diff -ruN 1.3.11sr1/404.php 1.4.0sr5-1/404.php --- 1.3.11sr1/404.php 2004-12-31 10:03:30.000000000 -0600 +++ 1.4.0sr5-1/404.php 2006-08-08 02:53:59.000000000 -0500 @@ -1,19 +1,52 @@
' - .COM_accessLog($LANG20[03] . ' ' . $loginname); + .COM_accessLog($LANG20[03] . ' ' . $_POST['loginname']); } - - $display .= '
' .''.LB .''.LB @@ -112,6 +115,4 @@ exit; } -echo $display; - ?> diff -ruN 1.3.11sr1/admin/block.php 1.4.0sr5-1/admin/block.php --- 1.3.11sr1/admin/block.php 2004-12-31 10:02:27.000000000 -0600 +++ 1.4.0sr5-1/admin/block.php 2006-08-08 02:39:06.000000000 -0500 @@ -2,18 +2,19 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.3 | +// | Geeklog 1.4 | // +---------------------------------------------------------------------------+ // | block.php | // | | // | Geeklog block administration. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2004 by the following authors: | +// | Copyright (C) 2000-2006 by the following authors: | // | | -// | Authors: Tony Bibbs - tony@tonybibbs.com | -// | Mark Limburg - mlimburg@users.sourceforge.net | -// | Jason Whittenburg - jwhitten@securitygeeks.com | -// | Dirk Haun - dirk@haun-online.de | +// | Authors: Tony Bibbs - tony AT tonybibbs DOT com | +// | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | +// | Jason Whittenburg - jwhitten AT securitygeeks DOT com | +// | Dirk Haun - dirk AT haun-online DOT de | +// | Michael Jervis - mike AT fuckingbrit DOT com | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | @@ -32,14 +33,14 @@ // | | // +---------------------------------------------------------------------------+ // -// $Id: block.php,v 1.63 2004/09/29 17:43:43 dhaun Exp $ +// $Id: block.php,v 1.92 2006/01/14 16:58:01 dhaun Exp $ +require_once ('../lib-common.php'); // Uncomment the line below if you need to debug the HTTP variables being passed // to the script. This will sometimes cause errors but it will allow you to see // the data being passed in a POST operation -// echo COM_debug($HTTP_POST_VARS); +# echo COM_debug($_POST); -require_once ('../lib-common.php'); require_once ('auth.inc.php'); if (!SEC_hasrights ('block.edit')) { @@ -54,6 +55,7 @@ exit; } + /** * Check for block topic access (need to handle 'all' and 'homeonly' as * special cases) @@ -86,10 +88,10 @@ * @param int $access Permissions this user has * @return string HTML for default block editor * -*/ -function editdefaultblock ($A, $access) +*/ +function editdefaultblock ($A, $access) { - global $_CONF, $_TABLES, $_USER, $LANG21, $LANG_ACCESS; + global $_CONF, $_TABLES, $_USER, $LANG21, $LANG_ACCESS, $LANG_ADMIN; $retval = ''; @@ -102,27 +104,38 @@ $block_templates->set_var('site_admin_url', $_CONF['site_admin_url']); $block_templates->set_var('layout_url', $_CONF['layout_url']); $block_templates->set_var('block_id', $A['bid']); - $block_templates->set_var('lang_blocktitle', $LANG21[5]); + // standard Admin strings + $block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']); + $block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); + $block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']); + $block_templates->set_var('lang_topic', $LANG_ADMIN['topic']); + $block_templates->set_var('lang_save', $LANG_ADMIN['save']); + $block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); + $block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']); + $block_templates->set_var('block_title', stripslashes ($A['title'])); - $block_templates->set_var('lang_enabled', $LANG21[53]); if ($A['is_enabled'] == 1) { $block_templates->set_var('is_enabled', 'checked="CHECKED"'); } else { $block_templates->set_var('is_enabled', ''); } - $block_templates->set_var('lang_blockhelpurl', $LANG21[50]); $block_templates->set_var('block_help', $A['help']); $block_templates->set_var('lang_includehttp', $LANG21[51]); $block_templates->set_var('lang_explanation', $LANG21[52]); $block_templates->set_var('block_name',$A['name']); $block_templates->set_var('lang_blockname', $LANG21[48]); - $block_templates->set_var('lang_topic', $LANG21[6]); + $block_templates->set_var('lang_homeonly', $LANG21[43]); + if ($A['tid'] == 'all') { + $block_templates->set_var('all_selected', 'selected="selected"'); + } else if ($A['tid'] == 'homeonly') { + $block_templates->set_var('homeonly_selected', 'selected="selected"'); + } + $block_templates->set_var('topic_options', COM_topicList('tid,topic',$A['tid'])); $block_templates->set_var('lang_all', $LANG21[7]); $block_templates->set_var('lang_side', $LANG21[39]); $block_templates->set_var('lang_left', $LANG21[40]); $block_templates->set_var('lang_right', $LANG21[41]); - $block_templates->set_var('lang_save', $LANG21[54]); - $block_templates->set_var('lang_cancel', $LANG21[55]); + if ($A['onleft'] == 1) { $block_templates->set_var('left_selected', 'selected="selected"'); } else if ($A['onleft'] == 0) { @@ -130,7 +143,6 @@ } $block_templates->set_var('lang_blockorder', $LANG21[9]); $block_templates->set_var('block_order', $A['blockorder']); - $block_templates->set_var('lang_blocktype', $LANG21[10]); $block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $block_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $block_templates->set_var('owner_username', DB_getItem($_TABLES['users'],'username',"uid = '{$A['owner_id']}'")); @@ -159,25 +171,25 @@ * @return string HTML for block editor * */ -function editblock ($bid = '') +function editblock ($bid = '') { - global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG21, $LANG_ACCESS; + global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG21, $LANG_ACCESS, $LANG_ADMIN; $retval = ''; if (!empty($bid)) { - $result = DB_query("SELECT * FROM {$_TABLES['blocks']} where bid ='$bid'"); + $result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE bid ='$bid'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); if ($access == 2 || $access == 0 || hasBlockTopicAccess ($A['tid']) < 3) { - $retval .= COM_startBlock ($LANG21[44], '', + $retval .= COM_startBlock ($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate ('_msg_block', 'header')) . $LANG21[45] . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block $bid."); return $retval; - } + } if ($A['type'] == 'gldefault') { $retval .= editdefaultblock($A,$access); return $retval; @@ -191,10 +203,7 @@ } else { $A['group_id'] = SEC_getFeatureGroup ('block.edit'); } - $A['perm_owner'] = 3; - $A['perm_group'] = 2; - $A['perm_members'] = 2; - $A['perm_anon'] = 2; + SEC_setDefaultPermissions ($A, $_CONF['default_permissions_block']); $A['is_enabled'] = 1; $access = 3; } @@ -206,15 +215,23 @@ $block_templates->set_var('layout_url', $_CONF['layout_url']); $block_templates->set_var('start_block_editor', COM_startBlock ($LANG21[3], '', COM_getBlockTemplate ('_admin_block', 'header'))); - + if ($A['type'] != 'layout') { if (!empty($bid) && SEC_hasrights('block.delete')) { - $block_templates->set_var('delete_option',""); + $block_templates->set_var('delete_option',""); } } $block_templates->set_var('block_bid', $A['bid']); - $block_templates->set_var('lang_blocktitle', $LANG21[5]); + // standard Admin strings + $block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']); + $block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); + $block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']); + $block_templates->set_var('lang_topic', $LANG_ADMIN['topic']); + $block_templates->set_var('lang_save', $LANG_ADMIN['save']); + $block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); + $block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']); + $block_templates->set_var('block_title', stripslashes ($A['title'])); $block_templates->set_var('lang_enabled', $LANG21[53]); if ($A['is_enabled'] == 1) { @@ -223,13 +240,11 @@ $block_templates->set_var('is_enabled', ''); } $block_templates->set_var('block_help', $A['help']); - $block_templates->set_var('lang_blockhelpurl', $LANG21[50]); $block_templates->set_var('lang_includehttp', $LANG21[51]); $block_templates->set_var('lang_explanation', $LANG21[52]); $block_templates->set_var('block_name', $A['name']); $block_templates->set_var('lang_blockname', $LANG21[48]); $block_templates->set_var('lang_nospaces', $LANG21[49]); - $block_templates->set_var('lang_topic', $LANG21[6]); $block_templates->set_var('lang_all', $LANG21[7]); $block_templates->set_var('lang_homeonly', $LANG21[43]); if ($A['tid'] == 'all') { @@ -241,8 +256,6 @@ $block_templates->set_var('lang_side', $LANG21[39]); $block_templates->set_var('lang_left', $LANG21[40]); $block_templates->set_var('lang_right', $LANG21[41]); - $block_templates->set_var('lang_save', $LANG21[54]); - $block_templates->set_var('lang_cancel', $LANG21[55]); if ($A['onleft'] == 1) { $block_templates->set_var('left_selected', 'selected="selected"'); } else if ($A['onleft'] == 0) { @@ -250,7 +263,6 @@ } $block_templates->set_var('lang_blockorder', $LANG21[9]); $block_templates->set_var('block_order', $A['blockorder']); - $block_templates->set_var('lang_blocktype', $LANG21[10]); $block_templates->set_var('lang_normalblock', $LANG21[12]); $block_templates->set_var('lang_phpblock', $LANG21[27]); $block_templates->set_var('lang_portalblock', $LANG21[11]); @@ -260,7 +272,7 @@ $block_templates->set_var('php_selected', 'selected="selected"'); } else if ($A['type'] == 'portal') { $block_templates->set_var('portal_selected', 'selected="selected"'); - } + } $block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $block_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $block_templates->set_var('owner_username', DB_getItem($_TABLES['users'],'username',"uid = '{$A['owner_id']}'")); @@ -289,7 +301,7 @@ $block_templates->set_var('group_dropdown', $groupdd); $block_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $block_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); - $block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); + $block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); $block_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $block_templates->set_var('lang_phpblockoptions', $LANG21[28]); $block_templates->set_var('lang_blockfunction', $LANG21[29]); @@ -299,16 +311,82 @@ $block_templates->set_var('lang_rdfurl', $LANG21[14]); $block_templates->set_var('max_url_length', 255); $block_templates->set_var('block_rdfurl', $A['rdfurl']); + $block_templates->set_var('lang_rdflimit', $LANG21[62]); + $block_templates->set_var('block_rdflimit', $A['rdflimit']); $block_templates->set_var('lang_lastrdfupdate', $LANG21[15]); - $block_templates->set_var('block_rdfupdated', $A['rdfupdated']); + if ($A['rdfupdated'] == '0000-00-00 00:00:00') { + $block_templates->set_var ('block_rdfupdated', ''); + } else { + $block_templates->set_var ('block_rdfupdated', $A['rdfupdated']); + } $block_templates->set_var('lang_normalblockoptions', $LANG21[16]); $block_templates->set_var('lang_blockcontent', $LANG21[17]); $block_templates->set_var('block_content', htmlspecialchars (stripslashes ($A['content']))); $block_templates->set_var ('end_block', COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'))); $block_templates->parse('output', 'editor'); - $retval .= $block_templates->finish($block_templates->get_var('output')); + $retval .= $block_templates->finish($block_templates->get_var('output')); + + return $retval; +} + +function listblocks() +{ + global $LANG_ADMIN, $LANG21, $_CONF, $_TABLES, $_IMAGE_TYPE; + require_once( $_CONF['path_system'] . 'lib-admin.php' ); + $retval = ''; + + reorderblocks(); + $header_arr = array( # dislay 'text' and use table field 'field' + array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), + array('text' => $LANG21[65], 'field' => 'blockorder', 'sort' => true), + array('text' => $LANG21[46], 'field' => 'move', 'sort' => false), + array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), + array('text' => $LANG_ADMIN['type'], 'field' => 'type', 'sort' => true), + array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true), + array('text' => $LANG_ADMIN['enabled'], 'field' => 'is_enabled', 'sort' => true) + + ); + + $defsort_arr = array('field' => 'blockorder', 'direction' => 'asc'); + + $menu_arr = array ( + array('url' => $_CONF['site_admin_url'] . '/block.php?mode=edit', + 'text' => $LANG_ADMIN['create_new']), + array('url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home']) + ); + + $text_arr = array('has_menu' => true, + 'has_extras' => true, + 'title' => $LANG21[19], 'instructions' => $LANG21[25], + 'icon' => $_CONF['layout_url'] . '/images/icons/block.' + . $_IMAGE_TYPE, + 'form_url' => $_CONF['site_admin_url'] . "/block.php"); + + $query_arr = array('table' => 'blocks', + 'sql' => "SELECT * FROM {$_TABLES['blocks']} WHERE 1", + 'query_fields' => array('title', 'content'), + 'default_filter' => 'AND onleft=1'); + + $retval .= ADMIN_list ("blocks", "ADMIN_getListField_blocks", $header_arr, $text_arr, + $query_arr, $menu_arr, $defsort_arr); + + $query_arr = array('table' => 'blocks', + 'sql' => "SELECT * FROM {$_TABLES['blocks']} WHERE 1", + 'query_fields' => array('title', 'content'), + 'default_filter' => 'AND onleft=0'); + + $text_arr = array('has_menu' => false, + 'has_extras' => true, + 'title' => "$LANG21[19] ($LANG21[41])", 'instructions' => $LANG21[25], + 'icon' => $_CONF['layout_url'] . '/images/icons/block.' + . $_IMAGE_TYPE, + 'form_url' => $_CONF['site_admin_url'] . "/block.php"); + + $retval .= ADMIN_list ("blocks", "ADMIN_getListField_blocks", $header_arr, $text_arr, + $query_arr, $menu_arr, $defsort_arr); return $retval; } @@ -323,6 +401,7 @@ * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated +* @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner @@ -335,12 +414,25 @@ * @return string HTML redirect or error message * */ -function saveblock ($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled) +function saveblock ($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled) { - global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $HTTP_POST_VARS; + global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_POST; $retval = ''; + $title = addslashes (COM_stripslashes (strip_tags ($title))); + $phpblockfn = addslashes (COM_stripslashes ($phpblockfn)); + if (empty($title)) { + $retval .= COM_siteHeader() + . COM_startBlock ($LANG21[63], '', + COM_getBlockTemplate ('_msg_block', 'header')) + . $LANG21[64] + . COM_endBlock (COM_getBlockTemplate ('_msg_block', + 'footer')) + . editblock ($bid) + . COM_siteFooter (); + return $retval; + } // Convert array values to numeric permission values list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); @@ -371,7 +463,7 @@ } else { $is_enabled = 0; } - + if ($type == 'portal') { $content = ''; $rdfupdated = ''; @@ -383,6 +475,7 @@ } $rdfurl = ''; $rdfupdated = ''; + $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { @@ -404,22 +497,33 @@ $content = ''; $rdfurl = ''; $rdfupdated = ''; + $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; + $rdflimit = 0; $phpblockfn = ''; $content = addslashes ($content); } - if ($type == 'layout') { - $rdfurl = ''; - $rdfupdated = ''; - $phpblockfn = ''; + if ($rdflimit < 0) { + $rdflimit = 0; + } + + if (empty ($rdfupdated)) { + $rdfupdated = '0000-00-00 00:00:00'; } - $title = addslashes (COM_stripslashes ($title)); - $phpblockfn = addslashes (COM_stripslashes ($phpblockfn)); - DB_save($_TABLES['blocks'],'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled',"$bid,'$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled"); + if ($bid > 0) + { + DB_save($_TABLES['blocks'],'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled',"$bid,'$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$rdflimit','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled"); + } else { + $sql = "INSERT INTO {$_TABLES['blocks']} " + .'(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled) ' + ."VALUES ('$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$rdflimit','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled)"; + DB_query($sql); + $bid = DB_insertId(); + } if (($type == 'gldefault') && ($name == 'older_stories')) { COM_olderStuff (); @@ -440,7 +544,7 @@ // Normal block is missing field $retval .= $LANG21[35]; } else if ($type == 'gldefault') { - // Default geeklog field missing + // Default geeklog field missing $retval .= $LANG21[42]; } else { // Layout block missing content @@ -450,130 +554,54 @@ . editblock ($bid) . COM_siteFooter (); } - + return $retval; } - /** -* Lists all block in the system * -* @return string HTML with list of blocks +* Re-orders all blocks in steps of 10 * */ -function listblocks() +function reorderblocks() { - global $_CONF, $_TABLES, $LANG21, $LANG32, $LANG_ACCESS; - - // Added enhanced Block admin based on concept from stratosfear - $retval = ''; - - $block_templates = new Template($_CONF['path_layout'] . 'admin/block'); - $block_templates->set_file(array('list'=>'listblocks.thtml', 'row'=>'listitem.thtml', 'leftRight'=>'listside.thtml')); - - $retval .= COM_startBlock ($LANG21[19], '', - COM_getBlockTemplate ('_admin_block', 'header')); - $block_templates->set_var('site_url', $_CONF['site_url']); - $block_templates->set_var('site_admin_url', $_CONF['site_admin_url']); - $block_templates->set_var('layout_url', $_CONF['layout_url']); - $block_templates->set_var('lang_newblock', $LANG21[46]); - $block_templates->set_var('lang_adminhome', $LANG21[47]); - $block_templates->set_var('lang_instructions', $LANG21[25]); - $block_templates->set_var('lang_blocktitle', $LANG21[20]); - $block_templates->set_var('lang_access', $LANG_ACCESS['access']); - $block_templates->set_var('lang_blocktype', $LANG21[22]); - $block_templates->set_var('lang_side', $LANG21[39]); - $block_templates->set_var('lang_blocktopic', $LANG21[24]); - $block_templates->set_var('lang_enabled', $LANG21[53]); - - $result = DB_query("SELECT * FROM {$_TABLES['blocks']} ORDER BY onleft DESC,blockorder"); + global $_TABLES; + $sql = "SELECT * FROM {$_TABLES['blocks']} ORDER BY onleft asc, blockorder asc;"; + $result = DB_query($sql); $nrows = DB_numRows($result); - $hasPrintedRight = false; + + $lastside = 0; $blockOrd = 10; $stepNumber = 10; for ($i = 0; $i < $nrows; $i++) { - if ($i == 0) { - $block_templates->set_var('side', $LANG21[40]); - $block_templates->parse('blocklist_item', 'leftRight', true); - } $A = DB_fetchArray($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); - if (($access > 0) && (hasBlockTopicAccess ($A['tid']) > 0)) { - if ($access == 3) { - $access = $LANG_ACCESS['edit']; - } else { - $access = $LANG_ACCESS['readonly']; - } - $block_templates->set_var('block_access', $access); - $block_templates->set_var('block_type',$A['type']); - $block_templates->set_var('block_id', $A['bid']); - $btitle = stripslashes ($A['title']); - if (empty ($btitle)) { - $btitle = '(' . $A['name'] . ')'; - } - $block_templates->set_var('block_title', $btitle); - - if ($A['is_enabled'] == 1) { - $block_templates->set_var('enabled', 'checked="checked"'); - } else { - $block_templates->set_var('enabled', ''); - } - // $block_templates->set_var ('block_enabled', $enabled); - - if ($A['onleft'] == 1) { - $side = $LANG21[40]; - $blockcontrol_image = 'block-right.gif'; - $moveTitleMsg = $LANG21[59]; - $switchside = '1'; - } else { - $blockcontrol_image = 'block-left.gif'; - $moveTitleMsg = $LANG21[60]; - $switchside = '0'; - if (!$hasPrintedRight) { - $block_templates->set_var('side', $LANG21[41]); - $block_templates->parse('blocklist_item', 'leftRight', true); - $hasPrintedRight = true; - $blockOrd = 10; - } - $side = $LANG21[41]; - } - $block_templates->set_var('blockcontrol_image', $blockcontrol_image); - $block_templates->set_var('switchside', $switchside); - $block_templates->set_var('upTitleMsg', $LANG21[58]); - $block_templates->set_var('moveTitleMsg', $moveTitleMsg); - $block_templates->set_var('dnTitleMsg', $LANG21[57]); - if ($A['blockorder'] != $blockOrd) { - $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = '" . - $blockOrd . "' WHERE bid = '" . $A['bid'] ."'"; - DB_query($q); - } - $block_templates->set_var('block_order', $blockOrd); - $block_templates->set_var('block_topic', $A['tid']); - $block_templates->parse('blocklist_item', 'row', true); - $blockOrd += $stepNumber; + if ($lastside != $A['onleft']) { // we are switching left/right blocks + $blockOrd = 10; // so start with 10 again + } + if ($A['blockorder'] != $blockOrd) { // only update incorrect ones + $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = '" . + $blockOrd . "' WHERE bid = '" . $A['bid'] ."'"; + DB_query($q); } + $blockOrd += $stepNumber; + $lastside = $A['onleft']; // save variable for next round } - - $block_templates->parse('output','list'); - $retval .= $block_templates->finish($block_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); - - return $retval; } + /** * Move blocks UP, Down and Switch Sides - Left and Right * */ function moveBlock() { - global $_CONF, $_TABLES, $LANG21, $HTTP_GET_VARS; + global $_CONF, $_TABLES, $LANG21, $_GET; $retval = ''; - $bid = $HTTP_GET_VARS['bid']; - $where = $HTTP_GET_VARS['where']; + $bid = $_GET['bid']; + $where = $_GET['where']; // if the block id exists if (DB_count($_TABLES['blocks'], "bid", $bid) == 1) { @@ -648,63 +676,60 @@ } // MAIN -if (isset ($HTTP_POST_VARS['mode'])) { - $mode = $HTTP_POST_VARS['mode']; -} -else { - $mode = $HTTP_GET_VARS['mode']; -} -if (isset ($HTTP_POST_VARS['bid'])) { - $bid = COM_applyFilter ($HTTP_POST_VARS['bid']); +$mode = ''; +if (!empty($_REQUEST['mode'])) { + $mode = $_REQUEST['mode']; } -else { - $bid = COM_applyFilter ($HTTP_GET_VARS['bid']); + +$bid = ''; +if (!empty($_REQUEST['bid'])) { + $bid = COM_applyFilter ($_REQUEST['bid']); } -if (isset($HTTP_POST_VARS['blkChange'])) { - changeBlockStatus($HTTP_POST_VARS['blkChange']); +if (isset ($_POST['blkChange'])) { + changeBlockStatus ($_POST['blkChange']); } -if (($mode == $LANG21[56]) && !empty ($LANG21[56])) { // delete +if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { if (!isset ($bid) || empty ($bid) || ($bid == 0)) { COM_errorLog ('Attempted to delete block, bid empty or null, value =' . $bid); $display .= COM_refresh ($_CONF['site_admin_url'] . '/block.php'); } else { $display .= deleteBlock ($bid); } -} else if (($mode == $LANG21[54]) && !empty ($LANG21[54])) { // save - $display .= saveblock ($bid, $HTTP_POST_VARS['name'], - $HTTP_POST_VARS['title'], $HTTP_POST_VARS['help'], - $HTTP_POST_VARS['type'], $HTTP_POST_VARS['blockorder'], - $HTTP_POST_VARS['content'], $HTTP_POST_VARS['tid'], - $HTTP_POST_VARS['rdfurl'], $HTTP_POST_VARS['rdfupdated'], - $HTTP_POST_VARS['phpblockfn'], $HTTP_POST_VARS['onleft'], - $HTTP_POST_VARS['owner_id'], $HTTP_POST_VARS['group_id'], - $HTTP_POST_VARS['perm_owner'], $HTTP_POST_VARS['perm_group'], - $HTTP_POST_VARS['perm_members'], $HTTP_POST_VARS['perm_anon'], - $HTTP_POST_VARS['is_enabled']); +} else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { + $display .= saveblock ($bid, $_POST['name'], $_POST['title'], + $_POST['help'], $_POST['type'], $_POST['blockorder'], + $_POST['content'], $_POST['tid'], $_POST['rdfurl'], + $_POST['rdfupdated'], + COM_applyFilter ($_POST['rdflimit'], true), + $_POST['phpblockfn'], $_POST['onleft'], + $_POST['owner_id'], $_POST['group_id'], $_POST['perm_owner'], + $_POST['perm_group'], $_POST['perm_members'], + $_POST['perm_anon'], $_POST['is_enabled']); } else if ($mode == 'edit') { - $display .= COM_siteHeader () + $display .= COM_siteHeader ('menu', $LANG21[3]) . editblock ($bid) . COM_siteFooter (); } else if ($mode == 'move') { - $display .= COM_siteHeader(); + $display .= COM_siteHeader('menu', $LANG21[19]); $display .= moveBlock(); $display .= listblocks(); $display .= COM_siteFooter(); } else { // 'cancel' or no mode at all - $display .= COM_siteHeader (); + $display .= COM_siteHeader ('menu', $LANG21[19]); $msg = 0; - if (isset ($HTTP_POST_VARS['msg'])) { - $msg = COM_applyFilter ($HTTP_POST_VARS['msg'], true); - } else if (isset ($HTTP_GET_VARS['msg'])) { - $msg = COM_applyFilter ($HTTP_GET_VARS['msg'], true); + if (isset ($_POST['msg'])) { + $msg = COM_applyFilter ($_POST['msg'], true); + } else if (isset ($_GET['msg'])) { + $msg = COM_applyFilter ($_GET['msg'], true); } if ($msg > 0) { $display .= COM_showMessage ($msg); } - $display .= listblocks (); - $display .= COM_siteFooter (); + $display .= listblocks(); + + $display .= COM_siteFooter(); } echo $display; diff -ruN 1.3.11sr1/admin/database.php 1.4.0sr5-1/admin/database.php --- 1.3.11sr1/admin/database.php 2004-12-31 10:02:27.000000000 -0600 +++ 1.4.0sr5-1/admin/database.php 2006-08-08 02:39:06.000000000 -0500 @@ -2,18 +2,18 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.3 | +// | Geeklog 1.4 | // +---------------------------------------------------------------------------+ // | database.php | // | | // | Geeklog database backup administration page. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2004 by the following authors: | +// | Copyright (C) 2000-2005 by the following authors: | // | | -// | Authors: Tony Bibbs - tony@tonybibbs.com | -// | Blaine Lang - langmail@sympatico.ca | -// | Dirk Haun - dirk@haun-online.de | -// | Alexander Schmacks - Alexander.Schmacks@gmx.de | +// | Authors: Tony Bibbs - tony AT tonybibbs DOT com | +// | Blaine Lang - langmail AT sympatico DOT ca | +// | Dirk Haun - dirk AT haun-online DOT de | +// | Alexander Schmacks - Alexander.Schmacks AT gmx DOT de | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | @@ -32,7 +32,7 @@ // | | // +---------------------------------------------------------------------------+ // -// $Id: database.php,v 1.20 2004/11/21 10:13:34 dhaun Exp $ +// $Id: database.php,v 1.32 2005/12/28 10:11:50 dhaun Exp $ require_once('../lib-common.php'); require_once('auth.inc.php'); @@ -63,9 +63,72 @@ return ($lFiletimeA > $lFiletimeB) ? -1 : 1; } +function listbackups() +{ + global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_DB_BACKUP; + require_once( $_CONF['path_system'] . 'lib-admin.php' ); + $retval = ''; + + if (is_writable ($_CONF['backup_path'])) { + $backups = array(); + $fd = opendir($_CONF['backup_path']); + $index = 0; + while ((false !== ($file = @readdir ($fd)))) { + if ($file <> '.' && $file <> '..' && $file <> 'CVS' && + preg_match ('/\.sql$/i', $file)) { + $index++; + clearstatcache(); + $backups[] = $file; + } + } + // AS, 2004-03-29 - Sort backup files by date, newest first. + // Order given by 'readdir' might not be correct. + usort ($backups, 'compareBackupFiles'); + $backups = array_slice ($backups, 0, 10); + reset($backups); + + $data_arr = array(); + for ($i = 0; $i < count ($backups); $i++) { + $backupfile = $_CONF['backup_path'] . $backups[$i]; + $backupfilesize = COM_numberFormat (filesize ($backupfile)); + $data_arr[$i] = array('file' => $backups[$i], + 'size' => $backupfilesize . " " + .$LANG_DB_BACKUP['bytes'] . ""); + } + + $menu_arr = array ( + array('url' => $_CONF['site_admin_url'] + . '/database.php?mode=' . $LANG_DB_BACKUP['do_backup'], + 'text' => $LANG_ADMIN['create_new']), + array('url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home']) + ); + + $header_arr = array( # dislay 'text' and use table field 'field' + array('text' => $LANG_DB_BACKUP['backup_file'], 'field' => 'file'), + array('text' => $LANG_DB_BACKUP['size'], 'field' => 'size') + ); + + $text_arr = array('has_menu' => true, + 'instructions' => $LANG_DB_BACKUP['db_explanation'] + . "
" . sprintf ($LANG_DB_BACKUP['total_number'], $index), + 'icon' => $_CONF['layout_url'] . '/images/icons/database.' . $_IMAGE_TYPE, + 'title' => $LANG_DB_BACKUP['last_ten_backups'] + ); + $retval .= ADMIN_simpleList("", $header_arr, $text_arr, $data_arr, $menu_arr); + } else { + $retval .= COM_startBlock ($LANG08[06], '', + COM_getBlockTemplate ('_msg_block', 'header')); + $retval .= $LANG_DB_BACKUP['no_access']; + COM_errorLog ($_CONF['backup_path'] . ' is not writable.', 1); + $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); + } + return $retval; +} + $display = ''; -$display .= COM_siteHeader(); +$display .= COM_siteHeader ('menu', $LANG_DB_BACKUP['last_ten_backups']); // If user isn't a root user or if the backup feature is disabled, bail. if (!SEC_inGroup ('Root') OR $_CONF['allow_mysqldump'] == 0) { @@ -80,10 +143,10 @@ } // Perform the backup if asked -if (isset ($HTTP_POST_VARS['mode']) && - ($HTTP_POST_VARS['mode'] == $LANG_DB_BACKUP['do_backup'])) { +if (isset ($_GET['mode']) && + ($_GET['mode'] == $LANG_DB_BACKUP['do_backup'])) { if (is_dir ($_CONF['backup_path'])) { - $curdatetime = date ("Y_m_d"); + $curdatetime = date ("Y_m_d_H_i_s"); $backupfile = "{$_CONF['backup_path']}geeklog_db_backup_{$curdatetime}.sql"; $command = $_DB_mysqldump_path . " -h$_DB_host -u$_DB_user"; if (!empty ($_DB_pass)) { @@ -107,7 +170,8 @@ $display .= COM_startBlock ($MESSAGE[40] . ' - ' . $timestamp, '', COM_getBlockTemplate ('_msg_block', 'header')) . '' + . 'sysmessage.' . $_IMAGE_TYPE + . '" border="0" align="top" alt="">' . $LANG_DB_BACKUP['backup_successful'] . '

' . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); } else { @@ -139,66 +203,7 @@ // Show last ten backups -if(is_writable($_CONF['backup_path'])) { - $backups = array(); - $display .= COM_startBlock ($LANG_DB_BACKUP['last_ten_backups'], '', - COM_getBlockTemplate ('_admin_block', 'header')); - $fd = opendir($_CONF['backup_path']); - $index = 0; - while ((false !== ($file = @readdir ($fd)))) { - if ($file <> '.' && $file <> '..' && $file <> 'CVS' && - preg_match ('/\.sql$/i', $file)) { - $index++; - clearstatcache(); - $backups[] = $file; - } - } - if (is_array($backups) AND $index > 0) { - // AS, 2004-03-29 - Sort backup files by date, newest first. - // Order given by 'readdir' might not be correct. - usort ($backups, 'compareBackupFiles'); - $backups = array_slice ($backups, 0, 10); - reset($backups); - - $database = new Template ($_CONF['path_layout'] . 'admin/database'); - $database->set_file (array ('list' => 'listbackups.thtml', - 'row' => 'listitem.thtml')); - $database->set_var ('site_url', $_CONF['site_url']); - $database->set_var ('layout_url', $_CONF['layout_url']); - $database->set_var ('lang_backupfile', $LANG_DB_BACKUP['backup_file']); - $database->set_var ('lang_backupsize', $LANG_DB_BACKUP['size']); - $database->set_var ('lang_bytes', $LANG_DB_BACKUP['bytes']); - - for ($i = 1; $i <= count ($backups); $i++) { - $backupfile = $_CONF['backup_path'] . current ($backups); - $backupfilesize = filesize ($backupfile); - $database->set_var ('backup_file', current ($backups)); - $database->set_var ('backup_size', $backupfilesize); - $database->parse ('backup_item', 'row', true); - next($backups); - } - $database->set_var ('number_backups', - sprintf ($LANG_DB_BACKUP['total_number'], $index)); - $display .= $database->parse ('output', 'list'); - } else { - $display .= '

