$p->set_var('actionurl', $actionurl);
$p->set_var('rowid', $rowid);
$p->set_var('project_id', $project_id);
$p->set_var('taskuser', $_USER['uid']);
if ($fromprojectlink) {
$p->set_var('hiderequestlink', 'none');
} else {
$p->set_var('project_link', '#" onClick="nfNewWindow(\'' . $_CONF['site_url'] . '/nexflow/getproject.php?id=' . $project_id . '\')"');
}
if ($op == 'addcomment') {
if (!get_magic_quotes_gpc()) {
$comment = addslashes($_GET['comment']);
} else {
$comment = $_GET['comment'];
}
$comment = ppPrepareForDB($comment);
$sql = "INSERT INTO {$_TABLES['nf_projectcomments']} (project_id, uid, timestamp, comment) ";
$sql .= "VALUES ('{$project_id}','{$usermodeUID}',UNIX_TIMESTAMP(),'{$comment}')";
if ($CONF_NF['debug']) {
COM_errorLog($sql);
}
DB_query($sql);
} elseif ($op == 'delcomment' and $cid > 0) {
$sql = "DELETE FROM {$_TABLES['nf_projectcomments']} WHERE id='{$cid}'";
DB_query($sql);
}
$sql = "SELECT * FROM {$_TABLES['nf_projects']} WHERE id='{$project_id}'";
$query = DB_QUERY($sql);
$PD = DB_fetchArray($query);
$p->set_var('description', $PD['description']);
// Knowing the project id - retrieve the request form results
function menuSaveConfig()
{
global $_TABLES;
$theme = ppPrepareForDB($_POST['theme']);
$headermode = ppPrepareForDB($_POST['header_mode']);
$blockmode = ppPrepareForDB($_POST['block_mode']);
$style1 = ppPrepareForDB($_POST['style1']);
$style2 = ppPrepareForDB($_POST['style2']);
$style3 = ppPrepareForDB($_POST['style3']);
$style4 = ppPrepareForDB($_POST['style4']);
$headerbg = ppPrepareForDB($_POST['clr_headerbg']);
$headerfg = ppPrepareForDB($_POST['clr_headerfg']);
$blockbg = ppPrepareForDB($_POST['clr_blockbg']);
$blockfg = ppPrepareForDB($_POST['clr_blockfg']);
$onhover_headerbg = ppPrepareForDB($_POST['clr_onhover_headerbg']);
$onhover_headerfg = ppPrepareForDB($_POST['clr_onhover_headerfg']);
$onhover_blockbg = ppPrepareForDB($_POST['clr_onhover_blockbg']);
$onhover_blockfg = ppPrepareForDB($_POST['clr_onhover_blockfg']);
$headersubmenubg = ppPrepareForDB($_POST['clr_headersubmenubg']);
$headersubmenufg = ppPrepareForDB($_POST['clr_headersubmenufg']);
$blocksubmenubg = ppPrepareForDB($_POST['clr_blocksubmenubg']);
$blocksubmenufg = ppPrepareForDB($_POST['clr_blocksubmenufg']);
$onhover_headersubmenubg = ppPrepareForDB($_POST['clr_onhover_headersubmenubg']);
$onhover_headersubmenufg = ppPrepareForDB($_POST['clr_onhover_headersubmenufg']);
$onhover_blocksubmenubg = ppPrepareForDB($_POST['clr_onhover_blocksubmenubg']);
$onhover_blocksubmenufg = ppPrepareForDB($_POST['clr_onhover_blocksubmenufg']);
$header_properties = ppPrepareForDB($_POST['header_properties']);
$block_properties = ppPrepareForDB($_POST['block_properties']);
$targetfeatures = ppPrepareForDB($_POST['targetfeatures']);
$multilang = COM_applyFilter($_POST['multilang'], true);
$targetfeatures = 'targetfeatures=' . $targetfeatures;
$sql = " UPDATE {$_TABLES['nexmenu_config']} SET header_style='{$headermode}', block_style='{$blockmode}', multilanguage={$multilang}, targetfeatures='{$targetfeatures}', ";
$sql .= "blockmenu_style='{$style1}', blocksubmenu_style='{$style2}',headermenu_style='{$style3}', headersubmenu_style='{$style4}', ";
$sql .= "headerbg='{$headerbg}', headerfg='{$headerfg}', blockbg='{$blockbg}',blockfg='{$blockfg}', ";
$sql .= "onhover_headerbg='{$onhover_headerbg}', onhover_headerfg='{$onhover_headerfg}', ";
$sql .= "onhover_blockbg='{$onhover_blockbg}',onhover_blockfg='{$onhover_blockfg}', ";
$sql .= "headersubmenubg='{$headersubmenubg}', headersubmenufg='{$headersubmenufg}', ";
$sql .= "blocksubmenubg='{$blocksubmenubg}',blocksubmenufg='{$blocksubmenufg}', ";
