本文整理匯總了PHP中SEC_getPermissionValues函數的典型用法代碼示例。如果您正苦於以下問題:PHP SEC_getPermissionValues函數的具體用法?PHP SEC_getPermissionValues怎麽用?PHP SEC_getPermissionValues使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了SEC_getPermissionValues函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: SetVars
/**
* Set the value of all variables from an array, either DB or a form
*
* @param array $A Array of fields
* @param boolean $fromDB True if $A is from the database, false for form
*/
public function SetVars($A, $fromDB = false)
{
if (isset($A['cal_id']) && !empty($A['cal_id'])) {
$this->cal_id = $A['cal_id'];
}
// These fields come in the same way from DB or form
$fields = array('cal_name', 'fgcolor', 'bgcolor', 'owner_id', 'group_id');
foreach ($fields as $field) {
if (isset($A[$field])) {
$this->{$field} = $A[$field];
}
}
if (isset($A['cal_status']) && $A['cal_status'] == 1) {
$this->cal_status = 1;
} else {
$this->cal_status = 0;
}
if (isset($A['cal_ena_ical']) && $A['cal_ena_ical'] == 1) {
$this->cal_ena_ical = 1;
} else {
$this->cal_ena_ical = 0;
}
if ($fromDB) {
$this->perm_owner = $A['perm_owner'];
$this->perm_group = $A['perm_group'];
$this->perm_members = $A['perm_members'];
$this->perm_anon = $A['perm_anon'];
} else {
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$this->perm_owner = $perms[0];
$this->perm_group = $perms[1];
$this->perm_members = $perms[2];
$this->perm_anon = $perms[3];
}
}
示例2: links_save_category
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17;
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// clean 'em up
$description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit'));
$pid = addslashes(strip_tags($pid));
$cid = addslashes(strip_tags($cid));
$old_cid = addslashes(strip_tags($old_cid));
if (empty($category) || empty($description)) {
return 7;
}
// Check cid to make sure not illegal
if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') {
return 11;
}
if (!empty($cid) && $cid != $old_cid) {
// this is either a new category or an attempt to change the cid
// - check that cid doesn't exist yet
$ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'");
if (!empty($ctrl)) {
if (isset($PLG_links_MESSAGE17)) {
return 17;
} else {
return 11;
}
}
}
// Check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
$cid = $old_cid;
}
// Make sure they aren't making a parent category child of one of it's own
// children. This would create orphans
if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) {
return 12;
}
$access = 0;
if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
// update existing item, but new cid so get access from database with old cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "existing";
} else {
if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// update existing item, same cid, so get access from database with existing cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "same";
} else {
// new item, so use passed values
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
// set flag
$update = 'new';
}
}
if ($access < 3) {
// no access rights: user should not be here
COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
return 6;
} else {
// save item
if ($update == 'existing') {
// update an existing item but new cid
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'";
$result = DB_query($sql);
// Also need to update links for this category
$sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'";
$result = DB_query($sql);
} else {
if ($update == 'same') {
// update an existing item
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'";
$result = DB_query($sql);
} else {
// insert a new item
if (empty($cid)) {
$cid = COM_makeSid();
}
$sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')";
$result = DB_query($sql);
}
}
if ($update == 'existing' && $cid != $old_cid) {
PLG_itemSaved($cid, 'links.category', $old_cid);
} else {
PLG_itemSaved($cid, 'links.category');
}
}
return 10;
// success message
}
示例3: service_submit_staticpages
//.........這裏部分代碼省略.........