' . $LANG_DB_BACKUP['no_backups'] . '

'; - } - - // Show backup form - $display .= $LANG_DB_BACKUP['db_explanation']; - $display .= ''; - $display .= ''; - - $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); -} else { - $display .= COM_startBlock ($LANG08[06], '', - COM_getBlockTemplate ('_msg_block', 'header')); - $display .= $LANG_DB_BACKUP['no_access']; - COM_errorLog ($_CONF['backup_path'] . ' is not writable.', 1); - $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); -} +$display .= listbackups(); $display .= COM_siteFooter (); diff -ruN 1.3.11sr1/admin/event.php 1.4.0sr5-1/admin/event.php --- 1.3.11sr1/admin/event.php 2004-12-31 10:02:26.000000000 -0600 +++ 1.4.0sr5-1/admin/event.php 2006-08-08 02:39:06.000000000 -0500 @@ -2,18 +2,18 @@ /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ -// | Geeklog 1.3 | +// | Geeklog 1.4 | // +---------------------------------------------------------------------------+ // | event.php | // | | // | Geeklog event administration page. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2004 by the following authors: | +// | Copyright (C) 2000-2006 by the following authors: | // | | -// | Authors: Tony Bibbs - tony@tonybibbs.com | -// | Mark Limburg - mlimburg@users.sourceforge.net | -// | Jason Whittenburg - jwhitten@securitygeeks.com | -// | Dirk Haun - dirk@haun-online.de | +// | Authors: Tony Bibbs - tony AT tonybibbs DOT com | +// | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | +// | Jason Whittenburg - jwhitten AT securitygeeks DOT com | +// | Dirk Haun - dirk AT haun-online DOT de | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | @@ -32,7 +32,7 @@ // | | // +---------------------------------------------------------------------------+ // -// $Id: event.php,v 1.54 2004/12/11 14:54:49 dhaun Exp $ +// $Id: event.php,v 1.76 2006/01/28 12:16:28 dhaun Exp $ require_once ('../lib-common.php'); require_once ('auth.inc.php'); @@ -40,10 +40,7 @@ // Uncomment the line below if you need to debug the HTTP variables being passed // to the script. This will sometimes cause errors but it will allow you to see // the data being passed in a POST operation -// COM_debug($HTTP_POST_VARS); - -// number of events to list per page -define ('EVENTS_PER_PAGE', 50); +// COM_debug($_POST); $display = ''; @@ -75,8 +72,10 @@ */ function editevent ($mode, $A, $msg = '') { - global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG12, $LANG22, $LANG30, - $LANG_ACCESS, $_STATES; + global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG10, $LANG12, $LANG22, + $LANG30, $LANG_ACCESS, $_STATES, $LANG_ADMIN; + + require_once( $_CONF['path_system'] . 'lib-admin.php' ); $retval = ''; @@ -92,13 +91,15 @@ $event_templates->set_var('site_url', $_CONF['site_url']); $event_templates->set_var('site_admin_url', $_CONF['site_admin_url']); $event_templates->set_var('layout_url',$_CONF['layout_url']); + $event_templates->set_var('lang_allowed_html', COM_allowedHTML()); + $event_templates->set_var('lang_postmode', $LANG22[3]); if ($mode <> 'editsubmission' AND !empty($A['eid'])) { // Get what level of access user has to this object $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); if ($access == 0 OR $access == 2) { // Uh, oh! User doesn't have access to this object - $retval .= COM_startBlock ($LANG22[16], '', + $retval .= COM_startBlock ($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate ('_msg_block', 'header')); $retval .= $LANG22[17]; $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); @@ -112,12 +113,15 @@ } else { $A['group_id'] = SEC_getFeatureGroup ('event.edit'); } - $A['perm_owner'] = 3; - $A['perm_group'] = 2; - $A['perm_members'] = 2; - $A['perm_anon'] = 2; + SEC_setDefaultPermissions ($A, $_CONF['default_permissions_event']); $access = 3; } + + if ($mode == 'editsubmission') { + $event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'],'code,name','plaintext')); + } else { + $event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'],'code,name',$A['postmode'])); + } $retval .= COM_startBlock($LANG22[1], '', COM_getBlockTemplate ('_admin_block', 'header')); @@ -141,7 +145,10 @@ } $event_templates->set_var('event_id', $A['eid']); - $event_templates->set_var('lang_eventtitle', $LANG22[3]); + $event_templates->set_var('lang_eventtitle', $LANG_ADMIN['title']); + $A['title'] = str_replace('{','{',$A['title']); + $A['title'] = str_replace('}','}',$A['title']); + $A['title'] = str_replace('"','"',$A['title']); $event_templates->set_var('event_title', stripslashes ($A['title'])); $types = explode(',',$_CONF['event_types']); asort ($types); @@ -166,10 +173,18 @@ $event_templates->set_var('lang_starttime', $LANG12[42]); // Combine date/time for easier manipulation - $A['datestart'] = $A['datestart'] . ' ' . $A['timestart']; - $start_stamp = strtotime($A['datestart']); - $A['dateend'] = $A['dateend'] . ' ' . $A['timeend']; - $end_stamp = strtotime($A['dateend']); + $A['datestart'] = trim ($A['datestart'] . ' ' . $A['timestart']); + if (empty ($A['datestart'])) { + $start_stamp = time (); + } else { + $start_stamp = strtotime ($A['datestart']); + } + $A['dateend'] = trim ($A['dateend'] . ' ' . $A['timeend']); + if (empty ($A['dateend'])) { + $end_stamp = time (); + } else { + $end_stamp = strtotime ($A['dateend']); + } $start_month = date('m', $start_stamp); $start_day = date('d', $start_stamp); $start_year = date('Y', $start_stamp); @@ -282,15 +297,16 @@ $event_templates->set_var('lang_city',$LANG12[46]); $event_templates->set_var('event_city', stripslashes ($A['city'])); $event_templates->set_var('lang_state',$LANG12[47]); + $state_options = ''; - for ($i = 1; $i <= count($_STATES); $i++) { - $state_options .= ''; } + $event_templates->set_var('state_options',$state_options); $event_templates->set_var('lang_zipcode',$LANG12[48]); $event_templates->set_var('event_zipcode', $A['zipcode']); @@ -298,6 +314,8 @@ $event_templates->set_var('event_location', stripslashes ($A['location'])); $event_templates->set_var('lang_eventdescription', $LANG22[8]); $event_templates->set_var('event_description', stripslashes ($A['description'])); + $event_templates->set_var('lang_hits', $LANG10[30]); + $event_templates->set_var('hits', COM_numberFormat ($A['hits'])); $event_templates->set_var('lang_save', $LANG22[20]); $event_templates->set_var('lang_cancel', $LANG22[21]); @@ -347,6 +365,7 @@ * @param string $dateend Date the event ends on * @param string $location Where the event will be held at * @param string $description Description about the event +* @param string $postmode Is this HTML or plain text? * @param string $owner_id ID of owner * @param string $group_id ID of group event belongs to * @param string $perm_owner Permissions the owner has on event @@ -356,7 +375,7 @@ * @return string HTML redirect or error message * */ -function saveevent ($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $mode) +function saveevent ($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $mode) { global $_CONF, $_TABLES, $_USER, $LANG22; @@ -439,7 +458,12 @@ } // clean 'em up - $description = addslashes (COM_checkHTML (COM_checkWords ($description))); + if ($postmode == 'html') { + $description = COM_checkHTML (COM_checkWords ($description)); + } else { + $description = htmlspecialchars (COM_checkWords ($description)); + } + $description = addslashes ($description); $title = addslashes (COM_checkHTML (COM_checkWords ($title))); $location = addslashes (COM_checkHTML (COM_checkWords ($location))); $address1 = addslashes (COM_checkHTML (COM_checkWords ($address1))); @@ -470,17 +494,17 @@ if (!empty ($eid) AND !empty ($description) AND !empty ($title)) { DB_delete ($_TABLES['eventsubmission'], 'eid', $eid); - DB_save($_TABLES['events'],'eid,title,event_type,url,allday,datestart,dateend,timestart,timeend,location,address1,address2,city,state,zipcode,description,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon',"$eid,'$title','$event_type','$url',$allday,'$datestart','$dateend','$timestart','$timeend','$location','$address1','$address2','$city','$state','$zipcode','$description',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); + DB_save($_TABLES['events'],'eid,title,event_type,url,allday,datestart,dateend,timestart,timeend,location,address1,address2,city,state,zipcode,description,postmode,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon',"$eid,'$title','$event_type','$url',$allday,'$datestart','$dateend','$timestart','$timeend','$location','$address1','$address2','$city','$state','$zipcode','$description','$postmode',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon"); if (DB_count ($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query ("SELECT uid FROM {$_TABLES['personal_events']} WHERE eid = '{$eid}'"); $numrows = DB_numRows ($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray ($result); - DB_save ($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,city,state,zipcode,allday,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon,uid,location,timestart,timeend', - "$eid,'$title','$event_type','$datestart','$dateend','$address1','$address2','$city','$state','$zipcode',$allday,'$url','$description',$group_id,$owner_id,$perm_owner,$perm_group,$perm_members,$perm_anon,{$P['uid']},'$location','$timestart','$timeend'"); + DB_save ($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,city,state,zipcode,allday,url,description,postmode,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon,uid,location,timestart,timeend', + "$eid,'$title','$event_type','$datestart','$dateend','$address1','$address2','$city','$state','$zipcode',$allday,'$url','$description','$postmode',$group_id,$owner_id,$perm_owner,$perm_group,$perm_members,$perm_anon,{$P['uid']},'$location','$timestart','$timeend'"); } } - COM_rdfUpToDateCheck (); + COM_rdfUpToDateCheck ('geeklog', '::events', $eid); return COM_refresh ($_CONF['site_admin_url'] . '/event.php?msg=17'); } else { @@ -495,79 +519,50 @@ } } -/** -* lists all the events in the system -* -* @param int $page page number to display -* @return string HTML for list of events -* -*/ -function listevents ($page = 1) +function listevents() { - global $_CONF, $_TABLES, $LANG22, $LANG_ACCESS; - + global $_CONF, $_TABLES, $LANG_ADMIN, $LANG22, $LANG_ACCESS, $_IMAGE_TYPE; + require_once( $_CONF['path_system'] . 'lib-admin.php' ); $retval = ''; + $header_arr = array( # dislay 'text' and use table field 'field' + array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), + array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false), + array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), + array('text' => $LANG22[13], 'field' => 'username', 'sort' => true), + array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), + array('text' => $LANG22[14], 'field' => 'datestart', 'sort' => true), + array('text' => $LANG22[15], 'field' => 'dateend', 'sort' => true) + ); + + $defsort_arr = array('field' => 'datestart', 'direction' => 'desc'); + + $menu_arr = array ( + array('url' => $_CONF['site_admin_url'] . '/event.php?mode=edit', + 'text' => $LANG_ADMIN['create_new']), + array('url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home']) + ); + + $text_arr = array('has_menu' => true, + 'has_extras' => true, + 'title' => $LANG22[11], 'instructions' => $LANG22[12], + 'icon' => $_CONF['layout_url'] . '/images/icons/event.' + . $_IMAGE_TYPE, + 'form_url' => $_CONF['site_admin_url'] . "/event.php"); + + $sql = "SELECT {$_TABLES['events']}.*, {$_TABLES['users']}.username FROM {$_TABLES['events']} " + ."LEFT JOIN {$_TABLES['users']} ON {$_TABLES['events']}.owner_id={$_TABLES['users']}.uid " + ."WHERE 1 "; + + $query_arr = array('table' => 'events', + 'sql' => $sql, + 'query_fields' => array('title', 'datestart', 'dateend'), + 'default_filter' => COM_getPermSQL('AND')); - if ($page < 1) { - $page = 1; - } - - $retval .= COM_startBlock ($LANG22[11], '', - COM_getBlockTemplate ('_admin_block', 'header')); - - $event_templates = new Template($_CONF['path_layout'] . 'admin/event'); - $event_templates->set_file(array('list'=>'eventlist.thtml','row'=>'listitem.thtml')); - $event_templates->set_var('site_url', $_CONF['site_url']); - $event_templates->set_var('site_admin_url', $_CONF['site_admin_url']); - $event_templates->set_var('lang_newevent', $LANG22[18]); - $event_templates->set_var('lang_adminhome', $LANG22[19]); - $event_templates->set_var('lang_instructions', $LANG22[12]); - $event_templates->set_var('lang_eventtitle', $LANG22[13]); - $event_templates->set_var('lang_access', $LANG_ACCESS['access']); - $event_templates->set_var('lang_startdate', $LANG22[14]); - $event_templates->set_var('lang_enddate', $LANG22[15]); - $event_templates->set_var('layout_url',$_CONF['layout_url']); - - $limit = (EVENTS_PER_PAGE * ($page - 1)); - $result = DB_query ("SELECT * FROM {$_TABLES['events']}" . COM_getPermSQL () . " ORDER BY datestart DESC LIMIT $limit," . EVENTS_PER_PAGE); - $nrows = DB_numRows ($result); - for ($i = 0; $i < $nrows; $i++) { - $A = DB_fetchArray ($result); - $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], - $A['perm_owner'], $A['perm_group'], - $A['perm_members'], $A['perm_anon']); - if ($access == 3) { - $access = $LANG_ACCESS['edit']; - } else { - $access = $LANG_ACCESS['readonly']; - } - $ecount = (EVENTS_PER_PAGE * ($page - 1)) + $i + 1; - $event_templates->set_var('event_id', $A['eid']); - $event_templates->set_var('event_title', stripslashes ($A['title'])); - $event_templates->set_var('event_access', $access); - $event_templates->set_var('event_startdate', $A['datestart']); - $event_templates->set_var('event_enddate', $A['dateend']); - $event_templates->set_var('row_num', $ecount); - $event_templates->parse('event_row', 'row', true); - } - - $eresult = DB_query ("SELECT COUNT(*) AS count FROM {$_TABLES['events']}" . COM_getPermSQL ()); - $N = DB_fetchArray ($eresult); - $numevents = $N['count']; - if ($numevents > EVENTS_PER_PAGE) { - $baseurl = $_CONF['site_admin_url'] . '/event.php'; - $numpages = ceil ($numevents / EVENTS_PER_PAGE); - $event_templates->set_var ('google_paging', - COM_printPageNavigation ($baseurl, $page, $numpages)); - } else { - $event_templates->set_var ('google_paging', ''); - } - - $event_templates->parse('output', 'list'); - $retval .= $event_templates->finish($event_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); - + $retval .