function pseudo_exists($pseudo)
{
    $query = Nw::$DB->query('SELECT COUNT(*) as count FROM ' . Nw::$prefix_table . 'members WHERE u_pseudo = \'' . insertBD(trim($pseudo)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn = $query->fetch_assoc();
    $query->free();
    return $dn['count'] > 0;
}
function search_news_bytag($tag, $etat, $page = '', $element_par_page = 0)
{
    $add_champs_sql = '';
    $add_jointure_sql = '';
    $list_news = array();
    $end_rqt_sql = '';
    $clause_etat = $etat != 0 ? 'n_etat = ' . intval($etat) . ' AND ' : '';
    if (!empty($page) && is_numeric($page)) {
        $premierMessageAafficher = ($page - 1) * $element_par_page;
        $end_rqt_sql = ' LIMIT ' . $premierMessageAafficher . ', ' . $element_par_page . ' ';
    }
    // Si l'utilisateur est connecté
    if (is_logged_in()) {
        $add_champs_sql = ', f_id_membre, f_type, v_id_membre';
        $add_jointure_sql = ' LEFT JOIN ' . Nw::$prefix_table . 'news_flags ON (n_id = f_id_news AND f_id_membre = ' . intval(Nw::$dn_mbr['u_id']) . ')';
        $add_jointure_sql .= ' LEFT JOIN ' . Nw::$prefix_table . 'news_vote ON (n_id = v_id_news AND v_id_membre = ' . intval(Nw::$dn_mbr['u_id']) . ')';
    }
    // Rqt SQL
    $rqt_list_news = Nw::$DB->query('SELECT t_tag AS first_tag, c_id, c_nom, c_rewrite, n_resume, n_nb_votes, n_nb_versions, n_id, n_id_auteur, n_id_cat, n_titre, n_etat, n_vues, n_private, n_nbr_coms, i_id, i_nom,
        ' . decalageh('n_date', 'date_news') . ', u_id, u_pseudo, u_alias, u_avatar' . $add_champs_sql . '
        FROM ' . Nw::$prefix_table . 'news
            LEFT JOIN ' . Nw::$prefix_table . 'members ON n_id_auteur = u_id' . $add_jointure_sql . '
            LEFT JOIN ' . Nw::$prefix_table . 'categories ON c_id = n_id_cat
            LEFT JOIN ' . Nw::$prefix_table . 'news_images ON i_id = n_id_image
            LEFT JOIN ' . Nw::$prefix_table . 'tags ON t_id_news = n_id
        WHERE ' . $clause_etat . 't_tag = \'' . insertBD(trim(urldecode($tag))) . '\' GROUP BY n_id ORDER BY n_date DESC' . $end_rqt_sql) or Nw::$DB->trigger(__LINE__, __FILE__);
    while ($donnees_news = $rqt_list_news->fetch_assoc()) {
        $list_news[] = $donnees_news;
    }
    return $list_news;
}
 protected function main()
 {
     if (!is_logged_in()) {
         redir(Nw::$lang['common']['need_login'], false, 'users-10.html');
     }
     $this->set_title(Nw::$lang['users']['item_mdp']);
     $this->set_tpl('membres/options_pass.html');
     $this->add_css('forms.css');
     $this->set_filAriane(array(Nw::$lang['users']['mes_options_title'] => array('users-60.html'), Nw::$lang['users']['item_mdp'] => array('')));
     if (isset($_POST['submit']) && !multi_empty(trim($_POST['old']), trim($_POST['nw_pass1']), trim($_POST['nw_pass2']))) {
         $bf_token = 'jJ_=éZAç1l';
         $ft_token = 'ù%*àè1ç0°dezf';
         $pass_membre = insertBD(sha1($bf_token . trim($_POST['old']) . $ft_token));
         if ($_POST['nw_pass1'] == $_POST['nw_pass2']) {
             if (Nw::$dn_mbr['u_password'] == $pass_membre) {
                 inc_lib('users/chg_password');
                 chg_password($_POST['nw_pass1'], Nw::$dn_mbr['u_id']);
                 if (!empty($_COOKIE['nw_pass'])) {
                     $time_expire = time() + 10 * 365 * 24 * 3600;
                     setcookie('nw_ident', Nw::$dn_mbr['u_id'], $time_expire);
                     setcookie('nw_pass', $pass_membre, $time_expire);
                 }
                 redir(Nw::$lang['users']['mdp_change'], true, 'users-60.html');
             } else {
                 redir(Nw::$lang['users']['not_root_password'], false, 'users-63.html');
             }
         } else {
             redir(Nw::$lang['users']['sames_password'], false, 'users-63.html');
         }
     }
 }
示例#4
0
function add_ban_ip($ip, $id_modo, $duree, $motif, $motif_admin)
{
    inc_lib('bbcode/parse');
    $motif_admin = parse(insertBD(trim($motif_admin)));
    $motif = insertBD(trim($motif_admin));
    Nw::$DB->query("INSERT INTO " . Nw::$prefix_table . "ban_ip(ban_ip, ban_id_modo,\n        ban_date, ban_date_end, ban_is_end, ban_motif, ban_motif_admin)\n        VALUES(" . ip2long($ip) . ", " . intval($id_modo) . ", NOW(),\n        NOW() + " . intval($duree) . " DAY, 0, '" . $motif . "', '" . $motif_admin . "'");
}
 /**
  *  Un utilisateur tente de connecter avec les cookies
  *  @author Cam
  *  @param $id      ID du membre
  *  @param $pass        Mot de passe (crypté)
  *  @return integer
  */
