if (logged_on && isset($_REQUEST['comm_name']) && isset($_REQUEST['comm_username'])) { if (!preg_match("/^[A-Za-z0-9]{3,12}\$/", $_REQUEST['comm_username'])) { $messages[] = "Error! The community username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length."; } else { if ($_REQUEST['comm_name'] == "") { $messages[] = "Error! The community name cannot be blank."; } else { $username = strtolower(addslashes($_REQUEST['comm_username'])); $usernametaken = db_query("select count(ident) as taken from " . tbl_prefix . "users where username = '******'"); $usernametaken = $usernametaken[0]->taken; if ($usernametaken > 0) { $messages[] = "The username '{$username}' is already taken by another user. You will need to pick a different one."; } else { $name = addslashes($_REQUEST['comm_name']); db_query("insert into " . tbl_prefix . "" . tbl_prefix . "users set name = '{$name}', username = '******', user_type = 'community', owner = " . $_SESSION['userid']); $ident = db_id(); db_query("insert into " . tbl_prefix . "" . tbl_prefix . "friends.set owner = " . $_SESSION['userid'] . ", friend = {$ident}"); $messages[] = "Your community was created and you were added as its first member."; } } } } // Friend someone // Friend someone case "friend": if (isset($_REQUEST['friend_id']) && logged_on) { if (run("users:type:get", $friend_id) == "community") { $messages[] = "You joined " . $friend[0]->name . "."; } } break;
function db_query($query, $limit = false, $suppress_error = false, $offset = false) { global $_josh; db_open(); $query = trim($query); if (isset($_josh["basedblanguage"]) && $_josh["basedblanguage"] != $_josh["db"]["language"]) { $query = db_translate($query, $_josh["basedblanguage"], $_josh["db"]["language"]); } $_josh["queries"][] = $query; if ($_josh["db"]["language"] == "mysql") { if ($limit) { $query .= " LIMIT " . $limit; } if ($offset) { $query .= " OFFSET " . $offset; } if ($result = @mysql_query($query, $_josh["db"]["pointer"])) { error_debug("<b>db_query</b> <i>" . $query . "</i>, " . db_found($result) . " results returned"); if (format_text_starts("insert", $query)) { return db_id(); } return $result; } else { error_debug("<b>db_query</b> failed <i>" . $query . "</i>"); if ($suppress_error) { return false; } error_handle("mysql error", format_code($query) . "<br>" . mysql_error()); } } elseif ($_josh["db"]["language"] == "mssql") { //echo $_josh["db"]["location"]. " db"; if ($limit) { $query = "SELECT TOP " . $limit . substr($query, 6); } if ($result = @mssql_query($query, $_josh["db"]["pointer"])) { error_debug("<b>db_query</b> <i>" . $query . "</i>, " . db_found($result) . " results returned"); if (format_text_starts("insert", $query)) { return db_id(); } return $result; } else { if ($suppress_error) { return false; } error_handle("mssql error", format_code($query) . "<br>" . mssql_get_last_message()); } } }
<?php // Actions to perform if (isset($_REQUEST['action'])) { switch ($_REQUEST['action']) { // Create a new weblog post case "weblogs:post:add": if (logged_on && isset($_REQUEST['new_weblog_title']) && isset($_REQUEST['new_weblog_post']) && isset($_REQUEST['new_weblog_access']) && isset($_REQUEST['new_weblog_keywords']) && run("permissions:check", "weblog")) { $title = htmlentities(addslashes($_REQUEST['new_weblog_title']), ENT_QUOTES, 'UTF-8'); $body = addslashes($_REQUEST['new_weblog_post']); $access = addslashes($_REQUEST['new_weblog_access']); db_query("insert into " . tbl_prefix . "weblog_posts\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tset title = '{$title}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tbody = '{$body}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\taccess = '{$access}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tposted = " . time() . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tweblog = {$page_owner},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\towner = " . $_SESSION['userid']); $insert_id = db_id(); if ($_REQUEST['new_weblog_keywords'] != "") { $value = $_REQUEST['new_weblog_keywords']; $value = str_replace("\n", "", $value); $value = str_replace("\r", "", $value); $keyword_list = explode(",", $value); sort($keyword_list); if (sizeof($keyword_list) > 0) { foreach ($keyword_list as $key => $list_item) { $list_item = htmlentities(addslashes(trim($list_item)), ENT_QUOTES, 'UTF-8'); db_query("insert into " . tbl_prefix . "tags set tagtype = 'weblog', access = '{$access}', tag = '{$list_item}', ref = {$insert_id}, owner = " . $_SESSION['userid']); } } } if (run("users:type:get", $page_owner) == "person") { $messages[] = "Your post has been added to your weblog."; } // define('redirect_url',url . $_SESSION['username'] . "/weblog/"); define('redirect_url', url . run("users:id_to_name", $page_owner) . "/weblog/");
/** * */ function save() { // Always delete existing tags if ($this->exists == false) { db_query("insert into " . tbl_prefix . "tags set \n tagtype = 'weblog', \n access = '{$this->access}', \n tag = '{$this->tag}', \n ref = {$this->ref}, \n owner = '{$this->owner}'"); if (db_affected_rows() > 0) { return $this->ident; } else { return false; } } else { db_query("update tags set \n tagtype = 'weblog', \n access = '{$this->access}', \n tag = '{$this->tag}', \n ref = {$this->ref} \n where ident = {$this->ident}"); if (db_affected_rows() > 0) { $this->ident = db_id(); $this->exists = true; return $this->ident; } else { return false; } } }
/** * */ function save() { if ($this->exists == true) { // Check ownership if ($this->weblog->isOwner() != true) { // Not weblog owner, check at post level if ($this->owner != $this->weblog->getOwner()) { return false; } } // Owner is still unmutable db_query("update " . tbl_prefix . "weblog_posts.set \n title = '{$this->title}', \n body = '{$this->body}', \n access = '{$this->access}', \n where ident = {$this->ident}"); if (db_affected_rows() > 0) { return $this->ident; } else { return false; } } else { db_query("insert into " . tbl_prefix . "weblog_posts set \n title = '{$this->title}',\n body = '{$this->body}',\n weblog = {$this->blog_id}, \n access = '{$this->access}', \n posted = " . time() . ", \n owner = {$this->owner}"); if (db_affected_rows() > 0) { // Set the new post id $this->ident = db_id(); $this->exists = true; return $this->ident; } else { return false; } } }
/** * */ function save() { $this->setupPersonalStorage(); if ($this->exists == true) { // Owner is still unmutable db_query("update file_folders \n set parent = {$this->parent},\n name = '{$this->name}',\n access = '{$this->access}'"); if (db_affected_rows() > 0) { return $this->ident; } else { return false; } } else { db_query("insert into " . tbl_prefix . "file_folders \n set parent = {$this->parent},\n name = '{$this->name}',\n access = '{$this->access}',\n owner = {$this->owner},\n files_owner = {$this->files_owner}"); if (db_affected_rows() > 0) { // Set the new folder id $this->ident = db_id(); $this->exists = true; return $this->ident; } else { return false; } } }
} else { if ($ok == true) { switch ($imageattr[2]) { case "1": $file_extension = ".gif"; break; case "2": $file_extension = ".jpg"; break; case "3": $file_extension = ".png"; break; } $save_file = $page_owner . "_" . time() . $file_extension; $save_location = path . "_icons/data/" . $save_file; if (move_uploaded_file($_FILES['iconfile']['tmp_name'], $save_location)) { $filedescription = addslashes($_POST['icondescription']); db_query("insert into " . tbl_prefix . "icons set filename = '{$save_file}', owner = " . $page_owner . ", description = '{$filedescription}'"); if ($_POST['icondefault'] == "yes") { $ident = (int) db_id(); db_query("update " . tbl_prefix . "users set icon = {$ident} where ident = " . $page_owner); $_SESSION['icon'] = $save_file; } $messages[] = "Your icon was uploaded successfully."; } else { $messages[] = "An unknown error occurred when saving your icon. If this problem persists, please let us know and we'll do all we can to fix it quickly."; } } } } }
