function main($action) { global $template, $lang, $config, $pafiledb_config, $db, $user, $pafiledb_functions, $pafiledb_user; $file_id = request_var('file_id', 0); if (empty($file_id)) { message_die(GENERAL_MESSAGE, $lang['File_not_exist']); } $rating = request_post_var('rating', 0); $sql = 'SELECT file_name, file_catid FROM ' . PA_FILES_TABLE . "\n\t\t\tWHERE file_id = {$file_id}"; $result = $db->sql_query($sql); if (!($file_data = $db->sql_fetchrow($result))) { message_die(GENERAL_MESSAGE, $lang['File_not_exist']); } $db->sql_freeresult($result); if (!$this->auth[$file_data['file_catid']]['auth_rate']) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=dload.' . PHP_EXT . '&action=rate&file_id=' . $file_id, true)); } $message = sprintf($lang['Sorry_auth_rate'], $this->auth[$file_data['file_catid']]['auth_rate_type']); message_die(GENERAL_MESSAGE, $message); } $this->generate_category_nav($file_data['file_catid']); $template->assign_vars(array('L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_RATE' => $lang['Rate'], 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD_HOME' => append_sid('dload.' . PHP_EXT), 'U_FILE_NAME' => append_sid('dload.' . PHP_EXT . '?action=file&file_id=' . $file_id), 'FILE_NAME' => $file_data['file_name'], 'DOWNLOAD' => $pafiledb_config['settings_dbname'])); if (isset($_POST['submit'])) { $result_msg = str_replace("{filename}", $file_data['file_name'], $lang['Rconf']); $result_msg = str_replace("{rate}", $rating, $result_msg); if ($rating <= 0 or $rating > 10) { message_die(GENERAL_ERROR, 'Bad submited value'); } $pafiledb_user->update_voter_info($file_id, $rating); $rate_info = $pafiledb_functions->get_rating($file_id); $result_msg = str_replace("{newrating}", $rate_info, $result_msg); $message = $result_msg . '<br /><br />' . sprintf($lang['Click_return'], '<a href="' . append_sid('dload.' . PHP_EXT . '?action=file&file_id=' . $file_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid('index.' . PHP_EXT) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } else { $rate_info = str_replace("{filename}", $file_data['file_name'], $lang['Rateinfo']); $template->assign_vars(array('S_RATE_ACTION' => append_sid('dload.' . PHP_EXT . '?action=rate&file_id=' . $file_id), 'L_RATE' => $lang['Rate'], 'L_RERROR' => $lang['Rerror'], 'L_R1' => $lang['R1'], 'L_R2' => $lang['R2'], 'L_R3' => $lang['R3'], 'L_R4' => $lang['R4'], 'L_R5' => $lang['R5'], 'L_R6' => $lang['R6'], 'L_R7' => $lang['R7'], 'L_R8' => $lang['R8'], 'L_R9' => $lang['R9'], 'L_R10' => $lang['R10'], 'RATEINFO' => $rate_info, 'ID' => $file_id)); } $this->display($lang['Download'], 'pa_rate_body.tpl'); }
function check_code() { global $db, $cache, $config, $user, $lang; $return_array = array('error' => false, 'error_msg' => ''); $confirm_id = request_post_var('confirm_id', ''); $confirm_code = request_post_var('confirm_code', ''); if (empty($confirm_id)) { $return_array['error'] = true; $return_array['error_msg'] = $lang['CONFIRM_CODE_WRONG']; } else { if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) { $confirm_id = ''; } $sql = "SELECT code\n\t\t\t\tFROM " . CONFIRM_TABLE . "\n\t\t\t\tWHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'\n\t\t\t\t\tAND session_id = '" . $db->sql_escape($user->data['session_id']) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { if ($row['code'] != $confirm_code) { $return_array['error'] = true; $return_array['error_msg'] = $lang['CONFIRM_CODE_WRONG']; } else { // Maybe better reset the whole session_id and not only the confirmation code... /* $sql = "DELETE FROM " . CONFIRM_TABLE . " WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' AND session_id = '" . $db->sql_escape($user->data['session_id']) . "'"; */ $sql = "DELETE FROM " . CONFIRM_TABLE . " WHERE session_id = '" . $db->sql_escape($user->data['session_id']) . "'"; $result = $db->sql_query($sql); } } else { $return_array['error'] = true; $return_array['error_msg'] = $lang['CONFIRM_CODE_WRONG']; } $db->sql_freeresult($result); } if ($return_array['error']) { $this->check_attempts(false); } return $return_array; }
$news_date_posting = gmmktime(gmdate('H'), gmdate('i'), gmdate('s'), $date_month, $date_day, $date_split[2]); $sql = "SELECT MAX(news_id) AS max_id\n\t\t\t\tFROM " . XS_NEWS_TABLE; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $max_id = $row['max_id']; $next_id = $max_id + 1; $sql = "INSERT INTO " . XS_NEWS_TABLE . " (news_id, news_date, news_text, news_display, news_smilies" . ")\n\t\t\t\tVALUES ('" . $next_id . "', '" . $news_date_posting . "', '" . $db->sql_escape($news_item) . "', '" . intval($_POST['news_display']) . "', '" . intval($_POST['news_smilies']) . "')"; $result = $db->sql_query($sql); $db->clear_cache('xs_'); $message = $lang['n_news_item_added'] . '<br /><br />' . sprintf($lang['n_click_return_newslist'], '<a href="' . append_sid('admin_xs_news.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); break; case 'modnews': // Modify a news item in the DB $news_item = xsm_prepare_message($news_text); $news_date = request_post_var('news_date', ''); $news_date = empty($news_date) ? create_date($date_format_ae, time(), $config['board_timezone']) : $news_date; $date_split = explode('/', $news_date); $date_month = $config['xs_news_dateformat'] == 1 ? $date_split[0] : $date_split[1]; $date_day = $config['xs_news_dateformat'] == 1 ? $date_split[1] : $date_split[0]; $date_error = $config['xs_news_dateformat'] == 1 ? 'mm/dd' : 'dd/mm'; if (!checkdate($date_month, $date_day, $date_split[2])) { $message = str_replace('dd/mm', $date_error, $lang['xs_news_invalid_date']) . '<br /><br />' . sprintf($lang['n_click_return_newslist'], '<a href="' . append_sid('admin_xs_news.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $news_date_posting = gmmktime(gmdate('H'), gmdate('i'), gmdate('s'), $date_month, $date_day, $date_split[2]); $sql = "UPDATE " . XS_NEWS_TABLE . "\n\t\t\t\tSET news_date = " . $news_date_posting . ", news_text = '" . $db->sql_escape($news_item) . "', news_display = " . intval($_POST['news_display']) . ", news_smilies = " . intval($_POST['news_smilies']) . "\n\t\t\t\tWHERE news_id = " . intval($_POST['id']); $result = $db->sql_query($sql); $db->clear_cache('xs_'); $message = $lang['n_news_updated'] . '<br /><br />' . sprintf($lang['n_click_return_newslist'], '<a href="' . append_sid('admin_xs_news.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message);
} // Update the Cash Table $sql[] = "UPDATE " . CASH_TABLE . "\n\t\t\t\t\t\tSET cash_name = '" . $db->sql_escape($newname) . "', cash_default = '" . $newdefault . "', cash_decimals = '" . $newdecimal . "'\n\t\t\t\t\t\tWHERE cash_id = " . $c_cur->id(); for ($i = 0; $i < sizeof($sql); $i++) { $db->sql_query($sql[$i]); } // Log the action // [admin/mod id][admin/mod name][copied currency name][copied over currency name] $action = array($user->data['user_id'], $user->data['username'], $c_cur->name(true), $newname); cash_create_log(CASH_LOG_ADMIN_RENAME_CURRENCY, $action); $db->clear_cache('cash_'); } break; case 'deletecurrency': // Delete Currency $cid = request_post_var('cid', 0); if (!empty($cid) && !isset($_POST['cancel']) && $cash->currency_exists($cid)) { $c_cur = $cash->currency($cid); if (!isset($_POST['confirm'])) { $s_hidden_fields = '<input type="hidden" name="set" value="deletecurrency" />'; $s_hidden_fields .= '<input type="hidden" name="cid" value="' . $c_cur->id() . '" />'; $l_confirm = sprintf($lang['Cash_confirm_delete'], $c_cur->name(true)); $template->set_filenames(array('confirm_body' => ADM_TPL . 'confirm_body.tpl')); $template->assign_vars(array('MESSAGE_TITLE' => $lang['Information'], 'MESSAGE_TEXT' => $l_confirm, 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid('cash_currencies.' . PHP_EXT), 'S_HIDDEN_FIELDS' => $s_hidden_fields)); $template->pparse('confirm_body'); include 'page_footer_admin.' . PHP_EXT; } else { // Delete the field $sql = array(); $sql[] = "ALTER TABLE " . USERS_TABLE . " DROP " . $c_cur->db(); for ($i = 0; $i < sizeof($sql); $i++) {