 public static function count_exit_cookies($id, $pass)
 {
     $query = Nw::$DB->query('SELECT COUNT(*) as count FROM ' . Nw::$prefix_table . 'members WHERE u_id=' . intval($id) . ' AND u_password=\'' . insertBD($pass) . '\'');
     $data = $query->fetch_assoc();
     $query->free();
     return $data['count'];
 }
function delete_cmt_news($id_news, $id_comment)
{
    // Le commentaire est juste remplacé par un message
    if (Nw::$droits['can_del_all_comments'] && !empty($_POST['raison']) || !Nw::$droits['can_del_all_comments']) {
        $message_masque = $_POST['raison'];
        if (!Nw::$droits['can_del_all_comments']) {
            $message_masque = Nw::$lang['news']['cmt_deletedby_himself'];
        }
        Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news_commentaires SET c_masque = 1, c_masque_raison = \'' . insertBD(trim($message_masque)) . '\', c_masque_modo = ' . intval(Nw::$dn_mbr['u_id']) . ' WHERE c_id_news = ' . intval($id_news) . ' AND c_id = ' . intval($id_comment)) or Nw::$DB->trigger(__LINE__, __FILE__);
    }
    // Suppression définitive du commentaire
    if (empty($_POST['raison']) && isset($_POST['rlly_delete'])) {
        $add_sql = '';
        $query = Nw::$DB->query('SELECT c_id FROM ' . Nw::$prefix_table . 'news_commentaires WHERE c_id_news = ' . intval($id_news) . ' AND c_id <> ' . intval($id_comment) . ' ORDER BY c_date DESC LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__);
        $dn = $query->fetch_assoc();
        $query_stats = Nw::$DB->query('SELECT c_id_membre FROM ' . Nw::$prefix_table . 'news_commentaires WHERE c_id_news = ' . intval($id_news) . ' AND c_id = ' . intval($id_comment)) or Nw::$DB->trigger(__LINE__, __FILE__);
        $dn_stats = $query->fetch_assoc();
        if (!empty($dn['c_id'])) {
            $add_sql = ', n_last_com = ' . intval($dn['c_id']);
        }
        Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'news_commentaires WHERE c_id_news = ' . intval($id_news) . ' AND c_id = ' . intval($id_comment)) or Nw::$DB->trigger(__LINE__, __FILE__);
        Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news SET n_nbr_coms = n_nbr_coms - 1' . $add_sql . ' WHERE n_id = ' . intval($id_news)) or Nw::$DB->trigger(__LINE__, __FILE__);
        Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members_stats SET s_nb_coms = s_nb_coms - 1 WHERE s_id_membre = ' . intval($dn_stats['c_id_membre'])) or Nw::$DB->trigger(__LINE__, __FILE__);
    }
}
 protected function main()
 {
     if (!is_logged_in() && !check_auth('view_histo_all_news')) {
         header('Location: ./');
     }
     $this->set_title(Nw::$lang['news']['historiques_news']);
     $this->set_tpl('news/log_admin.html');
     $this->add_css('code.css');
     $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), Nw::$lang['news']['historiques_news'] => array('')));
     $get_param = '';
     $param_tpl = '';
     if (!empty($_GET['t'])) {
         $get_param = 'l_titre LIKE "%' . insertBD(urldecode($_GET['t'])) . '%" OR l_texte LIKE "%' . insertBD(urldecode($_GET['t'])) . '%"';
         $param_tpl = htmlspecialchars($_GET['t']);
     }
     inc_lib('news/count_news_logs');
     $nombre_logs = count_news_logs($get_param);
     // Pagination
     $page = isset($_GET['page']) ? intval($_GET['page']) : 1;
     $nombreDePages = ceil($nombre_logs / Nw::$pref['nb_logs_admin']);
     // On vérifie que la page existe bien
     if ($nombreDePages > 0 && $page > $nombreDePages) {
         redir(Nw::$lang['common']['pg_not_exist'], false, 'news-21.html?t=' . $param_tpl);
     }
     /**
      *   Affichage du logo
      **/
     inc_lib('news/get_news_logs');
     $donnees_logs = get_news_logs($get_param, 'l_date DESC', $page, Nw::$pref['nb_logs_admin']);
     foreach ($donnees_logs as $donnees) {
         Nw::$tpl->setBlock('log', array('ACTION' => $donnees['l_action'], 'ACTION_LOG' => isset(Nw::$lang['news']['log_news_' . $donnees['l_action']]) ? Nw::$lang['news']['log_news_' . $donnees['l_action']] : '', 'TEXTE' => nl2br($donnees['l_texte']), 'DATE' => date_sql($donnees['date'], $donnees['heures_date'], $donnees['jours_date']), 'AUTEUR' => $donnees['u_pseudo'], 'AUTEUR_ID' => $donnees['u_id'], 'AUTEUR_AVATAR' => $donnees['u_avatar'], 'AUTEUR_ALIAS' => $donnees['u_alias'], 'NEWS_ID' => $donnees['l_id_news'], 'NEWS_TITRE' => $donnees['n_titre'], 'TITRE_ACTU' => $donnees['l_titre'], 'IP' => long2ip($donnees['l_ip'])));
     }
     Nw::$tpl->set(array('TITRE' => urldecode($param_tpl), 'LIST_PG' => list_pg($nombreDePages, $page, 'news-21%s.html?t=' . $param_tpl)));
