mysql_connect(DB_HOST, DB_USER, DB_PASS); mysql_select_db(DB_NAME); if (isset($_POST['message'])) { if (!isset($_POST['formToken']) || $_POST['formToken'] != $_SESSION['formToken']) { echo "Warning: CSRF!"; exit; } $message = $_POST['message']; $username = $_SESSION['user']; $insertSql = "INSERT INTO Messages (Content, Username) VALUES ('" . $message . "', '" . $username . "')"; $result = mysql_query($insertSql); if ($result) { showMessages(); } } else { showMessages(); } function showMessages() { $selectMessages = "SELECT Content, Username FROM Messages ORDER BY Id DESC"; $resultMessages = mysql_query($selectMessages); $row = mysql_fetch_assoc($resultMessages); if ($row) { while ($row) { //$message = htmlentities($row['Content']); $message = $row['Content']; $username = $row['Username']; echo "<li><strong>{$username}</strong>: {$message}</li>"; $row = mysql_fetch_assoc($resultMessages); } } else {
newMessage($option, mosGetParam($_REQUEST, 'userid', 0), mosGetParam($_REQUEST, 'subject', '')); break; case "save": saveMessage($option); break; case "remove": removeMessage($cid, $option); break; case "config": editConfig($option); break; case "saveconfig": saveConfig($option); break; default: showMessages($option); break; } function editConfig($option) { global $database, $my; $database->setQuery("SELECT cfg_name, cfg_value FROM #__messages_cfg WHERE user_id='{$my->id}'"); $data = $database->loadObjectList('cfg_name'); $vars = array(); $vars['lock'] = mosHTML::yesnoSelectList("vars[lock]", 'class="inputbox" size="1"', @$data['lock']->cfg_value); $vars['mail_on_new'] = mosHTML::yesnoSelectList("vars[mail_on_new]", 'class="inputbox" size="1"', @$data['mail_on_new']->cfg_value); HTML_messages::editConfig($vars, $option); } function saveConfig($option) { global $database, $my;
\t'site_absolute_path'\t=>\t'{$abs}', \t'locale'\t\t\t=>\t'{$_SESSION['locale']}', // en_EN, fr_FR \t'mode'\t\t\t=>\t'p' //Production mode. ); END; if (is_writable('../configuration.php')) { $OUT = fopen('../configuration.php', 'w'); fwrite($OUT, $configuration); fclose($OUT); $QUERY['success'][] = 'Saved the configuration file. <a href="' . $_REQUEST['url'] . '">Go to Nexty</a>'; } else { $QUERY['error'][] = 'Configuration file (configuration.php) is not writable. Please copy the configuration code and enter it into the "configuration.php" file. Then press continue.'; } showMessages('error'); showMessages('success'); ?> <textarea name="code" rows="15" cols="50"><?php echo $configuration; ?> </textarea> <p>After installation, it is recommended that you <strong style="background-color:#ddd;">make the 'configuration.php' file read only and remove the 'install' folder for security purposes</strong>. But we all know that you are just going to rename the 'install' folder to '1install' or something like that. So I am not even going to check for that. Plus, I am lazy ;-).</p> <?php } elseif ($_REQUEST['step'] == 3) { ?>
function showMsgs() { if (isset($_SESSION["Errors"]) || isset($_SESSION["Warnings"]) || isset($_SESSION["Successes"])) { echo "<ul class=\"messages\">"; showMessages("Errors", "error"); showMessages("Warnings", "warning"); showMessages("Successes", "success"); echo "</ul>"; } }
</div> <?php echo $lang['install_step1_instructions_manual_setup']; ?> <a href='?step=1&action=install&type=manual'><?php echo $lang['install_step1_instructions_manual_setup_click']; ?> </a>. </div> <!-- Manual creation link --> <div class='install_content'> <?php showMessages($h); ?> <div class='panel panel-primary'> <div class='panel-heading'> <h3 class='panel-title'>Database Setup Information</h3> </div> <div class='panel-body'> <!-- Registration form --> <form class='form-horizontal' role='form' name='install_admin_reg_form' action='../install/index.php?step=1' method='post'> <!-- BASEURL --> <div class='form-group'> <label for='inputBaseURL' class='col-sm-2 control-label'><?php echo $lang['install_step1_baseurl'];