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
示例4: savetopic
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_member Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = addslashes($topic);
$meta_description = addslashes(strip_tags($meta_description));
$meta_keywords = addslashes(strip_tags($meta_keywords));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
$is_archive = $is_archive == 'on' ? 1 : 0;
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archivetid != $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archivetid == $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
}
DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $tid);
COM_olderStuff();
$retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13');
} else {
$retval .= COM_siteHeader('menu', $LANG27[1]);
$retval .= COM_errorLog($LANG27[7], 2);
$retval .= COM_siteFooter();
}
return $retval;
}
示例5: _loadFromArgs
function _loadFromArgs(&$array)
{
$corder = trim($array['corder']);
$this->_owner_id = COM_applyFilter($array['owner_id'], true);
$this->_group_id = COM_applyFilter($array['group_id'], true);
$this->_cid = COM_applyFilter(trim($array['cid']));
$this->_old_cid = COM_applyFilter(trim($array['old_cid']));
$this->_pid = COM_applyFilter(trim($array['pid']));
$this->_corder = empty($corder) ? 0 : COM_applyFilter($corder, true);
$this->_imgurl = COM_applyFilter($array['imgurl']);
$this->_imgurlold = COM_applyFilter($array['imgurlold']);
$this->_title = COM_checkHTML(COM_checkWords(trim($array['title'])));
$this->_is_enabled = $array['is_enabled'] == 'on' ? 1 : 0;
$this->_deleteimg = $array['deleteimg'] == 'on' ? 1 : 0;
// Convert array values to numeric permission values
list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
$this->_editor_mode = COM_applyFilter($array['editor_mode']);
}
示例6: savelink
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
//.........這裏部分代碼省略.........
示例7: SetVars
/**
* Sets all variables to the matching values from $rows.
*
* @param array $row Array of values, from DB or $_POST
* @param boolean $fromDB True if read from DB, false if from $_POST
*/
public function SetVars($row, $fromDB = false)
{
global $_EV_CONF;
if (!is_array($row)) {
return;
}
$this->date_start1 = isset($row['date_start1']) && !empty($row['date_start1']) ? $row['date_start1'] : date('Y-m-d');
$this->date_end1 = isset($row['date_end1']) && !empty($row['date_end1']) ? $row['date_end1'] : $this->date_start1;
$this->cal_id = $row['cal_id'];
$this->show_upcoming = isset($row['show_upcoming']) ? 1 : 0;
$this->recurring = isset($row['recurring']) && $row['recurring'] == 1 ? 1 : 0;
$this->show_upcoming = isset($row['show_upcoming']) && $row['show_upcoming'] == 1 ? 1 : 0;
if (isset($row['allday']) && $row['allday'] == 1) {
$this->allday = 1;
$this->split = 0;
} else {
$this->allday = 0;
$this->split = isset($row['split']) && $row['split'] == 1 ? 1 : 0;
}
// Multi-day events can't be split
if ($this->date_start1 != $this->date_end1) {
$this->split = 0;
}
$this->status = isset($row['status']) && $row['status'] == 1 ? 1 : 0;
$this->postmode = isset($row['postmode']) && $row['postmode'] == 'html' ? 'html' : 'plaintext';
$this->enable_reminders = isset($row['enable_reminders']) && $row['enable_reminders'] == 1 ? 1 : 0;
$this->owner_id = $row['owner_id'];
$this->group_id = $row['group_id'];
//$this->title = $row['title'];
if (isset($row['categories']) && is_array($row['categories'])) {
$this->categories = $row['categories'];
}
// Join or split the date values as needed
if ($fromDB) {
// dates are YYYY-MM-DD
$this->id = isset($row['id']) ? $row['id'] : '';
$this->rec_data = unserialize($row['rec_data']);
if (!$this->rec_data) {
$this->rec_data = array();
}
$this->det_id = $row['det_id'];
$this->hits = $row['hits'];
$this->perm_owner = $row['perm_owner'];
$this->perm_group = $row['perm_group'];
$this->perm_members = $row['perm_members'];
$this->perm_anon = $row['perm_anon'];
$this->time_start1 = $row['time_start1'];
$this->time_end1 = $row['time_end1'];
$this->time_start2 = $row['time_start2'];
$this->time_end2 = $row['time_end2'];
$this->options = unserialize($row['options']);
if (!$this->options) {
$this->options = array();
}
} else {
// Coming from the form
$this->id = isset($row['eid']) ? $row['eid'] : '';
// Ignore time entries & set to all day if flagged as such
if (isset($row['allday']) && $row['allday'] == '1') {
$this->time_start1 = '00:00:00';
$this->time_end1 = '23:59:59';
} else {
$tmp = EVLIST_12to24($row['starthour1'], $row['start1_ampm']);
$this->time_start1 = sprintf('%02d:%02d:00', $tmp, $row['startminute1']);
$tmp = EVLIST_12to24($row['endhour1'], $row['end1_ampm']);
$this->time_end1 = sprintf('%02d:%02d:00', $tmp, $row['endminute1']);
}
// If split, record second time/date values.