function check_authorization($die = true) { global $db, $cache, $lang, $dbuser, $dbpasswd, $option; $auth_method = request_post_var('auth_method', ''); $board_user = request_post_var('board_user', '', true); $board_user = htmlspecialchars_decode($board_user, ENT_COMPAT); $board_password = request_post_var('board_password', '', true); $board_password = htmlspecialchars_decode($board_password, ENT_COMPAT); $db_user = request_post_var('db_user', '', true); $db_user = htmlspecialchars_decode($db_user, ENT_COMPAT); $db_password = request_post_var('db_password', '', true); $db_password = htmlspecialchars_decode($db_password, ENT_COMPAT); // Change authentication mode if selected option does not allow database authentication if ($option == 'rld' || $option == 'rtd') { $auth_method = 'board'; } switch ($auth_method) { case 'board': include_once IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT; $login_result = login_db($board_user, $board_password, false, true); $allow_access = false; if ($login_result['status'] === LOGIN_SUCCESS && $login_result['user_row']['user_level'] == ADMIN) { $allow_access = true; } break; case 'db': if ($db_user == $dbuser && $db_password == $dbpasswd) { $allow_access = true; } else { $allow_access = false; } break; default: $allow_access = false; } if (!$allow_access && $die) { ?> <p><span style="color: red;"><?php echo $lang['Auth_failed']; ?> </span></p> </body> </html> <?php exit; } return $allow_access; }
$mode = request_var('mode', ''); $mode = check_var_value($mode, array('pack', 'key'), ''); $level = request_var('level', 'normal'); $level = check_var_value($level, array('normal', 'admin')); // pack file $pack_file = request_post_var('pack_file', ''); $pack_file = empty($pack_file) ? request_get_var('pack', '') : $pack_file; $pack_file = urldecode($pack_file); if (!isset($packs[$pack_file])) { $pack_file = ''; $mode = ''; } // keys $key_main = request_post_var('key_main', ''); $key_main = empty($key_main) ? request_get_var('key', '') : $key_main; $key_sub = request_post_var('key_sub', ''); $key_sub = empty($key_sub) ? request_get_var('sub', '') : $key_sub; if (empty($key_main)) { $key_sub = ''; } if (!isset($entries['admin'][$key_main][$key_sub])) { $key_main = ''; $key_sub = ''; } // buttons $submit = isset($_POST['submit']); $delete = isset($_POST['delete']); $cancel = isset($_POST['cancel']); $add = isset($_POST['add']); if ($add || $delete) { $mode = 'key';
// Check and initialize some variables if needed if (isset($_POST['submit'])) { include_once IP_ROOT_PATH . 'includes/bbcode.' . PHP_EXT; include_once IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT; include_once IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT; $username = request_post_var('username', '', true); $username = htmlspecialchars_decode($username, ENT_COMPAT); $new_password = request_post_var('new_password', '', true); $new_password = htmlspecialchars_decode($new_password, ENT_COMPAT); $password_confirm = request_post_var('password_confirm', '', true); $password_confirm = htmlspecialchars_decode($password_confirm, ENT_COMPAT); $email = request_post_var('email', '', true); $user_style = request_post_var('style', $config['default_style']); $user_lang = request_post_var('language', $config['default_lang']); $user_timezone = request_post_var('timezone', $config['board_timezone']); $user_dateformat = request_post_var('dateformat', $config['default_dateformat']); } if (!empty($username) && $username == $user->data['username']) { message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__); } // Did the user submit? In this case build a query to update the users profile in the DB if (isset($_POST['submit'])) { $passwd_sql = ''; if (empty($username) || empty($new_password) || empty($password_confirm) || empty($email)) { $error = true; $error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Fields_empty']; } elseif (empty($new_password) && !empty($password_confirm) || !empty($new_password) && empty($password_confirm) || $new_password != $password_confirm) { $error = true; $error_msg .= (isset($error_msg) ? '<br />' : '') . $lang['Password_mismatch']; } // Do a ban check on this email address
*/ define('IN_ICYPHOENIX', true); if (!empty($setmodules)) { $filename = basename(__FILE__); $module['1200_Forums']['240_Replace_title'] = $filename; return; } if (!defined('IP_ROOT_PATH')) { define('IP_ROOT_PATH', './../'); } if (!defined('PHP_EXT')) { define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1)); } require 'pagestart.' . PHP_EXT; $str_old = request_post_var('str_old', '', true); $str_new = request_post_var('str_new', '', true); if ($_POST['submit'] && !empty($str_old) && $str_old != $str_new) { $template->assign_block_vars("switch_forum_sent", array()); $sql = "SELECT f.forum_id, f.forum_name, t.topic_id, t.topic_title, p.post_id, p.post_time, p.post_text, u.user_id, u.username\n\t\tFROM " . FORUMS_TABLE . " f, " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p, " . USERS_TABLE . " u\n\t\tWHERE post_text LIKE '%" . $db->sql_escape($str_old) . "%'\n\t\tAND p.topic_id = t.topic_id\n\t\tAND p.forum_id = f.forum_id\n\t\tAND p.poster_id = u.user_id\n\t\tORDER BY p.post_id DESC;"; $result = $db->sql_query($sql); if ($db->sql_numrows($result) >= 1) { for ($i = 1; $row = $db->sql_fetchrow($result); $i++) { $template->assign_block_vars('switch_forum_sent.replaced', array('ROW_CLASS' => !($i % 2) ? $theme['td_class1'] : $theme['td_class2'], 'NUMBER' => $i, 'FORUM_NAME' => $row['forum_name'], 'TOPIC_TITLE' => $row['topic_title'], 'AUTHOR' => $row['username'], 'POST' => create_date($config['default_dateformat'], $row['post_time'], $config['board_timezone']), 'U_FORUM' => append_sid('../' . CMS_PAGE_VIEWFORUM . '?' . POST_FORUM_URL . '=' . $row['forum_id']), 'U_TOPIC' => append_sid('../' . CMS_PAGE_VIEWTOPIC . '?' . POST_TOPIC_URL . '=' . $row['topic_id']), 'U_AUTHOR' => append_sid('../' . CMS_PAGE_PROFILE . '?mode=viewprofile&' . POST_USERS_URL . '=' . $row['user_id']), 'U_POST' => append_sid('../' . CMS_PAGE_VIEWTOPIC . '?' . POST_POST_URL . '=' . $row['post_id']) . '#p' . $row['post_id'])); $sql = "UPDATE " . POSTS_TABLE . "\n\t\t\t\tSET post_text = '" . $db->sql_escape(str_replace($str_old, $str_new, $row['post_text'])) . "'\n\t\t\t\tWHERE post_id = " . $row['post_id']; $result = $db->sql_query($sql); } } else { $template->assign_block_vars('switch_forum_sent.switch_no_results', array()); } } $template->set_filenames(array('body' => ADM_TPL . 'replace_body.tpl'));
} // Load default Header if (!defined('IP_ROOT_PATH')) { define('IP_ROOT_PATH', './../'); } if (!defined('PHP_EXT')) { define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1)); } require 'pagestart.' . PHP_EXT; include_once IP_ROOT_PATH . 'includes/functions_selects.' . PHP_EXT; // Pull all config data $tmp_config = array(); $tmp_config = get_config(false); foreach ($tmp_config as $k => $v) { $default_config[$k] = $v; $tmp_value = request_post_var($k, '', true); $new[$k] = isset($_POST[$k]) ? $tmp_value : $default_config[$k]; $new[$k] = fix_config_values($k, $new[$k]); if (isset($_POST['submit']) && isset($_POST[$k])) { set_config($k, $new[$k], false); } } if (isset($_POST['submit'])) { $cache->destroy('config'); $message = $lang['Config_updated'] . '<br /><br />' . sprintf($lang['Click_return_config'], '<a href="' . append_sid('admin_board.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $switch_header_table_yes = $new['switch_header_table'] ? 'checked="checked"' : ''; $switch_header_table_no = !$new['switch_header_table'] ? 'checked="checked"' : ''; // Ajax Shoutbox - BEGIN $shoutguest_yes = $new['shout_allow_guest'] == 1 ? 'checked="checked"' : '';
