function buildLink($wvActionId, $options, $caption)
{
$lttemp = false;
if (isset($_POST["login"])) {
if ($_POST["login"] == "1") {
$lttemp = true;
}
}
if ($lttemp == true) {
//Check that the user is properly logged in
$wvuserpasswdmd5ln = qry('user', 'user_password_md5', 'user_name', fv('wvUserName'));
if (md5($_SESSION['wvUserPassword']) == $wvuserpasswdmd5ln) {
$loginverifiedln = 1;
$loginln = 1;
} else {
$loginverifiedln = 0;
err(5);
$loginbl = 0;
}
if ($loginverifiedln == 1) {
} else {
err(289);
$loginln = 0;
}
} else {
$loginln = 0;
}
$localeid = fv('locale');
if ($loginln == 0) {
if ($options == '') {
$separator = '';
$options = $options . '&locale=' . $localeid;
$options = str_replace('&&', '&', $options);
} else {
$separator = '&';
$options = $options . 'locale=' . $localeid;
$options = str_replace('&&', '&', $options);
}
$linkGenerated = itr(38) . $wvActionId . $separator . $options . itr(39) . $caption . itr(40);
} else {
if ($options == '') {
$separator = '';
$options = $options . '&wvSession=' . session_id() . '&' . itr(63) . $localeid;
$options = str_replace('&&', '&', $options . '&wvSession=' . session_id());
} else {
$separator = itr(41);
$options = $options . '&' . itr(62) . $localeid;
$options = str_replace('&&', '&', $options);
}
$linkGenerated = str_replace('&&', '&', itr(42) . $wvActionId . str_replace(itr(54), itr(43), str_replace('=', itr(44), $options)) . itr(1083) . $caption . itr(1084));
}
return $linkGenerated;
}
private function sqlParameter($isADD, &$data, $name, &$field, &$EnumPrunecache, $isSerialized = false, $kA = '', $wS = '')
{
$output = false;
$encapsulation = $isSerialized ? '' : '"';
switch ($field[CONS_XML_TIPO]) {
case CONS_TIPO_INT:
if (isset($data[$name]) && $data[$name] !== "" && is_numeric($data[$name])) {
$output = $data[$name];
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
break;
case CONS_TIPO_LINK:
if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) {
$encapsulation = '';
}
if (isset($data[$name]) && ($data[$name] !== '' && $data[$name] !== 0 || !isset($field[CONS_XML_MANDATORY]))) {
# non-mandatory links accept 0 values, otherwise 0 is not acceptable
if ((!$isADD && isset($field[CONS_XML_IGNORENEDIT]) || $isADD) && ($data[$name] === 0 || $data[$name] === '')) {
break;
} else {
if (($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) && ($data[$name] === '' || !is_numeric($data[$name]))) {
$data[$name] = 0;
} else {
if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_VC && $data[$name] != '') {
if ($field[CONS_XML_SPECIAL] == "ucase") {
$data[$name] = strtoupper($data[$name]);
}
if ($field[CONS_XML_SPECIAL] == "lcase") {
$data[$name] = strtolower($data[$name]);
}
}
}
}
# if this is a parent, check if this won't create a cyclic parenting
if ($data[$name] !== 0 && $data[$name] !== '' && $field[CONS_XML_MODULE] == $this->name && $this->options[CONS_MODULE_PARENT] == $name) {
if (!$isADD && $data[$name] == $data[$this->keys[0]]) {
$data[$name] = 0;
$this->parent->errorControl->raise(128, $name, $this->name, "Parent=Self");
if (isset($field[CONS_XML_MANDATORY])) {
return false;
}
} else {
$antiCicle = $isADD ? array() : array($data[$this->keys[0]]);
$idP = isset($data[$name]) ? $data[$name] : 0;
if ($idP == null) {
$idP = 0;
}
while ($idP !== 0) {
$idP = $this->parent->dbo->fetch("SELECT {$name} FROM " . $this->dbname . " WHERE " . $this->keys[0] . "={$idP}");
if ($idP == NULL) {
$idP = 0;
}
if (in_array($idP, $antiCicle)) {
break;
}
// cicle!