= ADMIN_list ("events", "ADMIN_getListField_events", $header_arr, $text_arr, + $query_arr, $menu_arr, $defsort_arr); return $retval; + } /** @@ -596,48 +591,46 @@ } // MAIN -if (count ($HTTP_POST_VARS) == 0) { - $http_input_vars = $HTTP_GET_VARS; -} else { - $http_input_vars = $HTTP_POST_VARS; -} -$mode = $http_input_vars['mode']; +$mode = ''; +if (isset($_REQUEST['mode'])) { + $mode = $_REQUEST['mode']; +} if (($mode == $LANG22[22]) && !empty ($LANG22[22])) { // delete - $eid = COM_applyFilter ($http_input_vars['eid']); + $eid = COM_applyFilter ($_REQUEST['eid']); if (!isset ($eid) || empty ($eid) || ($eid == 0)) { COM_errorLog ('Attempted to delete event eid=\'' - . $http_input_vars['eid'] . "'"); + . $_REQUEST['eid'] . "'"); $display .= COM_refresh ($_CONF['site_admin_url'] . '/event.php'); } else { $display .= deleteEvent ($eid); } } else if (($mode == $LANG22[20]) && !empty ($LANG22[20])) { // save - $display .= saveevent (COM_applyFilter ($HTTP_POST_VARS['eid']), - $HTTP_POST_VARS['title'], $HTTP_POST_VARS['event_type'], - $HTTP_POST_VARS['url'], $HTTP_POST_VARS['allday'], - $HTTP_POST_VARS['start_month'], $HTTP_POST_VARS['start_day'], - $HTTP_POST_VARS['start_year'], $HTTP_POST_VARS['start_hour'], - $HTTP_POST_VARS['start_minute'], $HTTP_POST_VARS['start_ampm'], - $HTTP_POST_VARS['end_month'], $HTTP_POST_VARS['end_day'], - $HTTP_POST_VARS['end_year'], $HTTP_POST_VARS['end_hour'], - $HTTP_POST_VARS['end_minute'], $HTTP_POST_VARS['end_ampm'], - $HTTP_POST_VARS['location'], $HTTP_POST_VARS['address1'], - $HTTP_POST_VARS['address2'], $HTTP_POST_VARS['city'], - $HTTP_POST_VARS['state'], $HTTP_POST_VARS['zipcode'], - $HTTP_POST_VARS['description'], $HTTP_POST_VARS['owner_id'], - $HTTP_POST_VARS['group_id'], $HTTP_POST_VARS['perm_owner'], - $HTTP_POST_VARS['perm_group'], $HTTP_POST_VARS['perm_members'], - $HTTP_POST_VARS['perm_anon'], $mode); + $display .= saveevent (COM_applyFilter ($_POST['eid']), + $_POST['title'], $_POST['event_type'], + $_POST['url'], $_POST['allday'], + $_POST['start_month'], $_POST['start_day'], + $_POST['start_year'], $_POST['start_hour'], + $_POST['start_minute'], $_POST['start_ampm'], + $_POST['end_month'], $_POST['end_day'], + $_POST['end_year'], $_POST['end_hour'], + $_POST['end_minute'], $_POST['end_ampm'], + $_POST['location'], $_POST['address1'], + $_POST['address2'], $_POST['city'], + $_POST['state'], $_POST['zipcode'], + $_POST['description'], $_POST['postmode'] , + $_POST['owner_id'], $_POST['group_id'], + $_POST['perm_owner'], $_POST['perm_group'], + $_POST['perm_members'], $_POST['perm_anon'], $mode); } else if ($mode == 'editsubmission') { - $id = COM_applyFilter ($http_input_vars['id']); + $id = COM_applyFilter ($_REQUEST['id']); $result = DB_query ("SELECT * FROM {$_TABLES['eventsubmission']} WHERE eid ='$id'"); $A = DB_fetchArray ($result); $display .= COM_siteHeader ('menu'); $display .= editevent ($mode, $A); $display .= COM_siteFooter (); } else if ($mode == 'clone') { - $eid = COM_applyFilter ($http_input_vars['eid']); + $eid = COM_applyFilter ($_REQUEST['eid']); $result = DB_query ("SELECT * FROM {$_TABLES['events']} WHERE eid ='$eid'"); $A = DB_fetchArray ($result); $A['eid'] = COM_makesid (); @@ -646,25 +639,25 @@ $display .= editevent ($mode, $A); $display .= COM_siteFooter (); } else if ($mode == 'edit') { - $eid = COM_applyFilter ($http_input_vars['eid']); + $eid = COM_applyFilter ($_REQUEST['eid']); if (empty ($eid)) { $A = array (); - $A['datestart'] = COM_applyFilter ($http_input_vars['datestart']); - $A['timestart'] = COM_applyFilter ($http_input_vars['timestart']); + $A['datestart'] = COM_applyFilter ($_REQUEST['datestart']); + $A['timestart'] = COM_applyFilter ($_REQUEST['timestart']); } else { $result = DB_query ("SELECT * FROM {$_TABLES['events']} WHERE eid ='$eid'"); $A = DB_fetchArray ($result); } - $display .= COM_siteHeader ('menu'); + $display .= COM_siteHeader ('menu', $LANG22[1]); $display .= editevent ($mode, $A); $display .= COM_siteFooter (); } else { // 'cancel' or no mode at all - $display .= COM_siteHeader ('menu'); - if (isset ($http_input_vars['msg'])) { - $display .= COM_showMessage (COM_applyFilter ($http_input_vars['msg'], + $display .= COM_siteHeader ('menu', $LANG22[11]); + if (isset ($_REQUEST['msg'])) { + $display .= COM_showMessage (COM_applyFilter ($_REQUEST['msg'], true)); } - $display .= listevents (COM_applyFilter ($http_input_vars['page'], true)); + $display .= listevents(); $display .= COM_siteFooter (); } diff -ruN 1.3.11sr1/admin/group.php 1.4.0sr5-1/admin/group.php --- 1.3.11sr1/admin/group.php 2004-12-31 10:02:26.000000000 -0600 +++ 1.4.0sr5-1/admin/group.php 2006-08-08 02:39:06.000000000 -0500 @@ -8,12 +8,12 @@ // | | // | Geeklog group administration page. | // +---------------------------------------------------------------------------+ -// | Copyright (C) 2000-2004 by the following authors: | +// | Copyright (C) 2000-2005 by the following authors: | // | | -// | Authors: Tony Bibbs - tony@tonybibbs.com | -// | Mark Limburg - mlimburg@users.sourceforge.net | -// | Jason Whittenburg - jwhitten@securitygeeks.com | -// | Dirk Haun - dirk@haun-online.de | +// | Authors: Tony Bibbs - tony AT tonybibbs DOT com | +// | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | +// | Jason Whittenburg - jwhitten AT securitygeeks DOT com | +// | Dirk Haun - dirk AT haun-online DOT de | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | @@ -32,7 +32,7 @@ // | | // +---------------------------------------------------------------------------+ // -// $Id: group.php,v 1.42 2004/10/19 10:52:48 dhaun Exp $ +// $Id: group.php,v 1.63 2005/12/22 14:39:46 ospiess Exp $ /** * This file is the Geeklog Group administration page @@ -54,11 +54,11 @@ // Uncomment the line below if you need to debug the HTTP variables being passed // to the script. This will sometimes cause errors but it will allow you to see // the data being passed in a POST operation -// echo COM_debug($HTTP_POST_VARS); +// echo COM_debug($_POST); $display = ''; -// Make sure user has rights to access this page +// Make sure user has rights to access this page if (!SEC_hasRights ('group.edit')) { $display .= COM_siteHeader ('menu'); $display .= COM_startBlock ($MESSAGE[30], '', @@ -78,15 +78,17 @@ * @return string HTML for group editor * */ -function editgroup($grp_id = '') +function editgroup($grp_id = '') { - global $_TABLES, $_CONF, $_USER, $LANG_ACCESS; + global $_TABLES, $_CONF, $_USER, $LANG_ACCESS, $VERBOSE; $retval = ''; $thisUsersGroups = SEC_getUserGroups (); - if (!empty ($grp_id) && ($grp_id > 0) && - !in_array ($grp_id, $thisUsersGroups)) { + if (!empty ($grp_id) && + ($grp_id > 0) && + !in_array ($grp_id, $thisUsersGroups) && + !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $thisUsersGroups)) { $retval .= COM_startBlock ($LANG_ACCESS['groupeditor'], '', COM_getBlockTemplate ('_msg_block', 'header')); if (!SEC_inGroup ('Root') && (DB_getItem ($_TABLES['groups'], @@ -116,7 +118,7 @@ $A['owner_id'] = $_USER['uid']; // this is the one instance where we default the group - // most topics should belong to the normal user group + // most topics should belong to the normal user group $A['group_id'] = DB_getItem($_TABLES['groups'],'grp_id',"grp_name = 'Normal User'"); $A['grp_gl_core'] = 0; } @@ -139,7 +141,7 @@ $group_templates->set_var('lang_groupname', $LANG_ACCESS['groupname']); - if ($A['grp_gl_core'] == 0) { + if ($A['grp_gl_core'] == 0) { $group_templates->set_var('groupname_inputtype', 'text'); $group_templates->set_var('groupname_static', ''); } else { @@ -155,7 +157,7 @@ //$groups = SEC_getUserGroups('','',$grp_id); $selected = ''; if (!empty($grp_id)) { - $tmp = DB_query("SELECT ug_main_grp_id FROM {$_TABLES['group_assignments']} WHERE ug_grp_id = $grp_id"); + $tmp = DB_query("SELECT ug_main_grp_id FROM {$_TABLES['group_assignments']} WHERE ug_grp_id = $grp_id"); $num_groups = DB_numRows($tmp); for ($x = 1; $x <= $num_groups; $x++) { $G = DB_fetchArray($tmp); @@ -283,7 +285,7 @@ * @return string HTML for rights * */ -function printrights ($grp_id = '', $core = 0) +function printrights ($grp_id = '', $core = 0) { global $_TABLES, $_USER, $LANG_ACCESS, $VERBOSE; @@ -302,7 +304,7 @@ } // now query for all available features - $features = DB_query ("SELECT ft_id,ft_name FROM {$_TABLES['features']}{$ftWhere} ORDER BY ft_name"); + $features = DB_query ("SELECT ft_id,ft_name,ft_descr FROM {$_TABLES['features']}{$ftWhere} ORDER BY ft_name"); $nfeatures = DB_numRows($features); if (!empty($grp_id)) { @@ -317,35 +319,35 @@ // Build an array of indirect features $grpftarray = array (); - for ($i = 0; $i < sizeof($indirectfeatures); $i++) { - $grpftarray[current($indirectfeatures)] = 'indirect'; + for ($i = 0; $i < sizeof($indirectfeatures); $i++) { + $grpftarray[current($indirectfeatures)] = 'indirect'; next($indirectfeatures); } - // Build an arrray of direct features + // Build an arrray of direct features $grpftarray1 = array (); $ndirect = DB_numRows($directfeatures); for ($i = 0; $i < $ndirect; $i++) { $A = DB_fetchArray($directfeatures); - $grpftarray1[$A['ft_name']] = 'direct'; + $grpftarray1[$A['ft_name']] = 'direct'; } - // Now merge the two arrays + // Now merge the two arrays $grpftarray = array_merge ($grpftarray, $grpftarray1); if ($VERBOSE) { // this is for debugging purposes for ($i = 1; $i < sizeof($grpftarray); $i++) { COM_errorLog("element $i is feature " . key($grpftarray) . " and is " . current($grpftarray),1); - next($grpftarray); + next($grpftarray); } } - } + } // OK, now loop through and print all the features giving edit rights // to only the ones that are direct features $ftcount = 0; $retval = '' . LB; - for ($i = 1; $i <= $nfeatures; $i++) { + for ($i = 1; $i <= $nfeatures; $i++) { if ($i > 0 AND ($i % 3 == 1)) { $retval .= "\n"; } @@ -355,14 +357,16 @@ $ftcount++; $retval .= ''; } else { // either this is an indirect right OR this is a core feature if ((($core == 1) AND ($grpftarray[$A['ft_name']] == 'indirect' OR $grpftarray[$A['ft_name']] == 'direct')) OR ($core == 0)) { $ftcount++; - $retval .= ''; + $retval .= ''; } } } @@ -370,7 +374,7 @@ // This group doesn't have rights to any features $retval .= ''; } - + $retval .= '' . LB; return $retval; @@ -388,14 +392,16 @@ * @return string HTML refresh or error message * */ -function savegroup ($grp_id, $grp_name, $grp_descr, $grp_gl_core, $features, $groups) +function savegroup ($grp_id, $grp_name, $grp_descr, $grp_gl_core, $features, $groups) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $VERBOSE; if (!empty ($grp_name) && !empty ($grp_descr)) { $GroupAdminGroups = SEC_getUserGroups (); - if (!empty ($grp_id) && ($grp_id > 0) && - !in_array ($grp_id, $GroupAdminGroups)) { + if (!empty ($grp_id) && + ($grp_id > 0) && + !in_array ($grp_id, $GroupAdminGroups) && + !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) { COM_accessLog ("User {$_USER['username']} tried to edit group '$grp_name' ($grp_id) with insufficient privileges."); return COM_refresh ($_CONF['site_admin_url'] . '/group.php'); @@ -407,6 +413,24 @@ return COM_refresh ($_CONF['site_admin_url'] . '/group.php'); } + // group names have to be unique, so check if this one exists already + $g_id = DB_getItem ($_TABLES['groups'], 'grp_id', + "grp_name = '$grp_name'"); + if ($g_id > 0) { + if (empty ($grp_id) || ($grp_id != $g_id)) { + // there already is a group with that name - complain + $retval .= COM_siteHeader ('menu', $LANG_ACCESS['groupeditor']); + $retval .= COM_startBlock ($LANG_ACCESS['groupexists'], '', + COM_getBlockTemplate ('_msg_block', 'header')); + $retval .= $LANG_ACCESS['groupexistsmsg']; + $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); + $retval .= editgroup ($grp_id); + $retval .= COM_siteFooter (); + + return $retval; + } + } + $grp_descr = COM_stripslashes ($grp_descr); $grp_descr = addslashes ($grp_descr); if (empty ($grp_id)) { @@ -474,7 +498,7 @@ echo COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49'); } else { - $retval .= COM_siteHeader ('menu'); + $retval .= COM_siteHeader ('menu', $LANG_ACCESS['groupeditor']); $retval .= COM_startBlock ($LANG_ACCESS['missingfields'], '', COM_getBlockTemplate ('_msg_block', 'header')); $retval .= $LANG_ACCESS['missingfieldsmsg']; @@ -483,62 +507,7 @@ $retval .= COM_siteFooter (); return $retval; - } -} - -/** -* Lists all the groups in the system -* -* @return string HTML for group listing -* -*/ -function listgroups() -{ - global $_TABLES, $_CONF, $LANG_ACCESS; - - $retval = COM_startBlock ($LANG_ACCESS['groupmanager'], '', - COM_getBlockTemplate ('_admin_block', 'header')); - - $group_templates = new Template($_CONF['path_layout'] . 'admin/group'); - $group_templates->set_file(array('list'=>'grouplist.thtml','row'=>'listitem.thtml')); - $group_templates->set_var('site_url', $_CONF['site_url']); - $group_templates->set_var('site_admin_url', $_CONF['site_admin_url']); - $group_templates->set_var('layout_url', $_CONF['layout_url']); - $group_templates->set_var('lang_newgroup', $LANG_ACCESS['newgroup']); - $group_templates->set_var('lang_adminhome', $LANG_ACCESS['adminhome']); - $group_templates->set_var('lang_instructions', $LANG_ACCESS['newgroupmsg']); - $group_templates->set_var('lang_groupname', $LANG_ACCESS['groupname']); - $group_templates->set_var('lang_description', $LANG_ACCESS['description']); - $group_templates->set_var('lang_coregroup', $LANG_ACCESS['coregroup']); - $group_templates->set_var('lang_action', $LANG_ACCESS['action']); - $group_templates->set_var('lang_edit', $LANG_ACCESS['edit']); - $group_templates->set_var('lang_list_users', $LANG_ACCESS['listusers']); - - $thisUsersGroups = SEC_getUserGroups (); - - $result = DB_query("SELECT * FROM {$_TABLES['groups']}"); - $nrows = DB_numRows($result); - for ($i = 0; $i < $nrows; $i++) { - $A = DB_fetchArray ($result); - if (in_array ($A['grp_id'], $thisUsersGroups)) { - if ($A['grp_gl_core'] == 1) { - $core = $LANG_ACCESS['yes']; - } else { - $core = $LANG_ACCESS['no']; - } - $group_templates->set_var ('group_id', $A['grp_id']); - $group_templates->set_var ('group_name', $A['grp_name']); - $group_templates->set_var ('group_description', $A['grp_descr']); - $group_templates->set_var ('group_core', $core); - $group_templates->set_var ('lang_list', $LANG_ACCESS['listthem']); - $group_templates->parse ('group_row', 'row', true); - } } - $group_templates->parse('output', 'list'); - $retval .