$upi2db_on_2 = $new['upi2db_on'] == 2 ? 'checked="checked"' : ''; $no_group_upi2db_on_yes = $new['upi2db_no_group_upi2db_on'] ? 'checked="checked"' : ''; $no_group_upi2db_on_no = !$new['upi2db_no_group_upi2db_on'] ? 'checked="checked"' : ''; $edit_as_new_yes = $new['upi2db_edit_as_new'] ? 'checked="checked"' : ''; $edit_as_new_no = !$new['upi2db_edit_as_new'] ? 'checked="checked"' : ''; $last_edit_as_new_yes = $new['upi2db_last_edit_as_new'] ? 'checked="checked"' : ''; $last_edit_as_new_no = !$new['upi2db_last_edit_as_new'] ? 'checked="checked"' : ''; $edit_topic_first_yes = $new['upi2db_edit_topic_first'] ? 'checked="checked"' : ''; $edit_topic_first_no = !$new['upi2db_edit_topic_first'] ? 'checked="checked"' : ''; $template->set_filenames(array('body' => ADM_TPL . 'upi2db_config_body.tpl')); $sql = "SELECT *\n\tFROM " . GROUPS_TABLE . "\n\tWHERE group_single_user <> " . TRUE; $result = $db->sql_query($sql); if (isset($_POST['submit'])) { $group_upi2db_on = request_post_var('group_upi2db_on', array(0)); $group_min_posts = request_post_var('group_min_posts', array(0)); $group_min_regdays = request_post_var('group_min_regdays', array(0)); while ($row = $db->sql_fetchrow($result)) { $sql = "UPDATE " . GROUPS_TABLE . "\n\t\t\tSET upi2db_on = " . $group_upi2db_on[$row['group_id']] . " ,\n\t\t\tupi2db_min_posts = " . $group_min_posts[$row['group_id']] . ",\n\t\t\tupi2db_min_regdays = " . $group_min_regdays[$row['group_id']] . "\n\t\t\tWHERE group_id = " . $row['group_id']; $db->sql_query($sql); } } while ($row = $db->sql_fetchrow($result)) { $group_upi2db_on_yes = $row['upi2db_on'] ? 'checked="checked"' : ''; $group_upi2db_on_no = !$row['upi2db_on'] ? 'checked="checked"' : ''; $upi2db_min_posts = empty($row['upi2db_min_posts']) ? 0 : $row['upi2db_min_posts']; $upi2db_min_regdays = empty($row['upi2db_min_regdays']) ? 0 : $row['upi2db_min_regdays']; $template->assign_block_vars('group_loop', array('GROUP_ID' => $row['group_id'], 'GROUP_NAME' => $row['group_name'], 'GROUP_MIN_POSTS' => $upi2db_min_posts, 'GROUP_MIN_REGDAYS' => $upi2db_min_regdays, 'GROUP_UPI2DB_ON_YES' => $group_upi2db_on_yes, 'GROUP_UPI2DB_ON_NO' => $group_upi2db_on_no)); } if (isset($_POST['submit'])) { $message = $lang['Config_updated'] . '<br /><br />' . sprintf($lang['Click_return_config'], '<a href="' . append_sid('admin_upi2db.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message);
function update_block_config($blockfile) { global $db; $block_vars_default = array(); $block_count_variables = 0; if (!empty($blockfile)) { $block_vars_default = $this->get_block_vars_default($blockfile); $block_count_variables = sizeof($block_vars_default); $block_vars_default_names = array(); for ($i = 0; $i < $block_count_variables; $i++) { $block_vars_default_names[$block_vars_default[$i]['config_name']] = $i; } } if (!empty($block_vars_default)) { // Let's empty the previously created config vars... $sql = "SELECT * FROM " . $this->tables['block_config_table'] . " WHERE bid = '" . $this->bs_id . "'"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $delete_var = in_array($row['config_name'], $block_vars_default_names) ? false : true; if (!empty($delete_var)) { $this->delete_block_config_single($row['config_name']); } } $db->sql_freeresult($result); for ($i = 0; $i < $block_count_variables; $i++) { $config_value_tmp = request_post_var($block_vars_default[$i]['config_name'], '', true); $config_value_tmp = htmlspecialchars_decode($config_value_tmp, ENT_COMPAT); if (check_http_var_exists($block_vars_default[$i]['config_name'], true)) { $block_vars_default[$i]['config_value'] = $config_value_tmp; } $block_var_exists = $this->block_var_exists($block_vars_default[$i]['config_name']); if (empty($block_var_exists)) { $sql = "INSERT INTO " . $this->tables['block_variable_table'] . " (bid, label, sub_label, config_name, field_options, field_values, type, block)\n\t\t\t\t\t\tVALUES ('" . $this->bs_id . "', '" . $db->sql_escape($block_vars_default[$i]['label']) . "', '" . $db->sql_escape($block_vars_default[$i]['sub_label']) . "', '" . $db->sql_escape($block_vars_default[$i]['config_name']) . "', '" . $db->sql_escape($block_vars_default[$i]['field_options']) . "', '" . $block_vars_default[$i]['field_values'] . "', '" . $block_vars_default[$i]['type'] . "', '" . $db->sql_escape($block_vars_default[$i]['block']) . "')"; $result = $db->sql_query($sql); $sql = "INSERT INTO " . $this->tables['block_config_table'] . " (bid, config_name, config_value)\n\t\t\t\t\t\tVALUES ('" . $this->bs_id . "', '" . $db->sql_escape($block_vars_default[$i]['config_name']) . "', '" . $db->sql_escape($block_vars_default[$i]['config_value']) . "')"; $result = $db->sql_query($sql); } else { $sql = "UPDATE " . $this->tables['block_config_table'] . " SET config_value = '" . $db->sql_escape($block_vars_default[$i]['config_value']) . "'\n\t\t\t\t\t\t\t\t\tWHERE config_name = '" . $db->sql_escape($block_vars_default[$i]['config_name']) . "'\n\t\t\t\t\t\t\t\t\t\tAND bid = " . $this->bs_id; $result = $db->sql_query($sql); } } } else { $this->delete_block_config_all(); } return true; }
// encoding match for workaround $multibyte_charset = 'utf-8, big5, shift_jis, euc-kr, gb2312'; // Begin core code if (($search_mode == 'bookmarks') && !$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=' . CMS_PAGE_SEARCH . '?search_id=bookmarks&search_mode=bookmarks', true)); } if (($search_mode == 'bookmarks') && ($mode == 'removebm')) { // Delete Bookmarks $delete = (isset($_POST['delete'])) ? true : false; if ($delete && isset($_POST['topic_id_list'])) { $topics = request_post_var('topic_id_list', array(0)); $topic_list = implode(',', $topics); if ($user->data['session_logged_in']) { remove_bookmark($topic_list); redirect(append_sid(CMS_PAGE_SEARCH . '?search_id=bookmarks&search_mode=bookmarks' . (!empty($start) ? ('&start=' . $start) : ''), true)); } } // Reset settings $mode = ''; } if ($mode == 'searchuser') { // This handles the simple windowed user search functions called from various other scripts $search_username = request_var('search_username', '', true);
if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1)); include(IP_ROOT_PATH . 'common.' . PHP_EXT); // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup(); // End session management setup_extra_lang(array('lang_rate')); include_once(IP_ROOT_PATH . 'includes/functions_rate.' . PHP_EXT); $rate_mode = request_var('rate_mode', ''); $forum_top = request_var('forum_top', ''); $topic_id = request_var('topic_id', 0); $rating = request_post_var('rating', 0); // Page Titles if Specific! $meta_content['description'] = ''; $meta_content['keywords'] = ''; switch($rate_mode) { case 'rate': $meta_content['page_title'] = $lang['Rating']; case 'rerate': $redirect_url = append_sid(CMS_PAGE_VIEWTOPIC . '?' . POST_TOPIC_URL . '=' . $topic_id); meta_refresh(3, $redirect_url); break; case 'detailed': if ($topic_id == '')
