function sc_admin_msg($parm)
{
if (ADMIN) {
global $ns;
ob_start();
if (!FILE_UPLOADS) {
echo message_handler('ADMIN_MESSAGE', LAN_HEADER_02, __LINE__, __FILE__);
}
/*
if(OPEN_BASEDIR){
echo message_handler('ADMIN_MESSAGE', LAN_HEADER_03, __LINE__, __FILE__);
}
*/
$message_text = ob_get_contents();
ob_end_clean();
return $message_text;
}
}
$sql->db_Delete("links", "link_url='upload.php' ");
}
if ($admin_log->logArrayDiffs($temp, $pref, 'UPLOAD_02')) {
save_prefs();
// Only save if changes
$message = UPLLAN_2;
} else {
$message = UPLLAN_4;
}
}
if (isset($message)) {
require_once e_HANDLER . 'message_handler.php';
message_handler("ADMIN_MESSAGE", $message);
}
if (!FILE_UPLOADS) {
message_handler("ADMIN_MESSAGE", UPLLAN_41);
}
switch ($action) {
case 'filetypes':
if (!getperms('0')) {
exit;
}
$definition_source = LAN_DEFAULT;
$source_file = '';
$edit_upload_list = varset($_POST['upload_do_edit'], FALSE);
if (isset($_POST['generate_filetypes_xml'])) {
// Write back edited data to filetypes_.xml
$file_text = "<e107Filetypes>\n";
foreach ($_POST['file_class_select'] as $k => $c) {
if (!isset($_POST['file_line_delete_' . $c]) && vartrue($_POST['file_type_list'][$k])) {
// echo "Key: {$k} Class: {$c} Delete: {$_POST['file_line_delete'][$k]} List: {$_POST['file_type_list'][$k]} Size: {$_POST['file_maxupload'][$k]}<br />";
/**
* @return text string relating to error (empty string if no error)
* @param unknown $from
* @desc Calling method from within this class
* @access private
*/
function dbError($from)
{
$this->mySQLlastErrNum = mysql_errno();
$this->mySQLlastErrText = '';
if ($this->mySQLlastErrNum == 0) {
return '';
}
$this->mySQLlastErrText = mysql_error();
// Get the error text.
if ($this->mySQLerror == TRUE) {
message_handler('ADMIN_MESSAGE', '<b>mySQL Error!</b> Function: ' . $from . '. [' . $this->mySQLlastErrNum . ' - ' . $this->mySQLlastErrText . ']', __LINE__, __FILE__);
}
return $this->mySQLlastErrText;
}
private function resendEmail()
{
global $userMethods;
$ns = e107::getRender();
$tp = e107::getParser();
$sql = e107::getDb();
// Action user's submitted information
// 'resend_email' - user name or email address actually used to sign up
// 'resend_newemail' - corrected email address
// 'resend_password' - password (required if changing email address)
$clean_email = $tp->toDB($_POST['resend_email']);
if (!check_email($clean_email)) {
$clean_email = "xxx";
}
$new_email = $tp->toDB(varset($_POST['resend_newemail'], ''));
if (!check_email($new_email)) {
$new_email = FALSE;
}
// Account already activated
if ($_POST['resend_email'] && !$new_email && $clean_email && $sql->gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (`user_loginname`= '" . $clean_email . "' OR `user_name` = '" . $clean_email . "' OR `user_email` = '" . $clean_email . "' ) ")) {
$ns->tablerender(LAN_SIGNUP_40, LAN_SIGNUP_41 . "<br />");
return false;
}
// Start by looking up the user
if (!$sql->select("user", "*", "(`user_loginname` = '" . $clean_email . "' OR `user_name` = '" . $clean_email . "' OR `user_email` = '" . $clean_email . "' ) AND `user_ban`=" . USER_REGISTERED_NOT_VALIDATED . " AND `user_sess` !='' LIMIT 1")) {
message_handler("ALERT", LAN_SIGNUP_64 . ': ' . $clean_email);
// email (or other info) not valid.
return false;
}
$row = $sql->fetch();
// We should have a user record here
if (trim($_POST['resend_password']) != "" && $new_email) {
if ($userMethods->CheckPassword($_POST['resend_password'], $row['user_loginname'], $row['user_password']) === TRUE) {
if ($sql->select('user', 'user_id, user_email', "user_email='" . $new_email . "'")) {
// Email address already used by someone
message_handler("ALERT", LAN_SIGNUP_106);
// Duplicate email
return false;
}
if ($sql->update("user", "user_email='" . $new_email . "' WHERE user_id = '" . $row['user_id'] . "' LIMIT 1 ")) {
$row['user_email'] = $new_email;
}
} else {
message_handler("ALERT", LAN_SIGNUP_52);
// Incorrect Password.