$sql .= "onhover_headersubmenubg='{$onhover_headersubmenubg}', onhover_headersubmenufg='{$onhover_headersubmenufg}', ";
$sql .= "onhover_blocksubmenubg='{$onhover_blocksubmenubg}',onhover_blocksubmenufg='{$onhover_blocksubmenufg}', ";
$sql .= "headermenu_properties='{$header_properties}',blockmenu_properties='{$block_properties}' ";
$sql .= "WHERE theme='{$theme}'";
DB_query($sql);
$err = '';
// Re-Write the menu css stylesheet
$err = menu_updateStyleSheet($theme);
if ($mode == 'Milonic') {
$err = menu_updateBlockHeader();
}
return $err;
}
function nf_updateMiscDataField($fieldid, $taskid, $projectid, $data)
{
global $_CONF, $_TABLES, $CONF_NF;
$fielddata = ppPrepareForDB($data);
if (!empty($fielddata)) {
if (DB_count($_TABLES['nf_projectdataresults'], array('field_id', 'project_id', 'task_id'), array($fieldid, $projectid, $taskid))) {
$sql = "UPDATE {$_TABLES['nf_projectdataresults']} SET textdata = '{$fielddata}' ";
$sql .= "WHERE field_id={$fieldid} AND project_id={$projectid} AND task_id={$taskid}";
} else {
$sql = "INSERT INTO {$_TABLES['nf_projectdataresults']} (field_id,project_id,task_id,textdata) ";
$sql .= "VALUES ({$fieldid},{$projectid},{$taskid},'{$fielddata}') ";
}
DB_query($sql);
}
}
function ppCleanField(&$field)
{
if (gettype($field) == "string") {
$field = ppPrepareForDB($field);
}
}
function gf_check4files($id, $tempfile = false)
{
global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_FORUM, $LANG_GF00;
global $_FM_TABLES, $CONF_FORUM, $filemgmt_FileStore;
$filelinks = '';
$uploadfile = $_FILES['file_forum'];
$cid = COM_applyFilter($_POST['filemgmtcat'], true);
$use_filestore = false;
if ($uploadfile['name'] != '') {
if ($_POST['chk_usefilemgmt'] == 1 and $cid > 0) {
$filename = $uploadfile['name'];
$pos = strrpos($uploadfile['name'], '.') + 1;
$ext = strtolower(substr($uploadfile['name'], $pos));
$use_filestore = true;
} else {
$uploadfilename = ppRandomFilename();
$pos = strrpos($uploadfile['name'], '.') + 1;
$ext = strtolower(substr($uploadfile['name'], $pos));
$filename = "{$uploadfilename}.{$ext}";
//COM_errorlog("Forum file upload: Original file: {$uploadfile['name']} and new filename: $filename");
}
if ($use_filestore) {
if ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') {
$filestore_path = $filemgmt_FileStore;
} elseif ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') {
$filestore_path = $_CONF['path_html'] . 'nexfile/data/' . $cid . '/';
} else {
$filestore_path = $CONF_FORUM['uploadpath'];
}
} else {
$filestore_path = $CONF_FORUM['uploadpath'];
}
if (gf_uploadfile($filename, $uploadfile, $CONF_FORUM['allowablefiletypes'], $filestore_path)) {
if (array_key_exists($uploadfile['type'], $CONF_FORUM['inlineimageypes']) and function_exists(MG_resizeImage)) {
if ($_POST['chk_usefilemgmt'] == 1) {
$srcImage = "{$filemgmt_FileStore}{$filename}";
$destImage = "{$CONF_FORUM['uploadpath']}/tn/{$filename}";
} else {
$srcImage = "{$CONF_FORUM['uploadpath']}/{$filename}";
$destImage = "{$CONF_FORUM['uploadpath']}/tn/{$uploadfilename}.{$ext}";
}
$ret = MG_resizeImage($srcImage, $destImage, $CONF_FORUM['inlineimage_height'], $CONF_FORUM['inlineimage_width']);
}
// Store both the created filename and the real file source filename
$realfilename = $filename;
$filename = "{$filename}:{$uploadfile['name']}";
if ($tempfile) {
$temp = 1;
} else {
$temp = 0;
}
if ($use_filestore) {
// Check and see if nexfile or the filemgmt plugin is being used
if ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') {
DB_query("INSERT INTO {$_TABLES['fm_files']} (cid,fname,title,version,ftype,size,submitter,status,date)\r\n VALUES ('{$cid}','{$realfilename}','{$realfilename}','1','file','{$uploadfile['size']}','{$_USER['uid']}','1',UNIX_TIMESTAMP())");