$antiCicle[] = $idP;
}
unset($antiCicle);
if ($idP !== 0) {
# did not reach root
$this->parent->errorControl->raise(128, $name, $this->name, "Initial parent was = " . $data[$name]);
$data[$name] = 0;
if (isset($field[CONS_XML_MANDATORY])) {
return false;
}
}
}
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
if ($field[CONS_XML_DEFAULT] == "%UID%" && defined("CONS_AUTH_USERMODULE") && $field[CONS_XML_MODULE] == CONS_AUTH_USERMODULE && $_SESSION[CONS_SESSION_ACCESS_LEVEL] > 0 && isset($_SESSION[CONS_SESSION_ACCESS_USER]['id'])) {
$output = $encapsulation . $_SESSION[CONS_SESSION_ACCESS_USER]['id'] . $encapsulation;
} else {
if ($field[CONS_XML_DEFAULT] != "%UID%") {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
}
}
break;
case CONS_TIPO_FLOAT:
if (isset($data[$name]) && $data[$name] !== "") {
$data[$name] = fv($data[$name]);
if (is_numeric($data[$name])) {
$output = str_replace(",", ".", $data[$name]);
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
break;
case CONS_TIPO_VC:
if (isset($data[$name])) {
if (!isset($field[CONS_XML_SPECIAL]) || $field[CONS_XML_SPECIAL] != "urla") {
if (!isset($field[CONS_XML_CUSTOM])) {
$data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo);
} else {
if (!$isSerialized) {
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
}
}
if (isset($field[CONS_XML_SPECIAL])) {
if ($field[CONS_XML_SPECIAL] == "urla") {
if (!isset($data[$name]) || $data[$name] == '') {
$source = isset($field[CONS_XML_SOURCE]) ? $field[CONS_XML_SOURCE] : "{" . $this->title . "}";
$tp = new CKTemplate($this->parent->template);
$tp->tbreak($source);
$data[$name] = $tp->techo($data);
unset($tp);
}
$data[$name] = str_replace(">", "", str_replace("<", "", str_replace(""", "", str_replace("'", "", $data[$name]))));
$data[$name] = removeSimbols($data[$name], true, false, CONS_FLATTENURL);
}
if ($field[CONS_XML_SPECIAL] == "login" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\-\\.@]){4,20}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(129, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "mail" && $data[$name] != "") {
if (!isMail($data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(130, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "ucase" && $data[$name] != "") {
$data[$name] = strtoupper($data[$name]);
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
if ($field[CONS_XML_SPECIAL] == "lcase" && $data[$name] != "") {
$data[$name] = strtolower($data[$name]);
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
if ($field[CONS_XML_SPECIAL] == "path" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\/\\-]*)$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(131, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "onlinevideo" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\-]){8,20}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(132, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "time" && $data[$name] != "") {
if (!preg_match('/^([0-9]){1,2}(:)([0-9]){1,2}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(133, $name, $this->name);
break;
} else {
$data[$name] = explode(":", $data[$name]);
$data[$name][0] = (strlen($data[$name][0]) == 1 ? "0" : "") . $data[$name][0];
$data[$name][1] = (strlen($data[$name][1]) == 1 ? "0" : "") . $data[$name][1];
$data[$name] = $data[$name][0] . ":" . $data[$name][1];
}
}
}
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
} else {
if ($isADD && (!isset($data[$name]) || $data[$name] == '') && isset($field[CONS_XML_DEFAULT])) {
$data[$name] = $field[CONS_XML_DEFAULT];
}
}
$output = $encapsulation . $data[$name] . $encapsulation;
}
break;
case CONS_TIPO_TEXT:
if (isset($data[$name])) {
# WYSIWYG garbage ...
if (isset($field[CONS_XML_HTML]) && !isset($field[CONS_XML_CUSTOM])) {
$data[$name] = str_replace(" ", " ", trim($data[$name]));
if (isset($field[CONS_XML_SIMPLEEDITFORCE]) && $data[$name] != '') {
if (!defined('C_XHTML_AUTOTAB')) {
include CONS_PATH_INCLUDE . "xmlHandler.php";
}
$data[$name] = parseHTML($data[$name], true);
if ($data[$name] === false) {
$this->parent->errorControl->raise(190, $name, $this->name);
$data[$name] = '';
break;
}
}
if ($this->invalidHTML($data[$name])) {
# external editors garbage that can break HTML
$this->parent->errorControl->raise(135, $name, $this->name);
}
}
if (!isset($field[CONS_XML_CUSTOM])) {
$data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo);
} else {
if (!$isSerialized) {
$data[$name] = addslashes_EX($data[$name], true, $this->parent->dbo);
}
}
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
break;
case CONS_TIPO_DATETIME:
case CONS_TIPO_DATE:
if (!isset($data[$name]) || $data[$name] == '') {
if (!$isADD && isset($field[CONS_XML_UPDATESTAMP])) {
$output = "NOW()";
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
break;
} else {
if ($isADD && (isset($field[CONS_XML_TIMESTAMP]) || isset($field[CONS_XML_UPDATESTAMP]))) {
$output = "NOW()";
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
break;
}
}
}
if (!isset($data[$name]) && isset($data[$name . "_day"])) {
# date came into separated fields, merge them
$theDate = $this->parent->intlControl->mergeDate($data, $name . "_");
if (!$theDate == false || ($theDate == "0000-00-00" || $theDate == "0000-00-00 00:00:00") && isset($field[CONS_XML_IGNORENEDIT])) {
break;
}
# empty date can be ignored, or corrupt date
$output = $encapsulation . $theDate . $encapsulation;
} else {
# came in mySQL format or i18n fromat
if (isset($data[$name]) && $data[$name] != "") {
$data[$name] = trim($data[$name]);
$theDate = $data[$name];
$theDate = $this->parent->intlControl->dateToSql($theDate, $field[CONS_XML_TIPO] == CONS_TIPO_DATETIME);
// handles any format of human or sql date
if ($theDate === false) {
if (substr($data[$name], 0, 5) == "NOW()") {
$output = $data[$name];
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
} else {
$this->parent->errorControl->raise(134, $name, $this->name);
}
} else {
$output = $encapsulation . $theDate . $encapsulation;
$data[$name] = $theDate;
// other fields might need it
}
} else {
if (isset($data[$name])) {
// blank
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT])) {
break;
}
$output = isset($field[CONS_XML_MANDATORY]) && $field[CONS_XML_MANDATORY] ? $encapsulation . "0000-00-00" . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " 00:00:00" : "") . $encapsulation : 'NULL';
}
}
}
break;
case CONS_TIPO_ENUM:
if (isset($data[$name])) {
if ($data[$name] == "") {
# enum does not accept empty values, this means it's a NON-MANDATORY enum comming empty = NULL
$output = "NULL";
} else {
$data[$name] = str_replace("\"", "", str_replace("'", "", $data[$name]));
$output = $encapsulation . $data[$name] . $encapsulation;
if (isset($field[CONS_XML_AUTOPRUNE])) {
// possible prune
//$EnumPrunecache
preg_match("@ENUM \\(([^)]*)\\).*@", $field[CONS_XML_SQL], $regs);
$enums = explode(",", $regs[1]);
$pruneRecipient = "";
for ($ec = 0; $ec < count($enums); $ec++) {
if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] == '*') {
$pruneRecipient = $enums[$ec];
}
}
for ($ec = 0; $ec < count($enums); $ec++) {
if ("'" . $data[$name] . "'" == $enums[$ec]) {
if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] != '0' && $field[CONS_XML_AUTOPRUNE][$ec] != '*') {
$EnumPrunecache[] = array($name, $field[CONS_XML_AUTOPRUNE][$ec], $pruneRecipient);
}
break;
// for
}
}
}
}
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
break;
case CONS_TIPO_OPTIONS:
# must come as a string of 0 and 1
if (isset($data[$name]) && strlen($data[$name]) >= count($field[CONS_XML_OPTIONS])) {
# test if they are all 0 and 1!
$ok = true;
for ($c = 0; $c < strlen($data[$name]); $c++) {
if ($data[$name][$c] != "0" && $data[$name][$c] != "1") {
$ok = false;
break;
}
}
if ($ok) {
$output = $encapsulation . $data[$name] . ($isADD ? '0000' : '') . $encapsulation;
}
}
break;
case CONS_TIPO_UPLOAD:
if (!$isADD) {
# upload on add happens AFTER the SQL include, so if it fails, we don't even bother processing upload
if (isset($data[$name . "_delete"]) || isset($_FILES[$name]) && $_FILES[$name]['error'] == 0) {
// delete ou update
$ids = "";
foreach ($this->keys as $key) {
$ids .= $data[$key] . "_";
}
$ids = substr($ids, 0, strlen($ids) - 1);
$this->deleteUploads($data, $name, $ids);
}
$upOk = $this->prepareUpload($name, $kA, $data);
$upvalue = $upOk == '0' ? 'y' : 'n';
if ($upOk != 0 && $upOk != 4) {
# notification for the upload (4 = nothing sent, 0 = sent and ok)
$this->parent->errorControl->raise(200 + $upOk, $upOk, $this->name, $name);
}
if ($upOk != 4) {
$output = $encapsulation . $upvalue . $encapsulation;
} else {
// no change, but take this oportunity and check if the file exists!