return false;
}
}
// Now send the email - got some valid info
$editPassword = e107::getPref('signup_option_password', 2);
if (empty($editPassword)) {
$row['user_password'] = $userMethods->resetPassword($row['user_id']);
} else {
$row['user_password'] = '******';
// Don't know the real one
}
$row['activation_url'] = SITEURL . "signup.php?activate." . $row['user_id'] . "." . $row['user_sess'];
$eml = $this->render_email($row);
$eml['e107_header'] = $row['user_id'];
if ($this->testMode == true) {
echo e107::getEmail()->preview($eml);
e107::getMessage()->setTitle(LAN_SIGNUP_43, E_MESSAGE_SUCCESS)->addSuccess(LAN_SIGNUP_44 . " " . $row['user_email'] . " - " . LAN_SIGNUP_45);
$ns->tablerender(null, e107::getMessage()->render());
e107::getMessage()->setTitle(LAN_ERROR, E_MESSAGE_ERROR)->addError(LAN_SIGNUP_42);
$ns->tablerender(null, e107::getMessage()->render());
return true;
}
$result = e107::getEmail()->sendEmail($row['user_email'], $row['user_name'], $eml, false);
if (!$result) {
e107::getMessage()->setTitle(LAN_SIGNUP_43, E_MESSAGE_ERROR)->addError(LAN_SIGNUP_42);
$ns->tablerender(null, e107::getMessage()->render());
$do_log['signup_result'] = LAN_SIGNUP_62;
} else {
e107::getMessage()->setTitle(LAN_ERROR, E_MESSAGE_SUCCESS)->addSuccess(LAN_SIGNUP_44 . " " . $row['user_email'] . " - " . LAN_SIGNUP_45);
$ns->tablerender(null, e107::getMessage()->render());
$do_log['signup_result'] = LAN_SIGNUP_61;
}
// Now log this (log will ignore if its disabled)
$do_log['signup_action'] = LAN_SIGNUP_63;
e107::getLog()->user_audit(USER_AUDIT_PW_RES, $do_log, $row['user_id'], $row['user_name']);
}
/**
* Insert a new thread or a reply/quoted reply.
*/
function insertPost()
{
$postInfo = array();
$threadInfo = array();
$threadOptions = array();
$fp = new floodprotect();
if (isset($_POST['newthread']) && trim($_POST['subject']) == '' || trim($_POST['post']) == '') {
message_handler('ALERT', 5);
} else {
if ($fp->flood('forum_thread', 'thread_datestamp') == false && !ADMIN) {
echo "<script type='text/javascript'>document.location.href='" . e_BASE . "index.php'</script>\n";
exit;
}
$hasPoll = $this->action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != '';
if (USER) {
$postInfo['post_user'] = USERID;
$threadInfo['thread_lastuser'] = USERID;
$threadInfo['thread_user'] = USERID;
$threadInfo['thread_lastuser_anon'] = '';
} else {
$postInfo['post_user_anon'] = $_POST['anonname'];
$threadInfo['thread_lastuser_anon'] = $_POST['anonname'];
$threadInfo['thread_user_anon'] = $_POST['anonname'];
}
$time = time();
$postInfo['post_entry'] = $_POST['post'];
$postInfo['post_forum'] = $this->data['forum_id'];
$postInfo['post_datestamp'] = $time;
$postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE);
$threadInfo['thread_lastpost'] = $time;
if (isset($_POST['no_emote'])) {
$postInfo['post_options'] = serialize(array('no_emote' => 1));
}
//If we've successfully uploaded something, we'll have to edit the post_entry and post_attachments
$newValues = array();
if ($uploadResult = $this->processAttachments()) {
foreach ($uploadResult as $ur) {
//$postInfo['post_entry'] .= $ur['txt'];
// $_tmp = $ur['type'].'*'.$ur['file'];
// if($ur['thumb']) { $_tmp .= '*'.$ur['thumb']; }
// if($ur['fname']) { $_tmp .= '*'.$ur['fname']; }
$type = $ur['type'];
$newValues[$type][] = $ur['file'];
// $attachments[] = $_tmp;
}
// $postInfo['_FIELD_TYPES']['post_attachments'] = 'array';
$postInfo['post_attachments'] = e107::serialize($newValues);
//FIXME XXX - broken encoding when saved to DB.
}
// var_dump($uploadResult);
switch ($this->action) {
// Reply only. Add the post, update thread record with latest post info.
// Update forum with latest post info
case 'rp':
$postInfo['post_thread'] = $this->id;
$newPostId = $this->forumObj->postAdd($postInfo);
break;
// New thread started. Add the thread info (with lastest post info), add the post.
// Update forum with latest post info
// New thread started. Add the thread info (with lastest post info), add the post.
// Update forum with latest post info
case 'nt':
$threadInfo['thread_sticky'] = MODERATOR ? (int) $_POST['threadtype'] : 0;
$threadInfo['thread_name'] = $_POST['subject'];
$threadInfo['thread_forum_id'] = $this->id;
$threadInfo['thread_active'] = 1;
$threadInfo['thread_datestamp'] = $time;
if ($hasPoll) {
$threadOptions['poll'] = '1';
}
if (is_array($threadOptions) && count($threadOptions)) {
$threadInfo['thread_options'] = serialize($threadOptions);
} else {
$threadInfo['thread_options'] = '';
}
if ($postResult = $this->forumObj->threadAdd($threadInfo, $postInfo)) {
$newPostId = $postResult['postid'];
$newThreadId = $postResult['threadid'];
$this->data['thread_id'] = $newThreadId;
// $this->data['thread_sef'] = $postResult['threadsef'];
$this->data['thread_sef'] = eHelper::title2sef($threadInfo['thread_name'], 'dashl');
if ($_POST['email_notify']) {
$this->forumObj->track('add', USERID, $newThreadId);
}
}
break;
}
e107::getMessage()->addDebug(print_a($postInfo, true));
// e107::getMessage()->addDebug(print_a($this,true));
if ($postResult === -1 || $newPostId === -1) {
require_once HEADERF;
$message = LAN_FORUM_3006 . "<br ><a class='btn btn-default' href='" . $_SERVER['HTTP_REFERER'] . "'>Return</a>";
$text = e107::getMessage()->addError($message)->render();
e107::getRender()->tablerender(LAN_PLUGIN_FORUM_NAME, $text);
// change to forum-title pref.