} if (!defined('PHP_EXT')) { define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1)); } require 'pagestart.' . PHP_EXT; define('IN_PA_CONFIG_ADMIN', 1); include IP_ROOT_PATH . 'includes/pafiledb_common.' . PHP_EXT; $submit = isset($_POST['submit']) ? true : false; $size = request_var('max_size', ''); $sql = 'SELECT * FROM ' . PA_CONFIG_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $config_name = $row['config_name']; $config_value = $row['config_value']; $default_config[$config_name] = $config_value; $new[$config_name] = isset($_POST[$config_name]) ? request_post_var($config_name, '') : $default_config[$config_name]; if (empty($size) && !$submit && $config_name == 'max_file_size') { $size = intval($default_config[$config_name]) >= 1048576 ? 'mb' : (intval($default_config[$config_name]) >= 1024 ? 'kb' : 'b'); } if (!$submit && $config_name == 'max_file_size') { if ($new[$config_name] >= 1048576) { $new[$config_name] = round($new[$config_name] / 1048576 * 100) / 100; } else { if ($new[$config_name] >= 1024) { $new[$config_name] = round($new[$config_name] / 1024 * 100) / 100; } } } if ($submit) { if ($config_name == 'max_file_size') { $new[$config_name] = $size == 'kb' ? round($new[$config_name] * 1024) : ($size == 'mb' ? round($new[$config_name] * 1048576) : $new[$config_name]);
* * @Extra credits for this file * ycl6 (damian at phpbb dot cc) * */ if (!defined('IN_ICYPHOENIX')) { die('Hacking attempt'); exit; } if (intval($config['require_activation']) == USER_ACTIVATION_ADMIN) { message_die(GENERAL_ERROR, 'Invalid_activation'); } if (isset($_POST['submit'])) { $username = phpbb_clean_username(request_post_var('username', '', true)); $username = htmlspecialchars_decode($username, ENT_COMPAT); $email = request_post_var('email', ''); $sql = "SELECT user_id, user_email, user_active, user_actkey, user_lang, user_last_login_attempt\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) { // No such name message_die(GENERAL_ERROR, 'User_not_exist'); } if ($row['user_email'] != $email) { // Wrong Email provided message_die(GENERAL_ERROR, 'No_email_match'); } if (!empty($row['user_active'])) { // Already activated message_die(GENERAL_ERROR, 'Already_activated'); } if (empty($row['user_actkey'])) {
$sql = "SELECT *\n\t\t\t\t\tFROM " . WORDS_TABLE . "\n\t\t\t\t\tWHERE word_id = {$word_id}"; $result = $db->sql_query($sql); $word_info = $db->sql_fetchrow($result); $s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />'; } else { message_die(GENERAL_MESSAGE, $lang['No_word_selected']); } } $template->assign_vars(array('WORD' => htmlspecialchars($word_info['word']), 'REPLACEMENT' => htmlspecialchars($word_info['replacement']), 'L_WORDS_TITLE' => $lang['Words_title'], 'L_WORDS_TEXT' => $lang['Words_explain'], 'L_WORD_CENSOR' => $lang['Edit_word_censor'], 'L_WORD' => $lang['Word'], 'L_REPLACEMENT' => $lang['Replacement'], 'L_SUBMIT' => $lang['Submit'], 'S_WORDS_ACTION' => append_sid('admin_words.' . PHP_EXT), 'S_HIDDEN_FIELDS' => $s_hidden_fields)); $template->pparse('body'); include IP_ROOT_PATH . ADM . '/page_footer_admin.' . PHP_EXT; } elseif ($mode == 'save') { $word_id = request_post_var('id', 0); $word = request_post_var('word', '', true); $word = htmlspecialchars_decode($word, ENT_COMPAT); $replacement = request_post_var('replacement', '', true); $replacement = htmlspecialchars_decode($replacement, ENT_COMPAT); if (empty($word) || empty($replacement)) { message_die(GENERAL_MESSAGE, $lang['Must_enter_word']); } if (!empty($word_id)) { $sql = "UPDATE " . WORDS_TABLE . "\n\t\t\t\tSET word = '" . $db->sql_escape($word) . "', replacement = '" . $db->sql_escape($replacement) . "'\n\t\t\t\tWHERE word_id = {$word_id}"; $message = $lang['Word_updated']; } else { $sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement)\n\t\t\t\tVALUES ('" . $db->sql_escape($word) . "', '" . $db->sql_escape($replacement) . "')"; $message = $lang['Word_added']; } $result = $db->sql_query($sql); $cache->destroy('_word_censors'); $message .= '<br /><br />' . sprintf($lang['Click_return_wordadmin'], '<a href="' . append_sid('admin_words.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message);
$title_info = $db->sql_fetchrow($result); $s_hidden_fields .= '<input type="hidden" name="id" value="' . $title_id . '" />'; } $s_hidden_fields .= '<input type="hidden" name="mode" value="save" />'; $template->set_filenames(array('body' => ADM_TPL . 'title_edit_body.tpl')); $template->assign_vars(array('TITLE_INFO' => str_replace("\"", "'", $title_info['title_info']), 'TITLE_HTML' => htmlspecialchars(str_replace("\"", "'", $title_info['title_html'])), 'ADMIN_CHECKED' => $title_info['admin_auth'] == 1 ? ' checked="checked"' : '', 'MOD_CHECKED' => $title_info['mod_auth'] == 1 ? ' checked="checked"' : '', 'POSTER_CHECKED' => $title_info['poster_auth'] == 1 ? ' checked="checked"' : '', 'ADMIN_TITLE' => $lang['Title_infos'], 'ADMIN_TITLE_EXPLAIN' => $lang['Quick_title_explain'], 'S_TITLE_ACTION' => append_sid('admin_quick_title.' . PHP_EXT), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'ADMIN' => $lang['Administrator'], 'MODERATOR' => $lang['Moderator'], 'POSTER' => $lang['Topic_poster'], 'L_SUBMIT' => $lang['Submit'], 'L_RESET' => $lang['Reset'], 'L_TITLE_TITLE' => $lang['Add_new_title_info'], 'L_PERM_INFO' => $lang['Title_perm_info'], 'L_TITLE_INFO' => $lang['Title_info'], 'L_TITLE_HTML' => $lang['Title_html'], 'L_TITLE_HTML_EXPLAIN' => $lang['Title_html_explain'], 'L_PERM_EXPLAIN' => $lang['Title_perm_info_explain'], 'L_DATE_FORMAT' => $lang['Date_format'], 'L_DATE_FORMAT_EXPLAIN' => $lang['Date_format_explain'], 'DATE_FORMAT' => $title_info['date_format'])); } elseif ($mode == 'save') { // Ok, they sent us our info, let's update it. $title_id = request_post_var('id', 0); $admin = !empty($_POST['admin_auth']) ? 1 : 0; $mod = !empty($_POST['mod_auth']) ? 1 : 0; $poster = !empty($_POST['poster_auth']) ? 1 : 0; $name = request_post_var('title_info', '', true); $html = request_post_var('title_html', '', true); $html = htmlspecialchars_decode($html, ENT_COMPAT); $date = request_post_var('date_format', ''); if (empty($name)) { message_die(GENERAL_MESSAGE, $lang['Must_select_title']); } $input_table = TITLE_INFOS_TABLE; $input_array = array('title_info' => trim($name), 'title_html' => trim($html), 'date_format' => $date, 'admin_auth' => $admin, 'mod_auth' => $mod, 'poster_auth' => $poster); $where_sql = ' WHERE id = ' . $title_id; if (!empty($title_id)) { $sql = "UPDATE " . $input_table . " SET " . $db->sql_build_insert_update($input_array, false) . $where_sql; $message = $lang['Title_updated']; } else { $sql = "INSERT INTO " . $input_table . " " . $db->sql_build_insert_update($input_array, true); $message = $lang['Title_added']; } $result = $db->sql_query($sql); $db->clear_cache('', TOPICS_CACHE_FOLDER);
$search_savepath = request_var('search_savepath', '', true); $filename = IP_ROOT_PATH . $search_savepath . '/urllist.txt'; if (!($file_handle = fopen($filename, 'w'))) { message_die(GENERAL_ERROR, sprintf($lang['Yahoo_search_error_unopenable_file'], $filename)); } if (fwrite($file_handle, $out) === FALSE) { message_die(GENERAL_ERROR, sprintf($lang['Yahoo_search_error_unwritable_file'], $filename)); } if (fclose($file_handle) === false) { message_die(GENERAL_ERROR, sprintf($lang['Yahoo_search_error_unclosable_file'], $filename)); } // Update settings set_config('yahoo_search_savepath', request_post_var('search_savepath', '', true), false); set_config('yahoo_search_additional_urls', request_post_var('additional_urls', '', true), false); set_config('yahoo_search_compress', request_post_var('compress_file', '', true), false); set_config('yahoo_search_compression_level', request_post_var('compression_level', '', true), false); // It looks like everything worked okay.... if (file_exists($filename) && filesize($filename) > 1) { message_die(GENERAL_MESSAGE, sprintf($lang['Yahoo_search_file_done'], $protocol . $server_name . $server_port . $script_path . $search_savepath . '/urllist.txt')); } else { message_die(GENERAL_ERROR, $lang['Yahoo_search_error_unknown_file_error']); } } } else { // Display the admin page $sql = 'SELECT c.forum_id AS cat_id, c.forum_name AS cat_title, c.forum_order AS cat_order FROM ' . FORUMS_TABLE . ' c WHERE c.forum_type = ' . FORUM_CAT . ' ORDER BY c.forum_order'; $result = $db->sql_query($sql); $category_rows = array();