= $group_templates->finish($group_templates->get_var('output')); - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); - - return $retval; } /** @@ -580,21 +549,21 @@ /** * Display a list of all users in a given group. * -* @param grp_id int group id -* @param curpage int page number -* @param query_limit int users per page -* @return string HTML for user listing +* @param grp_id int group id +* @return string HTML for user listing * */ -function listusers ($grp_id, $curpage = 1, $query_limit = 50) +function listusers ($grp_id) { - global $_TABLES, $_CONF, $LANG28, $LANG_ACCESS; - + global $_CONF, $_TABLES, $LANG28, $LANG_ACCESS, $LANG_ADMIN, $_IMAGE_TYPE; + require_once( $_CONF['path_system'] . 'lib-admin.php' ); $retval = ''; $thisUsersGroups = SEC_getUserGroups (); - if (!empty ($grp_id) && ($grp_id > 0) && - !in_array ($grp_id, $thisUsersGroups)) { + if (!empty ($grp_id) && + ($grp_id > 0) && + !in_array ($grp_id, $thisUsersGroups) && + !SEC_groupIsRemoteUserAndHaveAccess( $grp_id, $thisUsersGroups)) { $retval .= COM_startBlock ($LANG_ACCESS['usergroupadmin'], '', COM_getBlockTemplate ('_msg_block', 'header')); $retval .= $LANG_ACCESS['cantlistgroup']; @@ -603,67 +572,102 @@ return $retval; } - if ($curpage <= 0) { - $curpage = 1; - } - if ($query_limit == 0) { - $limit = 50; - } else { - $limit = $query_limit; + if ($_CONF['lastlogin']) { + $login_text = $LANG28[41]; + $login_field = 'lastlogin'; + } else { + $login_text = $LANG28[40]; + $login_field = 'regdate'; + } + + $header_arr = array ( + array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), + array('text' => $LANG28[37], 'field' => 'uid', 'sort' => true), + array('text' => $LANG28[3], 'field' => 'username', 'sort' => true), + array('text' => $LANG28[4], 'field' => 'fullname', 'sort' => true), + array('text' => $login_text, 'field' => $login_field, 'sort' => true), + array('text' => $LANG28[7], 'field' => 'email', 'sort' => true) + ); + + $defsort_arr = array ('field' => 'username', + 'direction' => 'asc' + ); + + $groupname = DB_getItem ($_TABLES['groups'], 'grp_name', + "grp_id = '$grp_id'"); + $headline = sprintf ($LANG_ACCESS['usersingroup'], $groupname); + + $text_arr = array ('has_menu' => false, + 'has_extras' => false, + 'title' => $headline, + 'instructions' => '', + 'icon' => '', + 'form_url' => '', + 'help_url' => '' + ); + + $join_userinfo = ''; + $select_userinfo = ''; + if ($_CONF['lastlogin']) { + $join_userinfo = "LEFT JOIN {$_TABLES['userinfo']} ON {$_TABLES['users']}.uid={$_TABLES['userinfo']}.uid "; + $select_userinfo = ",lastlogin "; } - $offset = (($curpage - 1) * $limit); $groups = getGroupList ($grp_id); $groupList = implode (',', $groups); - $sql = "FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1 AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; - $result = DB_query ("SELECT DISTINCT uid,username,fullname,email " . $sql - . " ORDER BY username LIMIT $offset,$limit"); - $nrows = DB_numRows ($result); - - $cntresult = DB_query ("SELECT COUNT(DISTINCT {$_TABLES['users']}.uid) AS count " . $sql); - $C = DB_fetchArray ($cntresult); - $num_pages = ceil ($C['count'] / $limit); - - $headline = sprintf ($LANG_ACCESS['usersingroup'], - DB_getItem ($_TABLES['groups'], 'grp_name', - "grp_id = '$grp_id'")); - $retval .= COM_startBlock ($headline . ' (' . $C['count'] . ')', '', - COM_getBlockTemplate ('_admin_block', 'header')); + $sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email,photo,regdate$select_userinfo FROM {$_TABLES['users']},{$_TABLES['group_assignments']} $join_userinfo WHERE {$_TABLES['users']}.uid > 1 AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; - $user_templates = new Template ($_CONF['path_layout'] . 'admin/user'); - $user_templates->set_file (array ('list' => 'plainlist.thtml', - 'row' => 'listitem.thtml')); - $user_templates->set_var ('site_url', $_CONF['site_url']); - $user_templates->set_var ('site_admin_url', $_CONF['site_admin_url']); - $user_templates->set_var ('layout_url', $_CONF['layout_url']); - $user_templates->set_var ('lang_adminhome', $LANG28[16]); - $user_templates->set_var ('lang_username', $LANG28[3]); - $user_templates->set_var ('lang_fullname', $LANG28[4]); - $user_templates->set_var ('lang_emailaddress', $LANG28[7]); + $query_arr = array ('table' => 'users', + 'sql' => $sql, + 'query_fields' => array('username', 'email', 'fullname'), + 'default_filter' => "AND {$_TABLES['users']}.uid > 1", + 'query' => $_REQUEST['q'], + 'query_limit' => COM_applyFilter ($_REQUEST['query_limit'], true) + ); - for ($i = 0; $i < $nrows; $i++) { - $A = DB_fetchArray ($result); - $user_templates->set_var ('user_id', $A['uid']); - $user_templates->set_var ('username', $A['username']); - $user_templates->set_var ('user_fullname', $A['fullname']); - $user_templates->set_var ('user_email', $A['email']); - $user_templates->parse ('user_row', 'row', true); - } + $retval .= ADMIN_list ('user', 'ADMIN_getListField_users', $header_arr, $text_arr, $query_arr, array(), $defsort_arr, "&mode=listusers&grp_id=$grp_id"); - if ($num_pages > 1) { - $base_url = $_CONF['site_admin_url'] - . '/group.php?mode=listusers&grp_id=' . $grp_id; - $user_templates->set_var ('google_paging', - COM_printPageNavigation ($base_url, $curpage, $num_pages)); - } else { - $user_templates->set_var ('google_paging', ''); - } - $user_templates->parse ('output', 'list'); - $retval .= $user_templates->finish ($user_templates->get_var ('output')); + return $retval; +} - $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); +function listgroups() +{ + global $LANG_ADMIN, $LANG_ACCESS, $_IMAGE_TYPE, $_CONF, $_TABLES; + require_once( $_CONF['path_system'] . 'lib-admin.php' ); + $retval = ""; + + $header_arr = array( # display 'text' and use table field 'field' + array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), + array('text' => $LANG_ACCESS['groupname'], 'field' => 'grp_name', 'sort' => true), + array('text' => $LANG_ACCESS['description'], 'field' => 'grp_descr', 'sort' => true), + array('text' => $LANG_ACCESS['coregroup'], 'field' => 'grp_gl_core', 'sort' => true), + array('text' => $LANG_ACCESS['listusers'], 'field' => 'list', 'sort' => false) + ); + + $defsort_arr = array('field' => 'grp_name', 'direction' => 'asc'); + + $menu_arr = array ( + array('url' => $_CONF['site_admin_url'] . '/group.php?mode=edit', + 'text' => $LANG_ADMIN['create_new']), + array('url' => $_CONF['site_admin_url'], + 'text' => $LANG_ADMIN['admin_home'])); + + $text_arr = array('has_menu' => true, + 'has_extras' => true, + 'title' => $LANG_ACCESS['groupmanager'], + 'instructions' => $LANG_ACCESS['newgroupmsg'], + 'icon' => $_CONF['layout_url'] . '/images/icons/group.' + . $_IMAGE_TYPE, + 'form_url' => $_CONF['site_admin_url'] . "/group.php"); + + $query_arr = array('table' => 'groups', + 'sql' => "SELECT * FROM {$_TABLES['groups']} WHERE 1", + 'query_fields' => array('grp_name', 'grp_descr'), + 'default_filter' => ""); + $retval .= ADMIN_list ("groups", "ADMIN_getListField_groups", $header_arr, $text_arr, + $query_arr, $menu_arr, $defsort_arr); return $retval; } @@ -682,7 +686,7 @@ } else { $groups = getGroupList ($group_id); $groupList = implode (',', $groups); - $sql = "FROM {$_TABLES['users']},{$_TABLES['group_assignments']} + $sql = "FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1 AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; $result = DB_query ("SELECT DISTINCT uid,username " . $sql . " ORDER BY username"); while(list($uid,$username) = DB_fetchArray($result)) { @@ -696,11 +700,15 @@ function editusers ($group) { - global $_CONF, $_TABLES, $_USER, $LANG_ACCESS; + global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG28; $thisUsersGroups = SEC_getUserGroups (); - if (!empty ($group) && ($group > 0) && - !in_array ($group, $thisUsersGroups)) { + $groupName = DB_getItem($_TABLES['groups'],'grp_name',"grp_id='$group'"); + if (!empty ($group) && + ($group > 0) && + !in_array ($group, $thisUsersGroups) && + !SEC_groupIsRemoteUserAndHaveAccess($group, $thisUsersGroups) + ) { $retval .= COM_startBlock ($LANG_ACCESS['usergroupadmin'], '', COM_getBlockTemplate ('_msg_block', 'header')); if (!SEC_inGroup ('Root') && (DB_getItem ($_TABLES['groups'], @@ -715,13 +723,16 @@ return $retval; } - $retval .= COM_startBlock ($LANG_ACCESS['usergroupadmin'] , '', + $retval .= COM_startBlock ($LANG_ACCESS['usergroupadmin'] . " - $groupName" , '', COM_getBlockTemplate ('_admin_block', 'header')); $groupmembers = new Template($_CONF['path_layout'] . 'admin/group'); $groupmembers->set_file (array ('groupmembers'=>'groupmembers.thtml')); $groupmembers->set_var ('site_url', $_CONF['site_url']); $groupmembers->set_var ('site_admin_url', $_CONF['site_admin_url']); + $groupmembers->set_var ('layout_url', $_CONF['layout_url']); $groupmembers->set_var ('phpself', $_CONF['site_admin_url'] . '/group.php'); + $groupmembers->set_var('lang_adminhome', $LANG_ACCESS['adminhome']); + $groupmembers->set_var('lang_instructions', $LANG_ACCESS['editgroupmsg']); $groupmembers->set_var ('LANG_sitemembers',$LANG_ACCESS['availmembers']); $groupmembers->set_var ('LANG_grpmembers',$LANG_ACCESS['groupmembers']); $groupmembers->set_var ('sitemembers', grp_selectUsers($group,true) ); @@ -730,6 +741,7 @@ $groupmembers->set_var ('LANG_remove',$LANG_ACCESS['remove']); $groupmembers->set_var('lang_save', $LANG_ACCESS['save']); $groupmembers->set_var('lang_cancel', $LANG_ACCESS['cancel']); + $groupmembers->set_var ('lang_grouplist', $LANG28[38]); $groupmembers->set_var ('group_id',$group); $groupmembers->parse ('output', 'groupmembers'); $retval .= $groupmembers->finish($groupmembers->get_var('output')); @@ -771,7 +783,7 @@ } $GroupAdminGroups = SEC_getUserGroups (); - if (!in_array ($grp_id, $GroupAdminGroups)) { + if (!in_array ($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) { COM_accessLog ("User {$_USER['username']} tried to delete group $grp_id with insufficient privileges."); return COM_refresh ($_CONF['site_admin_url'] . '/group.php'); @@ -788,16 +800,14 @@ } // MAIN -$http_input_vars = array(); -if (count ($HTTP_POST_VARS) == 0) { - $http_input_vars = $HTTP_GET_VARS; -} else { - $http_input_vars = $HTTP_POST_VARS; +$mode = ''; +if (isset($_REQUEST['mode'])) { + $mode = $_REQUEST['mode']; } -$mode = $http_input_vars['mode']; + if (($mode == $LANG_ACCESS['delete']) && !empty ($LANG_ACCESS['delete'])) { - $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true); + $grp_id = COM_applyFilter ($_REQUEST['grp_id'], true); if (!isset ($grp_id) || empty ($grp_id) || ($grp_id == 0)) { COM_errorLog ('Attempted to delete group grp_id=' . $grp_id); $display .= COM_refresh ($_CONF['site_admin_url'] . '/group.php'); @@ -805,39 +815,35 @@ $display .= deleteGroup ($grp_id); } } else if (($mode == $LANG_ACCESS['save']) && !empty ($LANG_ACCESS['save'])) { - $display .= savegroup ($HTTP_POST_VARS['grp_id'], - $HTTP_POST_VARS['grp_name'], - $HTTP_POST_VARS['grp_descr'], - $HTTP_POST_VARS['grp_gl_core'], - $HTTP_POST_VARS['features'], - $HTTP_POST_VARS[$_TABLES['groups']]); + $display .= savegroup ($_POST['grp_id'], $_POST['grp_name'], + $_POST['grp_descr'], $_POST['grp_gl_core'], + $_POST['features'], $_POST[$_TABLES['groups']]); } else if ($mode == 'savegroupusers') { - $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true); - $display .= savegroupusers ($grp_id, $HTTP_POST_VARS['groupmembers']); + $grp_id = COM_applyFilter ($_REQUEST['grp_id'], true); + $display .= savegroupusers ($grp_id, $_POST['groupmembers']); } else if ($mode == 'edit') { - $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true); - $display .= COM_siteHeader ('menu'); + $grp_id = COM_applyFilter ($_REQUEST['grp_id'], true); + $display .= COM_siteHeader ('menu', $LANG_ACCESS['groupeditor']); $display .= editgroup ($grp_id); $display .= COM_siteFooter (); } else if ($mode == 'listusers') { - $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true); - $page = COM_applyFilter ($http_input_vars['page'], true); + $grp_id = COM_applyFilter ($_REQUEST['grp_id'], true); $display .= COM_siteHeader ('menu'); - $display .= listusers ($grp_id, $page); + $display .= listusers ($grp_id); $display .= COM_siteFooter (); } else if ($mode == 'editusers') { - $grp_id = COM_applyFilter ($http_input_vars['grp_id'], true); - $page = COM_applyFilter ($http_input_vars['page'], true); + $grp_id = COM_applyFilter ($_REQUEST['grp_id'], true); + $page = COM_applyFilter ($_REQUEST['page'], true); $display .= COM_siteHeader ('menu'); $display .= editusers ($grp_id, $page); $display .= COM_siteFooter (); } else { // 'cancel' or no mode at all - $display .= COM_siteHeader ('menu'); - if (isset ($http_input_vars['msg'])) { - $display .= COM_showMessage (COM_applyFilter ($http_input_vars['msg'], true)); + $display .= COM_siteHeader ('menu', $LANG28[38]); + if (isset ($_REQUEST['msg'])) { + $display .= COM_showMessage (COM_applyFilter ($_REQUEST['msg'], true)); } - $display .= listgroups (); - $display .= COM_siteFooter (); + $display .= listgroups(); + $display .= COM_siteFooter(); } echo $display; diff -ruN 1.3.11sr1/admin/install/addindex.php 1.4.0sr5-1/admin/install/addindex.php --- 1.3.11sr1/admin/install/addindex.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/addindex.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1,145 @@ + +// Initial version +// 2002-11-24 0.2 Dirk Haun +// Added key names for the indexes, added authentication check + +require_once('../../lib-common.php'); + +if (!SEC_inGroup ('Root')) { + COM_errorLog ("Access denied to {$PHP_SELF} for user {$_USER['username']}, IP=" . $_SERVER['REMOTE_ADDR']); + $display = COM_siteHeader('menu'); + $display .= COM_startBlock($LANG20[1]); + $display .= $LANG20[6]; + $display .= COM_endBlock(); + $display .= COM_siteFooter(); + echo $display; + exit; +} + +// $_DEBUG = 1; + +// list according to Jeff's post on geeklog-devel (2002-10-14) +// plus stories.hits (Rob Griffiths) plus group_assignments.ug_uid +// + +$index['comments'] = "cid,type,sid,date,uid"; +$index['stories'] = "sid,tid,date,uid,frontpage,featured,hits"; +$index['blocks'] = "bid,is_enabled,tid,type"; +$index['events'] = "eid,datestart,dateend,event_type"; +$index['links'] = "lid,category,date"; +$index['pollquestions'] = "qid,date,display,commentcode,statuscode"; +$index['staticpage'] = "sp_id,sp_uid,sp_date,sp_onmenu"; +$index['userindex'] = "uid,noboxes,maxstories"; +$index['group_assignments'] = "ug_main_grp_id,ug_uid"; + + +echo COM_siteHeader('menu'); +echo COM_startBlock("Updating indexes ..."); + +foreach ($index as $table=>$fields) { + + $idx = explode (",", $fields); + + echo "

