function onSubmit($vals)
{
loader_import('siteforum.Post');
loader_import('siteforum.Filters');
loader_import('siteforum.Topic');
$p = new SiteForum_Post();
if (!session_admin()) {
$notice = 'no';
} else {
if ($vals['notice'] == 'Make this post a notice.') {
$notice = 'yes';
} else {
$notice = 'no';
}
}
$t = new SiteForum_Topic();
$topic = $t->get($vals['topic']);
if (!($res = $p->add(array('user_id' => session_username(), 'topic_id' => $vals['topic'], 'post_id' => $vals['post'], 'ts' => date('Y-m-d H:i:s'), 'subject' => $vals['subject'], 'body' => $vals['body'], 'sig' => db_shift('select sig from sitellite_user where username = ?', session_username()), 'notice' => $notice, 'sitellite_access' => $topic->sitellite_access, 'sitellite_status' => $topic->sitellite_status)))) {
page_title(intl_get('Database Error'));
echo '<p>' . intl_get('An error occurred. Please try again later.') . '</p>';
echo '<p>' . intl_get('Error Message') . ': ' . $p->error . '</p>';
return;
}
$vals['id'] = $res;
if (!empty($vals['post'])) {
$p->touch($vals['post']);
}
if ($vals['subscribe'] == 'Subscribe me to this forum thread.') {
if (!$vals['post']) {
$vals['post'] = $res;
}
db_execute('insert into siteforum_subscribe (id, post_id, user_id) values (null, ?, ?)', $vals['post'], session_username());
}
$ae = appconf('admin_email');
if ($ae) {
@mail($ae, intl_get('Forum Posting Notice'), template_simple('post_email.spt', $vals), 'From: ' . appconf('forum_name') . '@' . site_domain());
}
$exempt = explode(',', $ae);
$res = db_fetch_array('select distinct u.email, u.username from sitellite_user u, siteforum_subscribe s where s.user_id = u.username and s.post_id = ?', $vals['post']);
foreach ($res as $row) {
if (in_array($row->email, $exempt)) {
continue;
}
$vals['user_id'] = $row->username;
@mail($row->email, intl_get('Forum Posting Notice'), template_simple('post_email_subscriber.spt', $vals), 'From: ' . appconf('forum_name') . '@' . site_domain());
}
page_title(intl_get('Message Posted'));
echo template_simple('post_submitted.spt', $vals);
}
function SitewikiEditForm()
{
parent::MailForm(__FILE__);
$level = 0;
if (session_valid()) {
$level++;
}
if (session_admin()) {
$level++;
}
global $cgi;
$res = db_fetch('select * from sitewiki_page where id = ?', $cgi->page);
if (!$res) {
$this->widgets['submit_button']->buttons[1]->extra = 'onclick="window.location.href = \'' . site_prefix() . '/index/sitewiki-edit-form?page=' . $cgi->page . '&unlock=1&ret=' . urlencode($_SERVER['HTTP_REFERER']) . '\'; return false"';
if ($level >= appconf('default_edit_level')) {
$this->new_page = true;
} else {
echo template_simple('not_visible.spt');
$this->editable = false;
return;
}
$this->widgets['view_level']->setValue(appconf('default_view_level'));
$this->widgets['edit_level']->setValue(appconf('default_edit_level'));
} else {
$this->widgets['submit_button']->buttons[1]->extra = 'onclick="window.location.href = \'' . site_prefix() . '/index/sitewiki-edit-form?page=' . $cgi->page . '&unlock=1\'; return false"';
if ($level < $res->edit_level) {
echo template_simple('not_visible.spt');
$this->editable = false;
return;
} else {
$this->widgets['body']->setValue($res->body);
$this->widgets['view_level']->setValue($res->view_level);
$this->widgets['edit_level']->setValue($res->edit_level);
}
}
if (!appconf('security_test')) {
unset($this->widgets['security_test']);
}
if (!session_valid()) {
unset($this->widgets['files']);
unset($this->widgets['file_1']);
unset($this->widgets['file_2']);
unset($this->widgets['file_3']);
}
}
function _eventsInRange($start, $end = false, $cat = '', $aud = '', $user = '', $fields = '*', $limit = false)
{
if (session_admin()) {
$append = session_allowed_sql();
} else {
$append = session_approved_sql();
}