 }
function get_info_mbr($res, $by = null)
{
    if (is_null($by)) {
        if (is_numeric($res)) {
            $where_clause = 'u_id = ' . intval($res);
        } else {
            $where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
        }
    } elseif ($by == 'alias') {
        $where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
    } elseif ($by == 'id') {
        $where_clause = 'u_id = ' . intval($res);
    } elseif ($by == 'mail') {
        $where_clause = 'u_email = \'' . insertBD($res) . '\'';
    } elseif ($by == 'identifier') {
        $where_clause = 'u_identifier = \'' . insertBD($res) . '\'';
    } elseif ($by == 'pseudo') {
        $where_clause = 'u_pseudo = \'' . insertBD($res) . '\'';
    }
    $query = Nw::$DB->query('SELECT u_id, u_alias, u_avatar, u_pseudo, u_group,
    u_localisation, u_ident_unique, u_bio, ' . decalageh('u_date_register', 'date_register') . ',
    ' . decalageh('u_last_visit', 'last_visit') . ', u_password, u_code_act, u_active,
    u_email, u_decalage, DATE_FORMAT(u_date_naissance, "%d/%m/%Y") AS date_naissance, 
    g_titre, g_icone
    FROM ' . Nw::$prefix_table . 'members
        LEFT JOIN ' . Nw::$prefix_table . 'groups ON g_id = u_group
    WHERE ' . $where_clause) or Nw::$DB->trigger(__LINE__, __FILE__);
    return $query->fetch_assoc();
}
示例#9
0
function add_mbr($pseudo, $password, $email, $identifier = '', $valide = 0)
{
    $bf_token = 'jJ_=éZAç1l';
    $ft_token = 'ù%*àè1ç0°dezf';
    $key_alea_code_activate = md5(uniqid(mt_rand()));
    // Enregistrement de l'utilisateur dans la base de données
    Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'members (u_pseudo, u_alias, u_identifier, u_password, u_email, u_group, u_date_register, u_active, u_code_act, u_ip)
    VALUES(\'' . insertBD(trim($pseudo)) . '\', \'' . rewrite(trim($pseudo)) . '\', \'' . insertBD(trim($identifier)) . '\', \'' . insertBD(sha1($bf_token . trim($password) . $ft_token)) . '\', \'' . insertBD(trim($email)) . '\',
    4, NOW(), ' . intval($valide) . ', \'' . insertBD($key_alea_code_activate) . '\', \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
    $id_new_membre = Nw::$DB->insert_id;
    $identifiant_unique = md5($id_new_membre . uniqid(rand(), true));
    $lien_activation = Nw::$site_url . 'users-32.html?mid=' . $id_new_membre . '&ca=' . $key_alea_code_activate;
    Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members SET u_ident_unique = \'' . Nw::$DB->real_escape_string($identifiant_unique) . '\' WHERE u_id = ' . intval($id_new_membre)) or Nw::$DB->trigger(__LINE__, __FILE__);
    Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'members_stats (s_id_membre) VALUES(' . intval($id_new_membre) . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
    inc_lib('users/mail2gd');
    mail2gd($identifiant_unique, trim($email));
    inc_lib('newsletter/add_abonnement');
    add_abonnement(trim($email), $id_new_membre);
    // Envoie d'email de validation
    if ($valide == 0) {
        $txt_mail = sprintf(Nw::$lang['users']['mail_confirm_insc'], $pseudo, Nw::$site_url, Nw::$site_name, $lien_activation, $lien_activation, $lien_activation);
        @envoi_mail(trim($email), sprintf(Nw::$lang['users']['confirm_inscription'], Nw::$site_name), $txt_mail);
    } else {
        // Le compte est confirmé, on met à jour le nbr de membres
        inc_lib('admin/gen_cachefile_nb_members');
        gen_cachefile_nb_members();
        generate_members_sitemap();
    }
    return $id_new_membre;
}
function mbr_act_exists($idm, $code_act)
{
    $query = Nw::$DB->query('SELECT COUNT(*) as count 
        FROM ' . Nw::$prefix_table . 'members WHERE u_id=' . intval($idm) . ' AND u_code_act=\'' . insertBD($code_act) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn = $query->fetch_assoc();
    $query->free();
    return $dn['count'] > 0;
}
function insertRecurso($recurso, $bd)
{
    //$bd = openBD();
    $sql_insert = "INSERT INTO recurso (id, tipo, fecha_publicacion, usuario_id, ubicacion)\n                        VALUES (NULL, '" . mysqli_real_escape_string($bd, $recurso->getTipo()) . "',\n                        '" . mysqli_real_escape_string($bd, $recurso->getFechaPublicacion()) . "',\n                        '" . mysqli_real_escape_string($bd, $recurso->getUsuario()) . "',\n                        '" . mysqli_real_escape_string($bd, $recurso->getUbicacion()) . "');";
    $resultado = insertBD($sql_insert, $bd);
    //var_dump($resultado);