require_once FOOTERF;
exit;
}
$threadId = $this->action == 'nt' ? $newThreadId : $this->id;
//If a poll was submitted, let's add it to the poll db
if ($this->action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != '') {
require_once e_PLUGIN . 'poll/poll_class.php';
$_POST['iid'] = $threadId;
$poll = new poll();
$poll->submit_poll(2);
}
e107::getCache()->clear('newforumposts');
// $postInfo = $this->forumObj->postGet($newPostId, 'post');
// $forumInfo = $this->forumObj->forumGet($postInfo['post_forum']);
// $threadLink = e107::getUrl()->create('forum/thread/last', $postInfo);
// $forumLink = e107::getUrl()->create('forum/forum/view', $forumInfo);
$threadLink = e107::url('forum', 'topic', $this->data, 'full') . "&last=1";
$forumLink = e107::url('forum', 'forum', $this->data);
if ($this->forumObj->prefs->get('redirect')) {
$this->redirect($threadLink);
// header('location:'.e107::getUrl()->create('forum/thread/last', $postInfo, array('encode' => false, 'full' => true)));
exit;
} else {
require_once HEADERF;
$template = $this->getTemplate('posted');
$SHORTCODES = array('THREADLINK' => $threadLink, 'FORUMLINK' => $forumLink);
$txt = isset($_POST['newthread']) ? $template['thread'] : $template['reply'];
$txt = e107::getParser()->parseTemplate($txt, true, $SHORTCODES);
e107::getRender()->tablerender('Forums', e107::getMessage()->render() . $txt);
require_once FOOTERF;
exit;
}
}
}
$send_to_name = $row['user_name'];
} else {
$send_to = SITEADMINEMAIL;
$send_to_name = ADMIN;
}
require_once e_HANDLER . "mail.php";
$message = sendemail($send_to, "[" . SITENAME . "] " . $subject, $body, $send_to_name, $sender, $sender_name) ? LANCONTACT_09 : LANCONTACT_10;
if (isset($pref['contact_emailcopy']) && $pref['contact_emailcopy'] && $_POST['email_copy'] == 1) {
sendemail($sender, "[" . SITENAME . "] " . $subject, $body, ADMIN, $sender, $sender_name);
}
$ns->tablerender('', $message);
require_once FOOTERF;
exit;
} else {
require_once e_HANDLER . "message_handler.php";
message_handler("P_ALERT", $error);
}
}
if (SITECONTACTINFO && $CONTACT_INFO) {
$text = $tp->parseTemplate($CONTACT_INFO, TRUE, $contact_shortcodes);
$ns->tablerender(LANCONTACT_01, $text, "contact");
}
if (isset($pref['sitecontacts']) && $pref['sitecontacts'] != 255) {
// require_once(e_CORE."shortcodes/batch/contact_shortcodes.php");
$contact_shortcodes = e107::getScBatch('contact');
$text = $tp->parseTemplate($CONTACT_FORM, TRUE, $contact_shortcodes);
if (trim($text) != "") {
$ns->tablerender(LANCONTACT_02, $text, "contact");
}
}
require_once FOOTERF;
function listPages($chapt = 0)
{
$sql = e107::getDb();
$tp = e107::getParser();
if (!e107::getPref('listPages', false)) {
message_handler("MESSAGE", LAN_PAGE_1);
} else {
if (!$sql->db_Select("page", "*", "page_theme='' AND page_chapter=" . $chapt . " AND page_class IN (" . USERCLASS_LIST . ") ORDER BY page_order ASC ")) {
$text = LAN_PAGE_2;
} else {
$pageArray = $sql->db_getList();
foreach ($pageArray as $page) {
$url = e107::getUrl()->create('page/view', $page, 'allow=page_id,page_sef');
$text .= $this->bullet . " <a href='" . $url . "'>" . $tp->toHtml($page['page_title']) . "</a><br />";
//XXX Better to use <ul> and <li> ??
}
// $caption = ($title !='')? $title: LAN_PAGE_11;
// e107::getRender()->tablerender($caption, $text,"cpage_list");
}
}
return $text;
}
define('FLOODPROTECT', TRUE);
define('FLOODTIMEOUT', max(varset($pref['antiflood_timeout'], 10), 3));
} else {
/**
* @ignore
*/
define('FLOODPROTECT', FALSE);
}
$layout = isset($layout) ? $layout : '_default';
define('HEADERF', e_CORE . "templates/header{$layout}.php");
define('FOOTERF', e_CORE . "templates/footer{$layout}.php");
if (!file_exists(HEADERF)) {
message_handler('CRITICAL_ERROR', 'Unable to find file: ' . HEADERF, __LINE__ - 2, __FILE__);
}
if (!file_exists(FOOTERF)) {
message_handler('CRITICAL_ERROR', 'Unable to find file: ' . FOOTERF, __LINE__ - 2, __FILE__);
}
//define('LOGINMESSAGE', ''); - not needed, breaks login messages
define('OPEN_BASEDIR', ini_get('open_basedir') ? true : false);
define('SAFE_MODE', ini_get('safe_mode') ? true : false);
define('FILE_UPLOADS', ini_get('file_uploads') ? true : false);
define('INIT', true);
if (isset($_SERVER['HTTP_REFERER'])) {
$tmp = explode("?", $_SERVER['HTTP_REFERER']);
define('e_REFERER_SELF', $tmp[0] == e_REQUEST_SELF);
unset($tmp);
} else {
/**
* @ignore
*/
define('e_REFERER_SELF', FALSE);
/**
* Utility routine to handle the messages returned by process_uploaded_files().
