;
}
}
// Upload file to server
if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) {
$just_uploaded[$name] = TRUE;
cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]');
$max_width = getoption('max_thumbnail_width');
list($w, $h) = getimagesize($c_file);
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e');
}
} else {
cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e');
}
} elseif (!$is_uploaded) {
cn_throw_message('No selected files for upload', 'e');
}
}
} elseif ($do_action || $pending) {
list($rm) = GET('rm', 'POST');
// action --> delete entries
if ($do_action == 'delete') {
if (empty($rm)) {
cn_throw_message('No files selected', 'w');
} else {
foreach ($rm as $file) {
if (file_exists($cfile = $dfile . $file)) {
if (is_dir($cfile)) {
rmdir($cfile);
} else {
//get thumbnail path
$path_parts = pathinfo($cfile);
$thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename'];
if (file_exists($thumbnail_path)) {
unlink($thumbnail_path);
}
unlink($cfile);
}
}
if (file_exists($cfile)) {
cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully');
}
}
}
} elseif ($do_action == 'create') {
$popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />';
} elseif ($pending == 'create') {
$new_dir_arr = GET('new_dir', 'POST');
$new_folder = array_pop($new_dir_arr);
$new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder);
if ($new_folder) {
$cfile = $dfile . $new_folder;
if (is_dir($cfile)) {
cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e');
} else {
mkdir($cfile);
if (!is_dir($cfile)) {
cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e');
} else {
cn_throw_message('Folder [' . $new_folder . '] created!');
}
}
} else {
cn_throw_message('Specify folder name', 'w');
}
$popup_form = '';
} elseif ($do_action == 'rename') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>';
$popup_form .= i18n('Tip: Write new file name') . '<br />';
$popup_form .= '<table>';
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> ';
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to rename', 'w');
}
} elseif ($pending == 'rename') {
// ...
list($ids, $place) = GET('ids, place', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
if (in_array(md5($file), $safe_dir)) {
$filename = $place[$id];
if (strpos($filename, '\\') || strpos($filename, '/')) {
cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e');
continue;
}
$renameto = $root_dir . $filename;
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $renameto)) {
if (file_exists($thumb)) {
rename($thumb, $root_dir . '.thumb.' . $filename);
}
cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename)));
} else {
cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'move') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>';
$popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />';
$popup_form .= '<table>';
$folders = array();
$dirs = scan_dir($root_dir);
foreach ($dirs as $entry) {
if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) {
$folders[] = $entry;
}
}
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td>';
$cnt_folders = count($folders);
if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) {
$popup_form .= '<select name="place_folder_' . $id . '">';
foreach ($folders as $dirn) {
if ($dirn != $hfn) {
$popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>';
}
}
$popup_form .= '</select>';
}
if ($root_dir != $udir) {
$popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>';
} else {
$popup_form .= '<nobr> X Move up (You are in root folder)</nobr>';
}
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to move', 'w');
}
} elseif ($pending == 'move') {
// ...
list($ids, $moveup) = GET('ids, moveup', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
list($place_folder) = GET('place_folder_' . $id);
if (in_array(md5($file), $safe_dir)) {
$NF = '';
$foldername = preg_replace('/\\.\\//i', '', $place_folder);
// move this file up
if (isset($moveup[$id]) && count($pathes) > 0) {
$nwfolder = dirname($root_dir);
$foldername = 'up folder';
} else {
$nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername;
if ($rm[0]) {
$NF = $rm[0] . DIRECTORY_SEPARATOR;
}
}
$moveto = $nwfolder . DIRECTORY_SEPARATOR . $file;
//check for image thumbnail
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $moveto)) {
if (file_exists($thumb)) {
rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file);
}
cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername)));
} else {
cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'thumb') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Make thumbnails', $do_action);
} else {
cn_throw_message('Select files to make thumbnail', 'w');
}
} elseif ($pending == 'thumb') {
do_resize_image($root_dir);
} elseif ($do_action == 'resize') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Resize source image', $do_action);