$upvalue = 'n';
$path = CONS_FMANAGER . $this->name . "/";
if (is_dir($path)) {
if (isset($this->fields[$name][CONS_XML_FILEPATH])) {
$path .= $this->fields[$name][CONS_XML_FILEPATH];
if ($path[strlen($path) - 1] != "/") {
$path .= "/";
}
if (!is_dir($path)) {
safe_mkdir($path);
}
}
# prepares filename with item keys
$filename = $path . $name . "_";
foreach ($this->keys as $key) {
$filename .= $data[$key] . "_";
}
$filename .= "1";
$upvalue = locateAnyFile($filename, $ext, isset($this->fields[$name][CONS_XML_FILETYPES]) ? $this->fields[$name][CONS_XML_FILETYPES] : '') ? 'y' : 'n';
}
$output = $encapsulation . $upvalue . $encapsulation;
}
}
break;
case CONS_TIPO_ARRAY:
if (isset($data[$name])) {
if (is_array($data[$name])) {
$output = $data[$name];
} else {
# came in serialized (JSON or php)
if ($data[$name][0] == '[') {
# JSON
$output = @json_decode($data[$name]);
} else {
$output = @unserialize($data[$name]);
}
# we will serialize the whole thing
if ($output === false) {
$this->parent->errorControl->raise(189, $name, $this->name);
$output = "";
}
}
}
break;
case CONS_TIPO_SERIALIZED:
if (isset($data[$name])) {
// came raw data, we store as is, YOU should serialize raw data
$data[$name] = addslashes_EX($data[$name], true);
if (isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($this->fields[$name][CONS_XML_SERIALIZED] > 1) {
// set to WRITE or ALL
// note: we ADD fields, never replace, because we should allow partial edits, thus we need to read the original data first
$sql = "SELECT {$name} FROM " . $this->dbname . " WHERE {$wS}";
$serialized = $this->parent->dbo->fetch($sql);
if ($serialized === false) {
$serialized = array();
} else {
$serialized = @unserialize($serialized);
}
$serializedFields = 0;
foreach ($this->fields[$name][CONS_XML_SERIALIZEDMODEL] as $exname => &$exfield) {
if (isset($data[$name . "_" . $exname])) {
$outfield = $this->sqlParameter(true, $data, $name . "_" . $exname, $exfield, $EnumPrunecache, true);
if ($outfield !== false && $outfield != 'NULL') {
$serialized[$exname] = $outfield;
}
# we don't need to store NULL like in sql
}
}
$output = $encapsulation . addslashes_EX(serialize($serialized), true, $this->parent->dbo) . $encapsulation;
}
}
break;
}
# switch
return $output;
}
<?php
/* VERIFYING ACTION APPROVAL */
$axnAuthPriv = qry('operation', 'operation_permission_required', 'operation_id', fv('a'));
if ($login == 0) {
$userAuth = 0;
} else {
$userAuth = qry('user', 'user_authorisation_type', 'user_name', fv('wvUserName'));
}
if ($userAuth >= $axnAuthPriv) {
$userpermissionverified = 1;
if (strpos('node', $wvActionId) === true || strpos('Node', $wvActionId) === true) {
//TODO
checkPermissions($nodeId);
if ($userPermissionRead == 1 || $userPermissionWrite == 2 && $wvActionIdCheck == 'viewNode' || $userPermissionWrite == 2 && $wvActionIdCheck == 'editNode') {
$nodepermerr == 1;
} else {
$nodepermerr == 0;
echo SELECT;
}
} else {
//This is not a node action
$nodepermerr = 0;
}
} else {
$userpermissionverified = 0;
}
/* END ACTION APPROVAL */
}
//ACTION newCharacterCategoryExecute
if ($wvActionId == 'newCharacterCategoryExecute') {