    //closeBD($bd);
}
示例#12
0
function edit_grp($id)
{
    $couleur = isset($_POST['couleur']) ? 1 : 0;
    Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'groups
    SET g_nom = \'' . insertBD(trim($_POST['nom'])) . '\', g_titre = \'' . insertBD(trim($_POST['titre'])) . '\',
    g_icone = \'' . insertBD(trim($_POST['icone'])) . '\', g_couleur = ' . $couleur . '
    WHERE g_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
}
function count_search_results($tag, $etat)
{
    $clause_etat = $etat != 0 ? 'n_etat = ' . intval($etat) . ' AND ' : '';
    $query = Nw::$DB->query('SELECT COUNT(*) AS count FROM ' . Nw::$prefix_table . 'news
        LEFT JOIN ' . Nw::$prefix_table . 'tags ON t_id_news = n_id
    WHERE ' . $clause_etat . 't_tag = \'' . insertBD(trim(urldecode($tag))) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn = $query->fetch_assoc();
    return $dn['count'];
}
示例#14
0
function add_grp()
{
    $couleur = isset($_POST['couleur']) ? 1 : 0;
    Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'groups (g_nom, g_titre,
    g_icone, g_couleur) VALUES(\'' . insertBD(trim($_POST['nom'])) . '\',
    \'' . insertBD(trim($_POST['titre'])) . '\', \'' . insertBD(trim($_POST['icone'])) . '\',
    ' . $couleur . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
    return Nw::$DB->insert_id;
}
示例#15
0
function chg_password($pass, $idm, $code_act = '')
{
    $bf_token = 'jJ_=éZAç1l';
    $ft_token = 'ù%*àè1ç0°dezf';
    $sql_code_act = !empty($code_act) ? ' AND u_code_act=\'' . insertBD($code_act) . '\'' : '';
    Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members 
    SET u_password=\'' . insertBD(sha1($bf_token . $pass . $ft_token)) . '\'
    WHERE u_id=' . intval($idm) . $sql_code_act) or Nw::$DB->trigger(__LINE__, __FILE__);
}
function tag_news_exists($id_news, $tag)
{
    $query = Nw::$DB->query('SELECT COUNT(*) as count
        FROM ' . Nw::$prefix_table . 'tags
        WHERE t_id_news = ' . intval($id_news) . ' AND t_tag = \'' . insertBD(trim($tag)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn = $query->fetch_assoc();
    $query->free();
    return $dn['count'] > 0;
}
function get_info_account($pseudo, $password)
{
    $bf_token = 'jJ_=éZAç1l';
    $ft_token = 'ù%*àè1ç0°dezf';
    //On s'assure que le compte existe, et on récupère les infos
    $query = Nw::$DB->query('SELECT u_id, u_active
    FROM ' . Nw::$prefix_table . 'members
    WHERE u_pseudo=\'' . insertBD(trim($pseudo)) . '\'
        AND u_password=\'' . insertBD(sha1($bf_token . $password . $ft_token)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
    return $query->fetch_assoc();
}
示例#18
0
function get_info_cat($id, $type = 'id')
{
    if ($type == 'id') {
        $where_type = 'c_id=' . intval($id);
    } else {
        $where_type = 'c_rewrite=\'' . insertBD(trim($id)) . '\'';
    }
    $query = Nw::$DB->query('SELECT c_id, c_nom, c_rewrite, c_nbr_news, c_desc
        FROM ' . Nw::$prefix_table . 'categories
        WHERE ' . $where_type) or Nw::$DB->trigger(__LINE__, __FILE__);
    return $query->fetch_assoc();
}
function edit_profile_mbr()
{
    inc_lib('bbcode/parse');
    $contenu_bio = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($_POST['biographie']))));
    $explode_date_naissance = explode('/', $_POST['date_naissance']);
    $new_dn = $explode_date_naissance[2] . '-' . $explode_date_naissance[1] . '-' . $explode_date_naissance[0];
    Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members SET 
        u_decalage = \'' . insertBD($_POST['decalage_horaire']) . '\', 
        u_bio = \'' . $contenu_bio . '\', 
        u_date_naissance = \'' . insertBD($new_dn) . '\',
        u_localisation = \'' . insertBD($_POST['localisation']) . '\' 
    WHERE u_id = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__);
}
示例#20
0
 protected function main()
 {
     $this->set_title('hey');
     $this->set_tpl('invit/programme.html');
     Nw::$tpl->set('RPX_URL_INVIT', urlencode(Nw::$site_url . 'users-40.html?invit'));
     if (isset($_POST['submit_invit']) && !empty($_POST['code'])) {
         $query = Nw::$DB->query('SELECT COUNT(*) as count, i_id, i_nb_max_auth, i_nb_auth FROM invits WHERE i_code = \'' . insertBD(trim($_POST['code'])) . '\' GROUP BY i_id') or Nw::$DB->trigger(__LINE__, __FILE__);
         $dn = $query->fetch_assoc();
         if ($dn['count'] > 0) {
             if ($dn['i_nb_auth'] < $dn['i_nb_max_auth']) {
                 Nw::$DB->query('UPDATE invits SET i_nb_auth = i_nb_auth + 1 WHERE i_id = ' . intval($dn['i_id']));