* @param array $upload_array is the list of uploaded files (as returned by process_uploaded_files())
* @param boolean $errors_only - if TRUE, no message is shown for a successful upload.
* @param boolean $use_handler - if TRUE, message_handler is used to display the message.
* @return string - a list of all accumulated messages. (Non-destructive call, so can be called several times with different options).
*/
function handle_upload_messages(&$upload_array, $errors_only = TRUE, $use_handler = FALSE)
{
// Display error messages, accumulate FMESSAGE
// Write as a separate routine - returns all messages displayed. Option to only display failures.
$f_message = '';
foreach ($upload_array as $k => $r) {
if (!$errors_only || $r['error']) {
if ($use_handler) {
require_once e_HANDLER . "message_handler.php";
message_handler("MESSAGE", $r['message'], $r['line'], $r['file']);
}
$f_message[] = $r['message'];
}
}
return implode("<br />", $f_message);
}
} else {
if ($postemail == '-witheld-') {
$postemail = '';
}
$_POST['file_description'] = $tp->toDB($_POST['file_description']);
$file_time = time();
$sql->db_Insert("upload", "0, '" . $poster . "', '" . $postemail . "', '" . $tp->toDB($_POST['file_website']) . "', '" . $file_time . "', '" . $tp->toDB($_POST['file_name']) . "', '" . $tp->toDB($_POST['file_version']) . "', '" . $file . "', '" . $image . "', '" . $tp->toDB($_POST['file_description']) . "', '" . $tp->toDB($_POST['file_demo']) . "', '" . $filesize . "', 0, '" . $downloadCategory . "'");
$edata_fu = array("upload_user" => $poster, "upload_email" => $postemail, "upload_name" => $tp->toDB($_POST['file_name']), "upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp->toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $downloadCategory, "upload_website" => $tp->toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp->toDB($_POST['file_demo']), "upload_time" => $file_time);
$e_event->trigger("fileupload", $edata_fu);
$message .= "<br />" . LAN_404;
}
}
} else {
// Error - missing data
require_once e_HANDLER . "message_handler.php";
message_handler("ALERT", 5);
}
}
if ($message) {
$text = "<div style=\"text-align:center\"><b>" . $message . "</b></div>";
$ns->tablerender("", $text);
require_once FOOTERF;
exit;
}
$text = "<div style='text-align:center'>\n\t<form enctype='multipart/form-data' method='post' onsubmit='return frmVerify()' action='" . e_SELF . "'>\n\t<table style='" . USER_WIDTH . "' class='fborder'>\n\t<colgroup>\n\t<col style='width:30%' />\n\t<col style='width:70%' />\n\t</colgroup>\n\t<tr>\n\t<td class='forumheader3'>" . DOWLAN_11 . ":</td>\n\t<td class='forumheader3'>";
require_once e_CORE . "shortcodes/batch/download_shortcodes.php";
$dlparm = isset($download_category) ? $download_category : "";
$text .= $tp->parseTemplate("{DOWNLOAD_CATEGORY_SELECT={$dlparm}}", true, $download_shortcodes);
$text .= "\n\t</td>\n\t</tr>\n\n\t<tr>\n\t<td style='text-align:center' colspan='2' class='forumheader3'>";
$text .= "<b>" . LAN_406 . "</b><br />" . LAN_419 . ":";
require_once e_HANDLER . 'upload_handler.php';
}
unset($_POST);
}
if ($error) {
require_once e_HANDLER . 'message_handler.php';
$temp = array();
if (count($extraErrors)) {
$temp[] = implode('<br />', $extraErrors);
}
if (count($allData['errors'])) {
$temp[] = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
}
if (varsettrue($eufVals['errors'])) {
$temp[] = '<br />' . validatorClass::makeErrorList($eufVals, 'USER_ERR_', '%n - %x - %t: %v', '<br />', NULL);
}
message_handler('P_ALERT', implode('<br />', $temp));
// $adref = $_POST['adminreturn'];
}
// --- User data has been updated here if appropriate ---
$testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true);
// only success in the session
if ($testSessionMessage) {
$message = implode('<br />', $testSessionMessage);
}
// we got raw message - array
if (isset($message)) {
$ns->tablerender($caption, $message);
}
$uuid = $_uid ? $_uid : USERID;
// If $_uid is set, its an admin changing another user's data
if ($promptPassword) {
function dbLinkCreate($mode = '')
{
global $ns, $tp, $qs, $sql, $e107cache, $e_event, $linkspage_pref, $admin_log;
$edata_ls = array('link_category' => intval($_POST['cat_id']), 'link_name' => $tp->toDB($_POST['link_name']), 'link_url' => $tp->toDB($_POST['link_url']), 'link_description' => $tp->toDB($_POST['link_description']), 'link_button' => $tp->toDB($_POST['link_but']));