if (!empty($user)) {
$usr = '******' . db_quote($user);
} else {
$usr = '******';
}
if (!empty($cat)) {
$cat = ' and category = ' . db_quote($cat);
} else {
$cat = ' ';
}
if (!empty($aud)) {
$aud = ' and audience like ' . db_quote('%' . $aud . '%');
} else {
$aud = ' ';
}
if ($limit !== false) {
$lim = ' limit ' . $limit;
} else {
$lim = ' ';
}
$start = db_quote($start);
$sql = 'select ' . $fields . ' from siteevent_event where (';
if ($end) {
$end = db_quote($end);
$sql .= sprintf('(recurring = "no" and date >= %s and date <= %s and until_date = "0000-00-00") or ', $start, $end);
$sql .= sprintf('(recurring != "no" and date <= %s and until_date = "0000-00-00") or ', $end);
$sql .= sprintf('(date <= %s and until_date >= %s)', $end, $start);
} else {
$sql .= sprintf('(recurring = "no" and date >= %s and until_date = "0000-00-00") or ', $start);
// not recurring, starts after $start
$sql .= sprintf('(recurring != "no" and until_date = "0000-00-00") or ');
// no end recurring date
$sql .= sprintf('(until_date >= %s)', $start);
// ends after $start
}
$sql .= ') ' . $usr . $cat . $aud . ' and ' . $append . ' order by date asc, time asc, until_date asc, until_time asc' . $lim;
return db_fetch_array($sql);
}
function getTopics()
{
if (session_admin()) {
$perms = session_allowed_sql();
} else {
$perms = session_approved_sql();
}
$list = db_fetch_array('select * from siteforum_topic where ' . $perms . ' order by
name asc');
foreach (array_keys($list) as $k) {
$list[$k]->threads = db_shift('select count(*) from siteforum_post where topic_id = ? and post_id = ""', $list[$k]->id);
$list[$k]->posts = db_shift('select count(*) from siteforum_post where topic_id = ?', $list[$k]->id);
$obj = db_single('select ts, user_id, id from siteforum_post where topic_id = ? order by ts desc limit 1', $list[$k]->id);
$list[$k]->last_post = $obj->ts;
$list[$k]->last_post_user = $obj->user_id;
$list[$k]->last_post_id = $obj->id;
$list[$k]->last_post_user_public = db_shift('select public from sitellite_user where username = ?', $obj->user_id);
}
return $list;
}
function getLatest($limit = 5, $topic = false)
{
if (session_admin()) {
$perms = session_allowed_sql();
} else {
$perms = session_approved_sql();
}
if ($topic) {
$list = db_fetch_array('select id, topic_id, user_id, ts, subject from siteforum_post where topic_id = ? and ' . $perms . ' order by ts desc limit ' . $limit, $topic);
} else {
$list = db_fetch_array('select id, topic_id, user_id, ts, subject from siteforum_post where ' . $perms . ' order by ts desc limit ' . $limit);
}
if (!$list) {
return array();
}
loader_import('siteforum.Topic');
$t = new SiteForum_Topic();
foreach (array_keys($list) as $k) {
$list[$k]->topic_name = $t->getTitle($list[$k]->topic_id);
$list[$k]->user_public = db_shift('select public from sitellite_user where username = ?', $list[$k]->user_id);
}
return $list;
}
<?php
if (!session_admin() || !isset($parameters['id'])) {
header('Location: ' . site_prefix() . '/index/digger-app');
exit;
}
db_execute('delete from digger_comments where id = ?', $parameters['id']);
header('Location: ' . site_prefix() . '/index/digger-comments-action/id.' . $parameters['story']);
exit;
<?php
if (!session_admin() && session_role() != 'member') {
header('Location: ' . site_prefix() . '/index/ihome');
exit;
}
class SiteblogEditForm extends MailForm
{
function SiteblogEditForm()
{
parent::MailForm();
global $cgi;
$refer = $_SERVER['HTTP_REFERER'];
$this->parseSettings('inc/app/siteblog/forms/edit/settings.php');
$this->widgets['refer']->setValue($refer);
//if add is true, we're creating a blog post, otherwise we're editing a blog post
$add = isset($cgi->_key) && !empty($cgi->_key) ? false : true;
$this->widgets['status']->setValues(array('Live', 'Not Live'));
