/**
* Star/Unstar private messages
*
* @param array $message_id messages ids
*
* @return bool true if action sucsessfull
* @global CotDB $db
*/
function cot_star_pm($message_id)
{
global $db, $usr, $db_pm, $cfg;
if (!is_array($message_id)) {
return false;
}
foreach ($message_id as $k => $v) {
$msg[] = (int) cot_import($k, 'D', 'INT');
}
if (count($msg) > 0) {
$msg = '(' . implode(',', $msg) . ')';
$sql = $db->query("SELECT * FROM {$db_pm} WHERE pm_id IN {$msg}");
while ($row = $sql->fetch()) {
$id = $row['pm_id'];
if ($row['pm_fromuserid'] == $usr['id'] && $row['pm_touserid'] == $usr['id']) {
$fromstate = $row['pm_fromstate'] == 2 ? 1 : 2;
$sql2 = $db->update($db_pm, array('pm_tostate' => (int) $fromstate, 'pm_fromstate' => (int) $fromstate), "pm_id = {$id}");
} elseif ($row['pm_touserid'] == $usr['id']) {
$tostate = $row['pm_tostate'] == 2 ? 1 : 2;
$sql2 = $db->update($db_pm, array('pm_tostate' => (int) $tostate), "pm_id = {$id}");
} elseif ($row['pm_fromuserid'] == $usr['id']) {
$fromstate = $row['pm_fromstate'] == 2 ? 1 : 2;
$sql2 = $db->update($db_pm, array('pm_fromstate' => (int) $fromstate), "pm_id = {$id}");
}
}
$sql->closeCursor();
}
return true;
}
public function indexAction()
{
global $structure;
if (!cot_module_active('rss')) {
cot_die_message(404, TRUE);
}
$c = cot_import('c', 'G', 'TXT');
if (!empty($c)) {
if (!isset($structure['advboard'][$c])) {
cot_die_message(404, TRUE);
}
list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin']) = cot_auth('advboard', $c);
cot_block(cot::$usr['auth_read']);
}
$rss_title = cot::$L['advboard_rss_feed'] . cot::$cfg['maintitle'];
$rss_link = cot::$cfg['mainurl'];
$rss_description = cot::$cfg['subtitle'];
$domain = cot::$sys['domain'];
$condition = array(array('state', advboard_model_Advert::PUBLISHED), array('begin', cot::$sys['now'], '<='), array('SQL', "expire = 0 OR expire > " . cot::$sys['now']));
if (!empty($c)) {
$rss_title = cot::$L['advboard_rss_feed'] . $structure['advboard'][$c]['title'] . ' - ' . cot::$cfg['maintitle'];
$condition[] = array('category', $c);
}
$advertisement = advboard_model_Advert::find($condition, cot::$cfg['rss']['rss_maxitems'], 0, array(array('sort', 'desc')));
$t = new XTemplate(cot_tplfile('rss'));
$now = cot::$sys['now'];
$now += cot::$usr['timezone'] * 3600;
$t->assign(array('RSS_ENCODING' => cot::$cfg['rss']['rss_charset'], 'RSS_TITLE' => htmlspecialchars($rss_title), 'RSS_LINK' => $rss_link, 'RSS_LANG' => cot::$cfg['defaultlang'], 'RSS_DESCRIPTION' => htmlspecialchars($rss_description), 'RSS_DATE' => $this->fixPubDate(date("r", $now))));
if (!empty($advertisement)) {
foreach ($advertisement as $advert) {
$url = $advert->url;
if (!cot_url_check($url)) {
$url = COT_ABSOLUTE_URL . $url;
}
$date = '';
if (!empty($advert->created)) {
$date = strtotime($advert->created);
$date += cot::$usr['timezone'] * 3600;
$date = date('r', $date);
$date = $this->fixPubDate($date);
}
$text = $advert->text;
$textlength = intval(cot::$cfg['rss']['rss_pagemaxsymbols']);
if ($textlength > 0 && mb_strlen($text) > $textlength) {
$text = cot_string_truncate($text, $textlength, true, false, cot::$R['advboard_cuttext']);
}
$t->assign(array('RSS_ROW_TITLE' => htmlspecialchars($advert->title), 'RSS_ROW_DESCRIPTION' => $this->convertRelativeUrls($text), 'RSS_ROW_DATE' => $date, 'RSS_ROW_LINK' => $url));
$t->parse('MAIN.ITEM_ROW');
}
}
$t->parse('MAIN');
// ob_clean();
header('Content-type: text/xml; charset=UTF-8');
echo $t->text('MAIN');
exit;
}
/**
* Validates captcha input
*
* @param int $res User result
* @return bool
*/
function mcaptcha_validate($res)
{
global $cfg;
// Check anti-hammer
if (time() - $_SESSION['mcaptcha_time'] > $cfg['plugin']['mcaptcha']['delay']) {
// Check salt (form-to-session tie)
if (cot_import('mcaptcha_salt', 'POST', 'ALP') == $_SESSION['mcaptcha_salt']) {
// Check per-result counter
if ($_SESSION['mcaptcha_count'] == 0) {
// Check the result
if ($res == $_SESSION['mcaptcha_res']) {