} } else { $mi_menu_name_lang = '<option value="">-- ' . $lang['CMS_Menu_No_lang_key'] . ' --</option>'; if (!empty($lang['menu_item'])) { foreach ($lang['menu_item'] as $lk => $mi_menu_name_lang_key) { $mi_menu_name_lang .= '<option value="' . $lk . '"'; $mi_menu_name_lang .= '>' . $mi_menu_name_lang_key . '</option>'; } } } $template->assign_vars(array('L_CMS_MENU_TITLE' => $lang['CMS_MENU_PAGE'], 'L_CMS_MENU_EXPLAIN' => $lang['CMS_MENU_PAGE_EXPLAIN'], 'L_EDIT_MENU_ITEM' => $lang['CMS_Menu_Item_Add_Edit'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'L_ENABLED' => $lang['Enabled'], 'L_DISABLED' => $lang['Disabled'], 'L_SUBMIT' => $lang['Submit'], 'L_PREVIEW' => $lang['Preview'], 'S_MENU_ACTION' => append_sid('cms_menu.' . PHP_EXT . '?mode=menu_list&action=' . $action), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'L_MENU_NAME' => $lang['CMS_Menu_New_menu_name'], 'L_MENU_NAME_KEY' => $lang['CMS_Menu_New_link_name_key'], 'L_MENU_DESC' => $lang['CMS_Menu_New_menu_des'], 'MI_MENU_NAME' => $mi_menu_name, 'MI_MENU_NAME_LANG' => $mi_menu_name_lang, 'MI_MENU_DESC' => $mi_menu_desc)); } elseif ($action == 'save') { $mi_menu_item_id = $mi_id; $mi_menu_name = request_post_var('menu_name', '', true); $mi_menu_name_lang = request_post_var('menu_name_lang', '', true); $mi_menu_desc = request_post_var('menu_desc', '', true); if ($mi_id) { $sql = "UPDATE " . CMS_NAV_MENU_TABLE . "\n\t\t\t\tSET\n\t\t\t\tmenu_name = '" . $db->sql_escape($mi_menu_name) . "',\n\t\t\t\tmenu_name_lang = '" . $db->sql_escape($mi_menu_name_lang) . "',\n\t\t\t\tmenu_desc = '" . $db->sql_escape($mi_menu_desc) . "'\n\t\t\t\tWHERE menu_item_id = '" . $mi_id . "'"; $result = $db->sql_query($sql); $message = $lang['Menu_updated']; } else { $sql = "SELECT max(menu_id) max_menu_id FROM " . CMS_NAV_MENU_TABLE; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $mi_menu_id = $row['max_menu_id'] + 1; $sql = "INSERT INTO " . CMS_NAV_MENU_TABLE . " (menu_id, menu_name, menu_name_lang, menu_desc) VALUES ('" . $mi_menu_id . "', '" . $db->sql_escape($mi_menu_name) . "', '" . $db->sql_escape($mi_menu_name_lang) . "', '" . $db->sql_escape($mi_menu_desc) . "')"; $message = $lang['Menu_created']; $result = $db->sql_query($sql); } $message .= '<br /><br />' . sprintf($lang['Click_Return_CMS_Menu'], '<a href="' . append_sid('cms_menu.' . PHP_EXT . '?mode=menu_list') . '">', '</a>') . '<br />'; message_die(GENERAL_MESSAGE, $message);
$xml_feed = xsm_prepare_message($xml_feed); $sql = "SELECT MAX(xml_id) AS max_id\n\t\t\t\tFROM " . XS_NEWS_XML_TABLE; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $max_id = $row['max_id']; $next_id = $max_id + 1; $sql = "INSERT INTO " . XS_NEWS_XML_TABLE . " (xml_id, xml_title, xml_show, xml_feed, xml_is_feed, xml_width, xml_height, xml_font, xml_speed, xml_direction" . ")\n\t\t\t\tVALUES ('" . $next_id . "', '" . $db->sql_escape(request_post_var('xml_title', '', true)) . "', '" . intval($_POST['xml_show']) . "', '" . $db->sql_escape($xml_feed) . "', '" . intval($_POST['xml_is_feed']) . "', '" . $db->sql_escape(request_post_var('xml_width', '')) . "', '" . $db->sql_escape(request_post_var('xml_height', '')) . "', '" . $db->sql_escape(request_post_var('xml_font', '')) . "', '" . $db->sql_escape(request_post_var('xml_speed', '')) . "', '" . intval($_POST['xml_direction']) . "')"; $result = $db->sql_query($sql); $db->clear_cache('xs_'); $message = $lang['n_xml_news_item_added'] . '<br /><br />' . sprintf($lang['n_xml_click_return_newslist'], '<a href="' . append_sid('admin_xs_news_xml.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); break; case 'modxml': // Modify a news ticker in the DB $xml_feed = xsm_prepare_message($xml_feed); $sql = "UPDATE " . XS_NEWS_XML_TABLE . "\n\t\t\t\tSET xml_title = '" . $db->sql_escape(request_post_var('xml_title', '', true)) . "', xml_show = " . intval($_POST['xml_show']) . ", xml_feed = '" . $db->sql_escape($xml_feed) . "', xml_is_feed = '" . intval($_POST['xml_is_feed']) . "', xml_width = '" . $db->sql_escape(request_post_var('xml_width', '')) . "', xml_height = '" . $db->sql_escape(request_post_var('xml_height', '')) . "', xml_font = '" . $db->sql_escape(request_post_var('xml_font', '')) . "', xml_speed = '" . $db->sql_escape(request_post_var('xml_speed', '')) . "', xml_direction = " . intval($_POST['xml_direction']) . "\n\t\t\t\tWHERE xml_id = " . intval($_POST['id']); $result = $db->sql_query($sql); $db->clear_cache('xs_'); $message = $lang['n_xml_news_updated'] . '<br /><br />' . sprintf($lang['n_xml_click_return_newslist'], '<a href="' . append_sid('admin_xs_news_xml.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); break; case 'deletexml': // Show form to delete a news item $xml_id = request_var('id', 0); $buttonvalue = $lang['Delete']; $newmode = 'deletexml'; $xml_info = xsm_get_info('ticker', $xml_id); $name = $news_info['n_news_item']; if ($confirm) { $sql = "DELETE FROM " . XS_NEWS_XML_TABLE . "\n\t\t\t\t\tWHERE xml_id = {$xml_id}"; $result = $db->sql_query($sql);
remove_all($str); @rmdir($str); } else { @unlink($str); } } } closedir($res); } $template->assign_block_vars('nav_left', array('ITEM' => '» <a href="' . append_sid('xs_uninstall.' . PHP_EXT) . '">' . $lang['xs_uninstall_styles'] . '</a>')); $lang['xs_uninstall_back'] = str_replace('{URL}', append_sid('xs_uninstall.' . PHP_EXT), $lang['xs_uninstall_back']); $lang['xs_goto_default'] = str_replace('{URL}', append_sid('xs_styles.' . PHP_EXT), $lang['xs_goto_default']); // uninstall style $remove_id = request_var('remove', 0); $remove_dir = request_get_var('dir', ''); $remove_tpl = request_post_var('remove', ''); $nocfg = request_get_var('nocfg', ''); if (!empty($remove_id) && !defined('DEMO_MODE')) { if ($config['default_style'] == $remove_id) { xs_error(str_replace('{URL}', append_sid('xs_styles.' . PHP_EXT), $lang['xs_uninstall_default']) . '<br /><br />' . $lang['xs_uninstall_back']); } $sql = "SELECT themes_id, template_name, style_name FROM " . THEMES_TABLE . " WHERE themes_id='{$remove_id}'"; $db->sql_return_on_error(true); $result = $db->sql_query($sql); $db->sql_return_on_error(false); if (!$result) { xs_error($lang['xs_no_style_info'] . '<br /><br />' . $lang['xs_uninstall_back'], __LINE__, __FILE__); } $row = $db->sql_fetchrow($result); if (empty($row['themes_id'])) { xs_error($lang['xs_no_style_info'] . '<br /><br />' . $lang['xs_uninstall_back'], __LINE__, __FILE__);
