function install() { global $installer; if (!$installer->table_exists('bbattachments_config') || !$installer->table_exists('bbconfig') || !$installer->table_exists('bbthemes') || !$installer->table_exists('bbwords')) { cpg_error($this->modname . ' still depends on the Forums module. Install forums first', 'Install ERROR'); } $installer->add_query('CREATE', 'bbprivmsgs', ' privmsgs_id mediumint(8) NOT NULL auto_increment, privmsgs_type tinyint(4) NOT NULL default "0", privmsgs_subject varchar(255) NOT NULL default "0", privmsgs_from_userid mediumint(8) NOT NULL default "0", privmsgs_to_userid mediumint(8) NOT NULL default "0", privmsgs_date int(11) NOT NULL default "0", privmsgs_ip varchar(16) binary NOT NULL default "", privmsgs_enable_bbcode tinyint(1) NOT NULL default "1", privmsgs_enable_html tinyint(1) NOT NULL default "0", privmsgs_enable_smilies tinyint(1) NOT NULL default "1", privmsgs_attach_sig tinyint(1) NOT NULL default "1", privmsgs_attachment TINYINT(1) DEFAULT "0" NOT NULL, PRIMARY KEY (privmsgs_id), KEY privmsgs_from_userid (privmsgs_from_userid), KEY privmsgs_to_userid (privmsgs_to_userid)', 'bbprivmsgs'); $installer->add_query('CREATE', 'bbprivmsgs_text', ' privmsgs_text_id mediumint(8) NOT NULL default "0", privmsgs_text text, PRIMARY KEY (privmsgs_text_id)', 'bbprivmsgs_text'); return true; }
function DownloadsAddCat() { global $downloadsprefix, $db, $op; $title = Fix_Quotes($_POST['title']); $parentid = intval($_POST['parentid']); $result = $db->sql_query("select cid from " . $downloadsprefix . "_categories where title='{$title}' AND parentid='{$parentid}'"); if ($db->sql_numrows($result) > 0) { require_once 'header.php'; GraphicAdmin('_AMENU6'); cpg_error(_ERRORTHESUBCATEGORY . " {$title} " . _ALREADYEXIST); } else { $db->sql_query("insert into " . $downloadsprefix . "_categories values (NULL, '{$title}', '" . Fix_Quotes($_POST['cdescription']) . "', '" . Fix_Quotes($_POST['ldescription']) . "', '{$parentid}')"); url_redirect(adminlink($op)); } }
function __construct($name = 'CMSSESSID', $time = 180) { global $CPG_SESS, $MAIN_CFG; $this->sess_name = $name; $this->sess_time = $time; $this->start = time(); $expired = time() - $time * 60; $new_session = true; if (ini_get('session.auto_start')) { session_destroy(); session_write_close(); } session_name($name); // http://www.php.net/session_set_cookie_params session_set_cookie_params(0, $MAIN_CFG['cookie']['path'], $MAIN_CFG['cookie']['domain']); // [, bool secure] /* session_cache_limiter('private_no_expire'); // Setting new_cache_expire is of value only, // if session.cache_limiter is set to a value different from nocache session_cache_expire($time); */ if (CAN_MOD_INI) { $this->old_handler = ini_set('session.save_handler', 'files'); // ini_set('session.gc_maxlifetime', $expired); # bug not deleting ? ini_set('session.use_trans_sid', 0); ini_set('session.use_only_cookies', '1'); ini_set('url_rewriter.tags', 'nourlrewrite'); } $this->started = session_start(); if (empty($_SESSION['CPG_SESS']) && isset($_COOKIE[$name]) && $_COOKIE[$name] == session_id()) { $sid = $_COOKIE[$name]; $this->destroy(); $this->started = session_start(); if ($sid == session_id()) { $this->destroy(); cpg_error('Your cookie has expired, the page will be refreshed to set a new cookie.', 'Cookie expired', URL::uri()); } } $this->sess_id = session_id(); $CPG_SESS = empty($_SESSION['CPG_SESS']) ? array() : $_SESSION['CPG_SESS']; $this->new = empty($_SESSION); return $this->sess_id; }
function del_folder($folder) { if (file_exists('language/' . $folder)) { $dir = dir('language/' . $folder); while ($file = $dir->read()) { if ($file != '.' && $file != '..') { if (is_dir('language/' . $folder . '/' . $file)) { del_folder($folder . '/' . $file); } else { if (!unlink('language/' . $folder . '/' . $file)) { cpg_error('Cannot remove file ' . $file); } } } } $dir->close(); if (!rmdir('language/' . $folder)) { cpg_error('Cannot remove folder language/' . $folder); } } }
function df_compile_cache() { global $AdminCache; $source = $AdminCache->file; # path level too high eg "/" if (empty($source) || preg_match('#(classes)/$#', $source)) { return; } # will backup any file before compile them if (!backup_create($source, 'bcompiler_backup/' . $source) && !defined('DF_BACKUP_SKIP_ERRORS')) { cpg_error('File backup could not be completed, see footer warning for more infos'); } else { if (preg_match('#/$#', $source)) { df_bcompile_dir(BASEDIR . $source, BASEDIR . 'bcompiler_backup/' . $source); } else { if (preg_match('#\\.(php[\\d]?|inc)$#', $source)) { df_bcompile_file(BASEDIR . $source, BASEDIR . 'bcompiler_backup/' . $source); } } } }
function check_fields(&$fieldlist, &$valuelist, &$fields, $post = true) { global $db, $user_prefix; $input = $post ? $_POST : $fields; $content = ''; $result = $db->sql_uquery("SELECT * FROM " . $user_prefix . "_users_fields WHERE visible > 0"); while ($row = $db->sql_fetchrow($result)) { $var = $row['field'] == 'name' ? 'realname' : $row['field']; $info = $row['langdef']; if ($info[0] == '_' && defined($info)) { $info = constant($info); } if (empty($input[$var]) && $row['visible'] == 2) { cpg_error('Required field "' . $info . '" can\'t be empty'); } else { $val = Fix_Quotes($input[$var], 1); //if (strlen($val) > 0) { if ($row['type'] == 1 || $row['type'] == 4) { $val = intval($val); } elseif ($row['type'] != 3) { $val = substr($val, 0, $row['size']); } $fieldlist .= ", " . $row['field']; $valuelist .= ", '{$val}'"; $fields[$var] = htmlprepare($val); if ($row['type'] == 1) { $val = $val ? _YES : _NO; } $content .= "<tr><td><b>{$info}:</b></td><td>{$val}</td></tr>\n"; if ($row['field'] == 'user_timezone') { $fields['user_dst'] = intval($input['user_dst']); $fieldlist .= ', user_dst'; $valuelist .= ', ' . $fields['user_dst']; } //} } } return $content; }