if ($field == 'google_ad_client') { $access = 'user' . $page_owner; } $isReadOnly = false; $confItem = ""; foreach ($data['profile:details'] as $datatype) { if ($datatype[1] == $field) { $confItem = $datatype; if ($confItem[-1] == true) { $isReadOnly = true; } } } db_query("delete from " . tbl_prefix . "profile_data where name = '{$field}' and owner = '" . $page_owner . "' and name != 'linkedin'"); db_query("insert into " . tbl_prefix . "profile_data set name = '{$field}', value = '{$value}', access = '{$access}', owner = '{$owner}'"); $insert_id = (int) db_id(); //foreach($data['profile:details'] as $datatype) { if (is_array($confItem)) { $datatype = $confItem; if ($datatype[1] == $field && $datatype[2] == "keywords") { db_query("delete from " . tbl_prefix . "tags where tagtype = '{$field}' and owner = '{$owner}'"); $keywords = ""; $value = str_replace("\n", "", $value); $value = str_replace("\r", "", $value); $keyword_list = explode(",", $value); sort($keyword_list); if (sizeof($keyword_list) > 0) { foreach ($keyword_list as $key => $list_item) { if ($key > 0) { $keywords .= ", "; }
$folderid = (int) $_REQUEST['folder']; $description = addslashes($_REQUEST['new_file_description']); $title = addslashes($_REQUEST['new_file_title']); $new_filename = time() . "_" . preg_replace("/[^\\w.-]/i", "_", $original_filename); $upload_folder = substr($ul_username, 0, 1); if (!file_exists(path . "_files/data/" . $upload_folder)) { mkdir(path . "_files/data/" . $upload_folder); } if (!file_exists(path . "_files/data/" . $upload_folder . "/" . $ul_username)) { mkdir(path . "_files/data/" . $upload_folder . "/" . $ul_username); } $new_filename = path . "_files/data/" . $upload_folder . "/" . $ul_username . "/" . $new_filename; if (move_uploaded_file($_FILES['new_file']['tmp_name'], $new_filename)) { $new_filename = addslashes($new_filename); db_query("insert into " . tbl_prefix . "files \tset owner = " . $_SESSION['userid'] . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tfiles_owner = " . $page_owner . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tfolder = {$folderid},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\toriginalname = '{$original_filename}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttitle = '{$title}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tlocation = '{$new_filename}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\taccess = '{$access}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tsize = '{$size}',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\ttime_uploaded = " . time()); $file_id = db_id(); if ($_REQUEST['new_file_keywords'] != "") { $value = $_REQUEST['new_file_keywords']; $value = str_replace("\n", "", $value); $value = str_replace("\r", "", $value); $keyword_list = explode(",", $value); sort($keyword_list); if (sizeof($keyword_list) > 0) { foreach ($keyword_list as $key => $list_item) { $list_item = addslashes(trim($list_item)); db_query("insert into " . tbl_prefix . "tags set tagtype = 'file', access = '{$access}', tag = '{$list_item}', ref = {$file_id}, owner = " . $page_owner); } } } if (isset($_REQUEST['metadata'])) { $metadata = $_REQUEST['metadata'];