$cats = db_pairs('select id, title from siteblog_category where status = "on"');
if ($add) {
page_title('Adding a Blog Post');
$this->widgets['author']->setValue(session_username());
unset($this->widgets['icategory']);
$this->widgets['category']->setValues($cats);
} else {
loader_import('cms.Versioning.Rex');
$rex = new Rex('siteblog_post');
$document = $rex->getCurrent($cgi->_key);
page_title('Editing a Blog Post');
//populate fields
$this->widgets['subject']->setValue($document->subject);
<?php
if (!session_admin()) {
header('Location: ' . site_prefix() . '/index/news-app');
exit;
}
class NewsCommentEditForm extends MailForm
{
function NewsCommentEditForm()
{
parent::MailForm();
$this->parseSettings('inc/app/news/forms/comment/edit/settings.php');
page_title(intl_get('Editing Comment'));
loader_import('news.Comment');
$c = new NewsComment();
global $cgi;
$comment = $c->get($cgi->id);
$this->widgets['subject']->setValue($comment->subject);
$this->widgets['user_id']->setValue($comment->user_id);
$this->widgets['body']->setValue($comment->body);
$this->widgets['story_id']->setValue($comment->story_id);
page_add_script('
function news_cancel (f) {
window.location.href = "' . site_prefix() . '/index/news-app/story.' . $cgi->story_id . '";
return false;
}
');
$this->widgets['submit_button']->buttons[1]->extra = 'onclick="return news_cancel (this.form)"';
}
function onSubmit($vals)
{
<?php
if (session_admin()) {
$acl = session_allowed_sql();
} else {
$acl = session_approved_sql();
}
$res = db_fetch_array('select name, display_title, extension, description from sitellite_filesystem where path = ? and ' . $acl . ' order by name asc', $parameters['path']);
$valid = appconf('valid');
foreach (array_keys($res) as $k) {
if (!in_array(strtolower($res[$k]->extension), $valid)) {
unset($res[$k]);
}
}
if ($parameters['title']) {
if ($box['context'] == 'action') {
page_title($parameters['title']);
} else {
echo '<h2>' . $parameters['title'] . '</h2>';
}
}
page_add_script(site_prefix() . '/js/rollover.js');
template_simple_register('results', $res);
template_simple_register('first', array_shift($res));
echo template_simple('slideshow.spt', array('path' => $parameters['path'], 'total' => count($res) + 1, 'desc' => $parameters['descriptions'], 'delay' => $parameters['delay']));
echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n" . "<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n" . "The requested URL " . $PHP_SELF . " was not found on this server.<p>\n<hr>\n" . $_SERVER['SERVER_SIGNATURE'] . "</body></html>";
exit;
}
// END KEEPOUT CHECKING
global $session, $site;
if (isset($parameters['template'])) {
page_template($parameters['template']);
}
if (!empty($parameters['username'])) {
sleep(2);
}
if ($session->valid) {
if (!empty($parameters['goto'])) {
header('Location: ' . $site->url . '/index/' . $parameters['goto']);
exit;
} elseif (session_admin()) {
header('Location: ' . $site->url . '/index/cms-app');
exit;
} else {
page_title(intl_get('Members'));
echo template_simple('user/login/home.spt', $parameters);
}
} else {
switch ($box['context']) {
case 'action':
if (!empty($parameters['username'])) {
if (!empty($parameters['invalid'])) {
header('Location: ' . $site->url . '/index/' . $parameters['invalid']);
exit;
} else {
page_title(intl_get('Invalid Password'));
/**
* Checks recursively in the form directory and parent directories
* until it checks $formPath finally for an access.php file. It then
* parses that file as an INI file and determines whether the form is
* accessible by the current user. If a template is specified in the
* access.php file, that template name is returned on success, otherwise
* a boolean true value is returned on success. False is always returned
* if the user is not allowed.