$fid = DB_insertId();
DB_query("INSERT INTO {$_TABLES['fm_detail']} (fid,description,platform,hits,rating,votes,comments)\r\n VALUES ('{$fid}','','','0','0','0','0')");
DB_query("INSERT INTO {$_TABLES['fm_versions']} (fid,fname,ftype,version,size,notes,date,uid,status)\r\n VALUES ('{$fid}','{$realfilename}','file','1','{$uploadfile['size']}','',UNIX_TIMESTAMP(),'{$_USER['uid']}','1')");
DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$fid},'{$filename}',{$temp})");
} elseif ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') {
$sql = "INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, size, submitter, status,date ) ";
$sql .= "VALUES ('{$cid}', '{$realfilename}', '{$realfilename}', '{$uploadfile['size']}', '{$_USER['uid']}', 1, UNIX_TIMESTAMP())";
DB_query($sql);
$newid = DB_insertID();
DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$newid},'{$filename}',{$temp})");
$description = ppPrepareForDB($_POST['filemgmt_desc']);
DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')");
}
} else {
DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,filename,tempfile)\r\n VALUES ('{$id}','{$filename}',{$temp})");
}
} else {
COM_errorlog("upload error:" . $GLOBALS['gf_errmsg']);
$errmsg = $GLOBALS['gf_errmsg'];
}
}
if (!$tempfile and $_POST['uniqueid'] > 0 and DB_COUNT($_TABLES['gf_topic'], 'id', $id)) {
DB_query("UPDATE {$_TABLES['gf_attachments']} SET topic_id={$id}, tempfile=0 WHERE topic_id={$_POST['uniqueid']}");
}
return $filelinks;
}
function nf_approveEditForm_posthandler($processid, $taskid, $userid, $projectid)
{
global $_CONF, $_TABLES, $_DB_table_prefix;
$nfclass = new nexflow($processid);
if ($projectid == '' or $projectid == 0) {
$projectid = $nfclass->get_processVariable('PID');
}
$actionopt = COM_applyFilter($_POST['actionopt']);
$taskid = COM_applyFilter($_POST['taskid']);
$formid = COM_applyFilter($_POST['formid']);
$processid = COM_applyFilter($_POST['processid']);
if ($projectid > 0) {
$prj_formid = DB_getItem($_TABLES['nf_projectforms'], 'id', "project_id='{$projectid}' AND form_id='{$formid}'");
}
$status = DB_getItem($_TABLES['nf_projectforms'], 'status', "id='{$prj_formid}'");
if (DB_count($_TABLES['nf_project_approvals'], array('uid', 'form_id', 'process_id'), array($userid, $prj_formid, $processid)) == 0) {
DB_query("INSERT INTO {$_TABLES['nf_project_approvals']} (process_id,form_id,uid) VALUES ('{$processid}','{$prj_formid}','{$userid}')");
}
if ($actionopt == 'accept') {
DB_query("UPDATE {$_TABLES['nf_project_approvals']} SET status='3', date_updated=UNIX_TIMESTAMP() WHERE uid='{$userid}' AND form_id='{$prj_formid}'");
} elseif ($actionopt == 'reject') {
DB_query("UPDATE {$_TABLES['nf_project_approvals']} SET status='6', date_updated=UNIX_TIMESTAMP() WHERE uid='{$userid}' AND form_id='{$prj_formid}'");
}
if (trim($_POST['notes']) != '') {
$notes = ppPrepareForDB($_POST['notes']);
if (DB_count($_TABLES['nf_projectcomments'], array('project_id', 'task_id'), array($projectid, $taskid)) == 0) {
$sql = "INSERT INTO {$_TABLES['nf_projectcomments']} (project_id, task_id, uid, timestamp, comment) ";
$sql .= "VALUES ('{$projectid}','{$taskid}','{$userid}',UNIX_TIMESTAMP(),'{$notes}')";
} else {
$sql = "UPDATE {$_TABLES['nf_projectcomments']} SET comment='{$notes}', timestamp=UNIX_TIMESTAMP() ";
$sql .= "WHERE project_id='{$projectid}' AND task_id='{$taskid}' ";
}
DB_query($sql);
}
$formtype = DB_getItem($_TABLES['nf_projectforms'], 'formtype', "id='{$prj_formid}'");
if ($_POST['taskaction'] == 'Complete Task') {
if ($processid > 0 and $taskid > 0) {