if (!$edata_ls['link_name'] || !$edata_ls['link_url'] || !$edata_ls['link_description']) {
message_handler("ALERT", 5);
return;
}
if ($edata_ls['link_url'] && !strstr($edata_ls['link_url'], "http")) {
$edata_ls['link_url'] = "http://" . $edata_ls['link_url'];
}
//create link, submit area, tmp table
if (isset($mode) && $mode == "submit") {
$edata_ls['username'] = defined('USERNAME') ? USERNAME : LAN_LINKS_3;
$submitted_link = implode('^', $edata_ls);
$sql->db_Insert("tmp", "'submitted_link', '" . time() . "', '{$submitted_link}' ");
$edata_ls['submitted_link'] = $submitted_link;
$e_event->trigger("linksub", $edata_ls);
//header("location:".e_SELF."?s");
js_location(e_SELF . "?s");
} else {
// Admin-entered link
$link_t = $sql->db_Count("links_page", "(*)", "WHERE link_category='" . intval($_POST['cat_id']) . "'");
$time = $_POST['update_datestamp'] ? time() : ($_POST['link_datestamp'] != "0" ? $_POST['link_datestamp'] : time());
$edata_ls['link_open'] = intval($_POST['linkopentype']);
$edata_ls['link_class'] = intval(varset($_POST['link_class']));
$edata_ls['link_author'] = USERID;
// Default
//update link
if (is_numeric($qs[2]) && $qs[1] != "sn") {
if ($qs[1] !== "manage") {
$edata_ls['link_author'] = $_POST['link_author'] && $_POST['link_author'] != '' ? $tp->toDB($_POST['link_author']) : USERID;
}
$edata_ls['link_datestamp'] = $time;
$sql->db_UpdateArray("links_page", $edata_ls, " WHERE link_id='" . intval($qs[2]) . "'");
$msg = LCLAN_ADMIN_3;
$data = array('method' => 'update', 'table' => 'links_page', 'id' => $qs[2], 'plugin' => 'links_page', 'function' => 'dbLinkCreate');
$msg .= $e_event->triggerHook($data);
$admin_log->logArrayAll('LINKS_14', $edata_ls);
$e107cache->clear("sitelinks");
$this->show_message($msg);
//create link
} else {
$edata_ls['link_datestamp'] = time();
$edata_ls['link_order'] = $link_t + 1;
$sql->db_Insert("links_page", $edata_ls);
$msg = LCLAN_ADMIN_2;
$id = mysql_insert_id();
$data = array('method' => 'create', 'table' => 'links_page', 'id' => $id, 'plugin' => 'links_page', 'function' => 'dbLinkCreate');
$msg .= $e_event->triggerHook($data);
$admin_log->logArrayAll('LINKS_13', $edata_ls);
$e107cache->clear("sitelinks");
$this->show_message($msg);
}
//delete from tmp table after approval
if (is_numeric($qs[2]) && $qs[1] == "sn") {
$sql->db_Delete("tmp", "tmp_time=" . intval($qs[2]));
}
}
}
function dbLinkCreate($mode = '')
{
global $tp, $qs, $e107cache, $e_event;
$db = e107::getDb('links_page');
$mes = e107::getMessage();
$link_name = $tp->toDB($_POST['link_name']);
$link_url = $tp->toDB($_POST['link_url']);
$link_description = $tp->toDB($_POST['link_description']);
$link_button = $tp->toDB($_POST['link_button']);
if (!$link_name || !$link_url || !$link_description) {
message_handler("ALERT", 5);
return;
}
if ($link_url && !strstr($link_url, "http")) {
$link_url = "http://" . $link_url;
}
//create link, submit area , not allowed direct post
if (isset($mode) && $mode == "submit") {
$username = defined('USERNAME') ? USERNAME : LAN_LINKS_3;
$insert = array('link_id' => NULL, 'link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_order' => $link_t + 1, 'link_refer' => 0, 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($_POST['link_class']), 'link_datestamp' => time(), 'link_author' => USERID, 'link_active' => 0);
if ($db->insert("links_page", $insert)) {
$mes->addSuccess(LAN_LINKS_29);
$mes->render();
}
$edata_ls = array("link_category" => $_POST['cat_id'], "link_name" => $link_name, "link_url" => $link_url, "link_description" => $link_description, "link_button" => $link_button, "username" => $username, "submitted_link" => $submitted_link);
$e_event->trigger("linksub", $edata_ls);
$url = e107::url('links_page', 'submitted', 'full');
//jsx_location($url);
e107::getRedirect()->go($url);
} elseif (isset($mode) && $mode == "edit") {
if (is_numeric($qs[2]) && $qs[1] != "sn") {
$link_class = $_POST['link_class'];
if ($qs[1] == "manage") {
$link_author = USERID;
} else {
// not needed anymore, left for future
$link_author = $_POST['link_author'] && $_POST['link_author'] != '' ? $tp->toDB($_POST['link_author']) : USERID;
}
$id = intval($qs[2]);
$where = 'link_id = ' . $id;