return TRUE;
}
}
}
}
$_SESSION['mcaptcha_count']++;
return FALSE;
}
/**
* Импортировать файл
*/
function brs_importFile($inputname, $oldvalue = '')
{
global $lang, $cot_translit, $brs_allowed_ext, $brs_files_dir, $cfg;
$import = !empty($_FILES[$inputname]) ? $_FILES[$inputname] : array();
$import['delete'] = cot_import('del_' . $inputname, 'P', 'BOL') ? 1 : 0;
// Если пришел файл или надо удалить существующий
if (is_array($import) && !$import['error'] && !empty($import['name'])) {
$fname = mb_substr($import['name'], 0, mb_strrpos($import['name'], '.'));
$ext = mb_strtolower(mb_substr($import['name'], mb_strrpos($import['name'], '.') + 1));
if (!file_exists($brs_files_dir)) {
mkdir($brs_files_dir);
}
//check extension
if (empty($brs_allowed_ext) || in_array($ext, $brs_allowed_ext)) {
if ($lang != 'en') {
require_once cot_langfile('translit', 'core');
$fname = is_array($cot_translit) ? strtr($fname, $cot_translit) : '';
}
$fname = str_replace(' ', '_', $fname);
$fname = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $fname);
$fname = str_replace('..', '.', $fname);
$fname = empty($fname) ? cot_unique() : $fname;
$fname .= file_exists("{$brs_files_dir}/{$fname}.{$ext}") && $oldvalue != $fname . '.' . $ext ? date("YmjGis") : '';
$fname .= '.' . $ext;
$file['old'] = !empty($oldvalue) && ($import['delete'] || $import['tmp_name']) ? $oldvalue : '';
$file['tmp'] = !$import['delete'] ? $import['tmp_name'] : '';
$file['new'] = !$import['delete'] ? $brs_files_dir . $fname : '';
if (!empty($file['old']) && file_exists($file['old'])) {
unlink($file['old']);
}
if (!empty($file['tmp']) && !empty($file['tmp'])) {
move_uploaded_file($file['tmp'], $file['new']);
}
return $file['new'];
} else {
cot_error(cot::$L['brs_err_inv_file_type'], $inputname);
return '';
}
}
}
/* ======== System messages ======== */
/* ======== System messages ======== */
case '916':
$rd = 2;
$ru = cot_url('admin');
break;
case '920':
if (!empty($m)) {
// Load module or plugin langfile
if (file_exists(cot_langfile($m, 'module'))) {
include cot_langfile($m, 'module');
} elseif (file_exists(cot_langfile($m, 'plug'))) {
include cot_langfile($m, 'plug');
}
}
$lng = cot_import('lng', 'G', 'ALP');
if (!empty($lng)) {
// Assign custom message
if (isset($L[$lng])) {
$body = $L[$lng];
}
}
$rc = '920';
break;
case '930':
if ($usr['id'] > 0) {
break;
}
$rd = 2;
if (!empty($redirect)) {
$uri_redirect = base64_decode($redirect);
* [END_COT_EXT]
*/
/**
* Robox billing Plugin
*
* @package roboxbilling
* @version 1.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru
* @license BSD
*/
defined('COT_CODE') && defined('COT_PLUG') or die('Wrong URL');
require_once cot_incfile('roboxbilling', 'plug');
require_once cot_incfile('payments', 'module');
$m = cot_import('m', 'G', 'ALP');
$pid = cot_import('pid', 'G', 'INT');
if (empty($m)) {
// Получаем информацию о заказе
if (!empty($pid) && ($pinfo = cot_payments_payinfo($pid))) {
cot_block($pinfo['pay_status'] == 'new' || $pinfo['pay_status'] == 'process');
$url = $cfg['plugin']['roboxbilling']['testmode'] ? 'http://test.robokassa.ru/Index.aspx' : 'https://merchant.roboxchange.com/Index.aspx';
$mrh_login = $cfg['plugin']['roboxbilling']['mrh_login'];
$mrh_pass1 = $cfg['plugin']['roboxbilling']['mrh_pass1'];
$inv_id = $pid;
$shp_item = !empty($pinfo['pay_code']) ? $pinfo['pay_area'] . '_' . $pinfo['pay_code'] : $pinfo['pay_area'];
$inv_desc = $pinfo['pay_desc'];
$in_curr = '';
$culture = "ru";
$out_summ = $pinfo['pay_summ'] * $cfg['plugin']['roboxbilling']['rate'];
if ($cfg['plugin']['roboxbilling']['testmode']) {
$test_string = "&IsTest=1";
<?php
/**
* mavatars for Cotonti CMF
*
* @version 1.00
* @author esclkm
* @copyright (c) 2013 esclkm
*/
defined('COT_CODE') or die('Wrong URL');
$ext = cot_import('ext', 'G', 'TXT');
$cat = cot_import('cat', 'G', 'TXT');
$code = cot_import('code', 'G', 'TXT');
$id = cot_import('id', 'G', 'INT');
$width = cot_import('width', 'G', 'INT');