                 $_SESSION['nw_invit'] = true;
                 redir('Bienvenue sur la version bêta privée de Nouweo.', true, './');
             } else {
                 redir('Ce code d\'invitation a expiré.', false, './');
             }
         } else {
             redir('Ce code d\'invitation n\'existe pas.', false, './');
         }
     }
     if (isset($_POST['submit_request']) && !empty($_POST['pseudo']) && !empty($_POST['email'])) {
         // L'email est bien sous la bonne forme (name@domain.tld)
         if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
             $query = Nw::$DB->query('SELECT COUNT(*) as count FROM invits_request WHERE r_email = \'' . insertBD(trim($_POST['email'])) . '\' GROUP BY r_email') or Nw::$DB->trigger(__LINE__, __FILE__);
             $dn = $query->fetch_assoc();
             if ($dn['count'] == 0) {
                 Nw::$DB->query('INSERT INTO invits_request (r_pseudo, r_email, r_date, r_ip) VALUES(\'' . insertBD(trim($_POST['pseudo'])) . '\', \'' . insertBD(trim($_POST['email'])) . '\', NOW(), \'' . get_ip() . '\')');
                 redir('Vous avez bien été noté sur la liste d\'attente.', true, './');
             } else {
                 redir('Cette adresse email est déjà utilisée.', false, './');
             }
         } else {
             redir('Cette adresse email n\'est pas valide.', false, './');
         }
     }
     if (isset($_POST['submit_login']) && !empty($_POST['pseudo']) && !empty($_POST['mdp'])) {
         inc_lib('users/get_info_account');
         if ($dn_info_account = get_info_account($_POST['pseudo'], $_POST['mdp'])) {
             if ($dn_info_account['u_active'] == 1) {
                 inc_lib('users/connect_auto_user');
                 connect_auto_user($dn_info_account['u_id'], $_POST['mdp'], true);
                 $_SESSION['nw_invit'] = true;
                 redir('Bienvenue sur la version bêta privée de Nouweo.', true, './');
             } else {
                 redir('Votre compte n\'est pas activé, il ne peut être utilisé.', false, './');
             }
         } else {
             redir('Aucun compte ne correspond à ce pseudo  et mot de passe.', false, './');
         }
     }
 }
示例#21
0
function add_tag_news($id_news, $tag, $position = 0)
{
    if ($position == 0) {
        $rqt_dn_tags = Nw::$DB->query('SELECT t_position
            FROM ' . Nw::$prefix_table . 'tags
            WHERE t_id_news = ' . intval($id_news) . '
            ORDER BY t_position DESC LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__);
        $donnees_last_tag = $rqt_dn_tags->fetch_assoc();
        if (isset($donnees_last_tag['t_position'])) {
            $position = $donnees_last_tag['t_position'] + 1;
        }
    }
    Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'tags (t_id_news, t_tag, t_position)
        VALUES(' . intval($id_news) . ', \'' . insertBD(trim($tag)) . '\', ' . intval($position) . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
function connect_auto_user($id_membre, $pass, $connexion_auto = false, $hash_pass = True)
{
    //Si on a coché "Se souvenir de moi", on crée les cookies
    if ($connexion_auto) {
        $bf_token = 'jJ_=éZAç1l';
        $ft_token = 'ù%*àè1ç0°dezf';
        $pass = (bool) $hash_pass ? sha1($bf_token . $pass . $ft_token) : $pass;
        $time_expire = time() + 10 * 365 * 24 * 3600;
        setcookie('nw_ident', $id_membre, $time_expire);
        setcookie('nw_pass', insertBD($pass), $time_expire);
    }
    $_SESSION['ident_session'] = $id_membre;
    $_SESSION['nw_invit'] = true;
    $_SESSION['logged'] = true;
}
 protected function main()
 {
     if (empty($_GET['e']) || empty($_GET['t'])) {
         header('Location: ./');
     }
     inc_lib('newsletter/count_abonnement');
     $count_abonne = count_abonnement('a_email = \'' . insertBD(trim($_GET['e'])) . '\' AND a_token = \'' . insertBD(trim($_GET['t'])) . '\'');
     if ($count_abonne == 1) {
         inc_lib('newsletter/remove_abonnement');
         remove_abonnement($_GET['e']);
         redir(Nw::$lang['newsletter']['desinscription_r'], true, 'newsletter.html');
     } else {
         redir(Nw::$lang['newsletter']['abo_dont_exist'], false, 'newsletter.html');
     }
 }
function valid_news_direct($id)
{
    inc_lib('admin/post_twitt_news');
    $return_alias = post_twitt_news($id);
    Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news 