function sql_db($server, $user, $password, $database, $persistent = false) { if (!function_exists('mysql_connect')) { cpg_error('MySQL extension not loaded in PHP.<br />Recompile PHP, edit php.ini or choose a different SQL layer.'); } $stime = get_microtime(); $this->persistent = $persistent; $this->connect_id = $persistent ? mysql_pconnect($server, $user, $password) : mysql_connect($server, $user, $password); if ($this->connect_id) { if (!empty($database) && !mysql_select_db($database) && !defined('INSTALL')) { mysql_close($this->connect_id); $this->connect_id = false; define('NO_DB', 'It seems that the database doesn\'t exist'); } $this->time += get_microtime() - $stime; # http://dev.mysql.com/doc/refman/5.0/en/charset-connection.html if (DB_CHARSET) { mysql_query('SET NAMES \'' . DB_CHARSET . "'", $this->connect_id); mysql_query('SET CHARACTER SET \'' . DB_CHARSET . "'", $this->connect_id); } } else { define('NO_DB', 'The connection to the database server failed'); } }
function sql_db($server, $user, $password, $database, $persistent = false) { if (!function_exists('pg_connect')) { cpg_error('PostgreSQL extension not loaded in PHP.<br />Recompile PHP, edit php.ini or choose a different SQL layer.'); } $stime = get_microtime(); $this->persistent = $persistent; $connect_string = ''; if ($server) { if (strpos($server, ':')) { $server = explode(':', $server, 2); $connect_string .= "host={$server['0']} port={$server['1']} "; } else { if ($server != 'localhost') { $connect_string .= "host={$server} "; } } } if (!empty($database)) { $connect_string .= "dbname=" . pg_escape_string($database) . " "; } if ($user) { $connect_string .= "user="******" "; } if ($password) { $connect_string .= "password="******"SET client_encoding = 'UTF8'"); $this->time += get_microtime() - $stime; } else { define('NO_DB', 'Connection to the database server failed.'); } }
public function __construct() { self::parseCompilers(); if (Security::check_post()) { foreach ($_POST as $key => $val) { if (!preg_match('#^[a-z_/]+$#i', $key) || !preg_match('#^[a-z0-9\\-_\\s]+$#i', $val)) { break; } $this->post[] = $key; $this->post[] = $val; } if (!isset($this->installed[$this->post[0]])) { cpg_error('No such compiler'); } $this->compiler = $this->post[0]; $this->call = strtolower($this->post[1]); if ($this->post[0] === 'tpl' && $this->post[1] === 'show') { $this->current_file = $this->post[2]; } } /*else {*/ self::index(); /*}*/ }
case 'posts': $order_by = 'user_posts'; break; case 'website': $order_by = 'user_website'; break; default: $order_by = 'user_id'; break; } $order_by .= " {$sort_order}"; $template_name = file_exists("themes/{$CPG_SESS['theme']}/template/forums/images.cfg") ? $CPG_SESS['theme'] : 'default'; $current_template_path = 'themes/' . $template_name . '/images/forums'; include 'themes/' . $template_name . '/template/forums/images.cfg'; if (!defined('TEMPLATE_CONFIG')) { cpg_error("Could not open {$template_name} template config file"); } $img_lang = file_exists(realpath($current_template_path . '/lang_' . $MAIN_CFG['global']['language'])) ? $MAIN_CFG['global']['language'] : 'english'; while (list($key, $value) = each($images)) { if (!is_array($value)) { $images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value); } } $ranksrow = $db->sql_ufetchrowset("SELECT * FROM " . $prefix . "_bbranks\n\tORDER BY rank_special, rank_min", SQL_ASSOC); $sql = "SELECT username, user_id, user_posts, user_rank, user_regdate, user_from, user_website, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar\n\tFROM " . $user_prefix . "_users\n\tWHERE username!='Anonymous'\n\tAND user_level > 0\n\tORDER BY {$order_by}\n\tLIMIT {$members_per_page} OFFSET {$start}"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $i = 0; do { $username = $row['username']; $user_id = $row['user_id'];
show($mode, $tablelist, $query); break; case 'RestoreDB': require_once 'header.php'; GraphicAdmin('_AMENU0'); require_once CORE_PATH . 'classes/sqlctrl.php'; if (!SQLCtrl::query_file($_FILES['sqlfile'], $error)) { cpg_error($error); } OpenTable(); echo '<span class="genmed"><strong>' . _DATABASE . ': ' . $dbname . '</strong></span><br /><br />Importation of <em>' . $_FILES['sqlfile']['name'] . '</em> was successful'; CloseTable(); break; case 'Installer': if (!is_dir('cache') || !is_writable('cache')) { cpg_error('Cache directory doesn\'t exists or not writable'); } require_once 'header.php'; GraphicAdmin('_AMENU0'); foreach ($tablelist as $table) { $list = $db->list_columns($table); if (0 === strpos($table, $prefix . '_')) { $table = str_replace($prefix . '_', '', $table); } else { if (0 === strpos($table, $user_prefix . '_')) { $table = str_replace($user_prefix . '_', '', $table); } } $ids = false; $space = ' '; $filename = "cache/installer_{$table}.php";
$gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0; $code = $CPG_SESS['gfx'][$gfxid]; $gfx_check = isset($_POST['gfx_contact_check']) ? $_POST['gfx_contact_check'] : ''; if (strlen($gfx_check) < 2 || $code != $gfx_check) { $error = _SECURITYCODE . ' incorrect'; } } if (isset($error)) { cpg_error('<div style="text-align:center;">' . $error . '</div>'); } else { if (!send_mail($mailer_message, $personal_message, $html, $subject, $recipient_email, $recipient_name, $sender_email, $sender_name)) { cpg_error('<div style="text-align:center;"><strong>' . $mailer_message . '</strong></div>'); } else { $CPG_SESS['tell_friend'] = false; unset($CPG_SESS['tell_friend']); cpg_error(_MESSAGESENT, _Tell_a_FriendLANG, $mainindex); } } } else { $CPG_SESS['tell_friend'] = true; $sender_name = $sender_email = ''; if (is_user()) { $sender_name = !empty($userinfo['name']) ? $userinfo['name'] : $userinfo['username']; $sender_email = $userinfo['user_email']; } $message_insert = _HEY . " {recipient},\n\n" . _OURSITE . "\n\n" . _ITSCALLED . " {sitename} " . _SOMESTATS . "\n\n" . _SLOGAN . " {slogan}\n" . _FOUNDEDON . " {founded}\n" . _REGISTEREDUSERS . " {users}\n" . _TOTALSITEHITS . " {hits}\n\n" . _VISITTHEM . ($html ? ' [url={url}]{url}[/url]' : ' {url}') . "\n\n" . _KINDREGARDS . ",\n\n{sender}"; if ($html) { require_once 'includes/nbbcode.php'; $bbcode = bbcode_table('personal_message', 'tell_friend', 0); } else { $bbcode = '<div style="color: #ff0000"><strong>.: ' . _BBCODEDISABLED . ' :.</strong></div><br />';