$height = cot_import('height', 'G', 'INT');
$resize = cot_import('resize', 'G', 'TXT');
$filter = cot_import('filter', 'G', 'TXT');
$quality = cot_import('quality', 'G', 'INT');
if (empty($quality)) {
$quality = 85;
}
if (empty($resize)) {
$resize = 'crop';
}
$mavatar = new mavatar($ext, $cat, $code, $id);
$mavatars_tags = $mavatar->tags();
$image = $mavatar->thumb($mavatars_tags[1], $width, $height, $resize, $filter, $quality);
header('Content-Type: image/jpeg');
readfile($image);
exit;
}
$where = array();
$order = array();
$where['state'] = "item_state=0";
if (!empty($c)) {
$catsub = cot_structure_children('market', $c);
$where['cat'] = "item_cat IN ('" . implode("','", $catsub) . "')";
}
if (!empty($sq)) {
$words = explode(' ', preg_replace("'\\s+'", " ", $sq));
$sqlsearch = '%' . implode('%', $words) . '%';
$where['search'] = "(item_title LIKE '" . $db->prep($sqlsearch) . "' OR item_text LIKE '" . $db->prep($sqlsearch) . "')";
}
// Extra fields
foreach ($cot_extrafields[$db_market] as $exfld) {
$fld_value = cot_import($exfld['field_name'], 'G', 'TXT');
$fld_value = $db->prep($fld_value);
if (!empty($shfld[$exfld['field_name']])) {
$where[$exfld['field_name']] = "item_" . $exfld['field_name'] . " LIKE '%" . $fld_value . "%'";
}
}
switch ($sort) {
case 'costasc':
$order['cost'] = 'item_cost ASC';
break;
case 'costdesc':
$order['cost'] = 'item_cost DESC';
break;
default:
$order['date'] = 'item_date DESC';
break;
Hooks=tools
[END_COT_EXT]
==================== */
/**
* Admin interface for Contact plugin
*
* @package Contact
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') or die('Wrong URL');
require_once cot_incfile('contact', 'plug');
$a = cot_import('a', 'G', 'TXT');
$id = (int) cot_import('id', 'G', 'INT');
list($pg, $d, $durl) = cot_import_pagenav('d', $cfg['maxrowsperpage']);
$rtext = cot_import('rtext', 'P', 'TXT');
if ($a == 'del') {
$sql_contact_delete = $db->query("SELECT * FROM {$db_contact} WHERE contact_id={$id} LIMIT 1");
if ($row_contact_delete = $sql_contact_delete->fetch()) {
$db->delete($db_contact, "contact_id = {$id}");
foreach ($cot_extrafields[$db_contact] as $exfld) {
cot_extrafield_unlinkfiles($row_contact_delete['contact_' . $exfld['field_name']], $exfld);
}
cot_message('Deleted');
}
} elseif ($a == 'val') {
$db->update($db_contact, array('contact_val' => 1), "contact_id = {$id}");
cot_message('Updated');
} elseif ($a == 'unval') {
$db->update($db_contact, array('contact_val' => 0), "contact_id = {$id}");
cot_message('Updated');
/**
* folio module
*
* @package folio
* @version 2.5.2
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', 'any', 'RWA');
cot_block($usr['auth_read']);
$id = cot_import('id', 'G', 'INT');
$al = $db->prep(cot_import('al', 'G', 'TXT'));
$c = cot_import('c', 'G', 'TXT');
/* === Hook === */
foreach (cot_getextplugins('folio.first') as $pl) {
include $pl;
}
/* ===== */
if ($id > 0 || !empty($al)) {
$where = !empty($al) ? "item_alias='" . $al . "'" : 'item_id=' . $id;
$sql = $db->query("SELECT f.*, u.* FROM {$db_folio} AS f \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=f.item_userid WHERE {$where} LIMIT 1");
}
if (!$id && empty($al) || !$sql || $sql->rowCount() == 0) {
cot_die_message(404, TRUE);
}
$item = $sql->fetch();
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', $item['item_cat'], 'RWA');
cot_block($usr['auth_read']);
* 3 - deleted message
*/
/* === Hook === */
foreach (cot_getextplugins('pm.list.first') as $pl) {
include $pl;
}
/* ===== */
if (!empty($a)) {
$id = cot_import('id', 'G', 'INT');
// Message id
if ((int) $id > 0) {
$msg[$id] = $id;
}
} else {
$msg = cot_import('msg', 'P', 'ARR');
$a = cot_import('action', 'P', 'TXT');
}
if (count($msg) > 0) {
if ($a == 'delete') {
cot_check_xg();
cot_remove_pm($msg);
} elseif (!empty($a)) {
cot_star_pm($msg);
if (COT_AJAX && (int) $id > 0) {
die;
}
}
}
list($totalsentbox, $totalinbox) = cot_message_count($usr['id']);