$nfclass = new nexflow($processid, $userid);
if ($actionopt == 'accept') {
$statusmsg = "{$formtype} approved";
nf_updateStatusLog($projectid, $prj_formid, $statusmsg);
$status = DB_getItem($_TABLES['nf_projectforms'], 'status', "id='{$prj_formid}'");
$nfclass = new nexflow($processid, $userid);
// Set Process Variable to true which may be checked in the workflow
$nfclass->set_ProcessVariable('Review_Approval', 0);
$nfclass->complete_task($taskid);
// If the form has not yet been rejected by another member then mark it accepted
if ($status != 6) {
DB_query("UPDATE {$_TABLES['nf_projectforms']} SET status='3' WHERE id='{$prj_formid}'");
}
} elseif ($actionopt == 'reject') {
DB_query("UPDATE {$_TABLES['nf_projectforms']} SET status='6' WHERE id='{$prj_formid}'");
$statusmsg = "{$formtype} Rejected";
nf_updateStatusLog($projectid, $prj_formid, $statusmsg);
// Set Process Variable to false which may be checked in the workflow
$nfclass->set_ProcessVariable('Review_Approval', 1);
$nfclass->cancel_task($taskid);
} else {
return "Need to check 'Reject' or 'Accept' to complete the task";
}
}
}
}
function updatePage($mode, $type)
{
global $_CONF, $_TABLES, $_FILES, $_POST, $CONF_SE, $LANG_SE_ERR;
global $_DB_name, $catid, $pageid;
include_once $_CONF['path_system'] . 'classes/upload.class.php';
$name = substr(htmlentities($_POST['name']), 0, 32);
$pid = ppPrepareForDB($_POST['category']);
$old_sid = ppPrepareForDB($_POST['old_sid']);
$sid = ppPrepareForDB($_POST['sid'], true, 40);
$pageorder = COM_applyFilter($_POST['pageorder'], true);
if ($type == 'link') {
$menutype = 3;
} else {
$menutype = COM_applyFilter($_POST['menu_type'], true);
}
$blkformat = ppPrepareForDB($_POST['blk_format']);
$heading = substr(htmlentities($_POST['heading']), 0, 255);
$grp_access = ppPrepareForDB($_POST['grp_access']);
$imgdelete = $_POST['imgdelete'];
$chkscale = $_POST['chkscale'];
$submenutype = COM_applyFilter($_POST['rad_submenu'], true);
$blockmenutype = COM_applyFilter($_POST['rad_blockmenu'], true);
$is_menu_newpage = $_POST['chknewwindow'] == 1 ? 1 : 0;
$is_draft = $_POST['chkdraft'] == 1 ? 1 : 0;
$show_breadcrumbs = $_POST['chkbreadcrumbs'] == 1 ? 1 : 0;
$owner_id = ppPrepareForDB($_POST['owner_id']);
$group_id = ppPrepareForDB($_POST['group_id']);
$perm_owner = $_POST['perm_owner'];
$perm_group = $_POST['perm_group'];
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
$pagetitle = substr(htmlentities($_POST['pagetitle']), 0, 255);
$metadesc = ppPrepareForDB($_POST['metadesc']);
$metakeywords = ppPrepareForDB($_POST['metakeywords']);
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
// Allow full HTML in the introtext field
if (!get_magic_quotes_gpc()) {
$content = addslashes($_POST['sitecontent']);
$help = addslashes($_POST['help']);
} else {
$content = $_POST['sitecontent'];
$help = $_POST['help'];
}
if ($sid != '') {
$sid = COM_sanitizeID($sid);
}
if ($sid != '' and DB_count($_TABLES['nexcontent_pages'], 'sid', $sid) > 0) {
if ($sid != $old_sid) {
$duplicate_sid = true;
if ($old_sid == '') {
$sid = "{$sid}_{$pid}";
$dupmsg = ' - Duplicate Page ID';
} else {
$sid = $old_sid;
$dupmsg = ' - Duplicate Page ID, Page ID not changed.';
}
}
} else {
$duplicate_sid = false;
}
if ($mode == 'add') {
$gid = uniqid($_DB_name, FALSE);
$category = COM_applyFilter($category, true);
if ($type == 'category') {
// Create a new record - set the category value to 0
DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ({$category},'{$gid}','category')");
$pageid = DB_insertID();
$GLOBALS['statusmsg'] = 'New Category Added';
$query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE type='category'");
list($maxorder) = DB_fetchArray($query);