} else {
cn_throw_message('Select files to resize', 'w');
}
} elseif ($pending == 'resize') {
do_resize_image($root_dir, false);
} elseif (!hook('media/post_action')) {
msg_info("Action error");
}
}
}
// Check dir exists
if (is_dir($root_dir)) {
$raw_files = scan_dir($root_dir);
} else {
cn_throw_message('Dir not exists', 'e');
$raw_files = array();
}
$dirs = $files = array();
foreach ($raw_files as $file) {
if (preg_match('/avatar_/', $file)) {
continue;
}
$file_location = "{$root_dir}/{$file}";
if (is_dir($file_location)) {
$dirs[] = array('url' => "{$path}/{$file}", 'name' => $file);
} elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) {
list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file);
$is_thumb = preg_match('/\\.thumb\\./', $file);
$files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1));
}
}
uasort($dirs, 'usort_by_name_asc');
uasort($files, 'usort_by_name_asc');
// Top level (dashboard)
cn_bc_add('Dashboard', cn_url_modify(array('reset')));
cn_bc_add('Media manager', cn_url_modify());
cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir);
if ($opt === 'inline') {
echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general'));
} else {
echoheader('-@media/style.css', 'Media manager');
echo exec_tpl('media/general');
echofooter();
}
}
<?php
if (!defined('INIT_INSTANCE')) {
die('Access restricted');
}
hook('init_main');
// If member access level is commenter, redirect him to personal options
if ($member_db[UDB_ACL] == ACL_LEVEL_COMMENTER) {
relocation($config_http_script_dir . "/index.php?mod=options&action=personal");
}
// ----------------------------------------
if (REQ('action', 'GET') == 'permissions') {
$errors = cn_selfcheck();
if (empty($errors)) {
msg('info', lang('Everything is OK'), lang('All the files are writable'), '#GOBACK');
} else {
msg('info', lang('Permissions error'), proc_tpl('main/perms'));
}
}
// Check previous versions
$data_folder_exists = is_dir(SERVDIR . '/data') ? 1 : 0;
// ----------------------------------------
echoheader("home", lang("Welcome"));
if (!is_readable(SERVDIR . "/cdata/archives")) {
die_stat(false, lang("Cannot open directory `archives` for reading, check if it exists or is properly CHMOD'ed"));
}
if (!is_readable(SERVDIR . "/cdata/news.txt")) {
die_stat(false, lang("Cannot open file news.txt for reading, check if it exists or is properly CHMOD'ed"));
}
if (!is_readable(SERVDIR . "/cdata/comments.txt")) {
die_stat(false, lang("Cannot open file comments.txt for reading, check if it exists or is properly CHMOD'ed"));
function cn_modify_bb_comm_submit($e, $t)
{
$echo = '<input type="submit" value="' . cn_htmlspecialchars($t) . '" class="cn_submit_bb"/>';
if ((test('Mea') || test('Mes')) && intval(REQ('edit_id'))) {
$echo .= '<input type="submit" name="cm_edit_comment" value="Edit comment" class="cn_edit_bb"/>';
}
return $echo;
}
<div>Plugin widgets there.</div>
<?php
cn_widget('calendar');
?>
<br/>
<!-- SECTION: SEARCH -->
<h3>Quick search</h3>
<form action="<?php
echo PHP_SELF;
?>
" method="GET">
<input type="hidden" name="dosearch" value="Y" />
<div>
<input style="width: 200px; padding: 4px;" class="text" type="text" name="search" value="<?php
echo cn_htmlspecialchars(REQ('search'));
?>
" />
<input style="width: 75px; padding: 4px;" class="submit" type="submit" value="search it!" />
</div>
</form>
<!-- SECTION: LIVE EXAMPLE -->
<h3>Play with parameters</h3>
<form action="<?php
echo PHP_SELF;
?>
" method="POST">
<table>
<tr><td>$PHP_SELF</td> <td><input type="text" name="pw[PHP_SELF]" value="<?php
echo cn_htmlspecialchars($pw['PHP_SELF'] ? $pw['PHP_SELF'] : PHP_SELF);
}
if (empty($files)) {
?>
<tr><td colspan="6" align="center"><b>Files not found</b></td></tr><?php
}
?>
</table>
<!-- Action not work with popup -->
<?php
if ($popup_form) {
?>
<input type="hidden" name="pending" value="<?php
echo cn_htmlspecialchars(REQ('do_action', 'POST'));
?>
" />
<div class="media_popup_form"><?php
echo $popup_form;
?>
<input type="submit" value="Submit"></div>
<?php
} else {
?>
<div class="media_rgt_button">
Action
<select name="do_action">
<option value="move">Move</option>
<?php
// init
list($source, $page, $per_page, $entries, $showed, $entries_total, $userlist) = _GL('source, page, per_page, entries, entries_showed:intval, entries_total:intval, userlist');
list($sort, $dir, $ptree, $YS, $MS, $DS, $TY, $TM, $TD) = _GL('sort, dir, ptree, year_selected, mon_selected, day_selected, TY, TM, TD');
list($nactive, $ndraft, $nprospect, $has_next, $archives) = _GL('nactive, ndraft, nprospect, has_next, archives');
list($category_filters, $user_filters, $cat_filter) = _GL('category_filters, user_filters, cat_filter');
$i = 0;
$page = intval($page);
$archive_id = intval(REQ('archive_id', 'GPG'));