// Splits don't support allday events
if ($this->split == 1) {
$tmp = EVLIST_12to24($row['starthour2'], $row['start2_ampm']);
$this->time_start2 = sprintf('%02d:%02d:00', $tmp, $row['startminute2']);
$tmp = EVLIST_12to24($row['endhour2'], $row['end2_ampm']);
$this->time_end2 = sprintf('%02d:%02d:00', $tmp, $row['endminute1']);
} else {
$this->time_start2 = NULL;
$this->time_end2 = NULL;
}
if (isset($_POST['perm_owner'])) {
$perms = SEC_getPermissionValues($row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
$this->perm_owner = $perms[0];
$this->perm_group = $perms[1];
$this->perm_members = $perms[2];
$this->perm_anon = $perms[3];
}
$this->owner_id = $row['owner_id'];
$this->group_id = $row['group_id'];
$this->options['contactlink'] = isset($row['contactlink']) ? 1 : 0;
$this->options['tickets'] = array();
if ($_EV_CONF['enable_rsvp']) {
$this->options['use_rsvp'] = (int) $row['use_rsvp'];
$this->options['max_rsvp'] = (int) $row['max_rsvp'];
$this->options['rsvp_waitlist'] = isset($row['rsvp_waitlist']) ? 1 : 0;
$this->options['rsvp_cutoff'] = (int) $row['rsvp_cutoff'];
//.........這裏部分代碼省略.........
示例8: TOPIC_save
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $archive_flag 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function TOPIC_save($T)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
$tid = isset($T['tid']) ? $T['tid'] : '';
$topic = $T['topic'];
$imageurl = $T['imageurl'];
$sortnum = $T['sortnum'];
$sort_by = $T['sort_by'];
$limitnews = $T['limitnews'];
$sort_dir = $T['sort_dir'];
$owner_id = $T['owner_id'];
$group_id = $T['group_id'];
$perm_owner = $T['perm_owner'];
$perm_group = $T['perm_group'];
$perm_members = $T['perm_members'];
$perm_anon = $T['perm_anon'];
$is_default = $T['is_default'];
$archive_flag = $T['archive_flag'];
// error checks...
if (empty($tid)) {
$msg = $LANG27[7];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if (empty($topic)) {
$msg = $LANG27[7];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if (strstr($tid, ' ')) {
$msg = $LANG27[42];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if ($sortnum != '') {
$tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"');
$newSortNum = $tidSortNumber + 1;
} else {
$newSortNum = 0;
}
$T['sortnum'] = $newSortNum;
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
} else {
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[32], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = DB_escapeString(strip_tags($topic));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
//.........這裏部分代碼省略.........
示例9: saveautotags
/**
* Saves a Auto Tag to the database
*
*/
function saveautotags($tag, $old_tag, $description, $is_enabled, $is_function, $replacement, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $LANG_AUTO, $_AUTO_CONF, $_TABLES;
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
$old_tag = COM_applyFilter($old_tag);
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['autotags'], 'tag', $tag) > 0) {
if ($tag != $old_tag) {
$duplicate_id = true;
}
} elseif (!empty($old_tag)) {
if ($tag != $old_tag) {
$delete_old_page = true;
}
}
$is_function = $is_function == 'on' ? 1 : 0;
// If user does not have php edit perms, then set php flag to 0.