function saveFile($username, $bits, $name) { $result = array(); $result['code'] = null; $result['message'] = ""; $result['url'] = ""; $result['stored'] = false; $user_id = (int) userNameToId($username); // Setup the storage area $folder_id = checkUploadFolder($username); // Abort if the storage area is inaccessible if ($folder_id == "") { $result['code'] = -32500; $result['stored'] = false; $result['message'] = "Unable to locate the default storage area"; return $result; } // Decode the file and store it $new_filename = time() . "_" . preg_replace("/[^\\w.-]/i", "_", $name); $storage_dir = path . "_files/data/" . substr($username, 0, 1) . "/" . $username . "/"; $ifp = fopen($storage_dir . $new_filename, "wb"); $file = base64_decode($bits); fwrite($ifp, $file); fclose($ifp); // TODO Determine file size $file_size = filesize($storage_dir . $new_filename); // Check for quota $total_quota = db_query("select sum(size) as sum from " . tbl_prefix . "files where owner = {$user_id}"); $total_quota = $total_quota[0]->sum; $max_quota = db_query("select file_quota from " . tbl_prefix . "users where ident = {$user_id}"); $max_quota = $max_quota[0]->file_quota; if ($total_quota + $file_size > $max_quota) { $result['code'] = -32500; $result['stored'] = false; $result['message'] = "File quota exceeded"; // Remove the upload @unlink($storage_dir . $new_filename); return $result; } else { db_query("insert into " . tbl_prefix . "files set owner = " . $user_id . ",\n folder = {$folder_id},\n originalname = '{$name}',\n title = '{$name}',\n description = 'Automatic upload',\n location = '" . $storage_dir . $new_filename . "',\n access = 'PUBLIC',\n size = '{$file_size}',\n time_uploaded = " . time()); $file_id = db_id(); $result['code'] = 200; $result['stored'] = true; $result['message'] = "File has been stored"; $result['url'] = url . $username . "/files/" . $folder_id . "/" . $file_id . "/" . $name; return $result; } }
$exists = db_query("select count(ident) as template_exists from templates where ident = {$id} and owner = " . $_SESSION['userid']); $exists = $exists[0]->template_exists; if ($exists) { db_query("update " . tbl_prefix . "users set template_id = -1 where template_id = {$id}"); db_query("delete from " . tbl_prefix . "template_elements where template_id = {$id}"); db_query("delete from templates where ident = {$id}"); $messages[] = "Your template was deleted."; } } break; case "templates:create": if (isset($_REQUEST['new_template_name']) && isset($_REQUEST['template_based_on'])) { $based_on = (int) $_REQUEST['template_based_on']; $name = addslashes($_REQUEST['new_template_name']); db_query("insert into " . tbl_prefix . "templates set name = '{$name}', public = 'no', owner = " . $_SESSION['userid']); $new_template_id = db_id(); if ($based_on != -1) { $exists = db_query("select count(ident) as template_exists from templates where ident = {$based_on} and (owner = " . $_SESSION['userid'] . " or public = 'yes')"); $exists = $exists[0]->template_exists; var_export($exists); if ($exists) { $elements = db_query("select * from " . tbl_prefix . "template_elements where template_id = {$based_on}"); if (sizeof($elements) > 0) { foreach ($elements as $element) { db_query("insert into " . tbl_prefix . "template_elements set name = '" . $element->name . "', content = '" . $element->content . "', template_id = '" . $new_template_id . "'"); } } } } } break;
/** * */ function save() { if ($this->exists == false) { db_query("insert into " . tbl_prefix . "files set owner = {$this->owner},\n files_owner = {$this->files_owner},\n folder = {$this->folder},\n originalname = '{$this->originalname}',\n title = '{$this->title}',\n description = 'Automated upload',\n location = '{$this->location}',\n access = '{$this->access}',\n size = '{$this->size}',\n time_uploaded = " . time()); if (db_affected_rows() > 0) { $this->exists = true; $this->ident = db_id(); $result['value'] = $this->ident; $result['message'] = "File stored"; return $result; } else { $result['value'] = false; $result['message'] = "File not stored"; return $result; } } else { db_query("update " . tbl_prefix . "files.set \n folder = {$this->folder},\n title = '{$this->title}',\n description = 'Automated upload',\n access = '{$this->access}',\n where ident = {$this->ident}"); if (db_affected_rows() > 0) { $result['value'] = $this->ident; $result['message'] = "File updated"; return $result; } else { $result['value'] = false; $result['message'] = "File not updated"; return $result; } } }