function edit($timestamp, $user) { # Remove unwanted stuff! $_POST[article][content] = html2specialchars(sanitize_variables($_POST[article][content])); $_POST[article][title] = sanitize_variables($_POST[article][title]); $_POST[article][category] = sanitize_variables($_POST[article][category]); $_POST[article][views] = sanitize_variables($_POST[article][views]); $savecats = implode(", ", $_POST[article][category]); # Put the posted and santitized stuff into an array for saving $data = array("date" => stripslashes($_POST[article][date]), "content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => "", "lastedit" => stripslashes($user), "category" => stripslashes($savecats), "views" => stripslashes($_POST[article][views])); if (defined("KNIFESQL")) { $db = KArticles::connect(); $oldarticle = KArticles::getarticle($timestamp); $data[author] = $oldarticle[author]; foreach ($data as $key => $value) { $value = addslashes($value); $data[$key] = $value; } $sql = "UPDATE articles SET category='{$data['category']}', author='{$data['author']}', lastedit='{$data['lastedit']}', title='{$data['title']}', content='{$data['content']}', views='{$data['views']}' WHERE articleid = '{$timestamp}'"; $result = mysql_query($sql) or die('Edit Query failed: ' . mysql_error()); return "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>"; } else { $dataclass = KArticles::connect(); if ($article = KArticles::getarticle($timestamp)) { $data[author] = $article[author]; $dataclass->settings['articles'][$timestamp] = $data; $dataclass->save(); return "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>"; } else { return "Invalid article."; } } }
function add() { global $Settings; $now = time(); $db = KUsers::connect(); $currentusers = KUsers::getusers(); # Remove unwanted stuff! $_POST[adduser][name] = sanitize_variables($_POST[adduser][name]); $_POST[adduser][password] = sanitize_variables($_POST[adduser][password]); $_POST[adduser][password] = md5($_POST[adduser][password]); $_POST[adduser][password] = sha1($_POST[adduser][password] . $Settings->unique); $savecats = implode(", ", $_POST[adduser][category]); $_POST[adduser][email] = sanitize_variables($_POST[adduser][email]); $_POST[adduser][url] = sanitize_variables($_POST[adduser][url]); $_POST[adduser][profile] = sanitize_variables($_POST[adduser][profile]); $adduserkey = urlTitle($_POST[adduser][name]); if (array_key_exists($adduserkey, $currentusers)) { $statusmessage = "User "{$adduserkey}" already exists in the database!<br /><a href=\"javascript:history.go(-1);\">How about choosing another name?</a>"; } else { $data = array("registered" => stripslashes($now), "lastlogin" => "", "nickname" => stripslashes($_POST[adduser][nickname]), "password" => stripslashes($_POST[adduser][password]), "email" => stripslashes($_POST[adduser][email]), "url" => stripslashes($_POST[adduser][url]), "profile" => stripslashes($_POST[adduser][profile]), "level" => stripslashes($_POST[adduser][level]), "cats" => stripslashes($savecats)); $db->settings['users'][$adduserkey] = $data; $db->save(); # Give the user a status message $statusmessage = "User "{$adduserkey}" successfully added"; } return $statusmessage; }
function add($author) { # Get current time $now = time(); # Remove dangerous stuff $_POST[article][content] = sanitize_variables($_POST[article][content]); $_POST[article][title] = sanitize_variables($_POST[article][title]); $_POST[article][category] = sanitize_variables($_POST[article][category]); # Implode the category array $savecats = implode(", ", $_POST[article][category]); # Enter it all into an array for use later $data = array("timestamp" => $now, "content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => stripslashes($author), "category" => stripslashes($savecats), "views" => "0"); # hook to add custom fields here. # $data = run_filters('admin-new-savedata', $data); if (defined("KNIFESQL")) { $dataclass = KArticles::connect(); $write_sql = "INSERT INTO articles VALUES ('{$data['timestamp']}', '{$data['category']}', '{$data['author']}', '{$data['title']}', '{$data['content']}', '{$data['views']}')"; $result = mysql_query($write_sql) or die('Query failed: ' . mysql_error()); $statusmessage = i18n("generic_article") . " "{$data['title']}" " . i18n("write_published"); return $statusmessage; } else { $dataclass = KArticles::connect(); $dataclass->settings['articles'][$now] = $data; $dataclass->save(); # Give the user a status message $statusmessage = i18n("generic_article") . " "{$data['title']}" " . i18n("write_published"); return $statusmessage; } }
$statusmessage = "User "{$adduserkey}" successfully added"; } } if ($_POST[edituser]) { # # Edit user (Routine) # $now = time(); $dataclass = new SettingsStorage('settings'); $currentusers = $dataclass->settings['users']; # Remove unwanted stuff! $_POST[edituser][name] = sanitize_variables($_POST[edituser][name]); $_POST[edituser][password] = sanitize_variables($_POST[edituser][password]); $_POST[edituser][email] = sanitize_variables($_POST[edituser][email]); $_POST[edituser][url] = sanitize_variables($_POST[edituser][url]); $_POST[edituser][profile] = sanitize_variables($_POST[edituser][profile]); $adduserkey = urlTitle($_POST[edituser][name]); if (!array_key_exists($adduserkey, $currentusers)) { $statusmessage = "User "{$adduserkey}" does not exist.<br /><a href=\"javascript:history.go(-1);\">How about choosing another name?</a>"; } else { $olduser = $currentusers[$adduserkey]; # has the password changed? if ($_POST[edituser][password] != "") { $_POST[edituser][password] = md5($_POST[edituser][password]); $_POST[edituser][password] = sha1($_POST[edituser][password] . UNIQUE); $passchange = "y"; } else { $_POST[edituser][password] = $olduser[password]; } $data = array("registered" => stripslashes($olduser[registered]), "nickname" => stripslashes($_POST[edituser][nickname]), "password" => stripslashes($_POST[edituser][password]), "email" => stripslashes($_POST[edituser][email]), "url" => stripslashes($_POST[edituser][url]), "profile" => stripslashes($_POST[edituser][profile]), "level" => stripslashes($_POST[edituser][level])); $dataclass->settings['users'][$adduserkey] = $data;