if ($_AUTO_CONF['allow_php'] != 1 || !SEC_hasRights('autotags.PHP')) {
$is_function = 0;
}
$retval = '';
if ($duplicate_id) {
$retval .= COM_siteHeader();
$retval .= COM_errorLog($LANG_AUTO['duplicate_tag'], 2);
$retval .= autotagseditor($tag);
$retval .= COM_siteFooter();
} elseif (!empty($tag) && in_array($tag, autotags_existing_tags())) {
$retval .= COM_siteHeader();
$retval .= COM_errorLog($LANG_AUTO['disallowed_tag'], 2);
$retval .= autotagseditor('');
$retval .= COM_siteFooter();
} elseif (!empty($tag) && (!empty($replacement) || $is_function == 1)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
// Clean up the text
$description = strip_tags($description);
$description = addslashes($description);
$replacement = addslashes($replacement);
DB_save($_TABLES['autotags'], 'tag,description,is_enabled,is_function,replacement,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$tag}','{$description}',{$is_enabled},{$is_function},'{$replacement}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($delete_old_page && !empty($old_tag)) {
DB_delete($_TABLES['autotags'], 'tag', $old_tag);
}
$retval = COM_refresh($_CONF['site_admin_url'] . '/plugins/autotags/index.php');
} else {
$retval .= COM_siteHeader();
$retval .= COM_errorLog($LANG_AUTO['no_tag_or_replacement'], 2);
$retval .= autotagseditor($tag);
$retval .= COM_siteFooter();
}
return $retval;
}
示例10: SEC_getPermissionValues
if ($cat_id > 0) {
//catDelImage($cat_id);
adCategory::DelImage($cat_id);
}
$view = 'editcat';
break;*/
case 'resetadperms':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$sql = "UPDATE\n {$_TABLES['ad_ads']}\n SET\n perm_owner={$perms[0]},\n perm_group={$perms[1]},\n perm_members={$perms[2]},\n perm_anon={$perms[3]},\n group_id=" . COM_applyFilter($_POST['group_id'], true);
DB_query($sql);
$content .= COM_showMessage('09', $_CONF_ADVT['pi_name']);
$view = 'admin';
$actionval = 'other';
break;
case 'resetcatperms':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$sql = "UPDATE\n {$_TABLES['ad_category']}\n SET\n perm_owner={$perms[0]},\n perm_group={$perms[1]},\n perm_members={$perms[2]},\n perm_anon={$perms[3]},\n group_id=" . COM_applyFilter($_POST['group_id'], true);
DB_query($sql);
$content .= COM_showMessage('09', $_CONF_ADVT['pi_name']);
$view = 'admin';
$actionval = 'other';
break;
case 'toggleadtype':
USES_classifieds_class_adtype();
AdType::toggleEnabled($ad_id, $_REQUEST['enabled']);
$view = 'admintypes';
break;
/* case 'saveadtype':
USES_classifieds_class_adtype();
$AdType = new AdType($ad_id);
$AdType->SetVars($_POST);
示例11: savepoll
/**
* Saves a poll
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainPage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statusCode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideResults Checkbox: hide results until closed
* @param int $commentCode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_group Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @param bool $allow_multipleanswers
* @param string $topic_description
* @param string $description
* @return string|void
*/
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
$retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
// Retrieve Created Date before delete
$created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
//.........這裏部分代碼省略.........
示例12: adSave
/**
* Insert or update an ad with form values. Setting $admin to true
* allows ads to be saved on behalf of another user.
*
* @param string $savetype Save action to perform
* @return array
* [0] = string value of page to redirect to
* [1] = content of any error message or text
*/
function adSave($savetype = 'edit')
{
global $_TABLES, $_CONF_ADVT, $_USER, $_CONF, $LANG_ADVT, $LANG12;
global $LANG_ADMIN;
$admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin');
// Sanitize form variables. There should always be an ad id defined
$A = array();
if (isset($_POST['ad_id'])) {
$A['ad_id'] = COM_sanitizeID($_POST['ad_id'], false);
} elseif (isset($_POST['id'])) {
$A['ad_id'] = COM_sanitizeID($_POST['id'], false);
}
if ($A['ad_id'] == '') {
return array(CLASSIFIEDS_URL, 'Missing Ad ID');
}
// Make sure the current user can edit this ad.