$title[] = array(cot_url('pm'), $L['Private_Messages']);
if ($f == 'sentbox') {
* [END_COT_EXT]
*/
/**
* market module
*
* @package market
* @version 2.5.2
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
require_once cot_incfile('market', 'module');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', 'any', 'RWA');
$tab = cot_import('tab', 'G', 'ALP');
$category = $tab == 'market' ? cot_import('cat', 'G', 'TXT') : '';
list($pg, $d, $durl) = cot_import_pagenav('dmarket', $cfg['market']['cat___default']['maxrowsperpage']);
//маркет вкладка
$t1 = new XTemplate(cot_tplfile(array('market', 'userdetails'), 'module'));
$t1->assign(array("ADDPRD_URL" => cot_url('market', 'm=add'), "PRD_ADDPRD_URL" => cot_url('market', 'm=add'), "ADDPRD_SHOWBUTTON" => $usr['auth_write'] ? true : false, "RPD_ADDPRD_SHOWBUTTON" => $usr['auth_write'] ? true : false));
$where = array();
$order = array();
if ($usr['id'] == 0 || $usr['id'] != $urr['user_id'] && !$usr['isadmin']) {
$where['state'] = "item_state=0";
}
if ($category) {
$where['cat'] = 'item_cat=' . $db->quote($category);
}
$where['owner'] = "item_userid=" . $urr['user_id'];
$order['date'] = "item_date DESC";
$wherecount = $where;
<?php
/**
* pagecattree Plugin for Cotonti CMF
*
* @version 2.0.0
* @author esclkm, http://www.littledev.ru
* @copyright (c) 2008-2011 esclkm, http://www.littledev.ru
*/
defined('COT_CODE') or die('Wrong URL.');
$tree = $cot_structure->build_tree();
// max
//str_pad
if ($id > 0) {
require_once cot_incfile('cateditor', 'plug', 'admin.edit');
$editor = form_structure_editor($id);
} else {
$parentid = cot_import('parentid', 'G', 'INT');
require_once cot_incfile('cateditor', 'plug', 'admin.new');
$editor = form_structure_new($parentid);
}
$t->assign(array('NEWCATEGORY_URL' => cot_url('admin', 'm=other&p=cateditor&n=' . $n . '&parentid=' . $id), 'RESYNC_URL' => cot_url('admin', 'm=other&p=cateditor&n=' . $n . '&a=resyncall&' . cot_xg()), 'TREE' => $tree, 'EDITOR' => $editor));
<?php
/**
* [BEGIN_COT_EXT]
* Hooks=users.details.tags
* [END_COT_EXT]
*/
/**
* Reviews plugin
*
* @package reviews
* @version 2.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL.');
$tab = cot_import('tab', 'G', 'ALP');
$t->assign('REVIEWS', cot_reviews_list($urr['user_id'], 'users', '', 'users', "m=details&id=" . $urr['user_id'] . "&u=" . $urr['user_name'] . "&tab=reviews", '', $cfg['plugin']['reviews']['userall']));
if (!$cfg['plugin']['reviews']['userall']) {
$sqlarea = " AND item_area='users'";
}
$user_reviews_count = $db->query("SELECT COUNT(*) FROM {$db_reviews} WHERE item_touserid=" . (int) $urr['user_id'] . " {$sqlarea}")->fetchColumn();
$t->assign(array('USERS_DETAILS_REVIEWS_COUNT' => $user_reviews_count, "USERS_DETAILS_REVIEWS_URL" => cot_url('users', 'm=details&id=' . $urr['user_id'] . '&u=' . $urr['user_name'] . '&tab=reviews')));
session_start();
// Getting the server-relative path
$url = parse_url($cfg['mainurl']);
$sys['secure'] = $url['scheme'] == 'https' ? true : false;
$sys['scheme'] = $url['scheme'];
$sys['site_uri'] = $url['path'];
$sys['host'] = $url['host'];
$sys['domain'] = preg_replace('#^www\\.#', '', $url['host']);
if ($sys['site_uri'][mb_strlen($sys['site_uri']) - 1] != '/') {
$sys['site_uri'] .= '/';
}
$sys['port'] = empty($url['port']) ? '' : ':' . $url['port'];
$sys['abs_url'] = $url['scheme'] . '://' . $sys['host'] . $sys['port'] . $sys['site_uri'];
// Installer language selection support
if (empty($_SESSION['cot_inst_lang'])) {
$lang = cot_import('lang', 'P', 'ALP');
if (empty($lang)) {
$lang = cot_lang_determine();
}
} else {
$lang = $_SESSION['cot_inst_lang'];
}
require_once cot_langfile('main', 'core');
require_once $cfg['system_dir'] . '/resources.rc.php';
} else {
$branch = 'siena';
$prev_branch = 'genoa';
require_once $cfg['system_dir'] . '/database.php';
$dbc_port = empty($cfg['mysqlport']) ? '' : ';port=' . $cfg['mysqlport'];