Table: {$_TABLES[$table]}

"; + + if ($_DEBUG) { + echo "

Wanted: "; + foreach ($idx as $id) { + echo "$id, "; + } + echo "

"; + } + + $result = DB_query ("show index from {$_TABLES[$table]}"); + $nrows = DB_numRows ($result); + $exidx = array (); + for ($i = 0; $i < $nrows; $i++) { + $A = DB_fetchArray ($result); + $exidx[] = $A['Column_name']; + } + $newidx = array_diff ($idx, $exidx); + + if ($_DEBUG) { + echo "

Existing: "; + foreach ($exidx as $ex) { + echo "$ex, "; + } + echo "

"; + } + + if ($_DEBUG) { + echo "

Need to add: "; + foreach ($newidx as $ne) { + echo "$ne, "; + } + echo "

"; + } + + if (sizeof ($newidx) > 0) { + echo "

Adding indexes ...
"; + foreach ($newidx as $ne) { + $idxname = $table . '_' . $ne; + echo "Adding index \"$idxname\""; + flush (); + + $idxtimer = new timerobject (); + $idxtimer->setPercision (4); + $idxtimer->startTimer (); + + DB_query("ALTER TABLE {$_TABLES[$table]} ADD INDEX $idxname ($ne)"); + + $idxtime = $idxtimer->stopTimer (); + $idxtimer->setPercision (4); + echo " in $idxtime seconds
"; + } + echo "Done!

"; + } else { + echo "

No index to add for table {$_TABLES[$table]}

"; + } + + echo "
"; +} + +echo COM_endBlock(); +echo COM_siteFooter(); + +?> diff -ruN 1.3.11sr1/admin/install/check.php 1.4.0sr5-1/admin/install/check.php --- 1.3.11sr1/admin/install/check.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/check.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1,225 @@ + +* +*/ + +require_once ('../../lib-common.php'); + +$numTests = 7; // total number of tests to perform +$successful = 0; // number of successful tests +$failed = 0; // number of failed tests +$notTested = 0; // number of tests that were skipped (for disabled features) + +echo '' . LB; +echo '' . LB; +echo '' . LB; +echo 'Geeklog installation check' . LB; +echo '' . LB; +echo '' . LB; +echo '

Testing your Geeklog installation ...

' . LB; + +echo '

Testing logs directory ' . $_CONF['path_log'] . ' ...
' . LB; +$errfile = @fopen ($_CONF['path_log'] . 'error.log', 'a'); +if ($errfile) fclose ($errfile); +$accfile = @fopen ($_CONF['path_log'] . 'access.log', 'a'); +if ($accfile) fclose ($accfile); + +if (!$errfile || !$accfile) { + echo 'Could not open '; + if (!$errfile) { + echo 'error.log '; + } + if (!$errfile && !$accfile) { + echo 'and '; + } + if (!$accfile) { + echo 'access.log '; + } + echo 'for writing.
Please check that you have set the logs directory and the files error.log and access.log in that directory to chmod 775.' . LB; + $logPerms = sprintf ("%3o", @fileperms ($_CONF['path_log']) & 0777); + $errPerms = sprintf ("%3o", @fileperms ($_CONF['path_log'] . 'error.log') & 0777); + $accPerms = sprintf ("%3o", @fileperms ($_CONF['path_log'] . 'access.log') & 0777); + echo '

'.$LANG20[04].' 
'; + $retval .= ' checked="checked"'; + } + $retval .= '>' . $A['ft_name'] + . '     (' . $A['ft_name'] . ')     (' . $A['ft_name'] . ')' . $LANG_ACCESS['grouphasnorights'] . '
' . LB; + echo "" . LB; + echo "" . LB; + echo "" . LB; + echo '
Current permissions for logs$logPerms
Current permissions for error.log$errPerms
Current permissions for access.log$accPerms
' . LB; + $failed++; +} else { + echo 'logs directory and the error.log and access.log files are okay.' . LB; + $successful++; +} + +echo '

Testing backend directory ' . SYND_getFeedPath() . ' ...
' . LB; +if ($_CONF['backend'] > 0) { + if (!$file = @fopen ($_CONF['rdf_file'], 'w')) { + echo 'Could not open the RSS file ' . $_CONF['rdf_file'] . ' for writing.
Please check that you have set both the backend directory and the geeklog.rss file in that directory to chmod 775.' . LB; + $endPerms = sprintf ("%3o", @fileperms (SYND_getFeedPath()) & 0777); + $rdfPerms = sprintf ("%3o", @fileperms ($_CONF['rdf_file']) & 0777); + echo '' . LB; + echo "" . LB; + echo "" . LB; + echo '
Current permissions for backend$endPerms
Current permissions for geeklog.rss$rdfPerms
' . LB; + $failed++; + } else { + fclose ($file); + echo 'backend directory and the geeklog.rss file are okay.' . LB; + $successful++; + } +} else { + echo '

Export of Geeklog headlines is switched off - backend directory not tested.