$update = array('link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($link_class), 'link_datestamp' => intval($time), 'link_author' => $link_author, 'link_active' => 0, 'WHERE' => $where);
if ($db->update('links_page', $update)) {
$mes->addSuccess(LCLAN_ADMIN_3 . ' ' . LAN_LINKS_29);
echo $mes->render();
}
$e107cache->clear("sitelinks");
} else {
e107::getMessage()->addError('Something went wrong. Contact admin.');
echo e107::getMessage()->render();
}
} else {
$link_t = $db->count("links_page", "(*)", "WHERE link_category='" . intval($_POST['cat_id']) . "'");
$time = $_POST['update_datestamp'] ? time() : ($_POST['link_datestamp'] != "0" ? $_POST['link_datestamp'] : time());
//update link
if (is_numeric($qs[2]) && $qs[1] != "sn") {
$link_class = $_POST['link_class'];
if ($qs[1] == "manage") {
$link_author = USERID;
} else {
$link_author = $_POST['link_author'] && $_POST['link_author'] != '' ? $tp->toDB($_POST['link_author']) : USERID;
}
$update = array('link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($link_class), 'link_datestamp' => intval($time), 'link_author' => $link_author, 'link_active' => 1, 'WHERE' => $where);
$e107cache->clear("sitelinks");
if ($db->update('links_page', $update)) {
$mes->addSuccess(LCLAN_ADMIN_3);
echo $mes->render();
}
//create link
} else {
$insert = array('link_id' => NULL, 'link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_order' => $link_t + 1, 'link_refer' => 0, 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($_POST['link_class']), 'link_datestamp' => time(), 'link_author' => USERID, 'link_active' => 1);
if ($db->insert("links_page", $insert)) {
$mes->addSuccess(LCLAN_ADMIN_2);
$mes->render();
}
$e107cache->clear("sitelinks");
$mes->addSuccess(LCLAN_ADMIN_2);
echo $mes->render();
}
}
}
$num++;
// Send fake header to avoid timeout, got this trick from phpMyAdmin
$time1 = time();
if ($time1 >= $time0 + 30) {
$time0 = $time1;
header('X-bpPing: Pong');
}
}
// EOWHILE
$pdf_code = $pdf->output();
$fname = BATCH_PDF_DIR . BATCH_PDF_FILE;
if ($fp = fopen($fname, 'w')) {
fwrite($fp, $pdf_code);
fclose($fp);
} else {
message_handler('FAILED_TO_OPEN');
}
// changed below to cause pdf to open in a new window
$message = SUCCESS_1 . $num . SUCCESS_2 . '<a href="' . $fname . '" target="_blank"><b>' . SUCCESS_3 . '</b></a>' . SUCCESS_4;
case 0:
require BATCH_PRINT_INC . 'batch_print_header.php';
require BATCH_PRINT_INC . 'batch_print_body.php';
require BATCH_PRINT_INC . 'batch_print_footer.php';
break;
default:
message_handler();
}
//EOSWITCH
} else {
message_handler('ERROR_INVALID_INPUT');
}
function Calibrate($tObject, $count = 10)
{
if (!defined("E107_DBG_TRAFFIC") || !E107_DBG_TRAFFIC) {
return;
}
if ($tObject != $this) {
message_handler("CRITICAL_ERROR", "Bad traffic object", __LINE__ - 2, __FILE__);
}
if ($count <= 0) {
return;
}
// no calibration
$this->calPassBoth = $this->calPassOne = 0.0;
for ($i = 0; $i < $count; $i++) {
$b = microtime();
$e = microtime();
$tObject->Bump('TRAF_CAL1', $b, $e);
// emulate the normal non-insider call
$b = microtime();
$tObject->Bump('TRAF_CAL2', $b);
}
$t = $tObject->aTrafficTimed['TRAF_CAL1'];
$this->calPassBoth = $t['Time'] / $t['Count'];
$t = $tObject->aTrafficTimed['TRAF_CAL2'];
$this->calPassOne = $t['Time'] / $t['Count'];
}
/**
* Add a comment to an item
* e-token POST value should be always valid when using this method.
*
* @param string|array $data - $author_name or array of all values.
* @param unknown_type $comment
* @param unknown_type $table
* @param integer $id - reference of item in source table to which comment is linked
* @param unknown_type $pid - parent comment id when it's a reply to a specific comment. t
* @param unknown_type $subject
* @param unknown_type $rateindex
*/
function enter_comment($data, $comment = '', $table = '', $id = '', $pid = '', $subject = '', $rateindex = FALSE)
{
//rateindex : the posted value from the rateselect box (without the urljump) (see function rateselect())
if ($this->engine != 'e107') {
return;
}
if (is_array($data)) {
$table = $data['comment_type'];
$id = intval($data['comment_item_id']);
$pid = intval($data['comment_pid']);
$subject = $data['comment_subject'];
$comment = $data['comment_comment'];
$author_name = $data['comment_author_name'];
$comment_share = intval($data['comment_share']);
$comment_datestamp = $data['comment_datestamp'];
} else {
$author_name = $data;
//BC Fix.