    SET n_date = NOW(), n_last_mod = NOW(), n_private = 0, n_etat = 3, n_vues = 0, n_miniurl = \'' . insertBD($return_alias) . '\'
    WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
    inc_lib('news/delete_all_cmt');
    delete_all_cmt($id);
    generate_news_sitemap();
    generate_categories_sitemap();
    $rqt_dn_news = Nw::$DB->query('SELECT n_id, n_titre FROM ' . Nw::$prefix_table . 'news WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn_news = $rqt_dn_news->fetch_assoc();
    // Log
    $texte_log = sprintf(Nw::$lang['news']['log_publication_votes'], Nw::$pref['nb_votes_valid_news']);
    Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_titre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . insertBD($dn_news['n_titre']) . '\', 13, \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
示例#25
0
function mbr_exists($res, $by = null)
{
    if (is_null($by)) {
        if (is_numeric($res)) {
            $where_clause = 'u_id = ' . intval($res);
        } else {
            $where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
        }
    } elseif ($by == 'alias') {
        $where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
    } else {
        $where_clause = 'u_id = ' . intval($res);
    }
    $query = Nw::$DB->query('SELECT COUNT(*) as count FROM ' . Nw::$prefix_table . 'members WHERE ' . $where_clause) or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn = $query->fetch_assoc();
    $query->free();
    return $dn['count'] > 0;
}
示例#26
0
function track_externs($type)
{
    $id_membre_tracker = is_logged_in() ? intval(Nw::$dn_mbr['u_id']) : 0;
    $ip_membre_tracker = get_ip();
    $nb_clics_tracker = 1;
    $referer = isset($_SERVER['HTTP_REFERER']) ? explode('/', $_SERVER['HTTP_REFERER']) : array();
    $referer_domain = count($referer) > 0 ? $referer[2] : '';
    $clause_where = is_logged_in() ? 't_id_membre = ' . intval(Nw::$dn_mbr['u_id']) : 't_ip = \'' . $ip_membre_tracker . '\'';
    $query = Nw::$DB->query('SELECT COUNT(*) as count, t_nb_clics, r_referer
	FROM ' . Nw::$prefix_table . 'extern_tracker
	WHERE ' . $clause_where . ' AND t_type = \'' . insertBD($type) . '\' GROUP BY t_id') or Nw::$DB->trigger(__LINE__, __FILE__);
    $dn = $query->fetch_assoc();
    if ($dn['count'] > 0) {
        $nb_clics_tracker = $dn['t_nb_clics'] + 1;
    }
    Nw::$DB->query('REPLACE INTO ' . Nw::$prefix_table . 'extern_tracker (t_id_membre, t_type, t_date, t_ip, t_nb_clics, r_referer)
		VALUES (' . $id_membre_tracker . ', \'' . insertBD($type) . '\', NOW(), \'' . $ip_membre_tracker . '\', ' . $nb_clics_tracker . ', \'' . insertBD($referer_domain) . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
function get_tags_search($tag, $masque = 0, $etat = 3, $hide_var = 0)
{
    $list_tags = array();
    $clause_etat = $etat != 0 ? ' AND n_etat = ' . intval($etat) : '';
    $hide_var_sql = $hide_var != 0 ? ' AND t_tag <> \'' . insertBD(trim(urldecode($tag))) . '\'' : '';
    $type_masque = '\'%' . insertBD(trim($tag)) . '%\'' . $clause_etat;
    if ($masque != 0) {
        $type_masque = '\'' . insertBD(trim($tag)) . '%\'' . $clause_etat;
    }
    $query = Nw::$DB->query('SELECT t_tag, COUNT(t_tag) AS nb_news FROM ' . Nw::$prefix_table . 'tags
    LEFT JOIN ' . Nw::$prefix_table . 'news ON t_id_news = n_id
    WHERE t_tag LIKE ' . $type_masque . $hide_var_sql . '
    GROUP BY t_tag ORDER BY nb_news DESC, t_tag ASC
    LIMIT 10') or Nw::$DB->trigger(__LINE__, __FILE__);
    while ($donnees = $query->fetch_assoc()) {
        $donnees['rewrite'] = urlencode($donnees['t_tag']);
        $list_tags[] = $donnees;
    }
    return $list_tags;
}
示例#28
0
 protected function main()
 {
     $this->set_title(Nw::$lang['newsletter']['sabonner']);
     $this->add_css('code.css');
     $this->set_tpl('newsletter/abonnement.html');
     $this->set_filAriane(Nw::$lang['newsletter']['sabonner']);
     $this->load_lang_file('users');
     $is_already_abonne = false;
     $id_membre_login = is_logged_in() ? Nw::$dn_mbr['u_id'] : 0;
     $phrase_abonne = '';
     $token_url = '';
     $email_url = '';
     if (is_logged_in()) {
         inc_lib('newsletter/count_abonnement');
         $is_already_abonne = count_abonnement('a_id_membre = ' . intval(Nw::$dn_mbr['u_id']));
         if ($is_already_abonne == 1) {
             inc_lib('newsletter/get_info_abonnement');
             $donnees_abo = get_info_abonnement('a_id_membre = ' . intval(Nw::$dn_mbr['u_id']));
             $phrase_abonne = sprintf(Nw::$lang['newsletter']['already_register'], $donnees_abo['a_email']);