include './admin_cash.' . PHP_EXT; } $new = array(); $new_cash = array(); $num_currencies = 0; $good_order = true; $reset_navbar = ""; // Pull all config data $sql = "SELECT * FROM " . CONFIG_TABLE; $result = $db->sql_query($sql); $allowed_array = array('cash_disable' => true, 'cash_adminbig' => true, 'cash_adminnavbar' => true, 'cash_display_after_posts' => true, 'cash_post_message' => true, 'cash_disable_spam_num' => true, 'cash_disable_spam_time' => true, 'cash_disable_spam_message' => true); while ($row = $db->sql_fetchrow($result)) { $config_name = $row['config_name']; $config_value = $row['config_value']; $default_config[$config_name] = $config_value; $tmp_value = request_post_var($config_name, '', true); $new[$config_name] = isset($_POST[$config_name]) ? $tmp_value : $default_config[$config_name]; if ($allowed_array[$config_name] && isset($_POST['submit']) && isset($_POST['set']) && $_POST['set'] == 'general' && isset($_POST[$config_name])) { if ($config_name == 'cash_adminbig' && $new[$config_name] != stripslashes($_POST[$config_name])) { $reset_navbar = "\n<script language=\"JavaScript\" type=\"text/javascript\">\n<!--\nparent.nav.location.reload();\n//-->\n</script>"; } set_config($config_name, $new[$config_name]); } } if (isset($_POST['submit'])) { $message = $lang['Cash_config_updated'] . $reset_navbar . '<br /><br />' . sprintf($lang['Click_return_cash_config'], '<a href="' . append_sid('cash_config.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $admin_big = $new['cash_adminbig'] ? 'checked="checked"' : ''; $admin_small = !$new['cash_adminbig'] ? 'checked="checked"' : ''; $adminnavbar_yes = $new['cash_adminnavbar'] ? 'checked="checked"' : '';
while(list($option_id, $option_text) = @each($poll_options)) { if(isset($_POST['del_poll_option'][$option_id])) { unset($poll_options[$option_id]); } elseif (!empty($option_text)) { $poll_options[$option_id] = $option_text; } } } if (!empty($poll_add) && !empty($_POST['add_poll_option_text'])) { $poll_options[] = request_post_var('add_poll_option_text', '', true); } // Event Registration - BEGIN $reg_active = (isset($_POST['start_registration']) && $is_auth['auth_vote'] && $user->data['session_logged_in']) ? 'checked="checked"' : ''; $reg_reset = (isset($_POST['reset_registration']) && $is_auth['auth_vote'] && $user->data['session_logged_in']) ? 'checked="checked"' : ''; $reg_max_option1 = (!empty($_POST['reg_max_option1']) && $is_auth['auth_vote'] && $user->data['session_logged_in']) ? max(0, $_POST['reg_max_option1']) : ''; $reg_max_option2 = (!empty($_POST['reg_max_option2']) && $is_auth['auth_vote'] && $user->data['session_logged_in']) ? max(0, $_POST['reg_max_option2']) : ''; $reg_max_option3 = (!empty($_POST['reg_max_option3']) && $is_auth['auth_vote'] && $user->data['session_logged_in']) ? max(0, $_POST['reg_max_option3']) : ''; $reg_length = (isset($_POST['reg_length']) && $is_auth['auth_vote'] && $user->data['session_logged_in']) ? max(0, $_POST['reg_length']) : ''; // Event Registration - END if (($mode == 'newtopic') || ($mode == 'reply')) { $user_sig = (($user->data['user_sig'] != '') && $config['allow_sig']) ? $user->data['user_sig'] : ''; }
$this_user_im[$v['form']] = ${$v}['form']; } display_avatar_gallery($mode, $avatar_category, $user_id, $email, $current_email, $email_confirm, $coppa, $username, $new_password, $cur_password, $password_confirm, $this_user_im, $website, $location, $user_flag, $user_first_name, $user_last_name, $occupation, $interests, $phone, $selfdes, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $setbm, $allowhtml, $allowbbcode, $allowsmilies, $showavatars, $showsignatures, $allowswearywords, $allowmassemail, $allowpmin, $allowviewonline, $user_style, $user_lang, $user_timezone, $time_mode, $dst_time_lag, $user_dateformat, $profile_view_popup, $user->data['session_id'], $birthday, $gender, $upi2db_which_system, $upi2db_new_word, $upi2db_edit_word, $upi2db_unread_color); } elseif (isset($_POST['avatargenerator']) && !$error) { if (!defined('CTRACKER_DISABLE_OUTPUT')) { define('CTRACKER_DISABLE_OUTPUT', true); } include IP_ROOT_PATH . 'includes/usercp_avatar.' . PHP_EXT; $avatar_filename = request_post_var('avatar_filename', ''); $avatar_filename = !empty($avatar_filename) ? $avatar_filename : POSTED_IMAGES_THUMBS_PATH . uniqid(rand()) . '.gif'; //$avatar_filename = (!empty($avatar_filename) ? $avatar_filename : $config['avatar_path'] . '/' . uniqid(rand()) . '.gif'); if (file_exists(@phpbb_realpath('./' . $avatar_filename))) { @unlink('./' . $avatar_filename); } $avatar_image = request_post_var('avatarimage', ''); $avatar_text = request_post_var('avatartext', ''); $avatar_image = !empty($avatar_image) ? $avatar_image : 'Random'; $avatar_text = !empty($avatar_text) ? $avatar_text : $username; $template_to_parse = 'profile_avatar_generator.tpl'; // Replaced: $aim, $facebook, $flickr, $googleplus, $icq, $jabber, $linkedin, $msn, $skype, $twitter, $yim, $youtube, $user_sn_im_array = get_user_sn_im_array(); foreach ($user_sn_im_array as $k => $v) { $this_user_im[$v['form']] = ${$v}['form']; } display_avatar_generator($mode, $avatar_filename, $avatar_image, $avatar_text, $user_id, $email, $current_email, $email_confirm, $coppa, $username, $new_password, $cur_password, $password_confirm, $this_user_im, $website, $location, $user_flag, $user_first_name, $user_last_name, $occupation, $interests, $phone, $selfdes, $signature, $viewemail, $notifypm, $popup_pm, $notifyreply, $attachsig, $setbm, $allowhtml, $allowbbcode, $allowsmilies, $showavatars, $showsignatures, $allowswearywords, $allowmassemail, $allowpmin, $allowviewonline, $user_style, $user_lang, $user_timezone, $time_mode, $dst_time_lag, $user_dateformat, $profile_view_popup, $user->data['session_id'], $birthday, $gender, $upi2db_which_system, $upi2db_new_word, $upi2db_edit_word, $upi2db_unread_color); } else { if (!isset($coppa)) { $coppa = false; } if (!isset($user_style)) { $user_style = $config['default_style'];
} } } // Check username $username = $user->data['session_logged_in'] ? htmlspecialchars($user->data['username']) : request_post_var('username', '', true); if (!$user->data['session_logged_in'] && !empty($username)) { include(IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT); $result = validate_username($username); if ($result['error']) { $error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg']; } } $message = request_post_var('message', '', true); $message = htmlspecialchars_decode($message, ENT_COMPAT); // insert shout ! if (!empty($message) && $is_auth['auth_post'] && !$error) { include_once(IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT); $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on); if ($config['img_shoutbox'] == true) { $message = preg_replace ("#\[url=(http://)([^ \"\n\r\t<]*)\]\[img\](http://)([^ \"\n\r\t<]*)\[/img\]\[/url\]#i", '[url=\\1\\2]\\4[/url]', $message); $message = preg_replace ("#\[img\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message); $message = preg_replace ("#\[img align=left\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message); $message = preg_replace ("#\[img align=right\](http://)([^ \"\n\r\t<]*)\[/img\]#i", '[url=\\1\\2]\\2[/url]', $message); } $sql = "INSERT INTO " . SHOUTBOX_TABLE . " (shout_text, shout_session_time, shout_user_id, shout_ip, shout_username, enable_bbcode, enable_html, enable_smilies) VALUES ('" . $db->sql_escape($message) . "', '" . time() . "', '" . $user->data['user_id'] . "', '$user_ip', '" . $db->sql_escape($username) . "', $bbcode_on, $html_on, $smilies_on)";
// Smilies Order END // Smilies Order in Line ADD // , smilies_order // , $order_extreme $sql = "INSERT INTO " . SMILIES_TABLE . " (code, smile_url, emoticon, smilies_order)\n\t\t\t\tVALUES ('" . $db->sql_escape($smile_code) . "', '" . $db->sql_escape($smile_url) . "', '" . $db->sql_escape($smile_emotion) . "', {$order_extreme})"; $result = $db->sql_query($sql); $message = $lang['smiley_add_success'] . '<br /><br />' . sprintf($lang['Click_return_smileadmin'], '<a href="' . append_sid("admin_smilies." . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>'); $cache->destroy('_smileys'); $db->clear_cache('smileys_'); message_die(GENERAL_MESSAGE, $message); break; } } else { // Smilies Order BEGIN $option = request_get_var('option', ''); $insert_position = request_post_var('insert_position', ''); if ($option == 'select' && isset($_POST['insert_position'])) { set_config('smilies_insert', $insert_position); $cache->destroy('_smileys'); $db->clear_cache('smileys_'); } if ($config['smilies_insert'] == TOP_LIST) { $pos_top_checked = ' selected="selected"'; $pos_bot_checked = ''; } else { $pos_top_checked = ''; $pos_bot_checked = ' selected="selected"'; } $position_select = '<select name="insert_position"><option value="' . TOP_LIST . '"' . $pos_top_checked . '>' . $lang['before'] . '</option><option value="' . BOTTOM_LIST . '"' . $pos_bot_checked . '>' . $lang['after'] . '</option></select>'; $move = request_get_var('move', ''); $send = request_get_var('send', '');