private function loginadmin() { $aid = isset($_POST['alogin']) ? Fix_Quotes($_POST['alogin']) : NULL; $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : NULL; if ($aid && $pwd) { global $sec_code, $CPG_SESS; if ($sec_code & 1) { $gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0; $code = $CPG_SESS['gfx'][$gfxid]; $gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : ''; if (strlen($gfx_check) < 2 || $code != $gfx_check) { return false; } } global $db, $prefix; $pwd = md5($pwd); $result = $db->sql_query('SELECT * FROM ' . $prefix . "_admins WHERE aid='{$aid}'"); $row = $db->sql_fetchrow($result, SQL_ASSOC); if (isset($row['admin_id'])) { if (!($login = Cache::array_load('login', 'a', false)) || !isset($login[$row['admin_id']])) { $login[$row['admin_id']] = 1; } else { if ($login[$row['admin_id']] >= 5) { cpg_error('Too many failed login attempts'); } else { $login[$row['admin_id']]++; } } if ($row['pwd'] == $pwd && $row['pwd'] != '') { $this->setadmcookie(true, $row['admin_id'], $pwd, isset($_POST['persistent'])); unset($row['pwd']); $this->admin = $row; $this->admin_id = $row['aid']; $this->demo = CPGN_DEMO && false !== strpos($this->admin_id, 'demo'); unset($CPG_SESS['admin']); $login[$row['admin_id']] = 1; } Cache::array_save('login', 'a', $login); } } return $this->admin_id; }
public static function query_file($file, &$error, $replace_prefix = false) { $error = false; if (!is_array($file)) { $tmp['name'] = $tmp['tmp_name'] = $file; $tmp['type'] = preg_match("/\\.gz\$/is", $file) ? 'application/x-gzip' : 'text/plain'; $file = $tmp; } if (empty($file['tmp_name']) || empty($file['name'])) { cpg_error('ERROR no file specified!'); } // Most servers identify a .gz as x-tar if (preg_match("/^(text\\/[a-zA-Z]+)|(application\\/(x\\-)?(gzip|tar)(\\-compressed)?)|(application\\/octet-stream)\$/is", $file['type'])) { $filedata = ''; $open = 'gzopen'; $eof = 'gzeof'; $read = 'gzgets'; $close = 'gzclose'; if (!GZIPSUPPORT) { if (preg_match("/\\.gz\$/is", $file['name'])) { $error = "Can't decompress file"; return false; } $open = 'fopen'; $eof = 'feof'; $read = 'fread'; $close = 'fclose'; } $rc = $open($file['tmp_name'], 'rb'); if ($rc) { while (!$eof($rc)) { $filedata .= $read($rc, 100000); } $close($rc); } else { $error = 'Couldn\'t open ' . $file['tmp_name'] . ' for processing'; } } else { $error = "Invalid filename: {$file['type']} {$file['name']}"; } if ($error) { return false; } $filedata = DBCtrl::remove_remarks($filedata); $queries = DBCtrl::split_sql_file($filedata, ";\n"); if (count($queries) < 1) { $error = 'There are no queries in ' . $file['name']; return false; } global $db, $prefix; set_time_limit(0); foreach ($queries as $query) { if (!$replace_prefix) { $query = preg_replace('#(TABLE|INTO|EXISTS|ON) ([a-zA-Z]*?(_))#i', "\\1 {$prefix}" . '_', $query); } else { foreach ($replace_prefix as $oldprefix => $newprefix) { if ($oldprefix != $newprefix) { $query = preg_replace("/{$oldprefix}/", $newprefix, $query); } } } if (SQL_LAYER == 'mysql' && preg_match('#^CREATE TABLE #', $query) && false === stripos($query, 'ENGINE=MyISAM')) { $query .= ' ENGINE=MyISAM'; } $db->sql_query($query); } return true; }
function send_file_to_browser($attachment, $upload_dir) { global $_SERVER, $lang, $db, $attach_config, $board_config; $filename = $upload_dir == '' ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename']; $gotit = FALSE; if (!intval($attach_config['allow_ftp_upload'])) { if (!file_exists(amod_realpath($filename))) { message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist."); } else { $gotit = TRUE; } } // // Determine the Browser the User is using, because of some nasty incompatibilities. // Most of the methods used in this function are from phpMyAdmin. :) // $HTTP_USER_AGENT = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; if (preg_match('#Opera(/| )([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) { $browser_agent = 'opera'; } else { if (preg_match('#MSIE ([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) { $browser_agent = 'ie'; } else { if (preg_match('#OmniWeb/([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) { $browser_agent = 'omniweb'; } else { if (preg_match('#Netscape([0-9]{1})#', $HTTP_USER_AGENT)) { $browser_agent = 'netscape'; } else { if (preg_match('#Mozilla/([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) { $browser_agent = 'mozilla'; } else { if (preg_match('#Konqueror/([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) { $browser_agent = 'konqueror'; } else { $browser_agent = 'other'; } } } } } } if (GZIPSUPPORT) { while (ob_end_clean()) { } header('Content-Encoding: none'); } // Now the tricky part... let's dance /* header('Pragma: public'); header('Content-Transfer-Encoding: none'); header("Expires: 0"); // set expiration time header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); */ // // Now send the File Contents to the Browser // if ($gotit) { $size = filesize($filename); if ($attachment['mimetype'] == 'application/x-zip-compressed') { if (intval($attach_config['allow_ftp_upload'])) { if (trim($attach_config['download_path']) == '') { message_die(GENERAL_ERROR, 'Physical Download not possible with the current Attachment Setting'); } $url = trim($attach_config['download_path']) . '/' . $attachment['physical_filename']; $redirect_path = $url; } else { $redirect_path = '/' . $upload_dir . '/' . $attachment['physical_filename']; } URL::redirect($redirect_path); } else { // Correct the mime type - we force application/octetstream for all files, except images // Please do not change this, it is a security precaution if (false === stripos($attachment['mimetype'], 'image')) { $attachment['mimetype'] = $browser_agent == 'ie' || $browser_agent == 'opera' ? 