*
* @access public
* @param string $name
* @param string $context
* @return mixed
*
*/
function formAllowed($name, $context = 'normal')
{
$app = $this->getApp($name);
$name = $this->removeApp($name, $app);
if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) {
return false;
}
if (isset($this->applications[$app]) && !$this->applications[$app]) {
// app is disabled
return false;
}
$dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name;
while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) {
if (@file_exists($dir . '/access.php')) {
$access = parse_ini_file($dir . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) {
return false;
// } elseif ($context == 'inline' && ! $access['sitellite_inline']) {
// return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
$dir = preg_split('/\\//', $dir);
array_pop($dir);
$dir = join('/', $dir);
}
// check for a global access.php file
if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) {
$access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php');
$this->formAccess = $access;
if (!session_allowed($access['sitellite_access'], 'r', 'access')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'action' && !$access['sitellite_action']) {
if (isset($access['sitellite_goto'])) {
header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']);
exit;
}
return false;
} elseif ($context == 'inline' && !$access['sitellite_inline']) {
return false;
} else {
if (isset($access['sitellite_template_set'])) {
page_template_set($access['sitellite_template_set']);
}
if (isset($access['sitellite_template'])) {
return $access['sitellite_template'];
} else {
return true;
}
}
}
// no access.php found at all, revert to logical defaults
if ($context == 'action') {
return false;
}
return true;
}
<?php
// your app begins here
global $cgi;
if (!empty($cgi->username) && session_admin()) {
header('Location: ' . site_prefix() . '/index/cms-app?forward=' . urlencode($_SERVER['HTTP_REFERER']));
exit;
} elseif (!session_valid()) {
$action = 'login';
} elseif (!empty($cgi->username) && $cgi->remember_me == 'yes') {
$duration = appconf('remember_login');
if ($duration) {
// convert duration to seconds
$duration = $duration * 86400;
// set "sitemember_remember" cookie
global $cookie;
$cookie->set('sitemember_remember', $duration, $duration, '/', site_domain(), site_secure());
// adjust cookie
session_change_timeout($duration);
// adjust expires value
session_user_edit(session_username(), array('expires' => date('Y-m-d H:i:s', time() + $duration)));
}
$action = 'home';
} else {
$action = 'home';
}
if (session_valid() && !empty($parameters['goto'])) {
header('Location: ' . $parameters['goto']);
exit;
}
list($type, $call) = split(':', appconf($action), 2);
/**
* Checks for an $external property of the document object, which if found
* is understood to represent an external document that this object is
* actually an alias of, and so it will forward the request on to that
* document.
*/
function isExternal()
{
if (!empty($this->external)) {
global $intl;
if ($intl->negotiation == 'url') {
$intl_prefix = '/' . $intl->language;
} else {
$intl_prefix = '';
}
if (conf('Site', 'remove_index')) {
$index = '/';
} else {
$index = '/index/';
}
if (session_admin()) {
if (!preg_match('|^[a-zA-Z0-9]+://|', $this->external)) {
if (strpos($this->external, '/') === 0) {
if (site_secure() && cgi_is_https()) {
$ext = 'https://' . site_domain() . $this->external;
} else {
$ext = 'http://' . site_domain() . $this->external;
}
} else {
if (site_secure() && cgi_is_https()) {
$ext = 'https://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external;
} else {
$ext = 'http://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external;
}
}
} else {
$ext = $this->external;
}
$this->body = '<p>' . intl_get('This page is a placeholder for the following external resource') . ':</p><p><a href="' . $ext . '">' . $ext . '</a></p>';
return false;
}
if (!preg_match('|^[a-zA-Z0-9]+://|', $this->external)) {