$order = $maxorder + 10;
DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'");
} else {
// Create a new record - need to get the record id for the category
DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ('{$category}','{$gid}','{$type}')");
$pageid = DB_insertID();
$GLOBALS['statusmsg'] = 'New Page Added';
$query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE pid='category'");
list($maxorder) = DB_fetchArray($query);
$order = $maxorder + 10;
DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'");
}
} else {
if ($type == 'category') {
$GLOBALS['statusmsg'] = "{$name} Updated";
} else {
$GLOBALS['statusmsg'] = "{$name} Updated";
}
if ($duplicate_sid) {
$GLOBALS['statusmsg'] .= $dupmsg;
}
}
DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET name='{$name}', blockformat='{$blkformat}', pid='{$pid}', sid='{$sid}', heading='{$heading}',content='{$content}', menutype='{$menutype}', is_menu_newpage='{$is_menu_newpage}', show_submenu='{$submenutype}', show_blockmenu='{$blockmenutype}', show_breadcrumbs='{$show_breadcrumbs}', is_draft='{$is_draft}', owner_id='{$owner_id}', group_id='{$group_id}', perm_owner='{$perm_owner}', perm_group='{$perm_group}', perm_members='{$perm_members}', perm_anon='{$perm_anon}' , pagetitle='{$pagetitle}', meta_description='{$metadesc}', meta_keywords='{$metakeywords}' WHERE id='{$pageid}'");
DB_query("UPDATE {$_TABLES['nexcontent']} SET help='{$help}'");
//update the page order
if ($pageorder != '' and $pageid != '') {
DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$pageorder} WHERE id={$pageid};");
$porder = DB_query("SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE pid={$pid} ORDER BY pageorder ASC;");
$i = 0;
while ($ORDER = DB_fetchArray($porder)) {
$i += 10;
DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$i} WHERE id={$ORDER['id']};");
}
}
$pageImageDir = $CONF_SE['uploadpath'] . "/{$pageid}/";
// Check and see if directories exist
if (!file_exists($pageImageDir)) {
$mkdir = @mkdir($pageImageDir);
$chmod = @chmod($pageImageDir, $CONF_SE['imagedir_perms']);
}
// Delete any images if needed
for ($i = 0; $i < count($imgdelete); $i++) {
$curimage = DB_getitem($_TABLES['nexcontent_images'], "imagefile", "page_id='{$pageid}' AND imagenum='{$imgdelete[$i]}'");
$fullimage = $pageImageDir . $curimage;
if (!is_dir($fullimage) and file_exists($fullimage)) {
if (!unlink($fullimage)) {
echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions");
$GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions";
}
}
$pos = strrpos($curimage, '.');
$origimage = strtolower(substr($curimage, 0, $pos));
$ext = strtolower(substr($curimage, $pos));
$origimage .= "_original{$ext}";
$fullimage = $pageImageDir . $origimage;
if (!is_dir($fullimage) and file_exists($fullimage)) {
if (!unlink($fullimage)) {
echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions");
$GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions";
}
}
$curthumbnail = $pageImageDir . 'tn' . $curimage;
if (!is_dir($curthumbnail) and file_exists($curthumbnail)) {
if (!unlink($curthumbnail)) {
echo COM_errorLog("Unable to delete thumbnail for {$curthumbnail}. Please check file permissions");
$GLOBALS['statusmsg'] = "Unable to delete thumbnail for {$curthumbnail}. Please check file permissions";
}
}
DB_query("DELETE FROM {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' and imagenum='{$imgdelete[$i]}'");
next($imgdelete);
}
$upload = new upload();
$upload->setLogging(false);
$upload->setDebug(false);
$upload->setLogFile($_CONF['path_log'] . 'error.log');
$upload->setMaxFileUploads($CONF_SE['max_num_images']);
if ($_CONF['image_lib'] == 'imagemagick') {