if (CLASSIFIEDS_checkAccess($A['ad_id']) < 3) {
return array();
}
$A['subject'] = trim($_POST['subject']);
$A['descript'] = trim($_POST['descript']);
if ($_POST['postmode'] == 'plaintext') {
$A['descript'] = nl2br($A['descript']);
}
$A['price'] = trim($_POST['price']);
$A['url'] = COM_sanitizeUrl($_POST['url'], array('http', 'https'), 'http');
$A['catid'] = (int) $_POST['catid'];
$A['ad_type'] = (int) $_POST['ad_type'];
$A['keywords'] = trim($_POST['keywords']);
$A['add_date'] = COM_applyFilter($_POST['add_date'], true);
$A['exp_date'] = COM_applyFilter($_POST['exp_date'], true);
if ($A['exp_date'] == 0) {
$A['exp_date'] = $A['add_date'];
}
$A['exp_sent'] = (int) $_POST['exp_sent'] == 1 ? 1 : 0;
$A['owner_id'] = (int) $_POST['owner_id'];
$A['group_id'] = (int) $_POST['group_id'];
$A['uid'] = $A['owner_id'];
$A['comments_enabled'] = (int) $_POST['comments_enabled'];
switch ($savetype) {
case 'moderate':
case 'adminupdate':
case 'savesubmission':
case 'editsubmission':
case 'submission':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$A['perms'] = $perms;
break;
case $LANG_ADMIN['save']:
case $LANG12[8]:
default:
$A['perms'] = array((int) $_POST['perm_owner'], (int) $_POST['perm_group'], (int) $_POST['perm_members'], (int) $_POST['perm_anon']);
break;
}
// Set anon permissions according to category if not an admin.
// To avoid form injection.
if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') {
$A['perms'][3] = 0;
}
$photo = $_FILES['photo'];
$moredays = COM_applyFilter($_POST['moredays'], true);
if ($_CONF_ADVT['purchase_enabled'] && !$admin) {
// non-administrator is limited to the available days on account,
// if applicable.
USES_classifieds_class_userinfo();
$User = new adUserInfo();
$moredays = min($moredays, $User->getMaxDays());
}
// Validate some fields.
$errmsg = '';
if ($A['subject'] == '') {
$errmsg .= "<li>{$LANG_ADVT['subject_required']}</li>";
}
if ($A['descript'] == '') {
$errmsg .= "<li>{$LANG_ADVT['description_required']}</li>";
}
if ($errmsg != '') {
$errmsg = "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n";
// return to edit page so user can correct
return array(1, $errmsg);
//return $errmsg;
}
// Calculate the new number of days. For an existing ad start from the
// date added, if new then start from now. If the ad has already expired,
// then $moredays will be added to now() rather than exp_date.
if ($moredays > 0) {
$moretime = $moredays * 86400;
$save_exp_date = $A['exp_date'];
if ($A['exp_date'] < time()) {
$basetime = time();
} else {
//.........這裏部分代碼省略.........
示例13: CMED_setMI
/**
* Set values of one menuitem in global array $MI
*/
function CMED_setMI()
{
global $_CONF, $MI;
$url = trim($_POST['url']);
$icon_url = trim($_POST['icon_url']);
$menuorder = trim($_POST['menuorder']);
$MI = array('mid' => COM_applyFilter($_POST['mid']), 'pmid' => COM_applyFilter($_POST['pmid']), 'is_enabled' => $_POST['is_enabled'] == 'on' ? 1 : 0, 'type' => $_POST['type'], 'mode' => $_POST['mmode'], 'label' => $_POST['title_fixation'], 'label_var' => $_POST['title_variable'], 'php_function' => $_POST['php_function'], 'url' => empty($url) ? '' : strip_tags($url), 'icon_url' => empty($icon_url) ? '' : strip_tags($icon_url), 'tid' => COM_applyFilter($_POST['tid']), 'menuorder' => empty($menuorder) ? 0 : COM_applyFilter($menuorder, true), 'pattern' => $_POST['pattern'], 'is_preg' => $_POST['is_preg'] == 'on' ? 1 : 0, 'class_name' => COM_applyFilter($_POST['class_name']), 'owner_id' => COM_applyFilter($_POST['owner_id'], true), 'group_id' => COM_applyFilter($_POST['group_id'], true), 'perm_owner' => $_POST['perm_owner'], 'perm_group' => $_POST['perm_group'], 'perm_members' => $_POST['perm_members'], 'perm_anon' => $_POST['perm_anon'], 'old_mid' => COM_applyFilter($_POST['old_mid']));
// Convert array values to numeric permission values
list($MI['perm_owner'], $MI['perm_group'], $MI['perm_members'], $MI['perm_anon']) = SEC_getPermissionValues($MI['perm_owner'], $MI['perm_group'], $MI['perm_members'], $MI['perm_anon']);
}
示例14: saveblock
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$title = addslashes(COM_stripslashes(strip_tags($title)));
$phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn)));
if (empty($title)) {
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_startBlock($LANG21[63], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[64] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_startBlock($LANG21[37], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[38] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
//.........這裏部分代碼省略.........