$db = new CotDB('mysql:host=' . $cfg['mysqlhost'] . $dbc_port . ';dbname=' . $cfg['mysqldb'], $cfg['mysqluser'], $cfg['mysqlpassword']);
cot::init();
/**
* Saves updated values of config list in DB
*
* @param string $name Extension or Section name config belongs to
* @param array $optionslist Option list as return by cot_config_list()
* @param mixed $is_module Flag indicating if it is module or plugin config
* @param string $update_new_only Update changes values only
* @param string $source Source of imported data
* @return boolean|number Number of updated values
*/
function cot_config_update_options($name, &$optionslist, $is_module = false, $update_new_only = true, $source = 'POST')
{
global $cot_import_filters;
if (!is_array($optionslist)) {
return false;
}
$new_options = array();
//$cfg_var = $val;
foreach ($optionslist as $cfg_name => $cfg_var) {
// Visual separator/fieldset have no value
if ($cfg_var['config_type'] == COT_CONFIG_TYPE_SEPARATOR) {
continue;
}
$filtered = FALSE;
$builtin_filter = FALSE;
$data = $raw_input = cot_import($cfg_name, $source, 'NOC');
$custom_type = $cfg_var['config_type'] == COT_CONFIG_TYPE_CUSTOM && $cfg_var['config_variants'] && preg_match('#^(\\w+)\\((.*?)\\)$#', $cfg_var['config_variants'], $mt);
if ($custom_type) {
$custom_func = $mt[1];
$custom_filter_func = $custom_func . '_filter';
// use addition custom function for filtration if exists
if (function_exists($custom_filter_func)) {
$callback_params = preg_split('#\\s*,\\s*#', $mt[2]);
if (count($callback_params) > 0 && !empty($callback_params[0])) {
for ($i = 0; $i < count($callback_params); $i++) {
$callback_params[$i] = str_replace(array("'", '"'), array('', ''), $callback_params[$i]);
}
}
/**
* Filters Value with custom function
* @param string $data User input value
* @param array $cfg_var Config Variable data
* ... other callback params defined for function
* @return NULL|mixed Filtered Value or NULL in case Value can not be filtered.
* @see cot_config_type_int_filter() as example
*/
$filtered = call_user_func_array($custom_filter_func, array_merge(array(&$raw_input, $cfg_var), $callback_params));
} else {
// last part of custom function name may treats as built-in filter type
list($base_filter) = array_reverse(explode('_', strtoupper($custom_func)));
if (in_array(strtoupper($base_filter), array('INT', 'BOL', 'PSW', 'ALP', 'TXT', 'NUM')) || sizeof($cot_import_filters[$base_filter])) {
$filtered = cot_config_import($cfg_name, $source, $base_filter);
$builtin_filter = true;
}
}
}
if (is_null($filtered)) {
$optionslist[$cfg_name]['config_value'] = $builtin_filter ? '' : $raw_input;
} else {
if (false !== $filtered) {
$data = $filtered;
}
if (is_array($data)) {
$data = serialize($data);
}
if ($data != $cfg_var['config_value'] || !$update_new_only) {
$new_options[$cfg_name] = $data;
}
$optionslist[$cfg_name]['config_value'] = $data;
}
}
return sizeof($new_options) ? cot_config_set($name, $new_options, $is_module) : 0;
}
<?php
/**
* projects module
*
* @package projects
* @version 2.5.2
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
$id = cot_import('id', 'G', 'INT');
$r = cot_import('r', 'G', 'ALP');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', 'any', 'RWA');
cot_block($usr['auth_write']);
$item = $db->query("SELECT p.*, u.* FROM {$db_projects} AS p LEFT JOIN {$db_users} AS u ON u.user_id=p.item_userid WHERE item_id=" . (int) $id)->fetch();
if ($item['item_id'] != (int) $id) {
cot_die_message(404, TRUE);
}
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', $item['item_cat']);
cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']);
/* === Hook === */
foreach (cot_getextplugins('projects.preview.first') as $pl) {
include $pl;
}
/* ===== */
if ($a == 'save') {
cot_check_xg();
/* === Hook === */
foreach (cot_getextplugins('projects.preview.save.first') as $pl) {
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=ajax
[END_COT_EXT]
==================== */
/**
* Simple AJAX previewer for MarkItUp!