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} else {
$upload->setGDLib();
}
$upload->setAllowedMimeTypes($CONF_SE['allowableImageTypes']);
$upload->setMaxDimensions($CONF_SE['max_upload_width'], $CONF_SE['max_upload_height']);
$upload->setMaxFileSize($CONF_SE['max_uploadfile_size']);
$upload->setAutomaticResize(true);
$upload->keepOriginalImage(true);
$upload->setPerms($CONF_SE['image_perms']);
if (!$upload->setPath($pageImageDir)) {
$GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ': ' . $upload->printErrors(false);
}
// OK, let's upload any pictures with this page
if (DB_count($_TABLES['nexcontent_images'], 'page_id', $pageid) > 0) {
$index_start = DB_getItem($_TABLES['nexcontent_images'], 'max(imagenum)', "page_id = '{$pageid}'") + 1;
} else {
$index_start = 1;
}
$index_start = 1;
$uniquename = time();
$filenames = array();
$imagenum = array();
for ($z = 1; $z <= $CONF_SE['max_num_images']; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$filenames[] = $uniquename . $z . '.jpg';
$imagenum[] = substr(key($_FILES), 9, 1);
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->setDebug(false);
$upload->uploadFiles();
if ($upload->areErrors()) {
$GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ': ' . $upload->printErrors(false);
return false;
}
reset($filenames);
reset($imagenum);
if (DB_count($_TABLES['nexcontent_pages'], "id", $pageid) > 0) {
foreach ($filenames as $pageImage) {
$index = current($imagenum);
if (file_exists($pageImageDir . $pageImage)) {
$src = $pageImageDir . $pageImage;
$dest = $pageImageDir . 'tn' . $pageImage;
makethumbnail($pageImage, $src, $dest);
$iquery = DB_query("SELECT imagefile from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' AND imagenum='{$index}'");
if (DB_numRows($iquery) == 0) {
DB_query("INSERT INTO {$_TABLES['nexcontent_images']} (page_id,imagenum,imagefile) values ('{$pageid}', '{$index}','{$pageImage}')");
} elseif (DB_numRows($iquery) == 1) {
DB_query("UPDATE {$_TABLES['nexcontent_images']} SET imagefile='{$pageImage}' WHERE page_id='{$pageid}' and imagenum='{$index}'");
}
}
next($imagenum);
}
} else {
$GLOBALS['statusmsg'] = 'Error saving category';
}
// Update the image autoscale option for any images
$query = DB_query("SELECT id,imagenum from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}'");
while (list($imageid, $imagenum) = DB_fetchArray($query)) {
if ($chkscale[$imagenum] == '1') {
DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '1' WHERE id='{$imageid}' AND imagenum='{$imagenum}'");
} else {
DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '0' WHERE id='{$imageid}' AND imagenum='{$imagenum}'");
}
}
}
function updateFormRecord($mode)
{
global $_CONF, $_POST, $_TABLES, $id, $_DB_name;
$name = ppPrepareForDB($_POST['name']);
$shortname = ppPrepareForDB($_POST['shortname']);
$comments = ppPrepareForDB($_POST['comments']);
$location = ppPrepareForDB($_POST['location']);
$template = ppPrepareForDB($_POST['template']);
$post_method = ppPrepareForDB($_POST['post_method']);
$post_option = ppPrepareForDB($_POST['post_option']);
$before_formid = ppPrepareForDB($_POST['before_formid']);
$after_formid = ppPrepareForDB($_POST['after_formid']);
$intro_text = ppPrepareForDB($_POST['intro_text'], false);
$post_text = ppPrepareForDB($_POST['post_text'], false);
$return_url = ppPrepareForDB($_POST['return_url']);
$status = COM_applyFilter($_POST['status'], true);
$show_as_tab = ppPrepareForDB($_POST['show_as_tab']);
$tab_label = ppPrepareForDB($_POST['tab_label']);
$perms_view = COM_applyFilter($_POST['perms_view'], true);
$perms_access = COM_applyFilter($_POST['perms_access'], true);