function add($articleid) { $newcommentid = time(); $ip = $_SERVER["REMOTE_ADDR"]; if (!validate_ip($ip)) { $ip = "127.0.0.2"; } $data = array('date' => $newcommentid, 'parentcid' => stripslashes(sanitize_variables($_GET[replyto])), 'name' => stripslashes(sanitize_variables($_POST[comment][name])), 'email' => stripslashes(sanitize_variables($_POST[comment][email])), 'url' => stripslashes(sanitize_variables($_POST[comment][url])), 'ip' => $ip, 'browser' => sanitize_variables($_SERVER["HTTP_USER_AGENT"]), 'content' => stripslashes(sanitize_variables($_POST[comment][content]))); print_r($data); $newcommentid = 'c' . $newcommentid; if (defined("KNIFESQL")) { $class = KComments::connect(); $write_sql = "INSERT INTO comments VALUES ('{$articleid}', '{$newcommentid}', '{$data['parentcid']}', '{$data['name']}', '{$data['email']}', '{$data['url']}', '{$data['ip']}', '{$data['browser']}', '{$data['content']}')"; $result = mysql_query($write_sql) or die('Query failed: ' . mysql_error()); return true; } else { $class = KComments::connect(); $class->settings[$articleid][$newcommentid] = $data; $class->save(); return true; } }
<p>'; $main_content .= makeDropDown($alltemplates, "addcat[template]", ""); $main_content .= ' <label>' . i18n("categories_defaulttpl") . '</label> </p> <p> <input class="add" type="submit" value="' . i18n("categories_add") . '" /> </p> </fieldset> </form> </div> </div>'; } if ($_POST[addcat]) { # # Add a new category (Routine) # $now = time(); # Remove unwanted stuff! $_POST[addcat][name] = sanitize_variables($_POST[addcat][name]); $_POST[addcat][template] = sanitize_variables($_POST[addcat][template]); $data = array("name" => stripslashes($_POST[addcat][name]), "template" => stripslashes($_POST[addcat][template])); $settingclass->settings['categories'][] = $data; $settingclass->save(); # Give the user a status message $statusmessage = "Category "{$data['name']}" added"; } # # Delete a category (Routine) # if ($_GET[action] && $_GET[catid]) { }
} $main_content .= '</div>'; } # # Edit article routine # if ($_POST[id] && !$_POST[editlist][submit] && !$_POST[preview]) { $id = $_POST[id]; $dataclass = new ArticleStorage('storage'); $articles = $dataclass->settings['articles']; $oldart = $articles[$id]; # Remove unwanted stuff! $_POST[article][content] = sanitize_variables($_POST[article][content]); $_POST[article][title] = sanitize_variables($_POST[article][title]); $_POST[article][category] = sanitize_variables($_POST[article][category]); $_POST[article][views] = sanitize_variables($_POST[article][views]); $savecats = implode(", ", $_POST[article][category]); # Put the posted and santitized stuff into an array for saving $data = array("content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => stripslashes($oldart[author]), "lastedit" => stripslashes($User->username), "category" => stripslashes($savecats), "views" => stripslashes($_POST[article][views])); # hook to add custom fields here. # $data = run_filters('admin-new-savedata', $data); $dataclass->settings['articles'][$id] = $data; $dataclass->save(); $moduletitle = "Edit "{$data['title']}""; # Give the user a status message $statusmessage = "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>"; } # # If preview # if ($_POST[preview]) {
if ($User->level < 4) { die(i18n("login_noaccess")); } include "options.php"; $moduletitle = i18n("templates_moduletitle"); function html2specialchars($str) { $trans_table = array_flip(get_html_translation_table(HTML_SPECIALCHARS)); return strtr($str, $trans_table); } # Fetch and set up needed data $settingclass = new SettingsStorage('settings'); $templates = $settingclass->settings['templates']; if ($_POST[template] && !$_POST["switch"]) { $id = sanitize_variables(stripslashes($_POST[template][id])); $templateid = sanitize_variables(stripslashes($_POST[template][id])); $data = array("name" => html2specialchars(stripslashes($_POST[template][name])), "listing" => html2specialchars(stripslashes($_POST[template][listing])), "view" => html2specialchars(stripslashes($_POST[template][view])), "comment" => html2specialchars(stripslashes($_POST[template][comment])), "quote" => html2specialchars(stripslashes($_POST[template][quote])), "commentform" => html2specialchars(stripslashes($_POST[template][commentform]))); $settingclass->settings['templates'][$id] = $data; $settingclass->save(); $statusmessage = "Template "{$data['name']}" updated <br /><a href=\"javascript:history.go(-1);\">Go back</a>"; } if ($_POST[changet]) { $chtdo = $_POST[changet]; # # Delete template # if ($chtdo["delete"]) { $id = $_POST[id]; $moduletitle = "Delete Template"; $deletedtplname = $templates[$id][name]; if ($deletedtplname != "Default") {