*
* @package MarItUp
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') or die('Wrong URL');
// Preview contents
$text = cot_import('text', 'P', 'HTM');
$style = '<link rel="stylesheet" type="text/css" href="' . $cfg['themes_dir'] . '/' . $theme . '/' . $theme . '.css" />' . "\n";
cot_sendheaders();
echo $style . '<body class="preview">' . cot_parse($text) . '</body>';
<?php
/**
* [BEGIN_COT_EXT]
* Hooks=tools
* [END_COT_EXT]
*/
defined('COT_CODE') or die('Wrong URL.');
require_once cot_langfile('paytop', 'plug');
$pt_cfg = cot_cfg_paytop();
$t = new XTemplate(cot_tplfile('paytop.admin', 'plug', true));
$id = cot_import('id', 'G', 'INT');
if ($a == 'add') {
$username = cot_import('username', 'P', 'TXT', 100, TRUE);
$area = cot_import('area', 'P', 'ALP');
$times = cot_import('times', 'P', 'INT');
$urr_id = $db->query("SELECT user_id FROM {$db_users} WHERE user_name='" . $username . "'")->fetchColumn();
cot_check(empty($username), 'paytop_error_username');
cot_check(empty($urr_id), 'paytop_error_userempty');
cot_check(empty($times), 'paytop_error_timesempty');
cot_check(empty($area), 'paytop_error_areaempty');
if (!cot_error_found()) {
cot_payments_userservice('paytop.' . $area, $urr_id, $times * $pt_cfg[$area]['period']);
/* === Hook === */
foreach (cot_getextplugins('paytop.done') as $pl) {
include $pl;
}
/* ===== */
/* === Hook === */
foreach (cot_getextplugins('paytop.' . $area . '.done') as $pl) {
include $pl;
* [BEGIN_COT_EXT]
* Hooks=ajax
* [END_COT_EXT]
*/
/**
* Location Selector for Cotonti
*
* @package locationselector
* @version 2.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL.');
$country = cot_import('country', 'R', 'TXT');
$region = cot_import('region', 'R', 'INT');
cot_sendheaders();
if (isset($_REQUEST['country'])) {
$regions = array();
if ($country != '0') {
$regions = cot_getregions($country);
}
$region_selectbox = array('regions' => array(0 => $L['select_region']) + $regions, 'disabled' => empty($country) || count($regions) == 0 ? 1 : 0);
echo json_encode($region_selectbox);
exit;
} else {
$cities = !empty($region) ? cot_getcities($region) : array();
$city_selectbox = array('cities' => array(0 => $L['select_city']) + $cities, 'disabled' => !$region || count($cities) == 0 ? 1 : 0);
echo json_encode($city_selectbox);
exit;
}
<?php
/**
* [BEGIN_COT_EXT]
* Hooks=users.register.add.validate
* [END_COT_EXT]
*/
/**
* plugin User Group Selector for Cotonti Siena
*
* @package usergroupselector
* @version 1.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
* */
defined('COT_CODE') or die('Wrong URL.');
require_once cot_langfile('usergroupselector', 'plug');
$usergroup = cot_import('usergroup', 'G', 'ALP');
if (cot_error_found() && !empty($usergroup)) {
cot_redirect(cot_url('users', 'm=register&usergroup=' . $usergroup, '', true));
}
list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage);
$dt = (int) cot_import('dt', 'G', 'INT');
// Tags displayed per page in standalone cloud
$perpage = $cfg['plugin']['tags']['perpage'];
// Array to register areas with tag functions provided
$tag_areas = array();
if (cot_module_active('page')) {
require_once cot_incfile('page', 'module');
$tag_areas[] = 'pages';
}
if (cot_module_active('forums')) {
require_once cot_incfile('forums', 'module');
$tag_areas[] = 'forums';
}
// Sorting order
$o = cot_import('order', 'P', 'ALP');
if (empty($o)) {
$o = mb_strtolower($cfg['plugin']['tags']['sort']);
}
$tag_order = '';
$tag_orders = array('Title', 'Date', 'Category');
foreach ($tag_orders as $order) {
$ord = mb_strtolower($order);
$selected = $ord == $o ? 'selected="selected"' : '';
$tag_order .= cot_rc('input_option', array('value' => $ord, 'selected' => $selected, 'title' => $L[$order]));
}
/* == Hook for the plugins == */
foreach (cot_getextplugins('tags.first') as $pl) {
include $pl;
}
/* ===== */
$rstructure['structure_icon'] = cot_import('rstructureicon', 'P', 'TXT');
$rstructure['structure_locked'] = cot_import('rstructurelocked', 'P', 'BOL') ? 1 : 0;
$rstructure['structure_area'] = $n;
$rtplmode = cot_import('rtplmode', 'P', 'INT');
$rtplquick = cot_import('rtplquick', 'P', 'TXT');
foreach ($cot_extrafields[$db_structure] as $exfld) {
$rstructure['structure_' . $exfld['field_name']] = cot_import_extrafields('rstructure' . $exfld['field_name'], $exfld);
}