$sqlquery = 'INSERT INTO `character_category` ( `dce_id` , `dce_category` , `dce_name` , `dce_html` , `dce_comment` , `dce_decomposition` , `dce_aka` , `dce_see_also` , `dce_comments` , `dce_mojikyo` , `dce_tron` , `dce_armscii8` , `dce_unicode` ) VALUES ( NULL , \'' . fv('characterCategory') . '\', \'' . fv('characterName') . '\', \'' . fv('characterHtml') . '\', NULL, \'' . fv('characterDecomposition') . '\', \'' . fv('characterAka') . '\', \'' . fv('characterSeeAlso') . '\', \'' . fv('characterComments') . '\', \'' . fv('characterMojikyo') . '\', \'' . fv('characterTron') . '\', \'' . fv('characterArmscii') . '\', \'' . fv('characterUnicode') . '\' );';
echo $sqlquery;
mysql_query($sqlquery);
$pageBody = itr(915) . mysql_insert_id() . itr(916);
$pageTitle = itr(917);
} else {
}
//ACTION nodeIndex (final action in action defs)
if ($wvActionId == 'nodeIndex') {
$nodeMin = 0;
$nodeMaxArray = mysql_fetch_array(mysql_query('SELECT MAX(node_id) FROM `node`;'));
$nodeMax = $nodeMaxArray['MAX(node_id)'];
$start = fv('st');
$start = round($start);
$end = $start + 9;
if ($end > $nodeMax) {
$end = $nodeMax;
}
$prevStart = $start - 10;
if ($prevStart < $nodeMin) {
$prevStart = $nodeMin;
}
$nextStart = $end + 1;
if ($nextStart > $nodeMax) {
$nextStart = $start;
}
if ($nextStart == $nodeMax) {
$nextStart = $nodeMax;
function newNodeRevisionExecute()
{
if (fv('nodeDataUploadFlag')) {
// echo 'Adding data…';
$tablenamenewdata = "data";
$next_incrementdata = 0;
$qShowStatusdata = "SHOW TABLE STATUS LIKE '{$tablenamenewdata}'";
$qShowStatusResultdata = mysql_query($qShowStatusdata) or die("Query failed: " . mysql_error() . "<br/>" . $qShowStatusdata);
$rowdata = mysql_fetch_assoc($qShowStatusResultdata);
$next_incrementdata = $rowdata['Auto_increment'];
mysql_query('INSERT INTO `data` (`data_id`, `data_current_revision`) VALUES (NULL, \'' . $next_incrementdata . '\');');
$addedDataId = mysql_insert_id();
// echo 'data number ' . $addedDataId . 'and data revision number ';
$fileTempName = $_FILES['uploadeddata']['tmp_name'];
mysql_query('INSERT INTO `data_revision` (`data_revision_id`, `data_revision_name`, `data_revision_length`, `data_revision_type`, `data_revision_node_id`, `data_revision_md5`, `data_revision_data_id`, `data_revision_node_edit_id`) VALUES (NULL, \'' . $HTTP_POST_FILES['uploadeddata']['name'] . '\', \'' . $HTTP_POST_FILES['uploadeddata']['size'] . '\', \'' . fv('dataType') . '\', \'nodeid\', \'' . md5_file($fileTempName) . '\', \'' . $addedDataId . '\', \'not yet known\');');
$targetULDirectory = 'weave/data/' . str_replace(0, '0/', str_replace(1, '1/', str_replace(2, '2/', str_replace(3, '3/', str_replace(4, '4/', str_replace(5, '5/', str_replace(6, '6/', str_replace(7, '7/', str_replace(8, '8/', str_replace(9, '9/', mysql_insert_id()))))))))));
mkdir($targetULDirectory, 0700, true);
/* $ck = mysql_insert_id();
$subdirs = array();
for ($i = 0;$i < strlen($ck);$i++) $subdirs[] = $ck[$i];
*/
$addedDataRevisionId = mysql_insert_id();
// echo $addedDataRevisionId;
$targetULDirectory = $targetULDirectory . $addedDataRevisionId . '.wdf';
// echo $targetULDirectory;
move_uploaded_file($fileTempName, $targetULDirectory);
} else {
// echo 'not adding data. ';
}
$tablenamenewnode = "node_revision";
$next_incrementnode = 0;
$qShowStatusnode = "SHOW TABLE STATUS LIKE '{$tablenamenewnode}'";
$qShowStatusResultnode = mysql_query($qShowStatusnode) or die("Query failed: " . mysql_error() . "<br/>" . $qShowStatusnode);
$rownode = mysql_fetch_assoc($qShowStatusResultnode);
$next_incrementnode_revision = $rownode['Auto_increment'];