             $token_url = $donnees_abo['a_token'];
             $email_url = urlencode($donnees_abo['a_email']);
         }
     }
     // S'enregistrer à la newsletter
     if (isset($_POST['submit']) && !empty($_POST['email_newsletter']) && filter_var($_POST['email_newsletter'], FILTER_VALIDATE_EMAIL)) {
         inc_lib('newsletter/count_abonnement');
         $is_already_abonne = count_abonnement('a_email = \'' . insertBD(trim($_POST['email_newsletter'])) . '\'');
         // Cette adresse email n'est pas déjà enregistrée dans la bdd
         if ($is_already_abonne == 0) {
             inc_lib('newsletter/add_abonnement');
             add_abonnement($_POST['email_newsletter'], $id_membre_login);
             redir(Nw::$lang['newsletter']['register_r_ok'], true, 'newsletter.html');
         } else {
             redir(Nw::$lang['newsletter']['email_used'], false, 'newsletter.html');
         }
     }
     Nw::$tpl->set(array('IS_ABONNE' => $is_already_abonne, 'PHRASE_ABO' => $phrase_abonne, 'TOKEN' => $token_url, 'EMAIL' => $email_url));
 }
示例#29
0
function edit_news($id, $author = false)
{
    inc_lib('bbcode/parse');
    inc_lib('bbcode/clearer');
    $add_champs_sql = array();
    $content_news = $_POST['contenu'];
    $requete_news = Nw::$DB->query('SELECT n_etat, n_titre FROM ' . Nw::$prefix_table . 'news WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
    $donnees_news = $requete_news->fetch_assoc();
    /**
     *   Le membre peut-il changer l'état de la news et mettre à jour sa date ?
     **/
    if (Nw::$droits['mod_news_status']) {
        if (isset($_POST['maj_dat'])) {
            $add_champs_sql[] = 'n_date = NOW()';
            Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 3, NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
        }
        // Si on change l'état
        if ($_POST['etat'] != $donnees_news['n_etat']) {
            $texte_log = sprintf(Nw::$lang['news']['log_chg_etat'], Nw::$lang['news']['log_etat_' . $donnees_news['n_etat']], Nw::$lang['news']['log_etat_' . $_POST['etat']]);
            Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 1' . intval($_POST['etat']) . ', \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
            $add_champs_sql[] = 'n_etat = ' . intval($_POST['etat']);
        }
        if (isset($_POST['maj_dat']) && $_POST['etat'] != $donnees_news['n_etat'] && $_POST['etat'] == 3) {
            inc_lib('admin/post_twitt_news');
            $return_alias = post_twitt_news($id);
            if (!empty($return_alias) && strlen(trim($return_alias)) > 0) {
                $add_champs_sql[] = 'n_miniurl = \'' . insertBD($return_alias) . '\'';
            }
        }
        // Suppression des commentaires
        if (isset($_POST['delete_comments'])) {
            inc_lib('news/delete_all_cmt');
            delete_all_cmt($id);
        }
    }
    /**
     *   Si c'est l'auteur, le membre peut modifier le titre, la catégorie et
     *   les tags
     **/
    if ($author) {
        $news_private = isset($_POST['private_news']) ? 1 : 0;
        // Si on change le titre
        if ($_POST['titre_news'] != $donnees_news['n_titre']) {
            $texte_log = Nw::$DB->real_escape_string(sprintf(Nw::$lang['news']['log_chg_titre'], $donnees_news['n_titre'], $_POST['titre_news']));
            Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 4, \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
            $add_champs_sql[] = 'n_titre = \'' . insertBD(trim($_POST['titre_news'])) . '\'';
        }
        $add_champs_sql[] = 'n_id_cat = ' . intval($_POST['cat']);
        $add_champs_sql[] = 'n_private = ' . $news_private;
        /**
         *   Sources
         **/
        $nbr_sources = 0;
        Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'news_src WHERE src_id_news = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
        if (count($_POST['sources']) > 0) {
            foreach ($_POST['sources'] as $id_src => $value) {
                if (!multi_empty(trim($_POST['sources_nom'][$id_src]), trim($_POST['sources'][$id_src]))) {
                    ++$nbr_sources;
                    Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_src (src_id_news, src_media, src_url, src_order) VALUES(' . intval($id) . ', \'' . insertBD(trim($_POST['sources_nom'][$id_src])) . '\', \'' . insertBD(trim($_POST['sources'][$id_src])) . '\', ' . $nbr_sources . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
                }
            }
        }