'application/octetstream' : 'application/octet-stream'; } if (!($fp = fopen($filename, 'rb'))) { cpg_error('Could not open file for sending'); } // Send out the Headers header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"'); header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"'); print fread($fp, $size); fclose($fp); } } else { if (!$gotit && intval($attach_config['allow_ftp_upload'])) { $tmp_path = !ini_get('safe_mode') ? '/tmp' : $upload_dir . '/tmp'; $tmp_filename = tempnam($tmp_path, 't0000'); unlink($tmp_filename); include_once 'includes/classes/cpg_ftp.php'; $ftp = new cpg_ftp($attach_config['ftp_server'], $attach_config['ftp_user'], $attach_config['ftp_pass'], $attach_config['ftp_path'], $attach_config['ftp_pasv_mode']); $mode = FTP_BINARY; if (preg_match("/text/i", $attachment['mimetype']) || preg_match("/html/i", $attachment['mimetype'])) { $mode = FTP_ASCII; } $result = ftp_get($ftp->connect_id, $tmp_filename, $filename, $mode); $ftp->close(); if (!$result) { message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist."); } $size = filesize($tmp_filename); if ($size) { header("Content-length: {$size}"); } if ($attachment['mimetype'] == 'application/x-zip-compressed') { if (intval($attach_config['allow_ftp_upload'])) { if (trim($attach_config['download_path']) == '') { message_die(GENERAL_ERROR, 'Physical Download not possible with the current Attachment Setting'); } $url = trim($attach_config['download_path']) . '/' . $attachment['physical_filename']; $redirect_path = $url; } else { $redirect_path = $upload_dir . '/' . $attachment['physical_filename']; } URL::redirect($redirect_path); } else { // Correct the mime type - we force application/octetstream for all files, except images // Please do not change this, it is a security precaution if (!strstr($attachment['mimetype'], 'image')) { $attachment['mimetype'] = $browser_agent == 'ie' || $browser_agent == 'opera' ? 'application/octetstream' : 'application/octet-stream'; } // Send out the Headers header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"'); header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"'); print readfile($filename); unlink($tmp_filename); } } else { message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist."); } } exit; }
function saveuser(&$userinfo) { global $db, $user_prefix, $MAIN_CFG, $allowusertheme, $CPG_SESS, $SESS; $mode = isset($_POST['save']) ? $_POST['save'] : 'profile'; if ($mode == 'admin' && !defined('ADMIN_PAGES')) { $mode = 'profile'; } if ($mode == 'profile') { $section = 'section=1 OR section=2'; } elseif ($mode == 'private') { $section = 'section=3'; } elseif ($mode == 'prefs') { $section = 'section=5'; } $sql = $pass_change = false; if ($mode == 'reg_details') { global $allowmailchange; $current_password = isset($_POST['current_password']) ? md5($_POST['current_password']) : ''; if (isset($_POST['new_password'])) { $new_password = $_POST['new_password']; $verify_password = isset($_POST['verify_password']) ? $_POST['verify_password'] : ''; if ($new_password != $verify_password) { cpg_error(_PASSDIFFERENT, 'ERROR: Password mismatch'); } elseif ($new_password != '') { if (strlen($new_password) < $MAIN_CFG['member']['minpass']) { cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG, 'ERROR: Password too short'); } $new_password = md5($new_password); if ($new_password != $userinfo['user_password']) { if (!defined('ADMIN_PAGES') && $current_password != $userinfo['user_password']) { cpg_error('Password incorrect'); } $sql = " user_password='******'"; $pass_change = true; } } } $user_email = isset($_POST['user_email']) ? $_POST['user_email'] : $userinfo['user_email']; if (($allowmailchange || defined('ADMIN_PAGES')) && $user_email != $userinfo['user_email']) { if ($current_password != $userinfo['user_password'] && !defined('ADMIN_PAGES')) { cpg_error('Password incorrect'); } if (is_email($user_email) < 1) { cpg_error(_ERRORINVEMAIL); } if ($sql) { $sql .= ', '; } $sql .= "user_email='{$user_email}'"; } if (defined('ADMIN_PAGES') && isset($_POST['username']) && $_POST['username'] != $userinfo['username']) { if (preg_match('#(\\ |\\*|#|\\\\|%|"|\'|`|&|\\^|@)', $_POST['username'])) { cpg_error(_ERRORINVNICK); } if ($db->sql_count($user_prefix . '_users u, ' . $user_prefix . '_users_temp t', "u.username='******'username']}' OR t.username='******'username']}' LIMIT 1") > 0) { cpg_error(_NICKTAKEN); } if ($sql) { $sql .= ', '; } $sql .= "username='******'username']}'"; } } elseif ($mode == 'avatar') { require_once 'modules/' . basename(dirname(__FILE__)) . '/avatars.php'; // Local avatar? $avatar_local = isset($_POST['user_avatar']) ? $_POST['user_avatar'] : ''; // Remote avatar? $avatar_remoteurl = !empty($_POST['avatarremoteurl']) ? htmlprepare($_POST['avatarremoteurl']) : ''; // Upload avatar thru remote or upload? $avatar_upload = !empty($_POST['avatarurl']) ? trim($_POST['avatarurl']) : (!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none" ? $_FILES['avatar']['tmp_name'] : ''); $avatar_name = !empty($_FILES['avatar']['name']) ? $_FILES['avatar']['name'] : ''; // 0 = USER_AVATAR_NONE if (isset($_POST['avatardel']) || $avatar_local == '') { $sql = avatar_delete($userinfo); } // 1 = USER_AVATAR_UPLOAD if ((!empty($avatar_upload) || !empty($avatar_name)) && $MAIN_CFG['avatar']['allow_upload']) { if (!empty($avatar_upload)) { $sql = avatar_upload(empty($avatar_name), $userinfo, $avatar_upload, $_FILES['avatar']); } elseif (!empty($avatar_name)) { cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)), 'ERROR: Filesize'); } } elseif ($avatar_remoteurl != $userinfo['user_avatar'] && $avatar_remoteurl != '' && $MAIN_CFG['avatar']['allow_remote']) { if (!preg_match('#^(http)|(ftp):\\/\\/#i', $avatar_remoteurl)) { $avatar_remoteurl = 'http://' . $avatar_remoteurl; } if (preg_match('#^((http)|(ftp):\\/\\/[\\w\\-]+?