$rstructure['structure_code'] != 'all' || cot_error('adm_structure_code_reserved', 'rstructurecode');
$rstructure['structure_code'] || cot_error('adm_structure_code_required', 'rstructurecode');
$rstructure['structure_path'] || cot_error('adm_structure_path_required', 'rstructurepath');
$rstructure['structure_title'] || cot_error('adm_structure_title_required', 'rstructuretitle');
if (!empty($rtplquick)) {
$rstructure['structure_tpl'] = $rtplquick;
} elseif ($rtplmode == 3) {
$rstructure['structure_tpl'] = cot_import('rtplforced', 'P', 'TXT');
} elseif ($rtplmode == 2) {
$rstructure['structure_tpl'] = 'same_as_parent';
} else {
$rstructure['structure_tpl'] = '';
}
/* === Hook === */
foreach (cot_getextplugins('admin.structure.add.first') as $pl) {
include $pl;
}
/* ===== */
if (!cot_error_found()) {
$res = cot_structure_add($n, $rstructure, $is_module);
if ($res === true) {
cot_extrafield_movefiles();
/* === Hook === */
/* === Hook === */
foreach (cot_getextplugins('projects.offers.refuse') as $pl) {
include $pl;
}
/* ===== */
}
cot_redirect(cot_url('projects', 'm=show&id=' . $id, '', true));
exit;
}
if ($a == 'addpost') {
cot_shield_protect();
$offer_post['post_pid'] = (int) $id;
$offer_post['post_oid'] = (int) cot_import('oid', 'G', 'INT');
$offer_post['post_userid'] = (int) $usr['id'];
$offer_post['post_date'] = (int) $sys['now'];
$offer_post['post_text'] = cot_import('posttext', 'P', 'TXT');
$offer = $db->query("SELECT * FROM {$db_projects_offers} AS o \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=o.offer_userid\n\t\tWHERE offer_id=" . $offer_post['post_oid'] . " LIMIT 1")->fetch();
/* === Hook === */
foreach (cot_getextplugins('projects.offers.addpost.error') as $pl) {
include $pl;
}
/* ===== */
if (!empty($offer_post['post_text']) && (in_array($usr['id'], array($offer['offer_userid'], $item['item_userid'])) || $usr['isadmin']) && !cot_error_found()) {
$db->insert($db_projects_posts, $offer_post);
if ($usr['id'] == $offer['offer_userid']) {
$urlparams = empty($item['item_alias']) ? array('c' => $item['item_cat'], 'id' => $item['item_id']) : array('c' => $item['item_cat'], 'al' => $item['item_alias']);
$rsubject = cot_rc($L['project_added_post_header'], array('prtitle' => $item['item_title']));
$rbody = cot_rc($L['project_added_post_body'], array('user_name' => $item['user_name'], 'postuser_name' => $usr['profile']['user_name'], 'prj_name' => $item['item_title'], 'sitename' => $cfg['maintitle'], 'link' => COT_ABSOLUTE_URL . cot_url('projects', $urlparams, '', true)));
cot_mail($item['user_email'], $rsubject, $rbody);
} else {
$urlparams = empty($item['item_alias']) ? array('c' => $item['item_cat'], 'id' => $item['item_id']) : array('c' => $item['item_cat'], 'al' => $item['item_alias']);
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=ajax
[END_COT_EXT]
==================== */
/**
* news admin usability modification
*
* @package news
* @version 0.7.0
* @author Cotonti Team
* @copyright Copyright (c) Cotonti Team 2008-2012
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
$m = cot_import('m', 'G', 'TXT');
// Mode choice
if (!in_array($m, array('thumb'))) {
$m = 'upload';
}
require_once cot_incfile('mavatars', 'plug', $m);
if ($a == 'add') {
cot_shield_protect();
$ruser = array();
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.register.add.first') as $pl) {
include $pl;
}
/* ===== */
$ruser['user_name'] = cot_import('rusername', 'P', 'TXT', 100, TRUE);
$ruser['user_email'] = cot_import('ruseremail', 'P', 'TXT', 64, TRUE);
$rpassword1 = cot_import('rpassword1', 'P', 'HTM', 32);
$rpassword2 = cot_import('rpassword2', 'P', 'HTM', 32);
$ruser['user_country'] = cot_import('rcountry', 'P', 'TXT');
$ruser['user_timezone'] = cot_import('rusertimezone', 'P', 'TXT');
$ruser['user_timezone'] = !$ruser['user_timezone'] ? $cfg['defaulttimezone'] : $ruser['user_timezone'];
$ruser['user_gender'] = cot_import('rusergender', 'P', 'TXT');
$ruser['user_email'] = mb_strtolower($ruser['user_email']);
// Extra fields
if (!empty(cot::$extrafields[cot::$db->users])) {
foreach (cot::$extrafields[cot::$db->users] as $exfld) {
$ruser['user_' . $exfld['field_name']] = cot_import_extrafields('ruser' . $exfld['field_name'], $exfld, 'P', '', 'user_');
}
}
$ruser['user_birthdate'] = cot_import_date('ruserbirthdate', false);
if (!is_null($ruser['user_birthdate']) && $ruser['user_birthdate'] > cot::$sys['now']) {