' . LB; + $notTested++; +} + +if ($_CONF['allow_user_photo'] > 0) { + echo '

Testing userphotos directory ' . $_CONF['path_images'] . 'userphotos/ ...
' . LB; + if (!$file = @fopen ($_CONF['path_images'] . 'userphotos/test.gif', 'w')) { + echo 'Could not write to ' . $_CONF['path_images'] . 'userphotos/.
Please make sure this directory exists and is set to chmod 775.
' . LB; + echo 'Current permissions for userphotos: ' . sprintf ("%3o", @fileperms ($_CONF['path_images'] . 'userphotos/') & 0777); + $failed++; + } else { + fclose ($file); + unlink ($_CONF['path_images'] . 'userphotos/test.gif'); + echo 'userphotos directory is okay.' . LB; + $successful++; + } +} else { + echo '

User photos are disabled - userphotos directory not tested.' . LB; + $notTested++; +} + +if ($_CONF['maximagesperarticle'] > 0) { + echo '

Testing articles directory ' . $_CONF['path_images'] . 'articles/ ...
' . LB; + if (!$file = @fopen ($_CONF['path_images'] . 'articles/test.gif', 'w')) { + echo 'Could not write to ' . $_CONF['path_images'] . 'articles/.
Please make sure this directory exists and is set to chmod 775.
' . LB; + echo 'Current permissions for articles: ' . sprintf ("%3o", @fileperms ($_CONF['path_images'] . 'articles/') & 0777); + $failed++; + } else { + fclose ($file); + unlink ($_CONF['path_images'] . 'articles/test.gif'); + echo 'articles directory is okay.' . LB; + $successful++; + } +} else { + echo '

Images in articles are disabled - articles directory not tested.' . LB; + $notTested++; +} + +echo '

Testing topics directory ' . $_CONF['path_images'] . 'topics/ ...
' . LB; +if (!$file = @fopen ($_CONF['path_images'] . 'topics/test.gif', 'w')) { + echo 'Could not write to ' . $_CONF['path_images'] . 'topics/.
Please make sure this directory exists and is set to chmod 775.
' . LB; + echo 'Current permissions for topics: ' . sprintf ("%3o", @fileperms ($_CONF['path_images'] . 'articles/') & 0777); + $failed++; +} else { + fclose ($file); + unlink ($_CONF['path_images'] . 'topics/test.gif'); + echo 'topics directory is okay.' . LB; + $successful++; +} + +/* + +if ($_CONF['pdf_enabled'] != 0) { + echo '

Testing pdfs directory ' . $_CONF['path_pdf'] . ' ...
' . LB; + if (!$file = @fopen ($_CONF['path_pdf'] . 'test.pdf', 'w')) { + echo 'Could not write to ' . $_CONF['path_pdf'] . '.
Please make sure this directory exists and is set to chmod 775.
' . LB; + echo 'Current permissions for pdfs: ' . sprintf ("%3o", @fileperms ($_CONF['path_pdf']) & 0777); + $failed++; + } else { + fclose ($file); + unlink ($_CONF['path_pdf'] . 'test.pdf'); + echo 'pdfs directory is okay.' . LB; + $successful++; + } +} else { + echo '

PDF support is disabled - pdfs directory not tested.' . LB; + $notTested++; +} + +*/ + +if ($_CONF['allow_mysqldump'] == 1) { + echo '

Testing backups directory ' . $_CONF['backup_path'] . ' ...
' . LB; + if (!$file = @fopen ($_CONF['backup_path'] . 'test.txt', 'w')) { + echo 'Could not write to ' . $_CONF['backup_path'] . '.
Please make sure this directory exists and is set to chmod 775.
' . LB; + echo 'Current permissions for backups: ' . sprintf ("%3o", @fileperms ($_CONF['backup_path']) & 0777); + $failed++; + } else { + fclose ($file); + unlink ($_CONF['backup_path'] . 'test.txt'); + echo 'backups directory is okay.' . LB; + $successful++; + } +} else { + echo '

Database backups are disabled - backups directory not tested.' . LB; + $notTested++; +} + +echo '

Testing data directory ' . $_CONF['path_data'] . ' ...
' . LB; +if (!$file = @fopen ($_CONF['path_data'] . 'test.txt', 'w')) { + echo 'Could not write to ' . $_CONF['path_data'] . '.
Please make sure this directory exists and is set to chmod 775.
' . LB; + echo 'Current permissions for data: ' . sprintf ("%3o", @fileperms ($_CONF['path_data']) & 0777); + $failed++; +} else { + fclose ($file); + unlink ($_CONF['path_data'] . 'test.txt'); + echo 'data directory is okay.' . LB; + $successful++; +} + +echo "

Results: " . ($numTests - $notTested) . " of $numTests tests performed: $successful successful, "; +if ($failed > 0) { + echo "$failed failed.

" . LB; +} else { + echo "$failed failed.

" . LB; +} + +if ($failed > 0) { + echo '

Test failed!

'; + echo '

Warning! Your Geeklog site is not set up properly. Please fix the errors listed above!

'; + echo '

Note: If the above instructions tell you to chmod files and/or directories to 775 but they already are at 775, try chmod 777 instead.

'; +} else { + echo '

Test passed

'; + echo '

Congratulations! Your Geeklog site is set up properly and ready to go.

'; +} + +echo '' . LB; +echo '' . LB; + +?> diff -ruN 1.3.11sr1/admin/install/configinfo.php 1.4.0sr5-1/admin/install/configinfo.php --- 1.3.11sr1/admin/install/configinfo.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/configinfo.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1,91 @@ + +* +*/ + +if (file_exists ('../../../config.php')) { + require_once('../../../config.php'); +} else if (file_exists ('../../lib-common.php')) { + require_once('../../lib-common.php'); +} else { + die ("Sorry, config.php not found ..."); +} + +$highlight_on = '#EFEFEF'; +$highlight_off = '#D9D9D9'; + +if (isset ($_CONF['site_url']) && + strpos ($_CONF['site_url'], 'example.com') === false) { + $docs = $_CONF['site_url'] . '/docs/config.html#desc_'; +} else { + $docs = '../../docs/config.html#desc_'; +} + +$display = "\nconfig.php\n\n"; +$n = 0; +$display .= ''; + +foreach($_CONF as $option => $value) { + $display .= ''; + } else { + $display .= ' style="background-color: ' . $highlight_off . '">'; + } + $display .= ''; + if (is_array($value)) { + ob_start(); + print_r($value); + $value=nl2br(ob_get_contents()); + ob_end_clean(); + } elseif (is_bool ($value)) { + $value = ($value === false) ? 'false' : 'true'; + } elseif (eregi('[a-z]+html', $option)) { + $value = htmlentities($value); + } elseif (!isset($value)) { + $value = ' '; + } + $display .= ''; + $display .= ''; + $n++; +} +$display .= "
$_CONF[\'' . $option . '\']' . $value . '
\n\n"; + +echo $display; diff -ruN 1.3.11sr1/admin/install/info.php 1.4.0sr5-1/admin/install/info.php --- 1.3.11sr1/admin/install/info.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/info.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1 @@ + diff -ruN 1.3.11sr1/admin/install/install.php 1.4.0sr5-1/admin/install/install.php --- 1.3.11sr1/admin/install/install.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/install.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1,951 @@ + 4) || (($phpv[0] == 4) && ($phpv[1] > 0)) || + (($phpv[0] == 4) && ($phpv[1] == 0) && ($phpv[2] > 4))) { + $mysqlv = mysql_get_server_info(); + } + + if (!empty ($mysqlv)) { + preg_match ('/^([0-9]+).([0-9]+).([0-9]+)/', $mysqlv, $match); + $mysqlmajorv = $match[1]; + $mysqlminorv = $match[2]; + $mysqlrev = $match[3]; + } else { + $mysqlmajorv = 0; + $mysqlminorv = 0; + $mysqlrev = 0; + } + mysql_close (); + + return array ($mysqlmajorv, $mysqlminorv, $mysqlrev); +} + +/** +* Shows welcome page and gets location of /path/to/geeklog/. NOTE: this +* Doesn't use the template class because we need to know the path to geeklog +* before we can include it. +* +*/ +function INST_welcomePage() +{ + global $_DB_dbms; + + $retval = ''; + + $retval .= '' . LB; + $retval .= '' . LB; + $retval .= '' . LB; + $retval .= 'Geeklog ' . VERSION . ' Installation' . LB; + $retval .= '' . LB; + $retval .= '' . LB; + + // check the minimum requirements + + $phpv = php_v (); + if (($phpv[0] < 4) || (($phpv[0] == 4) && ($phpv[1] < 1))) { + $retval .= '

PHP 4.1.0 required

' . LB; + $retval .= '

Sorry, but Geeklog now requires at least PHP 4.1.0 to run. Please upgrade your PHP install or ask your hosting service to do it for you.

' . LB; + $retval .= '' . LB . '' . LB; + + return $retval; + } + + if ($_DB_dbms == 'mysql') { + $myv = mysql_v (); + if (($myv[0] < 3) || (($myv[0] == 3) && ($myv[1] < 23)) || + (($myv[0] == 3) && ($myv[1] == 23) && ($myv[2] < 2))) { + $retval .= '

MySQL 3.23.2 required

' . LB; + $retval .= '

Sorry, but Geeklog now requires at least MySQL 3.23.2 to run. Please upgrade your MySQL install or ask your hosting service to do it for you.

' . LB; + $retval .= '' . LB . '' . LB; + + return $retval; + } + } + + // prepare some hints about what /path/to/geeklog might be ... + $thisFile = __FILE__; + $thisFile = strtr ($thisFile, '\\', '/'); // replace all '\' with '/' + $glPath = $thisFile; + $posted = false; + for ($i = 0; $i < 4; $i++) { + $remains = strrchr ($glPath, '/'); + if ($remains === false) { + break; + } else { + $glPath = substr ($glPath, 0, -strlen ($remains)); + } + } + if (!file_exists ($glPath . '/config.php')) { + $glPath = ''; + } + if (empty ($glPath) && !empty ($_POST['geeklog_path'])) { + $glPath = $_POST['geeklog_path']; + $posted = true; + } + + $retval .= '

Geeklog Installation (Step 1 of 2)

' . LB; + $retval .= '

Welcome and thank you for choosing Geeklog. You are only 2 steps away from having Geeklog ' . VERSION . ' running on your system.

' . LB; + $retval .= "

If you haven't already done so, you should edit config.php prior to running this script. This script will then apply the database structures for both fresh installations and upgrades.

" . LB; + + $retval .= '

Upgrading

' . LB; + $retval .= '

Before we get started it is important that if you are upgrading an existing Geeklog installation you back up your database AND your file system. This installation script will alter your Geeklog database. Also, if you are upgrading from version 1.3 or older you may need your old lib-database.php file so be sure to save a copy of this file. YOU HAVE BEEN WARNED!

' . LB; + $retval .= '

Please make sure to select the correct Geeklog version you are coming from on the next screen. This script will do incremental upgrades after this version (i.e. you can upgrade directly from any old version to ' . VERSION . ').

' . LB; + $retval .= '

Please note this script will not upgrade any beta or release candidate versions of Geeklog.

' . LB; + + $globals_off = false; + $long_arrays_off = false; + $public_html = false; + $warn_message = ''; + $help_message = ''; + + if (strpos ($_SERVER['PHP_SELF'], 'public_html') !== false) { + $public_html = true; + } + + if (!ini_get ('register_globals')) { + $globals_off = true; + $warn_message .= 'register_globals = Off'; + $help_message .= 'register_globals = On'; + } + + $phpv = php_v (); + if (($phpv[0] >= 5) && !ini_get ('register_long_arrays')) { + $long_arrays_off = true; + if (!empty ($warn_message)) { + $warn_message .= ' and '; + } + $warn_message .= 'register_long_arrays = Off'; + if (!empty ($help_message)) { + $help_message .= ' and '; + } + $help_message .= 'register_long_arrays = On'; + } + + if ($globals_off || $long_arrays_off || $public_html) { + $retval .= '

Important Note

' . LB; + + if ($public_html) { + $retval .= '

Note: "public_html" should never be part of your site\'s URL. Please read the part about public_html in the installation instructions again and change your setup accordingly before you proceed.

'; + } + + if ($globals_off || $long_arrays_off) { + $retval .= '

Note: You have ' + . $warn_message .' in your php.ini. While Geeklog itself will work just fine with that setting, some of the available plugins and add-ons may not. You may want to set ' + . $help_message . ' (and restart your webserver) if you plan to install any of those add-ons.

' . LB; + $retval .= '

If you don\'t know where your php.ini file is located, please click here.