\\.([\\w\\-]+\\.)+[\\w]+(:[0-9]+)*\\/.*?\\.(gif|jpg|jpeg|png)$)#is', $avatar_remoteurl)) { if (in_array('getimagesize', explode(',', ini_get('disable_functions'))) || ini_get('disable_functions') == 'getimagesize') { cpg_error('getimagesize is disabled', _AVATAR_ERR_URL); } elseif (!getimagesize($avatar_remoteurl)) { cpg_error('Image has wrong filetype', _AVATAR_ERR_URL); } elseif (!($file_data = get_fileinfo($avatar_remoteurl, !$MAIN_CFG['avatar']['animated']))) { cpg_error(_AVATAR_ERR_URL); } elseif ($file_data['size'] > $MAIN_CFG['avatar']['filesize']) { cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024))); } elseif (!$MAIN_CFG['avatar']['animated'] && $file_data['animation']) { cpg_error('Animated avatar not allowed'); } if (avatar_size($avatar_remoteurl)) { avatar_delete($userinfo); $sql = "user_avatar='{$avatar_remoteurl}', user_avatar_type=2"; } } else { cpg_error('Image has wrong filetype', 'ERROR: Image filetype'); } } elseif ($avatar_local != $userinfo['user_avatar'] && $avatar_local != '' && $MAIN_CFG['avatar']['allow_local'] && file_exists($MAIN_CFG['avatar']['gallery_path'] . '/' . $avatar_local)) { avatar_delete($userinfo); $sql = "user_avatar='{$avatar_local}', user_avatar_type=3"; } } elseif ($mode == 'admin') { $sql = 'user_allow_pm=' . intval($_POST['user_allow_pm']) . ', user_allowavatar=' . intval($_POST['user_allowavatar']) . ', user_rank=' . intval($_POST['user_rank']); $suspendreason = isset($_POST['suspendreason']) ? $_POST['suspendreason'] : 'no reason'; if ($_POST['suspendreason'] != $userinfo['susdel_reason']) { $sql .= ', susdel_reason=\'' . Fix_Quotes($suspendreason) . "'"; } if (intval($_POST['user_suspend']) == 0 && $userinfo['user_level'] == 0) { $sql .= ', user_level=1'; } elseif (intval($_POST['user_suspend']) > 0 && $userinfo['user_level'] > 0) { $message = _SORRYTO . ' ' . $MAIN_CFG['global']['sitename'] . ' ' . _HASSUSPEND; if ($suspendreason > '') { $message .= "\n\n" . _SUSPENDREASON . "\n{$suspendreason}"; } $from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']); if (!send_mail($mailer_message, $message, 0, _ACCTSUSPEND, $userinfo['user_email'], $userinfo['username'], $from)) { trigger_error($mailer_message, E_USER_WARNING); } $sql .= ', user_level=0, susdel_reason=\'' . Fix_Quotes($suspendreason) . "'"; } } else { $result = $db->sql_query('SELECT field, type FROM ' . $user_prefix . '_users_fields WHERE ' . $section); if ($db->sql_numrows($result) > 0) { while ($row = $db->sql_fetchrow($result)) { $field = $row['field'] == 'name' ? 'realname' : $row['field']; $value = Fix_Quotes($_POST[$field], 1); if ($row['field'] == 'user_lang' && !$MAIN_CFG['global']['multilingual']) { continue; } if ($row['type'] == 1 || $row['type'] == 4) { $value = intval($value); } else { if ($field == 'user_website') { if (!preg_match('#^http[s]?:\\/\\/#i', $value)) { $value = 'http://' . $value; } if (!preg_match('#^(http[s]?\\:\\/\\/)?([a-z0-9\\-\\.]+)?[a-z0-9\\-]+\\.[a-z]{2,4}$#i', $value)) { $value = ''; } } } if ($row['type'] == 7 && !$allowusertheme) { $value = $MAIN_CFG['global']['Default_Theme']; } if ($row['type'] == 6) { $value = date_raw($value); if (checkdate(substr($value, 4, 2), substr($value, 6, 2), substr($value, 0, 4))) { $sql .= ", {$row['field']}='{$value}'"; } } elseif (array_key_exists($row['field'], $userinfo) && $userinfo[$row['field']] != $value) { $sql .= ", {$row['field']}='{$value}'"; } if ($field == 'user_timezone') { $sql .= ', user_dst=' . intval($_POST['user_dst']); } } if ($sql) { $sql = substr($sql, 2); } } } if ($sql) { $db->sql_query('UPDATE ' . $user_prefix . '_users SET ' . $sql . " WHERE user_id=" . intval($userinfo['user_id'])); $_SESSION['CPG_USER'] = false; unset($_SESSION['CPG_USER']); if (!defined('ADMIN_PAGES')) { if ($pass_change) { global $CLASS; $CLASS['member']->setmemcookie($userinfo['user_id'], $userinfo['username'], $new_password); } if (isset($_POST['theme']) && $allowusertheme) { $CPG_SESS['theme'] = $_POST['theme']; unset($CPG_SESS['prevtheme']); } cpg_error(_TASK_COMPLETED, _TB_INFO, URL::index('&edit=' . $mode)); } else { cpg_error(_TASK_COMPLETED, _TB_INFO, URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id'])); } } if (!defined('ADMIN_PAGES')) { URL::redirect(URL::index('&edit=' . $mode)); } else { cpg_error('Nothing changed', 'No update', URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id'])); } }
list($row) = $db->sql_ufetchrow("SELECT group_moderator FROM " . GROUPS_TABLE . " WHERE group_id = {$group_id}"); list($moderator_email) = $db->sql_ufetchrow("SELECT user_email FROM " . USERS_TABLE . " WHERE user_id = {$row}"); // 12/29/2004 8:30PM send_mail($dummy, $message, 0, 'A request to join your group has been made.', $moderator_email, '', $userinfo['user_email'], $userinfo['username']); cpg_error($lang['Group_joined'], 'Joined group', $groupurl); } else { if (isset($_POST['unsub']) || isset($_POST['unsubpending']) && $group_id) { // // Unsubscribe from a group // if (!is_user()) { URL::redirect(URL::index('Your_Account'), true); } if (isset($_POST['confirm'])) { $db->sql_query("DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id=" . $userinfo['user_id'] . " AND group_id={$group_id}"); cpg_error($lang['Unsub_success'], 'Unsubscribed', URL::index()); } else { $unsub_msg = isset($_POST['unsub']) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending']; $hidden_fields = '<input type="hidden" name="g" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />'; cpg_delete_msg(URL::index(), $unsub_msg, $hidden_fields); } } else { if ($group_id) { // // Did the group moderator get here through an email? // If so, check to see if they are logged in. // if (isset($_GET['validate']) && !is_user()) { URL::redirect(URL::index('Your_Account'), true); } //
function group_msg($message) { cpg_error($message, 'Groups', URL::admin('groups')); }