mysql_query('UPDATE `node` SET `node_current_revision` = \'' . $next_incrementnode_revision . '\' WHERE `node_id` =' . fv('nodeId') . ' LIMIT 1 ;');
//INSERT INTO `node` ( `node_id` , `node_current_revision` ) VALUES (' . fv('nodeId') . ', \'' . $next_incrementnode_revision . '\');');
$nodeEditedId = mysql_insert_id();
newintf($_POST['nodeDisplayTitle']);
global $newIntfId;
$nodeDisplayTitleIntfId = $newIntfId;
newintf($_POST['nodeShortTitle']);
global $newIntfId;
$nodeShortTitleIntfId = $newIntfId;
newintf($_POST['nodeTitle']);
global $newIntfId;
$nodeTitleIntfId = $newIntfId;
newintf($_POST['nodeSource']);
global $newIntfId;
$nodeSourceIntfId = $newIntfId;
newintf($_POST['nodeSortTitle']);
global $newIntfId;
$nodeSortTitleIntfId = $newIntfId;
newintf($_POST['nodeDescription']);
global $newIntfId;
$nodeDescriptionIntfId = $newIntfId;
newintf($_POST['nodeDisambiguationDescription']);
global $newIntfId;
$nodeDisambiguationDescriptionIntfId = $newIntfId;
newintf($_POST['nodeComment']);
global $newIntfId;
$nodeCommentIntfId = $newIntfId;
newintf($_POST['nodeShortDescription']);
global $newIntfId;
$nodeShortDescriptionIntfId = $newIntfId;
$newNodeOwnerId = qry('user', 'user_id', 'user_name', mysql_real_escape_string($_POST['userName']));
$newNodeData = array("node_revision_type" => $_POST['nodeType'], "node_revision_display_title" => $nodeDisplayTitleIntfId, "node_revision_short_title" => $nodeShortTitleIntfId, "node_revision_title" => $nodeTitleIntfId, "node_revision_permissions" => $_POST['nodePermissions'], "node_revision_relationships" => $_POST['nodeRelationships'], "node_revision_source" => $nodeSourceIntfId, "node_revision_sort_title" => $nodeSortTitleIntfId, "node_revision_description" => $nodeDescriptionIntfId, "node_revision_disambiguation_description" => $nodeDisambiguationDescriptionIntfId, "node_revision_metadata" => $_POST['nodeMetadata'], "node_revision_comment" => $nodeCommentIntfId, "node_revision_short_description" => $nodeShortDescriptionIntfId, "node_revision_universe_status" => $_POST['nodeUniverseStatus'], "node_revision_owner" => $newNodeOwnerId, "node_revision_copyright_flag" => $_POST['nodeCopyrightFlag'], "node_revision_morality_flag" => $_POST['nodeMoralityFlag'], "node_revision_personal_flag" => $_POST['nodePersonalFlag'], "node_revision_data_id" => $addedDataId, "node_revision_node_id" => fv('nodeId'), "node_revision_minor_flag" => $_POST['nodeMinorFlag'], "node_revision_time" => getnow());
ins('node_revision', $newNodeData);
$nodeRevisionAddedId = mysql_insert_id();
$nodeEditedId = fv('nodeId');
$user = new user(0, '', 0, fv('wvUserName'), 0, '', '', '');
$user->request_content('user_name', fv('wvUserName'));
$newnodeeditids = $user->node_edit_ids . itr(1494) . $nodeRevisionAddedId;
$user->set_variable('node_edit_ids', $newnodeeditids);
return $nodeEditedId;
}
function addLink($action, $options, $caption)
{
$lttemp = false;
if (isset($_REQUEST["login"])) {
if ($_REQUEST["login"] == "1") {
$lttemp = true;
}
}
if ($lttemp == true) {
//Check that the user is properly logged in
if ($this->checkLogin()) {
$loginverifiedln = 1;
$loginln = 1;
} else {
$loginverifiedln = 0;
$this->fail("Login not verified: Password does not match stored check — Probably the password provided was incorrect.");
$loginbl = 0;
}
if ($loginverifiedln == 1) {
} else {
$this->fail("Login error: could not authenticate.");