$category = cn_get_categories(false);
// MESSAGES BLOCK
cn_snippet_messages();
?>
<div class="panel">
<div style="float: right;">
Entries on page: <?php
foreach (array(25, 50, 100, 250) as $_per_page) {
echo ' <a href="' . cn_url_modify('mod=editnews', "per_page={$_per_page}") . '" ' . ($per_page == $_per_page ? 'class="b"' : '') . '>' . $_per_page . '</a> ';
}
?>
<a style="color: #008080;" href="#" onclick="DoDiv('filters'); return false;">[Change filters]</a>
</div>
<?php
echo i18n('Showed <b>%1</b> ', $showed);
if ($nprospect) {
echo i18n('(postponed <b>%1</b>)', $nprospect);
}
echo i18n(' from total <b>%1</b> ', $entries_total);
}
if (!$number) {
$number = 25;
}
$form = cn_get_template('search', $template);
$form = str_replace('{php_self}', PHP_SELF, $form);
// Basic Input Box
$form = str_replace('{search_basic}', '<input type="hidden" name="template" value="' . cn_htmlspecialchars(REQ('template')) . '" /><input type="hidden" name="dosearch" value="yes" /><input class="cn_search_basic" type="text" name="search" value="' . cn_htmlspecialchars($search) . '" />', $form);
$form = str_replace('{author}', '<input class="cn_author" type="text" name="user" value="' . cn_htmlspecialchars($user) . '" />', $form);
$form = str_replace('{in_archives}', '<input class="cn_in_archives" type="checkbox" name="archives" value="Y" ' . ($archives ? 'checked' : '') . ' />', $form);
// Make submit button
$form = preg_replace('/\\[submit\\](.*?)\\[\\/submit\\]/', '<input class="cn_submit" type="submit" value="\\1" />', $form);
// Hidden fields placeholder [hid=name] --> input:hidden
if (preg_match_all('/\\[hid=(.*?)\\]/i', $form, $c, PREG_SET_ORDER)) {
foreach ($c as $v) {
$form = str_replace($v[0], '<input type="hidden" name="' . $v[1] . '" value="' . REQ($v[1]) . '" />', $form);
}
}
// Date selection
list($_df, $_mf, $_yf) = make_postponed_date($date_from);
list($_dt, $_mt, $_yt) = make_postponed_date($date_to);
$_ds = array('{select=year:from}' => array('from_date_year', $_yf), '{select=mon:from}' => array('from_date_month', $_mf), '{select=day:from}' => array('from_date_day', $_df), '{select=year:to}' => array('to_date_year', $_yt), '{select=mon:to}' => array('to_date_month', $_mt), '{select=day:to}' => array('to_date_day', $_dt));
foreach ($_ds as $id => $opt) {
$form = str_replace($id, '<select name="' . $opt[0] . '" class="cn_' . $opt[0] . '">' . $opt[1] . '</select>', $form);
}
echo $form;
// ---------------------------------------------------------------------------------------------------------------------
if ($dosearch) {
$mc_start = microtime(true);
// Remove parameters for go to news from searchbox
$_static_qr = 'dosearch,archives,search,from_date_year,from_date_month,from_date_day,to_date_year,to_date_month,to_date_day,search_st,number,archive,template';
if (!$comment) {
$comment = $bkp;
}
}
// ID => [u]ser, [c]comment text, [e]mail, [ip] */
$db[$id]['co'][$cid] = array('id' => $cid, 'u' => $name, 'e' => $mail, 'ip' => CLIENT_IP, 'c' => $comment, 'ed' => $edit_id);
db_save_news($db, $nloc);
// save db piece
db_comm_sync($id, $cid);
// update latest comments
// Hook comment checker
if (hook('add_comment_checker', FALSE)) {
return FALSE;
}
// Notify for New Comment
if (getoption('notify_comment')) {
$url = $_SERVER['HTTP_REFERER'];
$date = date(getoption('timestamp_active'), ctime());
$subject = i18n("CuteNews - New Comment Added");
$message = i18n("New Comment was added by %1 on %3 at %4\n\n%2 ", $name, $comment, $date, $url);
cn_send_mail(getoption('notify_email'), $subject, $message);
}
// Also, remember non authorized user
if (!$logged_as_member && isset($_POST['cn_remember_me'])) {
cn_guest_auth($name, $mail);
}
// Redirect...
$ref = preg_replace('/&edit_id=\\d+/', '', REQ('referer'));
echo '<script type="text/javascript">window.location="' . addslashes($ref) . '";</script>';
echo '<div><a href="' . $refer . '">click there</a> if automatic redirect not work</div>';
return FALSE;
function CSRFCheck()
{
global $config_csrf, $_SESS;
// no check CSRF
if ($config_csrf == 0) {
return TRUE;
}
$user = $_SESS['user'];
$csrf_storage = SERVDIR . '/cdata/csrf.php';
$csrf_correct = 0;
$csrf_code = REQ('csrf_code');
$rcheck = file($csrf_storage);
foreach ($rcheck as $id => $vdata) {
list($time, $csrf, $user_name) = explode('|', trim($vdata));
// Check for correct user & csrf code -> unset
if ($user_name == $user && $csrf == $csrf_code) {
unset($rcheck[$id]);
$csrf_correct = 1;
}
// 5-min limit for CSRF
if ($time < time() - 300) {
unset($rcheck[$id]);
}
}
rewritefile('/cdata/csrf.php', '<' . '?php die(); ?>' . "\n" . join('', $rcheck));
if ($csrf_correct == 0) {
add_to_log($_SESS['user'], 'CSRF Missed ' . $_SERVER['HTTP_REFERER']);
msg("error", lang('Error!'), '<div>CSRF fail <a href="' . make_nocache() . '">Go back</div>');
}
}