private static function flood() { global $db, $prefix, $MAIN_CFG; $ip = NET::get_ip(); $ipn = $db->binary_safe($ip); $delay = $MAIN_CFG['_security']['delay']; $flood_time = $flood_count = 0; $log = array(); $time = time(); if (!isset($_SESSION['SECURITY']['flood_start'])) { $db->sql_query('DELETE FROM ' . $prefix . '_security_flood WHERE flood_time <= ' . $time); } else { $_SESSION['SECURITY']['flood_start'] = false; } if ($MAIN_CFG['_security']['debug'] || empty($_SESSION['SECURITY']['flood_time'])) { # try to load time from log if ($row = $db->sql_ufetchrow('SELECT * FROM ' . $prefix . '_security_flood WHERE flood_ip =' . $ipn, SQL_ASSOC)) { if (!empty($row)) { $flood_time = $row['flood_time']; $flood_count = $row['flood_count']; if (!empty($row['log']) && $MAIN_CFG['_security']['debug']) { $log = unserialize($row['log']); } } } } else { $flood_time = $_SESSION['SECURITY']['flood_time']; $flood_count = $_SESSION['SECURITY']['flood_count']; } if ($flood_time >= $time) { # die with message and report ++$flood_count; if ($flood_count <= 5) { if (empty($_SESSION['SECURITY']['shield']) && $flood_count > 2 && $flood_count <= 5) { Security::flood_log($ipn, !empty($row), $delay, $time, $log, $flood_count); global $LNG; get_lang('errors'); $flood_time = ($flood_count + 1) * 2 / $delay; header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable'); header('Retry-After: ' . $flood_time); $msg = sprintf($LNG['_SECURITY_MSG']['_FLOOD'], $flood_time); if ($flood_count == 5) { $msg .= $LNG['_SECURITY_MSG']['Last_warning']; } $msg = sprintf(_JS_ALERT, $msg); cpg_error($msg, 'Flood Protection'); } } else { if ($MAIN_CFG['_security']['debug']) { if (!empty($log)) { $log = Security::log_serializer($log); } else { if (!empty($_SESSION['FLOODING'])) { $log = Security::log_serializer($_SESSION['FLOODING']); } } $log = "'{$log}'"; if (!empty($_SESSION['SECURITY']['shield'])) { if ($_SESSION['SECURITY']['shield'] == 4) { list(, $ip4) = unpack('N', $ip); $db->sql_query('UPDATE ' . $prefix . "_security SET log={$log} WHERE ban_type=8 AND (ban_ipv4_s = {$ip4} OR (ban_ipv4_s < {$ip4} AND ban_ipv4_e >= {$ip4}))"); } else { $mac = strlen($ip) == 16 ? ' OR ban_ipn=' . $db->binary_safe(substr($ip, -8)) : ''; $db->sql_query('UPDATE ' . $prefix . "_security SET log={$log} WHERE ban_type=8 AND (ban_ipn={$ipn}{$mac})"); } $flood_time = $_SESSION['SECURITY']['flood_time'] = 0; $flood_count = $_SESSION['SECURITY']['flood_count'] = 0; return; } } else { $log = 'DEFAULT'; } $db->sql_query('INSERT INTO ' . $prefix . "_security (ban_ipn, ban_type, ban_time, ban_details, log) VALUES ({$ipn}, '7', '" . ($time + $MAIN_CFG['_security']['bantime']) . "', 'Flooding detected by User-Agent:\n{$_SERVER['HTTP_USER_AGENT']}', {$log})", TRUE, TRUE); global $SESS; if (is_object($SESS)) { $SESS->destroy(); } cpg_error('', 803); } } else { $log = null; $flood_count = 0; $_SESSION['FLOODING'] = array(); } Security::flood_log($ipn, !empty($row), $delay, $time, $log, $flood_count); }
$querylang = $MAIN_CFG['global']['multilingual'] ? "(alanguage='{$currentlang}' OR alanguage='')" : ''; if ($MAIN_CFG['global']['multilingual']) { $querylang = "AND {$querylang}"; } $topic = isset($_GET['topic']) ? intval($_GET['topic']) : (isset($_GET['new_topic']) ? intval($_GET['new_topic']) : 0); $catid = isset($_GET['catid']) ? intval($_GET['catid']) : 0; if ($topic > 0) { $qdb = "topic='{$topic}'"; } else { // $qdb = '(s.ihome=1 OR s.catid=0)'; $qdb = 's.ihome=1'; } $total = $db->sql_count($prefix . '_stories s', ($catid > 0 ? "s.catid='{$catid}'" : $qdb) . " {$querylang}"); $pages = ceil($total / $storynum); if ($pages < $page && $storynum > 0) { cpg_error(_PAGE . ' ' . $page . ' does not exist'); } require_once 'header.php'; require_once 'modules/News/functions.php'; automated_news(); if ($topic > 0) { $result_a = $db->sql_query("SELECT topictext FROM " . $prefix . "_topics WHERE topicid='{$topic}'"); $row_a = $db->sql_fetchrow($result_a); $topic_title = $row_a['topictext']; if ($db->sql_numrows($result_a) < 1) { $cpgtpl->assign_block_vars('newsempty', array('S_NOTOPIC' => _NOINFO4TOPIC, 'S_GONEWS' => _GOTONEWSINDEX, 'S_SELECT' => _SELECTNEWTOPIC, 'S_SITENAME' => $MAIN_CFG['global']['sitename'], 'U_NEWSINDEX' => URL::index('News'), 'U_TOPICS' => URL::index('Topics'))); } else { $cpgtpl->assign_block_vars('newscat', array('S_GOHOME' => _GOTOHOME, 'S_SEARCH' => _SEARCH, 'S_SEARCHON' => _SEARCHONTOPIC, 'S_SELECT' => _SELECTNEWTOPIC, 'S_SITENAME' => $MAIN_CFG['global']['sitename'], 'S_TOPIC_T' => $topic_title, 'I_TOPIC' => $topic, 'U_HOME' => $mainindex, 'U_SEARCH' => URL::index('Search'), 'U_TOPICS' => URL::index('Topics'))); } $db->sql_freeresult($result_a); }
} require_once 'includes/nbbcode.php'; require_once 'modules/' . $module_name . '/functions/categories.inc'; require_once 'modules/' . $module_name . '/functions/display.inc'; require_once 'modules/' . $module_name . '/functions/info.inc'; require_once 'modules/' . $module_name . '/functions/linking.inc'; if (!isset($_GET['id'])) { URL::redirect(URL::index()); } $row = $db->sql_ufetchrow("SELECT d.*, SUM(s.hits) AS hits, SUM(s.views) AS views, i.url AS img_url, u.username FROM " . $dl_prefix . "_downloads d\n\tLEFT JOIN " . $dl_prefix . "_stats s ON (s.id = d.lid)\n\tLEFT JOIN " . $dl_prefix . "_screenshots i ON (i.id = d.screen)\n\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = d.submitter)\n\tWHERE d.lid='{$global_id}' \n\tGROUP BY d.lid, d.cid, d.active, d.access, d.title, d.screen, d.desc_short, d.desc_long, d.notes, d.date, d.updated, d.name, d.email, d.submitter, d.filesize, d.version, d.homepage, d.compat, d.pick, i.url, u.username"); list($row['score'], $row['votes']) = $db->sql_ufetchrow("SELECT SUM(score), COUNT(score) FROM " . $dl_prefix . "_ratings \n\tWHERE lid='{$global_id}' AND active=1 \n\tGROUP BY lid"); if (!isset($row['title'])) { cpg_error(_DLP_UNKNOWNDL, 404); } if ($row['active'] != 1 && !can_admin($module_name)) { cpg_error(_DLP_INACTIVEDL); } $rating_info = get_rating($row['score'], $row['votes']); if (!is_admin() && $row['submitter'] != is_user()) { update_views($global_id); } //$modheader .= '<link rel="stylesheet" type="text/css" href="modules/'.$module_name.'/include/style.css" />'; $pagetitle .= $module_title . ' ' . _BC_DELIM . ' ' . $row['title']; if ($row['img_url']) { if (ereg('://', $row['img_url'])) { $row['img_url'] .= '" width="' . $dl_config['dimension_thumb']; } else { $row['img_url'] = dl_thumbimage($row['img_url']); } } $can_dl = can_download($row['active'], $row['access']);