$loginln = 0;
}
} else {
$loginln = 0;
}
$localeid = fv('locale');
if ($loginln == 0) {
if ($options == '') {
$separator = '';
$options = $options . '&locale=' . $localeid;
$options = str_replace('&&', '&', $options);
} else {
$separator = '&';
$options = $options . 'locale=' . $localeid;
$options = str_replace('&&', '&', $options);
}
$linkGenerated = '<a href="ember.php?wintNeeded=emberWebView&wint=1&emAction=' . $action . $separator . $options . '">' . $caption . '</a>';
} else {
if ($options == '') {
$separator = '';
$options = $options . '&emSession=' . session_id() . '&locale=' . $localeid;
$options = str_replace('&&', '&', $options . '&emSession=' . session_id());
} else {
$separator = itr(41);
$options = $options . '&locale=' . $localeid;
$options = str_replace('&&', '&', $options);
}
$linkGenerated = str_replace('&&', '&', '<form action="ember.php" method="post"><input type="hidden" name="wint" value="1"><input type="hidden" name="wintNeeded" value="emberWebView"><input type="hidden" name="emAction" value="' . $action . str_replace('&', '"><input type="hidden" name="', str_replace('=', '" value="', $options)) . '"><input type="hidden" name="login" value="1"><button type="submit" class="t">' . $caption . '</button></form>');
}
return $linkGenerated;
}
/* PREFETCH PAGE PARAMETERS */
if (isset($_POST["login"])) {
if ($_POST["login"] == "1") {
global $login;
//Check that the user is properly logged in
$userPasswdMd5 = qry('user', 'user_password_md5', 'user_name', fv('wvUserName'));
if (md5(fv('wvUserPassword')) == $userPasswdMd5) {
$loginverified = 1;
$login = 1;
} else {
$loginverified = 0;
err(5);
$login = 0;
}
if ($loginverified !== 1) {
err(6);
$login = 0;
}
} else {
// itf(7);
$login = 0;
}
} else {
$login = 0;
}
//page title
//Prepare data
fv('nodeId');
$titleAttr = itr(21);
/* END PAGE PARAMETERS */
<?php
//DEFINE FUNCTIONS
//Utility functions
include 'd/r/wfs.utility.php';
//Database abstraction layer
include 'd/r/wfs.dba.php';
//Get a parameter regardless of method
include 'd/r/wf.fv.php';
//CDCE parser
include 'd/r/wfs.dce.php';
//Define variables
$wvActionId = qry('operation', 'operation_name', 'operation_id', fv('a'));
$wvLocaleString = qry('locale', 'locale_suffix', 'locale_id', fv('locale'));
//Page renderer functions
include 'd/r/wfs.render.php';
//Error handling
include 'd/r/wfs.errorhandling.php';
//Weave abstraction layer
// structures
include 'd/r/wfs.Weave_structures.php';
/* END FUNCTION DEFS */
$breadSeparator = itr(1135);
if (!isset($nodeRevId)) {
$nodeRevId = null;
}
if (!isset($disambigStr)) {
$disambigStr = null;
}
$nodeBCTitle = $nodeId . itr(1150) . c(shorten(itr(qry('node_revision', 'node_revision_title', 'node_revision_id', $nodeRevId))) . $disambigStr);
if (!strlen(fv('nodeId')) > 0) {
$nodeNameTag = "";
} else {
$nodeNameTag = itr(1136) . buildLink(6, '&nodeId=' . fv('nodeId') . '&', $nodeBCTitle);
}
if ($wvActionId == 'nodeView') {
$actionlinkid = '19';
} else {
$actionlinkid = fv('a');
}
e(str_replace('&a=6&locale', '&a=19&locale', itr(1139) . buildLink(1, '', itr(1137)) . itr(1158) . $breadSeparator . itr(1158) . buildLink($actionlinkid, '', $wvActionDispName) . $nodeNameTag));
if (!isset($pageMenu)) {
$pageMenu = null;
}
echo $pageMenu;
itf(33);
echo $pageTitle;
itf(34);
echo $pageBody;
e(res('4.d2'));
//Execute script
//echo 'passed test';
/* END PAGE */