function main($action) { global $db, $config, $template, $images, $user, $lang; global $pafiledb_config, $debug; $file_id = request_var('file_id', 0); if (empty($file_id)) { message_die(GENERAL_MESSAGE, $lang['File_not_exist']); } $sql = 'SELECT file_catid, file_name FROM ' . PA_FILES_TABLE . "\n\t\t\tWHERE file_id = {$file_id}"; $result = $db->sql_query($sql); if (!($file_data = $db->sql_fetchrow($result))) { message_die(GENERAL_MESSAGE, $lang['File_not_exist']); } $db->sql_freeresult($result); if (!$this->auth[$file_data['file_catid']]['auth_email']) { if (!$user->data['session_logged_in']) { redirect(append_sid(CMS_PAGE_LOGIN . '?redirect=dload.' . PHP_EXT . '&action=email&file_id=' . $file_id, true)); } $message = sprintf($lang['Sorry_auth_email'], $this->auth[$file_data['file_catid']]['auth_email_type']); message_die(GENERAL_MESSAGE, $message); } if (isset($_POST['submit'])) { // session id check $sid = request_post_var('sid', ''); if (empty($sid) || $sid != $user->data['session_id']) { message_die(GENERAL_ERROR, 'INVALID_SESSION'); } $error = false; $femail = request_var('femail', ''); if (!empty($femail) && preg_match('/^[a-z0-9\\.\\-_\\+]+@[a-z0-9\\-_]+\\.([a-z0-9\\-_]+\\.)*?[a-z]+$/is', $femail)) { $user_email = $femail; } else { $error = true; $error_msg = !empty($error_msg) ? $error_msg . '<br />' . $lang['Email_invalid'] : $lang['Email_invalid']; } $username = request_var('fname', '', true); $sender_name = request_var('sname', '', true); //if (!$user->data['session_logged_in'] || ($user->data['session_logged_in'] && ($sender_name != $user->data['username']))) if (!$user->data['session_logged_in']) { // Mighty Gorgon: is this really needed? /* include(IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT); $result = validate_username($sender_name); if ($result['error']) { $error = true; $error_msg .= (!empty($error_msg)) ? '<br />' . $result['error_msg'] : $result['error_msg']; } */ } else { $sender_name = $user->data['username']; } if (!$user->data['session_logged_in']) { $semail = request_var('semail', ''); if (!empty($semail) && preg_match('/^[a-z0-9\\.\\-_\\+]+@[a-z0-9\\-_]+\\.([a-z0-9\\-_]+\\.)*?[a-z]+$/is', $femail)) { $sender_email = $semail; } else { $error = true; $error_msg = !empty($error_msg) ? $error_msg . '<br />' . $lang['Email_invalid'] : $lang['Email_invalid']; } } else { $sender_email = $user->data['user_email']; } $subject = request_var('subject', '', true); $subject = htmlspecialchars_decode($subject, ENT_COMPAT); if (empty($subject)) { $error = true; $error_msg = !empty($error_msg) ? $error_msg . '<br />' . $lang['Empty_subject_email'] : $lang['Empty_subject_email']; } $message = request_var('message', '', true); // We need to check if HTML emails are enabled so we can correctly escape content and linebreaks $message = !empty($config['html_email']) ? nl2br($message) : htmlspecialchars_decode($message, ENT_COMPAT); if (empty($message)) { $error = true; $error_msg = !empty($error_msg) ? $error_msg . '<br />' . $lang['Empty_message_email'] : $lang['Empty_message_email']; } if (!$error) { include IP_ROOT_PATH . 'includes/emailer.' . PHP_EXT; $emailer = new emailer(); $emailer->headers('X-AntiAbuse: Board servername - ' . trim($config['server_name'])); $emailer->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']); $emailer->headers('X-AntiAbuse: Username - ' . $user->data['username']); $emailer->headers('X-AntiAbuse: User IP - ' . $user_ip); $emailer->use_template('profile_send_email', $user_lang); $emailer->to($user_email); $emailer->from($sender_email); $emailer->replyto($sender_email); $emailer->set_subject($subject); $emailer->assign_vars(array('SITENAME' => $config['sitename'], 'BOARD_EMAIL' => $config['board_email'], 'FROM_USERNAME' => $sender_name, 'TO_USERNAME' => $username, 'MESSAGE' => $message)); $emailer->send(); $emailer->reset(); $message = $lang['Econf'] . '<br /><br />' . sprintf($lang['Click_return'], '<a href="' . append_sid('dload.' . PHP_EXT . '?action=file&file_id=' . $file_id) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_forum'], '<a href="' . append_sid(CMS_PAGE_HOME) . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } if ($error) { message_die(GENERAL_MESSAGE, $error_msg); } } $this->generate_category_nav($file_data['file_catid']); $template->assign_vars(array('USER_LOGGED' => !$user->data['session_logged_in'] ? true : false, 'L_HOME' => $lang['Home'], 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($config['default_dateformat'], time(), $config['board_timezone'])), 'S_EMAIL_ACTION' => append_sid('dload.' . PHP_EXT), 'S_HIDDEN_FIELDS' => '<input type="hidden" name="sid" value="' . $user->data['session_id'] . '" />', 'L_INDEX' => sprintf($lang['Forum_Index'], $config['sitename']), 'L_EMAIL' => $lang['Semail'], 'L_EMAIL' => $lang['Emailfile'], 'L_EMAILINFO' => $lang['Emailinfo'], 'L_YNAME' => $lang['Yname'], 'L_YEMAIL' => $lang['Yemail'], 'L_FNAME' => $lang['Fname'], 'L_FEMAIL' => $lang['Femail'], 'L_ETEXT' => $lang['Etext'], 'L_DEFAULTMAIL' => $lang['Defaultmail'], 'L_SEMAIL' => $lang['Semail'], 'L_ESUB' => $lang['Esub'], 'L_EMPTY_SUBJECT_EMAIL' => $lang['Empty_subject_email'], 'L_EMPTY_MESSAGE_EMAIL' => $lang['Empty_message_email'], 'U_INDEX_HOME' => append_sid(CMS_PAGE_HOME), 'U_DOWNLOAD_HOME' => append_sid('dload.' . PHP_EXT), 'U_FILE_NAME' => append_sid('dload.' . PHP_EXT . '?action=file&file_id=' . $file_id), 'FILE_NAME' => $file_data['file_name'], 'SNAME' => $user->data['username'], 'SEMAIL' => $user->data['user_email'], 'DOWNLOAD' => $pafiledb_config['settings_dbname'], 'FILE_URL' => create_server_url() . 'dload.' . PHP_EXT . '?action=file&file_id=' . $file_id, 'ID' => $file_id)); $this->display($lang['Download'], 'pa_email_body.tpl'); }
*/ $mode = request_var('mode', ''); $submit = request_var('submit', ''); $module_id = request_var(POST_FORUM_URL, 0); $msg = ''; $templated = true; if (isset($_POST['update'])) { $modules_upd = array(); $modules_upd = request_post_var('module_status', array(0)); $sql = "SELECT * FROM " . STATS_MODULES_TABLE . " ORDER BY module_id ASC"; $result = $db->sql_query($sql); $m_rows = array(); $m_rows = $db->sql_fetchrowset($result); $m_count = sizeof($m_rows); for ($i = 0; $i < $m_count; $i++) { $update_time = request_post_var('module_time_' . $m_rows[$i]['module_id'], 0); $m_active = empty($modules_upd) ? 0 : (in_array($m_rows[$i]['module_id'], $modules_upd) ? 1 : 0); $sql = "UPDATE " . STATS_MODULES_TABLE . "\n\t\t\t\t\t\tSET active = '" . $m_active . "', update_time = '" . $update_time . "'\n\t\t\t\t\t\tWHERE module_id = '" . $m_rows[$i]['module_id'] . "'"; $result = $db->sql_query($sql); } $mode = 'manage'; } if ($mode == 'order') { // Change order of modules in the DB $move = request_var('move', 0); $sql = "UPDATE " . STATS_MODULES_TABLE . "\n\tSET display_order = display_order + {$move}\n\tWHERE module_id = " . $module_id; $result = $db->sql_query($sql); renumbering_order(); $mode = 'manage'; } if ($submit && $mode == 'config') {