foreach ($recipients AS $email => $name) { send_mail($mailer_message, sprintf($content, $name), 1, $subject, $email, $name, $MAIN_CFG['global']['adminmail'], $MAIN_CFG['global']['sitename']); } */ cpg_error(_NEWSLETTERSENT, _NEWSLETTER, $adminindex); } $title = _NEWSLETTER; $preview = $notes = $submit = ''; if (isset($_POST['preview'])) { $pagetitle .= ' ' . _BC_DELIM . ' ' . _PREVIEW; $title .= ' ' . _PREVIEW; if (empty($subject)) { cpg_error(sprintf(_ERROR_NOT_SET, _SUBJECT)); } if (empty($content)) { cpg_error(sprintf(_ERROR_NOT_SET, _CONTENT)); } if ($group == 0) { $num_users = $db->sql_count($user_prefix . "_users", 'user_level > 0 AND user_id > 1'); $group_name = strtolower(_NL_ALLUSERS); } elseif ($group == 2) { $num_users = $db->sql_count($prefix . "_admins"); $group_name = strtolower(_NL_ADMINS); } elseif ($group > 2) { $group_id = $group - 2; $num_users = $db->sql_count($prefix . "_bbuser_group", "group_id={$group_id} AND user_pending=0"); list($group_name) = $db->sql_ufetchrow("SELECT group_name FROM " . $prefix . "_bbgroups WHERE group_id={$group_id}", SQL_NUM); } else { $num_users = $db->sql_count($user_prefix . "_users", 'user_level > 0 AND newsletter=1'); $group_name = strtolower(_SUBSCRIBEDUSERS); }
if (isset($_GET['ok'])) { $db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid); $db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid); $db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid); URL::redirect(URL::admin('cpgmm')); } $cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name']; $pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name']; require 'header.php'; GraphicAdmin('_AMENU1'); OpenTable(); echo '<center>' . sprintf(_ERROR_DELETE_CONF, '<i>' . $cat['name'] . '</i>'); echo '<br /><br />[ <a href="' . URL::admin('cpgmm') . '">' . _NO . '</a> | <a href="' . URL::admin("cpgmm&cid={$cid}&mode=delcat&ok=1") . '">' . _YES . '</a> ]</center>'; CloseTable(); } else { cpg_error(_CPG_MMNOCAT); } } else { if (Security::check_post() && isset($_POST['updatecpgmm']) && intval($_POST['id']) && intval($_POST['parent']) && intval($_POST['pos'])) { $cats = -1; for ($i = 0; $i < count($_POST['id']); ++$i) { if ($_POST['parent'][$i] == 0) { ++$cats; if ($_POST['id'][$i] > 0 && $_POST['pos'][$i] != $i) { $db->sql_update($prefix . '_modules_cat', array('pos' => $i), 'cid=' . $_POST['id'][$i]); } $parent = $_POST['id'][$i] == -1 ? '0' : $_POST['id'][$i]; } if ($_POST['id'][$i] > 0 && $_POST['parent'][$i] != 0 && $_POST['pos'][$i] != $i) { $db->sql_update($prefix . '_modules_links', array('pos' => $i - $cats, 'cat_id' => $parent), 'lid=' . $_POST['id'][$i]); } elseif ($_POST['id'][$i] < 0 && $_POST['parent'][$i] != 0 && $_POST['pos'][$i] != $i) {
if ($shoutconf['nameblock']) { $nameresult = $db->sql_query("SELECT name FROM " . $prefix . "_shoutblock_nameblock WHERE name = '" . Fix_Quotes($username, true) . "' LIMIT 0,1"); while ($badname = $db->sql_fetchrow($nameresult)) { if ($username == $badname[0]) { $error = _SHOUTUSERBAN; } } $db->sql_freeresult($nameresult); } //look for bad words, then censor them. if ($shoutconf['censor']) { $comment = check_words($comment); } //if error just reload page, else add posting. if ($error) { cpg_error($error); } else { $db->sql_query("INSERT INTO " . $prefix . "_shoutblock VALUES (NULL, '" . Fix_Quotes($username) . "', '" . Fix_Quotes($comment) . "', '" . gmtime() . "')"); url_redirect($CPG_SESS['user']['uri']); } } function nav_shouts() { global $prefix, $db, $offset, $number, $shoutconf, $userinfo; $offset = intval($offset); $result = $db->sql_query("SELECT * FROM " . $prefix . "_shoutblock ORDER BY id DESC LIMIT {$offset},25"); $loop = $db->sql_numrows($result); while ($row = $db->sql_fetchrow($result)) { echo '<div class="content">'; $row[2] = set_smilies($row[2]); echo '<a href="' . getlink('Your_Account&profile=' . $row[1]) . '"><strong>' . $row[1] . ':</strong></a>';
if ($fields['version']) { $db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')"); } if (!can_admin($module_name)) { $d_queue = $db->sql_count($dl_prefix . '_downloads', "lid!='{$next_id}' AND active=2"); cpg_error('Your download has been queued for review by an administrator<br /><br />At this time, we have <strong>' . $d_queue . '</strong> other downloads awaiting approval', _TB_INFO, URL::index('&file=manage&s=1', true, true)); } DL_Cat::count_dl(); URL::redirect(URL::index('&file=details&id=' . $next_id)); } } } $cats = array(); DL_Cat::list_all($cats); if (count($cats) < 1) { cpg_error('There are no categories in which you can add a download'); } if (can_admin($module_name) || $dl_config['user_catparent']) { $selects = DL_Cat::selectbox($in['cat'], 'in[cat]', false); } else { $selects = '<select class="set" name="in[cat]" id="in[cat]"> <option selected="selected" label="none" value="none">select a category</option>'; foreach ($cats as $cat) { if ($cat['level'] == 1) { if ($selects != '') { $selects .= '</optgroup>'; } $selects .= '<optgroup label="' . $cat['crumb'] . '">'; } else { $selects .= '<option value="' . $cat['cid'] . '"' . (isset($_GET['c']) && $cat['cid'] == intval($_GET['c']) || $cat['cid'] == $in['cat'] ? ' selected="selected"' : '') . '>' . $cat['crumb'] . '</option>'; }