cot_error('pro_invalidbirthdate', 'ruserbirthdate');
}
$user_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch();
$email_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch();
if (preg_match('/&#\\d+;/', $ruser['user_name']) || preg_match('/[<>#\'"\\/]/', $ruser['user_name'])) {
cot_error('aut_invalidloginchars', 'rusername');
* @package TrashCan
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'trashcan');
cot_block($usr['isadmin']);
require_once cot_incfile('users', 'module');
cot_module_active('page') && (require_once cot_incfile('page', 'module'));
cot_module_active('forums') && (require_once cot_incfile('forums', 'module'));
$cfg['comments'] && (require_once cot_incfile('comments', 'plug'));
require_once cot_incfile('trashcan', 'plug');
require_once cot_langfile('trashcan', 'plug');
$adminhelp = $L['adm_help_trashcan'];
$adminsubtitle = $L['Trashcan'];
$id = cot_import('id', 'G', 'INT');
$maxperpage = $cfg['maxrowsperpage'] && is_numeric($cfg['maxrowsperpage']) && $cfg['maxrowsperpage'] > 0 ? $cfg['maxrowsperpage'] : 15;
list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage);
$info = $a == 'info' ? 1 : 0;
/* === Hook === */
foreach (cot_getextplugins('trashcan.admin.first') as $pl) {
include $pl;
}
/* ===== */
if ($a == 'wipe') {
cot_check_xg();
/* === Hook === */
foreach (cot_getextplugins('trashcan.admin.wipe') as $pl) {
include $pl;
}
/* ===== */
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=admin.users.add.first
[END_COT_EXT]
==================== */
/**
* Users admin edit tags
*
* @package PFS
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') or die('Wrong URL.');
$rgroups['grp_pfs_maxfile'] = (int) min(cot_import('rmaxfile', 'P', 'INT'), cot_get_uploadmax());
$rgroups['grp_pfs_maxtotal'] = (int) cot_import('rmaxtotal', 'P', 'INT');
cot_display_messages($t);
/* === Hook === */
foreach (cot_getextplugins('i18n.page.translate.tags') as $pl) {
include $pl;
}
/* =============*/
} elseif ($a == 'edit' && $pag_i18n && ($i18n_admin || $i18n_edit || $usr['id'] == $pag_i18n['ipage_translatorid'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Update the translation
$pag_i18n['ipage_date'] = $sys['now'];
$pag_i18n['ipage_title'] = cot_import('title', 'P', 'TXT');
if (mb_strlen($pag_i18n['ipage_title']) < 2) {
cot_error('page_titletooshort', 'rpagetitle');
}
$pag_i18n['ipage_desc'] = cot_import('desc', 'P', 'TXT');
$pag_i18n['ipage_text'] = cot_import('translate_text', 'P', 'HTM');
if (cot_error_found()) {
cot_redirect(cot_url('plug', "e=i18n&m=page&a=edit&id={$id}&l={$i18n_locale}", '', true));
exit;
}
$db->update($db_i18n_pages, $pag_i18n, "ipage_id = ? AND ipage_locale = ?", array($id, $i18n_locale));
/* === Hook === */
foreach (cot_getextplugins('i18n.page.edit.update') as $pl) {
include $pl;
}
/* =============*/
cot_message('Updated');
$page_urlp = empty($pag['page_alias']) ? 'c=' . $pag['page_cat'] . "&id={$id}&l={$i18n_locale}" : 'c=' . $pag['page_cat'] . '&al=' . $pag['page_alias'] . '&l=' . $i18n_locale;
cot_redirect(cot_url('page', $page_urlp, '', true, false, true));
}
$out['subtitle'] = $L['i18n_editing'];
/**
* Poll function
* @global CotDB $db
*/
function cot_poll_vote()
{
global $db, $cfg, $db_polls, $db_polls_options, $db_polls_voters, $usr;
$vote = cot_import('vote', 'P', 'ARR');
$id = (int) cot_import('poll_id', 'P', 'INT');
if (count($vote) > 0) {
$alreadyvoted = 0;
$sql = $db->query("SELECT * FROM {$db_polls} WHERE poll_id = {$id}");
if ($row = $sql->fetch()) {
if ($cfg['polls']['ip_id_polls'] == 'id' && $usr['id'] > 0) {
$where = "pv_userid = '" . $usr['id'] . "'";
} else {
$where = $usr['id'] > 0 ? "(pv_userid = '" . $usr['id'] . "' OR pv_userip = '" . $usr['ip'] . "')" : "pv_userip = '" . $usr['ip'] . "'";
}
$sql2 = $db->query("SELECT pv_id FROM {$db_polls_voters} WHERE pv_pollid = {$id} AND {$where} LIMIT 1");
$alreadyvoted = $sql2->rowCount() == 1 ? 1 : 0;
if ($alreadyvoted != 1 && !($cfg['polls']['ip_id_polls'] == 'id' && $usr['id'] == 0)) {
foreach ($vote as $val) {
$sql2 = $db->query("UPDATE {$db_polls_options} SET po_count = po_count+1 WHERE po_pollid = {$id} AND po_id = '" . (int) $val . "'");
}
if ($db->affectedRows > 0) {
$db->insert($db_polls_voters, array('pv_pollid' => $id, 'pv_userid' => (int) $usr['id'], 'pv_userip' => $usr['ip']));
}
}
}
}
}