$perms_edit = COM_applyFilter($_POST['perms_edit'], true);
$fsetid = COM_applyFilter($_POST['fsetid'], true);
$field1 = COM_applyFilter($_POST['field1'], true);
$field2 = COM_applyFilter($_POST['field2'], true);
$fieldset_label = COM_applyFilter($_POST['fieldset_label']);
$show_mandatory_note = COM_applyFilter($_POST['show_mandatory_note'], true);
$show_as_tab = COM_applyFilter($show_as_tab, true);
if (!get_magic_quotes_gpc()) {
$on_submit = addslashes(htmlspecialchars($_POST['on_submit']));
} else {
$on_submit = htmlspecialchars($_POST['on_submit']);
}
$date = time();
if ($mode == 'add') {
$gid = uniqid($_DB_name, FALSE);
$fields = 'gid,name,shortname,date,template,post_method,post_option,fieldsets,';
$fields .= 'before_formid,after_formid,show_as_tab,tab_label,intro_text,after_post_text,';
$fields .= 'on_submit,return_url,perms_view,perms_access,perms_edit,status,comments,show_mandatory_note';
$sql = "INSERT INTO {$_TABLES['nxform_definitions']} ({$fields}) VALUES (";
$sql .= "'{$gid}','{$name}','{$shortname}','{$date}','{$template}','{$post_method}','{$fieldset}','{$post_option}',";
$sql .= "'{$before_formid}','{$after_formid}','{$show_as_tab}','{$tab_label}','{$intro_text}','{$post_text}',";
$sql .= "'{$on_submit}','{$return_url}','{$perms_view}','{$perms_access}','{$perms_edit}',";
$sql .= "'{$status}','{$comments}','{$show_mandatory_note}')";
DB_query($sql);
$formid = $id = DB_insertID();
$GLOBALS['statusmsg'] = 'Record Added';
} elseif (DB_count($_TABLES['nxform_definitions'], "id", $id) == 1) {
$oname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$id}'");
DB_query("UPDATE {$_TABLES['nxform_definitions']} SET\r\n name='{$name}', shortname='{$shortname}',date='{$date}', post_method='{$post_method}', post_option='{$post_option}',\r\n before_formid='{$before_formid}',after_formid='{$after_formid}',show_as_tab='{$show_as_tab}',\r\n tab_label='{$tab_label}',template='{$template}', intro_text='{$intro_text}',\r\n after_post_text='{$post_text}', on_submit='{$on_submit}', return_url='{$return_url}',\r\n perms_view='{$perms_view}', perms_access='{$perms_access}', perms_edit='{$perms_edit}',\r\n status='{$status}', comments='{$comments}',show_mandatory_note='{$show_mandatory_note}'\r\n WHERE id='{$id}'");
if ($field1 != 0 and $field2 != 0) {
// Check if user wanted to update an existing fieldset definition
if ($fsetid > 0) {
// Retrieve original fieldset record and replace definition in array
$fieldsets = DB_getItem($_TABLES['nxform_definitions'], 'fieldsets', "id='{$id}'");
if ($fieldsets != '') {
$afieldsets = unserialize($fieldsets);
// Retrieve array of fieldsets
$afieldsets[$fsetid] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}");
}
} else {
// User wants to add a new defintion
// Retrieve original fieldset record and replace definition in array
$fieldsets = DB_getItem($_TABLES['nxform_definitions'], 'fieldsets', "id='{$id}'");
if ($fieldsets != '') {
$afieldsets = unserialize($fieldsets);
// Retrieve array of fieldsets
if (count($afieldsets) == 0) {
$afieldsets[1] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}");
} else {
$afieldsets[] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}");
}
} else {
// No definition yet exists - create array
$afieldset = array();
$afieldsets[1] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}");
}
}
$fieldset = serialize($afieldsets);
DB_query("UPDATE {$_TABLES['nxform_definitions']} SET fieldsets='{$fieldset}' WHERE id='{$id}'");
}
$GLOBALS['statusmsg'] = 'Record Updated';
} else {
COM_errorLog("nexform Plugin: Admin Error updating Form Record {$id}");
$GLOBALS['statusmsg'] = 'Error adding or updating Record';
}
}