}
global $e107, $rater;
$sql = e107::getDb();
$sql2 = e107::getDb('sql2');
$tp = e107::getParser();
$pref = e107::getPref();
if ($this->getCommentPermissions() != 'rw') {
return;
}
if ($user_func = e107::getOverride()->check($this, 'enter_comment')) {
return call_user_func($user_func, array('data' => $data, 'comment' => $comment, 'table' => $table, 'id' => $id, 'pid' => $pid, 'subject' => $subject, 'rateindex' => $rateindex));
}
if (!isset($_POST['e-token'])) {
$_POST['e-token'] = '';
}
// check posted token
if (!e107::getSession()->check(false)) {
return false;
}
// This will return false on error
if (isset($_GET['comment']) && $_GET['comment'] == 'edit') {
$eaction = 'edit';
$editpid = $_GET['comment_id'];
} elseif (strstr(e_QUERY, "edit")) {
$eaction = "edit";
$tmp = explode(".", e_QUERY);
$count = 0;
foreach ($tmp as $t) {
if ($t == "edit") {
$editpid = $tmp[$count + 1];
break;
}
$count++;
}
}
$type = $this->getCommentType($table);
$comment = $tp->toDB($comment);
$subject = $tp->toDB($subject);
$cuser_id = 0;
$cuser_name = 'Anonymous';
// Preset as an anonymous comment
if (!$sql->select("comments", "*", "comment_comment='" . $comment . "' AND comment_item_id='" . intval($id) . "' AND comment_type='" . $tp->toDB($type, true) . "' ")) {
if ($_POST['comment']) {
if (USER == TRUE) {
$cuser_id = USERID;
$cuser_name = USERNAME;
$cuser_mail = USEREMAIL;
} elseif ($_POST['author_name'] != '') {
if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' ")) {
if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' AND user_ip='" . $tp->toDB($ip, true) . "' ")) {
//list($cuser_id, $cuser_name) = $sql2->db_Fetch();
$tmp = $sql2->fetch();
$cuser_id = $tmp['user_id'];
$cuser_name = $tmp['user_name'];
$cuser_mail = $tmp['user_email'];
} else {
define("emessage", COMLAN_310);
}
} else {
$cuser_name = $tp->toDB($author_name);
}
}
if (!defined("emessage")) {
$ip = $e107->getip();
// Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form
$_t = time();
if ($editpid) {
$comment .= "\n[ " . COMLAN_319 . " [time=short]" . time() . "[/time] ]";
$sql->update("comments", "comment_comment='{$comment}' WHERE comment_id='" . intval($editpid) . "' ");
e107::getCache()->clear("comment");
return;
}
//FIXME - don't sanitize, pass raw data to e_event, use DB array (inner db sanitize)
$edata_li = array('comment_pid' => intval($pid), 'comment_item_id' => $id, 'comment_subject' => $subject, 'comment_author_id' => $cuser_id, 'comment_author_name' => $cuser_name, 'comment_author_email' => $tp->toDB($cuser_mail), 'comment_datestamp' => $_t, 'comment_comment' => $comment, 'comment_blocked' => $this->moderateComment($pref['comments_moderate']) ? 2 : 0, 'comment_ip' => $ip, 'comment_type' => $tp->toDB($type, true), 'comment_lock' => 0, 'comment_share' => $comment_share);
//SecretR: new event 'prepostcomment' - allow plugin hooks - e.g. Spam Check
$edata_li_hook = array_merge($edata_li, array('comment_nick' => $cuser_id . '.' . $cuser_name, 'comment_time' => $_t));
if (e107::getEvent()->trigger("prepostcomment", $edata_li_hook)) {
return false;
//3rd party code interception
}
//allow 3rd party code to modify insert data
if (is_array($edata_li_hook)) {
foreach (array_keys($edata_li) as $k) {
if (isset($edata_li_hook[$k])) {
$edata_li[$k] = $edata_li_hook[$k];
//sanitize?
continue;
}
if ($k === 'break') {
$break = $edata_li_hook[$k];
}
}
}
unset($edata_li_hook);
if (!($inserted_id = $sql->insert("comments", $edata_li))) {
//echo "<b>".COMLAN_323."</b> ".COMLAN_11;
if (e_AJAX_REQUEST) {
return "Error";
}
e107::getMessage()->addStack(COMLAN_11, 'postcomment', E_MESSAGE_ERROR);
} else {
if (USER == true) {
$sql->update("user", "user_comments=user_comments+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' ");
}
// Next item for backward compatibility
$edata_li["comment_nick"] = $cuser_id . '.' . $cuser_name;
$edata_li["comment_time"] = $_t;
$edata_li["comment_id"] = $inserted_id;
//Why?