while (list($entry_id, $entry_year, $entry_content, $entry_lang) = $db->sql_fetchrow($result)) { echo '<strong>' . $entry_year . '</strong> ' . ($MAIN_CFG['global']['multilingual'] && !empty($entry_lang) ? '(' . $entry_lang . ') ' : '') . '(<a href="' . URL::admin('&edit=' . $entry_id) . '">' . _EDIT . '</a> / <a href="' . URL::admin('&delete=' . $entry_id) . '">' . _DELETE . '</a>)<br />' . $entry_content; if ($i < $db->sql_numrows($result)) { echo '<hr size="1" noshade="noshade" />'; } $i++; } if ($db->sql_numrows($result) < 1) { echo sprintf(_ERROR_NONE_TO_DISPLAY, 'entries'); } $db->sql_freeresult($result); CloseTable(); } elseif (isset($_GET['edit'])) { $entry_id = intval($_GET['edit']); if (strlen($_GET['edit'] < 1)) { cpg_error(sprintf(_ERROR_NOT_SET, 'ID'), _SEC_ERROR); } list($entry_year, $entry_content, $entry_lang) = $db->sql_ufetchrow("SELECT yid, content, language FROM " . $prefix . "_history WHERE eid='{$entry_id}'", SQL_NUM); $pagetitle .= ' ' . _BC_DELIM . ' ' . _EPHEMEDIT; require_once 'header.php'; GraphicAdmin('_AMENU5'); OpenTable(); echo '<span class="genmed"><strong>' . _EPHEMADMIN . '</strong></span><br /><br />' . open_form(URL::admin('history'), false, _EPHEMEDIT) . _YEAR . ': <input type="text" name="entry_year" value="' . $entry_year . '" size="5" maxlength="4" /><br /><br />'; if ($MAIN_CFG['global']['multilingual']) { echo _LANGUAGE . ': ' . lang_selectbox($entry_lang, 'entry_lang') . '<br /><br />'; } else { echo '<input type="hidden" name="entry_lang" value="' . $entry_lang . '" />'; } echo _EPHEMDESC . ':<br /> <textarea name="entry_content" cols="60" rows="10">' . $entry_content . '</textarea><br /><br /> <input type="hidden" name="entry_id" value="' . $entry_id . '" />
function df_delete_cache() { if (preg_match('#^(a_|bb_|config_)[a-z]+$#i', $GLOBALS['AdminCache']->file) && unlink(BASEDIR . 'cache/' . $GLOBALS['AdminCache']->file . '.php')) { cpg_error($GLOBALS['AdminCache']->file . '.php gone.', _DELETE, URL::admin('cache')); } else { if ($tpl = glob(BASEDIR . 'cache/tpl_' . $GLOBALS['AdminCache']->file . '*.html.inc')) { while ($file = array_shift($tpl)) { if (!unlink($file)) { trigger_error(str_replace(BASEDIR . 'cache/', '', $file) . ' couldn\'t be deleted.', E_USER_WARNING); } } } else { if ($tpl = glob(BASEDIR . 'cache/' . $GLOBALS['AdminCache']->file . '*.php')) { while ($file = array_shift($tpl)) { if (!unlink($file)) { trigger_error(str_replace(BASEDIR . 'cache/', '', $file) . ' couldn\'t be deleted.', E_USER_WARNING); } } } } } global $pagetitle; cpg_error(_TASK_COMPLETED, $pagetitle, URL::admin('cache')); }
$msg = intval($_POST['page_id']) > 0 ? 'replace the current page.' : 'be added.'; $db->sql_query('INSERT INTO ' . $module_prefix . "_pages_wait (page_id, parent_id, title, user_id, comment, body) VALUES (" . intval($_POST['page_id']) . ", " . intval($_POST['parent_id']) . ", '" . Fix_Quotes($_POST['title']) . "', " . is_user() . ", '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')"); cpg_error('Page is added and is awaiting approval to ' . $msg, '', $MAIN_CFG['server']['path'] . URL::index()); } // page_id is used for modifications if (intval($_POST['page_id']) > 0) { $id = intval($_POST['page_id']); $sql = 'UPDATE ' . $module_prefix . "_pages SET" . ' parent_id=' . intval($_POST['parent_id']) . ', active=1' . ", title='" . Fix_Quotes($_POST['title']) . "', version=version+1" . ', supercede=' . time() . ', upd_user_id=' . is_user() . ", upd_author='" . Fix_Quotes($userinfo['username']) . "', comment='" . Fix_Quotes($_POST['comment']) . "', body='" . Fix_Quotes($_POST['content']) . "' WHERE id={$id}"; $db->sql_query($sql); } else { list($pos) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $module_prefix . "_pages WHERE parent_id=" . intval($_POST['parent_id'])); $sql = 'INSERT INTO ' . $module_prefix . '_pages (parent_id, active, pos, title, time, user_id, author, comment, body) VALUES (' . intval($_POST['parent_id']) . ', 1, ' . ($pos + 1) . ", '" . Fix_Quotes($_POST['title']) . "', " . time() . ', ' . is_user() . ", '" . Fix_Quotes($userinfo['username']) . "', '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')"; $db->sql_query($sql); $id = $db->sql_nextid('id'); } cpg_error('Page is added', '', $MAIN_CFG['server']['path'] . URL::index('&id=' . $id)); } else { $row['id'] = 0; $row['parent_id'] = 0; $row['title'] = ''; $row['comment'] = ''; $row['content'] = '<b>nothing</b> yet'; if (isset($_POST['wysiwyg']) || isset($_POST['preview'])) { $row['id'] = $_POST['page_id']; $row['parent_id'] = $_POST['parent_id']; $row['title'] = $_POST['title']; $row['comment'] = $_POST['comment']; if (isset($_POST['content'])) { $row['content'] = $_POST['content']; } } elseif (isset($_GET['id'])) {
function getit() { global $downloadsprefix, $db, $CPG_SESS; $lid = intval($_GET['lid']); $db->sql_query('UPDATE ' . $downloadsprefix . '_downloads SET hits=hits+1 WHERE lid=' . $lid); $result = $db->sql_query('SELECT url FROM ' . $downloadsprefix . '_downloads WHERE lid=' . $lid); if ($db->sql_numrows($result) > 0) { list($url) = $db->sql_fetchrow($result); url_redirect($url); } else { cpg_error(_DL_NOEXISTS); } }
require_once 'footer.php'; } else { cpg_error('The requested file, modules/' . $op . '/admin/' . $file . '.inc, didn\'t output data correctly'); } } elseif (file_exists('admin/modules/' . $op . '.php')) { $module_name = $op; get_lang($op, -1); include 'admin/modules/' . $op . '.php'; if (defined('HEADER_OPEN')) { require_once 'footer.php'; } else { cpg_error('The requested file, admin/modules/' . $op . '.php, didn\'t output data correctly'); } } elseif (is_dir('admin/case')) { $casedir = dir('admin/case'); while ($func = $casedir->read()) { if (substr($func, 0, 5) == 'case.') { include $casedir->path . "/{$func}"; } } closedir($casedir->handle); } cpg_error(sprintf(_MODULENOEXIST, ''), 404); } else { // WebTV hack if (!strstr($_SERVER['HTTP_USER_AGENT'], 'WebTV')) { header('HTTP/1.0 403 Forbidden'); } login(); } }