        $add_champs_sql[] = 'n_nb_src = ' . $nbr_sources;
        // Tags
        if (!empty($_POST['tags']) && strlen(trim($_POST['tags'])) > 0) {
            Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'tags
                WHERE t_id_news = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
            $tags_news = explode(',', $_POST['tags']);
            $num_tag = 0;
            inc_lib('news/add_tag_news');
            foreach ($tags_news as $tag) {
                if (!empty($tag) && strlen(trim($tag)) > 0) {
                    ++$num_tag;
                    add_tag_news($id, $tag, $num_tag);
                }
            }
        }
        /**
         *   Associer une image à la news (si celle -ci est remplie)
         **/
        if (!empty($_FILES['file']['name'])) {
            inc_lib('news/add_img_news');
            $id_last_image = add_img_news($id);
            if ($id_last_image) {
                $add_champs_sql[] = 'n_id_image = ' . intval($id_last_image);
            }
        }
    }
    $count_flag = Nw::$DB->query('SELECT f_type 
        FROM ' . Nw::$prefix_table . 'news_flags
        WHERE f_id_news = ' . intval($id) . ' AND f_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__);
    $donnees_count = $count_flag->fetch_assoc();
    // Si le membre n'a pas déjà contribé à la news, on lui met le flag
    if ($donnees_count['f_type'] != 3 && $donnees_count['f_type'] != 2) {
        Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_flags (f_id_news, f_id_membre, f_type)
            VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 2)') or Nw::$DB->trigger(__LINE__, __FILE__);
    }
    $contenu_version = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($content_news))));
    /**
     *   On recherche la dernière version de la news
     **/
    $donnees_version = Nw::$DB->query('SELECT v_texte, v_nb_mots, v_number 
        FROM ' . Nw::$prefix_table . 'news_versions
        WHERE v_id_news = ' . intval($id) . '
        ORDER BY v_date DESC
        LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__);
    $last_version = $donnees_version->fetch_assoc();
    // Si le texte de l'ancienne version n'est pas le même que celui proposé
    if ($last_version['v_texte'] != parse(htmlspecialchars(trim($content_news)))) {
        $raison_edition = Nw::$DB->real_escape_string(htmlspecialchars($_POST['raison']));
        $version_mineure = isset($_POST['mini_contrib']) ? 1 : 0;
        $nb_mots = strlen(htmlspecialchars(trim($content_news)));
        $diff_mots = $nb_mots - $last_version['v_nb_mots'];
        // On créé une entrée dans la table des versions
        Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_versions (v_id_news,
            v_id_membre, v_texte, v_date, v_ip, v_raison, v_nb_mots, v_diff_mots, v_number, v_mineure)
            VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . $contenu_version . '\',
            NOW(), \'' . get_ip() . '\', \'' . $raison_edition . '\', \'' . $nb_mots . '\', \'' . $diff_mots . '\', ' . ($last_version['v_number'] + 1) . ', ' . $version_mineure . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
        $id_version_news = Nw::$DB->insert_id;
        Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members_stats 
            SET s_nb_contrib = s_nb_contrib + 1
            WHERE s_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__);
        $contenu_extrait = Nw::$DB->real_escape_string(CoupeChar(clearer(parse(htmlspecialchars(trim($content_news)))), '...', Nw::$pref['long_intro_news']));
        //die('<br />'.$contenu_extrait);
        $add_champs_sql[] = 'n_resume = \'' . $contenu_extrait . '\'';
        $add_champs_sql[] = 'n_last_version = ' . intval($id_version_news);
        $add_champs_sql[] = 'n_last_mod = NOW()';
        $add_champs_sql[] = 'n_nb_versions = n_nb_versions + 1';
    }
    if (count($add_champs_sql) > 0) {
        // On met à jour l'entrée de la news avec l'id de la version
        Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news SET ' . implode(', ', $add_champs_sql) . ' WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
        if ($donnees_news['n_etat'] == 3 || $_POST['etat'] == 3) {
            generate_news_sitemap();
            generate_categories_sitemap();
        }
    }
}
function remove_abonnement($email)
{
    Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'abonnes WHERE a_email = \'' . insertBD(trim($email)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
}