/*unset($edata_li['comment_pid']);
unset($edata_li['comment_author_email']);
unset($edata_li['comment_ip']);*/
e107::getEvent()->trigger("postcomment", $edata_li);
e107::getCache()->clear("comment");
if ((empty($type) || $type == "news") && !$this->moderateComment($pref['comments_moderate'])) {
$sql->update("news", "news_comment_total=news_comment_total+1 WHERE news_id=" . intval($id));
}
//if rateindex is posted, enter the rating from this user
// if ($rateindex)
// {
// $rater->enterrating($rateindex);
// }
return $inserted_id;
// return the ID number so it can be used. true;
}
}
}
} else {
define("emessage", COMLAN_312);
}
if (defined("emessage")) {
if (e_AJAX_REQUEST) {
return emessage;
}
message_handler("ALERT", emessage);
}
return false;
}
if ($_POST['address']) {
if ($_POST['address'] == "billing") {
$billing = true;
} else {
$billing = false;
}
} else {
$billing = false;
}
if ($_POST['endpos']) {
$endpos = $_POST['endpos'];
} else {
$endpos = NUM_LABELS_PER_PAGE;
}
if (!tep_db_num_rows($orders_query) > 0) {
message_handler('NO_ORDERS');
}
change_color(GENERAL_FONT_COLOR);
for ($y = $pdf->ez['pageHeight'] - STARTY; $y > LABEL_HEIGHT - STARTY; $y -= LABEL_HEIGHT) {
for ($x = STARTX; $x < STARTX + NUM_COLUMNS * LABEL_WIDTH; $x += LABEL_WIDTH) {
if ($startpos <= $pos && $num < $endpos) {
if (print_address($x, $y, $num)) {
$num++;
}
}
$pos++;
}
// Send fake header to avoid timeout, got this trick from phpMyAdmin
$time1 = time();
if ($time1 >= $time0 + 30) {
$time0 = $time1;
if ($error) {
require_once e_HANDLER . "message_handler.php";
$temp = array();
if (count($extraErrors)) {
$temp[] = implode('<br />', $extraErrors);
}
if (count($allData['errors'])) {
$temp[] = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
}
if (varsettrue($eufVals['errors'])) {
$temp[] = validatorClass::makeErrorList($eufVals, 'USER_ERR_', '%n - %t: %v', '<br />');
}
message_handler('P_ALERT', implode('<br />', $temp));
}
} else {
message_handler('P_ALERT', implode('<br />', $extraErrors));
// Workaround for image-code errors.
}
// ========== End of verification.. ==============
// If no errors, we can enter the new member in the DB
// At this point we have two data arrays:
// $allData['data'] - the 'core' user data
// $eufVals['data'] - any extended user fields
if (!$error) {
$error_message = '';
$fp = new floodprotect();
if ($fp->flood("user", "user_join") == FALSE) {
header("location:" . e_BASE . "index.php");
exit;
}
if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='" . $_POST['email'] . "' AND user_ban='" . USER_BANNED . "'")) {
}
}
if ($submitnews_error === FALSE) {
$sql->insert("submitnews", "0, '{$submitnews_user}', '{$submitnews_email}', '{$submitnews_title}', '" . intval($_POST['cat_id']) . "', '{$submitnews_item}', '" . time() . "', '{$ip}', '0', '" . implode(',', $submitnews_filearray) . "' ");
$edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip);
e107::getEvent()->trigger("subnews", $edata_sn);
// bc
e107::getEvent()->trigger("user_news_submit", $edata_sn);
$mes = e107::getMessage();
$mes->addSuccess(LAN_134);
echo $mes->render();
// $ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>");
require_once FOOTERF;
exit;
} else {
message_handler("P_ALERT", $message);
}
}
$text = "";
if (!defined("USER_WIDTH")) {
define("USER_WIDTH", "width:95%");
}
if (!empty($pref['news_subheader'])) {
$text .= "\n\t <div class='alert alert-block alert-info '>\n\t " . $tp->toHTML($pref['news_subheader'], true, "BODY") . "\n\t </div>";
}
$text .= "\n<div>\n <form id='dataform' method='post' action='" . e_SELF . "' enctype='multipart/form-data' onsubmit='return frmVerify()'>\n <table class='table fborder'>";
if (!USER) {
$text .= "\n\t <tr>\n\t <td style='width:20%' class='forumheader3'>" . LAN_7 . "</td>\n\t <td style='width:80%' class='forumheader3'>\n\t <input class='tbox' type='text' name='submitnews_name' size='60' value='" . $tp->toHTML($submitnews_user, FALSE, 'USER_TITLE') . "' maxlength='100' required />\n\t </td>\n\t </tr>\n\t <tr>\n\t <td style='width:20%' class='forumheader3'>" . LAN_112 . "</td>\n\t <td style='width:80%' class='forumheader3'>\n\t <input class='tbox' type='text' name='submitnews_email' size='60' value='" . $tp->toHTML($submitnews_email, FALSE, 'LINKTEXT') . "' maxlength='100' required />\n\t </td>\n\t </tr>";
}
$text .= "\n<tr>\n <td style='width:20%' class='forumheader3'>" . NWSLAN_6 . ": </td>\n\t<td style='width:80%' class='forumheader3'>";
if (!$sql->select("news_category")) {
}
$eaction = true;
} else {
if ($action == 'quote') {
$action = 'reply';
$eaction = false;
}
}
}
if (isset($_POST['newthread']) || isset($_POST['reply'])) {
$postInfo = array();
$threadInfo = array();
$postOptions = array();
$threadOptions = array();
if (isset($_POST['newthread']) && trim($_POST['subject']) == '' || trim($_POST['post']) == '') {
message_handler('ALERT', 5);
} else {
if ($fp->flood('forum_thread', 'thread_datestamp') == false && !ADMIN) {
echo "<script type='text/javascript'>document.location.href='" . e_BASE . "index.php'</script>\n";
exit;
}
$hasPoll = $action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != '';
$postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE);
if (USER) {
$postInfo['post_user'] = USERID;
$threadInfo['thread_lastuser'] = USERID;
$threadInfo['thread_user'] = USERID;
$threadInfo['thread_lastuser_anon'] = '';
} else {
$postInfo['post_user_anon'] = $_POST['anonname'];
$threadInfo['thread_lastuser_anon'] = $_POST['anonname'];