if (strpos($this->external, '/') === 0) {
if (site_secure() && cgi_is_https()) {
header('Location: https://' . site_domain() . $this->external);
} else {
header('Location: http://' . site_domain() . $this->external);
}
} else {
if (site_secure() && cgi_is_https()) {
header('Location: https://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external);
} else {
header('Location: http://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external);
}
}
} else {
header('Location: ' . $this->external);
}
exit;
}
}
<?php
global $cgi;
foreach ($parameters as $k => $p) {
$cgi->{$k} = $p;
}
loader_import('cms.Versioning.Rex');
$rex = new Rex('siteblog_post');
loader_import('siteblog.Filters');
page_add_style('/inc/app/siteblog/html/post.css');
if (session_admin() || session_role() == 'member') {
if (!empty($cgi->category)) {
echo template_simple('buttons.spt', array('category_only' => true, 'blog' => $cgi->category));
} else {
echo template_simple('buttons.spt', array('category_only' => false));
}
}
if (!empty($cgi->template)) {
$template = $cgi->template;
} else {
$template = 'post.spt';
}
if (!empty($cgi->maxlen)) {
$maxlen = $cgi->maxlen;
} else {
$maxlen = false;
}
$tproperties = db_fetch_array('select * from siteblog_category');
foreach ($tproperties as $t) {
$properties[$t->id] = array('poster_visible' => $t->poster_visible, 'comments' => $t->comments);
}
$start = $d;
}
if ($item->recurring == 'daily' && $yy == '0000' || $yy . '-' . $mm > $cal->year . '-' . $cal->month) {
$end = date('t', mktime(5, 0, 0, $cal->month, 1, $cal->year));
} elseif ($yy != '0000') {
$end = $dd;
} else {
$end = $d;
}
for ($i = $start; $i <= $end; $i++) {
$cal->addLink($i, $title, site_prefix() . '/index/siteevent-details-action/id.' . $item->id . '/title.' . siteevent_filter_link_title($item->title), $priority, $alt, $item->time);
}
break;
}
}
if (false && session_admin()) {
echo loader_box('cms/buttons/add', array('collection' => 'siteevent_event', 'float' => true));
echo '<br clear="all" />';
echo template_simple('users.spt', array('list' => db_fetch_array('select * from siteevent_category order by name asc'), 'current' => $parameters['category'], 'user_list' => db_fetch_array('select sitellite_owner, count(*) as total from siteevent_event where ' . session_allowed_sql() . ' group by sitellite_owner asc'), 'current_user' => $parameters['user'], 'simplecal' => $parameters['simplecal']));
} else {
echo template_simple('categories.spt', array('list' => db_fetch_array('select * from siteevent_category order by name asc'), 'current' => $parameters['category'], 'alist' => db_fetch_array('select * from siteevent_audience order by name asc'), 'audience' => $parameters['audience'], 'simplecal' => $parameters['simplecal'], 'view' => $parameters['view']));
}
echo $cal->render();
echo '<p>';
if (appconf('ical_links')) {
if (!empty($parameters['category'])) {
$cat = '?category=' . $parameters['category'];
} else {
$cat = '';
}
echo '<a href="' . site_prefix() . '/index/siteevent-ical-action' . $cat . '">' . intl_get('Subscribe (iCalendar)') . '</a> ';
/**
* Returns a single object with the specified $id.
*
* @access public
* @param mixed
* @return object
*/
function &get($id)
{
if ($this->usePermissions) {
if (session_admin()) {
$and = ' and ' . session_allowed_sql();
} else {
$and = ' and ' . session_approved_sql();
}
} else {
$and = '';
}
$res = db_fetch('SELECT * FROM ' . $this->table . ' WHERE ' . $this->pkey . ' = ?' . $and . $this->_end(), $id);
if (!$res) {
$this->error = db_error();
return false;
}
if ($this->multilingual && intl_lang() != intl_default_lang()) {
loader_import('multilingual.Translation');
$tr = new Translation($this->table, intl_lang());
if (session_admin()) {
$translated = $tr->get($res->{$this->pkey});
} else {
$translated = $tr->get($res->{$this->pkey}, true);
}
if ($translated) {
foreach ($translated->data as $key => $value) {
$res->{$key} = $value;
}
}
}
return $res;
}