$filename = basename(__FILE__); $module['1000_Configuration']['145_Captcha_Config'] = $filename; return; } // Load default Header if (!defined('IP_ROOT_PATH')) { define('IP_ROOT_PATH', './../'); } if (!defined('PHP_EXT')) { define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1)); } require 'pagestart.' . PHP_EXT; $captcha_config_array = array('enable_confirm', 'use_captcha', 'captcha_width', 'captcha_height', 'captcha_background_color', 'captcha_jpeg', 'captcha_jpeg_quality', 'captcha_pre_letters', 'captcha_pre_letters_great', 'captcha_font', 'captcha_chess', 'captcha_ellipses', 'captcha_arcs', 'captcha_lines', 'captcha_image', 'captcha_gammacorrect', 'captcha_foreground_lattice_x', 'captcha_foreground_lattice_y', 'captcha_lattice_color'); for ($i = 0; $i < sizeof($captcha_config_array); $i++) { $config_name = $captcha_config_array[$i]; $config_value = trim($config[$captcha_config_array[$i]]); $new[$config_name] = request_post_var($config_name, $config_value, true); if (isset($_POST['submit']) && isset($_POST[$config_name])) { set_config($config_name, $new[$config_name], false); } } if (isset($_POST['submit'])) { $cache->destroy('config'); $message = $lang['captcha_config_updated'] . '<br />' . sprintf($lang['Click_return_captcha_config'], '<a href="' . append_sid('admin_captcha_config.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>') . '<br /><br />'; message_die(GENERAL_MESSAGE, $message); } $template->set_filenames(array('body' => ADM_TPL . 'admin_captcha_config.tpl')); $template->assign_vars(array('L_CAPTCHA_CONFIGURATION' => $lang['VC_Captcha_Config'], 'L_CAPTCHA_CONFIGURATION_EXPLAIN' => $lang['captcha_config_explain'], 'L_VC_ACTIVE' => $config['enable_confirm'] ? $lang['VC_active'] : $lang['VC_inactive'], 'L_BACKGROUND_CONFIG' => $lang['background_configs'], 'L_RANDOM' => $lang['Random'], 'L_DISABLED' => $lang['Disabled'], 'L_ENABLED' => $lang['Enabled'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'L_SUBMIT' => $lang['Submit'], 'L_RESET' => $lang['Reset'], 'L_WIDTH' => $lang['CAPTCHA_width'], 'L_HEIGHT' => $lang['CAPTCHA_height'], 'L_BACKGROUND_COLOR' => $lang['background_color'], 'L_BACKGROUND_COLOR_EXPLAIN' => $lang['background_color_explain'], 'L_PRE_LETTERS' => $lang['pre_letters'], 'L_PRE_LETTERS_EXPLAIN' => $lang['pre_letters_explain'], 'L_GREAT_PRE_LETTERS' => $lang['great_pre_letters'], 'L_GREAT_PRE_LETTERS_EXPLAIN' => $lang['great_pre_letters_explain'], 'L_RND_FONT_PER_LETTER' => $lang['random_font_per_letter'], 'L_RND_FONT_PER_LETTER_EXPLAIN' => $lang['random_font_per_letter_explain'], 'L_ALLOW_CHESS' => $lang['back_chess'], 'L_ALLOW_CHESS_EXPLAIN' => $lang['back_chess_explain'], 'L_ALLOW_ELLIPSES' => $lang['back_ellipses'], 'L_ALLOW_ARCS' => $lang['back_arcs'], 'L_ALLOW_LINES' => $lang['back_lines'], 'L_ALLOW_IMAGE' => $lang['back_image'], 'L_ALLOW_IMAGE_EXPLAIN' => $lang['back_image_explain'], 'L_FOREGROUND_LATTICE' => $lang['foreground_lattice'], 'L_FOREGROUND_LATTICE_EXPLAIN' => $lang['foreground_lattice_explain'], 'L_FOREGROUND_LATTICE_COLOR' => $lang['foreground_lattice_color'], 'L_FOREGROUND_LATTICE_COLOR_EXPLAIN' => $lang['foreground_lattice_color_explain'], 'L_GAMMACORRECT' => $lang['gammacorrect'], 'L_GAMMACORRECT_EXPAIN' => $lang['gammacorrect_axplain'], 'L_GENERATE_JPEG' => $lang['generate_jpeg'], 'L_GENERATE_JPEG_EXPAIN' => $lang['generate_jpeg_explain'], 'L_JPEG_QUALITY' => $lang['generate_jpeg_quality'], 'WIDTH' => $new['captcha_width'], 'HEIGHT' => $new['captcha_height'], 'BACKGROUND_COLOR' => $new['captcha_background_color'], 'PRE_LETTERS' => $new['captcha_pre_letters'], 'LATTICE_X_LINES' => $new['captcha_foreground_lattice_x'], 'LATTICE_Y_LINES' => $new['captcha_foreground_lattice_y'], 'LATTICE_COLOR' => $new['captcha_lattice_color'], 'GAMMACORRECT' => $new['captcha_gammacorrect'], 'JPEG_QUALITY' => $new['captcha_jpeg_quality'], 'CAPTCHA_IMG' => '<img src="' . append_sid(IP_ROOT_PATH . CMS_PAGE_PROFILE . '?mode=confirm&confirm_id=Admin') . '" alt="" />', 'L_ENABLE_CONFIRM' => $lang['Visual_confirm'], 'L_ENABLE_CONFIRM_EXPLAIN' => $lang['Visual_confirm_explain'], 'S_ENABLE_CONFIRM_YES' => $new['enable_confirm'] == 1 ? 'checked="checked"' : '', 'S_ENABLE_CONFIRM_NO' => $new['enable_confirm'] == 0 ? 'checked="checked"' : '', 'L_USE_CAPTCHA' => $lang['Use_Captcha'], 'L_USE_CAPTCHA_EXPLAIN' => $lang['Use_Captcha_Explain'], 'S_USE_CAPTCHA_YES' => $new['use_captcha'] == 1 ? 'checked="checked"' : '', 'S_USE_CAPTCHA_NO' => $new['use_captcha'] == 0 ? 'checked="checked"' : '', 'S_GREAT_PRE_LETTERS_YES' => $new['captcha_pre_letters_great'] == 1 ? 'checked="checked"' : '', 'S_GREAT_PRE_LETTERS_NO' => $new['captcha_pre_letters_great'] == 0 ? 'checked="checked"' : '', 'S_RND_FONT_PER_LETTER_YES' => $new['captcha_font'] == 1 ? 'checked="checked"' : '', 'S_RND_FONT_PER_LETTER_NO' => $new['captcha_font'] == 0 ? 'checked="checked"' : '', 'S_ALLOW_CHESS_YES' => $new['captcha_chess'] == 1 ? 'checked="checked"' : '', 'S_ALLOW_CHESS_NO' => $new['captcha_chess'] == 0 ? 'checked="checked"' : '', 'S_ALLOW_CHESS_RND' => $new['captcha_chess'] == 2 ? 'checked="checked"' : '', 'S_ALLOW_ELLIPSES_YES' => $new['captcha_ellipses'] == 1 ? 'checked="checked"' : '', 'S_ALLOW_ELLIPSES_NO' => $new['captcha_ellipses'] == 0 ? 'checked="checked"' : '', 'S_ALLOW_ELLIPSES_RND' => $new['captcha_ellipses'] == 2 ? 'checked="checked"' : '', 'S_ALLOW_ARCS_YES' => $new['captcha_arcs'] == 1 ? 'checked="checked"' : '', 'S_ALLOW_ARCS_NO' => $new['captcha_arcs'] == 0 ? 'checked="checked"' : '', 'S_ALLOW_ARCS_RND' => $new['captcha_arcs'] == 2 ? 'checked="checked"' : '', 'S_ALLOW_LINES_YES' => $new['captcha_lines'] == 1 ? 'checked="checked"' : '', 'S_ALLOW_LINES_NO' => $new['captcha_lines'] == 0 ? 'checked="checked"' : '', 'S_ALLOW_LINES_RND' => $new['captcha_lines'] == 2 ? 'checked="checked"' : '', 'S_ALLOW_IMAGE_YES' => $new['captcha_image'] == 1 ? 'checked="checked"' : '', 'S_ALLOW_IMAGE_NO' => $new['captcha_image'] == 0 ? 'checked="checked"' : '', 'S_JPEG_IMAGE_YES' => $new['captcha_jpeg'] == 1 ? 'checked="checked"' : '', 'S_JPEG_IMAGE_NO' => $new['captcha_jpeg'] == 0 ? 'checked="checked"' : '', 'S_HIDDEN_FIELDS' => '', 'S_CAPTCHA_CONFIG_ACTION' => append_sid('admin_captcha_config.' . PHP_EXT))); $template->pparse('body'); echo '<div align="center"><span class="copyright">Advanced Visual Confirmation © 2006 <a href="http://www.amigalink.de" target="_blank">AmigaLink</a></span></div>'; include IP_ROOT_PATH . ADM . '/page_footer_admin.' . PHP_EXT;
} if ($res) { $db->clear_cache('styles_'); xs_message($lang['Information'], $lang['xs_install_installed'] . '<br /><br />' . $lang['xs_install_back'] . '<br /><br />' . $lang['xs_goto_default']); } xs_error($lang['xs_install_error'] . '<br /><br />' . $lang['xs_install_back']); } // install styles $total = request_var('total', 0); if (!empty($total) && !defined('DEMO_MODE')) { $tpl = array(); $num = array(); for ($i = 0; $i < $total; $i++) { if (!empty($_POST['install_' . $i])) { $tpl[] = request_post_var('install_' . $i . '_style', '', true); $num[] = request_post_var('install_' . $i . '_num', 0); } } if (sizeof($tpl)) { for ($i = 0; $i < sizeof($tpl); $i++) { xs_install_style($tpl[$i], $num[$i]); } if (defined('REFRESH_NAVBAR')) { $template->assign_block_vars('left_refresh', array('ACTION' => append_sid('index.' . PHP_EXT . '?pane=left'))); } $db->clear_cache('styles_'); xs_message($lang['Information'], $lang['xs_install_installed'] . '<br /><br />' . $lang['xs_install_back'] . '<br /><br />' . $lang['xs_goto_default']); } } // get all installed styles $sql = 'SELECT themes_id, template_name, style_name FROM ' . THEMES_TABLE . ' ORDER BY template_name';