示例15: fncSave
function fncSave($edt_flg, $navbarMenu, $menuno)
{
$pi_name = "userbox";
global $_CONF;
global $_TABLES;
global $_USER;
global $_USERBOX_CONF;
global $LANG_USERBOX_ADMIN;
global $_FILES;
$addition_def = DATABOX_getadditiondef($pi_name);
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$fieldset_id = COM_applyFilter($_POST['fieldset'], true);
//@@@@@ username fullname
$username = COM_applyFilter($_POST['username']);
$username = addslashes(COM_checkHTML(COM_checkWords($username)));
$fullname = COM_applyFilter($_POST['fullname']);
$fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
$page_title = COM_applyFilter($_POST['page_title']);
$page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
$defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
$draft_flag = COM_applyFilter($_POST['draft_flag'], true);
// $hits =0;
// $comments=0;
$comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
if ($comment_expire_flag) {
$comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
$comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
$comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
$comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
$comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
if ($comment_expire_ampm == 'pm') {
if ($comment_expire_hour < 12) {
$comment_expire_hour = $comment_expire_hour + 12;
}
}
if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
$comment_expire_hour = '00';
}
} else {
$comment_expire_month = 0;
$comment_expire_day = 0;
$comment_expire_year = 0;
$comment_expire_hour = 0;
$comment_expire_minute = 0;
}
$commentcode = COM_applyFilter($_POST['commentcode'], true);
$trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
$cache_time = COM_applyFilter($_POST['cache_time'], true);
$meta_description = $_POST['meta_description'];
$meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
$meta_keywords = $_POST['meta_keywords'];
$meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
$language_id = COM_applyFilter($_POST['language_id']);
$language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
$category = $_POST['category'];
//@@@@@
$additionfields = $_POST['afield'];
$additionfields_old = $_POST['afield'];
$additionfields_fnm = $_POST['afield_fnm'];
$additionfields_del = $_POST['afield_del'];
$additionfields_alt = $_POST['afield_alt'];
$additionfields_date = array();
$dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
//
$owner_id = COM_applyFilter($_POST['owner_id'], true);
$group_id = COM_applyFilter($_POST['group_id'], true);
//
$array['perm_owner'] = $_POST['perm_owner'];
$array['perm_group'] = $_POST['perm_group'];
$array['perm_members'] = $_POST['perm_members'];
$array['perm_anon'] = $_POST['perm_anon'];
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
$perm_group = COM_applyBasicFilter($array['perm_group'], true);
$perm_members = COM_applyBasicFilter($array['perm_members'], true);
$perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
}
//編集日付
$modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
if ($modified_autoupdate == 1) {
//$udate = date('Ymd');
$modified_month = date('m');
$modified_day = date('d');
$modified_year = date('Y');
$modified_hour = date('H');
$modified_minute = date('i');
} else {
$modified_month = COM_applyFilter($_POST['modified_month'], true);
$modified_day = COM_applyFilter($_POST['modified_day'], true);
$modified_year = COM_applyFilter($_POST['modified_year'], true);
$modified_hour = COM_applyFilter($_POST['modified_hour'], true);
$modified_minute = COM_applyFilter($_POST['modified_minute'], true);
//.........這裏部分代碼省略.........