' . LB; + } + } + + $retval .= '

Installation Options

' . LB; + $install_options = ''.LB; + $install_options .= ''.LB; + $retval .= '
' . LB; + $retval .= '' . LB; + $retval .= ''.LB; + $retval .= ''.LB; + $retval .= ''; + $retval .= '' . LB; + $retval .= '
Installation Type: 
Path to Geeklog\'s config.php: 


Hint: The complete path to this file is ' . $thisFile; + if (!empty ($glPath) && !$posted) { + $retval .= '
and it appears your Path to Geeklog is ' . $glPath; + } + $retval .= '

' . LB; + $retval .= '' . LB; + $retval .= '
' . LB; + $retval .= '' . LB; + $retval .= '' . LB; + + return $retval; +} + +function INST_identifyGeeklogVersion () +{ + global $_TABLES, $_DB, $_DB_dbms; + + $_DB->setDisplayError (true); + + // simple tests for the version of the database: + // "DESCRIBE sometable somefield", '' + // => just test that the field exists + // "DESCRIBE sometable somefield", 'somefield,sometype' + // => test that the field exists and is of the given type + // + // Should always include a test for the current version so that we can + // warn the user if they try to run the update again. + + $test = array( + '1.4.0' => array("DESCRIBE {$_TABLES['users']} remoteusername",''), + '1.3.11' => array("DESCRIBE {$_TABLES['comments']} sid", 'sid,varchar(40)'), + '1.3.10' => array("DESCRIBE {$_TABLES['comments']} lft",''), + '1.3.9' => array("DESCRIBE {$_TABLES['syndication']} fid",''), + '1.3.8' => array("DESCRIBE {$_TABLES['userprefs']} showonline",'') + + // It's hard to (reliably) test for 1.3.7 - let's just hope nobody uses + // such an old version any more ... + ); + + $version = ''; + + if ($_DB_dbms == 'mysql') { + foreach ($test as $v => $qarray) { + $result = DB_query ($qarray[0], 1); + if ($result === false) { + // error - continue with next test + } else if (DB_numRows ($result) > 0) { + $A = DB_fetchArray ($result); + if (empty ($qarray[1])) { + // test only for existence of field - succeeded + $version = $v; + break; + } else { + // test for certain type of field + $tst = explode (',', $qarray[1]); + + if (($A['Field'] == $tst[0]) && ($A['Type'] == $tst[1])) { + $version = $v; + break; + } + } + } + } + } + + return $version; +} + +function INST_getDatabaseSettings($install_type, $geeklog_path) +{ + global $_CONF, $_TABLES; + + $db_templates = new Template ($_CONF['path_system'] . 'install_templates'); + $db_templates->set_file (array ('db' => 'databasesettings.tpl')); + $db_templates->set_var ('geeklog_path', $geeklog_path); + + if ($install_type == 'upgrade_db') { + $db_templates->set_var ('upgrade', 1); + + $old_versions = array('1.2.5-1','1.3','1.3.1','1.3.2','1.3.2-1','1.3.3','1.3.4','1.3.5','1.3.6','1.3.7','1.3.8','1.3.9','1.3.10','1.3.11'); + + $curv = INST_identifyGeeklogVersion (); + if (empty ($curv)) { + $curv = $old_versions[count ($old_versions) - 1]; + } + if ($curv == VERSION) { + $versiondd = 'Database already up to date!' . LB + . '

It looks like your database is already up to date. You probably ran the upgrade before. If you need to run the upgrade again, please re-install your database backup first!'; + $nextbutton = ''; + } else { + $versiondd = 'Current Geeklog Version:'; + $nextbutton = ''; + } + $db_templates->set_var ('UPGRADE_OPTIONS', $versiondd); + $db_templates->set_var ('DB_TABLE_OPTIONS', ''); + $db_templates->set_var ('NEXT_BUTTON', $nextbutton); + + } else { + + // This is a fresh installation + $db_templates->set_var ('upgrade', 0); + + if (innodb_supported ()) { + $innodb_option = ''; + $innodb_option .= '

Using InnoDB tables may improve performance on (very) large sites, but makes database backups more complicated. Leave the option unchecked unless you know what you\'re doing.

'; + $innodb_option .= ' Use InnoDB tables'; + $innodb_option .= ''; + $db_templates->set_var ('UPGRADE_OPTIONS', $innodb_option); + } else { + $db_templates->set_var ('UPGRADE_OPTIONS', + ' '); + } + $nextbutton = ''; + $db_templates->set_var ('NEXT_BUTTON', $nextbutton); + } + + return $db_templates->parse('output','db'); +} + +function INST_createDatabaseStructures ($use_innodb = false) +{ + global $_CONF, $_TABLES, $_DB, $_DB_dbms, $_DB_host, $_DB_user, $_DB_pass; + + $_DB->setDisplayError (true); + + // Because the create table syntax can vary from dbms-to-dbms we are + // leaving that up to each database driver (e.g. mysql.class.php, + // postgresql.class.php, etc) + + // Get DBMS-specific create table array and data array + require_once ($_CONF['path'] . 'sql/' . $_DB_dbms . '_tableanddata.php'); + + $progress = ''; + + if ($_DB_dbms == 'mysql') { + + foreach ($_SQL as $sql) { + + if ($use_innodb) { + $sql = str_replace ('MyISAM', 'InnoDB', $sql); + } + + DB_query ($sql); + } + + } else { // in the highly unlikely event that we're not on MySQL ... + + foreach ($_SQL as $sql) { + DB_query ($sql); + } + + } + + // Now insert mandatory data and a small subset of initial data + foreach ($_DATA as $data) { + $progress .= "executing " . $data . "
\n"; + DB_query ($data); + } + + if ($_DB_dbms == 'mysql') { + + // let's try and personalize the Admin account a bit ... + + if (strpos ($_CONF['site_mail'], 'example.com') === false) { + DB_query ("UPDATE {$_TABLES['users']} SET email = '" . addslashes ($_CONF['site_mail']) . "' WHERE uid = 2"); + } + if (strpos ($_CONF['site_url'], 'example.com') === false) { + DB_query ("UPDATE {$_TABLES['users']} SET homepage = '" . addslashes ($_CONF['site_url']) . "' WHERE uid = 2"); + } + } + + return true; +} + +/** +* Check for InnoDB table support (usually as of MySQL 4.0, but may be +* available in earlier versions, e.g. "Max" or custom builds). +* +* @return true = InnoDB tables supported, false = not supported +* +*/ +function innodb_supported() +{ + $result = DB_query ("SHOW VARIABLES LIKE 'have_innodb'"); + $A = DB_fetchArray ($result, true); + + if (strcasecmp ($A[1], 'yes') == 0) { + $retval = true; + } else { + $retval = false; + } + + return $retval; +} + + +/* +* Checks for Static Pages Version +* +* @return 0 = not installed, 1 = original plugin, 2 = plugin by Phill or Tom, 3 = v1.3 (center block, etc.), 4 = 1.4 ('in block' flag) +* +*/ +function get_SP_Ver() +{ + global $_TABLES; + + $retval = 0; + + if (DB_count ($_TABLES['plugins'], 'pi_name', 'staticpages') > 0) { + $result = DB_query ("DESCRIBE {$_TABLES['staticpage']}"); + $numrows = DB_numRows ($result); + + $retval = 1; // assume v1.1 for now ... + + for ($i = 0; $i < $numrows; $i++) { + $A = DB_fetchArray ($result, true); + if ($A[0] == 'sp_nf') { + $retval = 3; // v1.3 + } elseif ($A[0] == 'sp_pos') { + $retval = 2; // v1.2 + } elseif ($A[0] == 'sp_inblock') { + $retval = 4; // v1.4 + break; + } + } + } + + return $retval; +} + +/** +* Check if the SpamX plugin is already installed +* +* @return int 1 = is installed, 0 = not installed +* +*/ +function get_SPX_Ver() +{ + global $_TABLES; + + $retval = 0; + + if (DB_count ($_TABLES['plugins'], 'pi_name', 'spamx') == 1) { + $retval = 1; + } + + return $retval; +} + +function INST_doDatabaseUpgrades($current_gl_version, $table_prefix) +{ + global $_TABLES, $_CONF, $_SP_CONF, $_DB, $_DB_dbms, $_DB_table_prefix; + + $_DB->setDisplayError (true); + + // Because the upgrade sql syntax can vary from dbms-to-dbms we are + // leaving that up to each Geeklog database driver + + $done = false; + $progress = ''; + while ($done == false) { + switch ($current_gl_version) { + case '1.2.5-1': + // Get DMBS-specific update sql + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.2.5-1_to_1.3.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + $progress .= "executing " . current($_SQL) . "
\n"; + DB_query(current($_SQL)); + next($_SQL); + } + // OK, now we need to add all users except anonymous to the All Users group and Logged in users group + // I can hard-code these group numbers because the group table was JUST created with these numbers + $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE uid <> 1"); + $nrows = DB_numRows($result); + for ($i = 1; $i <= $nrows; $i++) { + $U = DB_fetchArray($result); + DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (2, {$U['uid']}, NULL)"); + DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (13, {$U['uid']}, NULL)"); + } + // Now take care of any orphans off the user table...and let me curse MySQL lack for supporting foreign + // keys at this time ;-) + $result = DB_query("SELECT MAX(uid) FROM {$_TABLES['users']}"); + $ITEM = DB_fetchArray($result); + $max_uid = $ITEM[0]; + if (!empty($max_uid) AND $max_uid <> 0) { + DB_query("DELETE FROM {$_TABLES['userindex']} WHERE uid > $max_uid"); + DB_query("DELETE FROM {$_TABLES['userinfo']} WHERE uid > $max_uid"); + DB_query("DELETE FROM {$_TABLES['userprefs']} WHERE uid > $max_uid"); + DB_query("DELETE FROM {$_TABLES['usercomment']} WHERE uid > $max_uid"); + } + $current_gl_version = '1.3'; + $_SQL = ''; + break; + case '1.3': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3_to_1.3.1.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + $progress .= "executing " . current($_SQL) . "
\n"; + DB_query(current($_SQL)); + next($_SQL); + } + $current_gl_version = '1.3.1'; + $_SQL = ''; + break; + case '1.3.1': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.1_to_1.3.2.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + $progress .= "executing " . current($_SQL) . "
\n"; + DB_query(current($_SQL)); + next($_SQL); + } + $current_gl_version = '1.3.2-1'; + $_SQL = ''; + break; + case '1.3.2': + case '1.3.2-1': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.2-1_to_1.3.3.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + $progress .= "executing " . current($_SQL) . "
\n"; + DB_query(current($_SQL)); + next($_SQL); + } + // Now we need to switch how user blocks are stored. Right now we only store the blocks the + // user wants. This will switch it to store the ones they don't want which allows us to add + // new blocks and ensure they are shown to the user. + $result = DB_query("SELECT {$_TABLES['users']}.uid,boxes FROM {$_TABLES['users']},{$_TABLES['userindex']} WHERE boxes IS NOT NULL AND boxes <> '' AND {$_TABLES['users']}.uid = {$_TABLES['userindex']}.uid"); + $nrows = DB_numRows($result); + for ($i = 1; $i <= $nrows; $i++) { + $row = DB_fetchArray($result); + $ublocks = str_replace(' ',',',$row['boxes']); + $result2 = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ($ublocks)"); + $newblocks = ''; + for ($x = 1; $x <= DB_numRows($result2); $x++) { + $curblock = DB_fetchArray($result2); + if ($curblock['name'] <> 'user_block' AND $curblock['name'] <> 'admin_block' AND $curblock['name'] <> 'section_block') { + $newblocks .= $curblock['bid']; + if ($x <> DB_numRows($result2)) { + $newblocks .= ' '; + } + } + } + DB_query("UPDATE {$_TABLES['userindex']} SET boxes = '$newblocks' WHERE uid = {$row['uid']}"); + } + $current_gl_version = '1.3.3'; + $_SQL = ''; + break; + case '1.3.3': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.3_to_1.3.4.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + + $current_gl_version = '1.3.4'; + $_SQL = ''; + break; + case '1.3.4': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.4_to_1.3.5.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + $result = DB_query("SELECT ft_id FROM {$_TABLES['features']} WHERE ft_name = 'user.mail'"); + $row = DB_fetchArray($result); + $mail_ft = $row['ft_id']; + $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = 'Mail Admin'"); + $row = DB_fetchArray($result); + $group_id = $row['grp_id']; + DB_query("INSERT INTO {$_TABLES['access']} (acc_grp_id, acc_ft_id) VALUES ($group_id, $mail_ft)"); + + $current_gl_version = '1.3.5'; + $_SQL = ''; + break; + case '1.3.5': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.5_to_1.3.6.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + + if (!empty ($_DB_table_prefix)) { + DB_query ("RENAME TABLE staticpage TO {$_TABLES['staticpage']}"); + } + + $current_gl_version = '1.3.6'; + $_SQL = ''; + break; + case '1.3.6': + // fix wrong permissions value + DB_query ("UPDATE {$_TABLES['topics']} SET perm_anon = 2 WHERE perm_anon = 3"); + + // check for existence of 'date' field in gl_links table + DB_query ("SELECT date FROM {$_TABLES['links']}", 1); + $dterr = DB_error (); + if (strpos ($dterr, 'date') > 0) { + DB_query ("ALTER TABLE {$_TABLES['links']} ADD date datetime default NULL"); + } + + // Fix primary key so that more than one user can add an event + // to his/her personal calendar. + DB_query ("ALTER TABLE {$_TABLES['personal_events']} DROP PRIMARY KEY, ADD PRIMARY KEY (eid,uid)"); + + $current_gl_version = '1.3.7'; + $_SQL = ''; + break; + case '1.3.7': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.7_to_1.3.8.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + + // upgrade Static Pages plugin + $spversion = get_SP_ver (); + if ($spversion == 1) { // original version + DB_query ("ALTER TABLE {$_TABLES['staticpage']} " + . "ADD COLUMN group_id mediumint(8) unsigned DEFAULT '1'," + . "ADD COLUMN owner_id mediumint(8) unsigned DEFAULT '1'," + . "ADD COLUMN perm_owner tinyint(1) unsigned DEFAULT '3'," + . "ADD COLUMN perm_group tinyint(1) unsigned DEFAULT '2'," + . "ADD COLUMN perm_members tinyint(1) unsigned DEFAULT '2'," + . "ADD COLUMN perm_anon tinyint(1) unsigned DEFAULT '2'," + . "ADD COLUMN sp_php tinyint(1) unsigned DEFAULT '0'," + . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," + . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," + . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," + . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'"); + DB_query ("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) VALUES ('staticpages.PHP','Ability to use PHP in static pages')"); + $php_id = DB_insertId (); + $group_id = DB_getItem ($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'"); + DB_query ("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ($php_id, $group_id)"); + } elseif ($spversion == 2) { // extended version by Phill or Tom + DB_query ("ALTER TABLE {$_TABLES['staticpage']} " + . "DROP COLUMN sp_pos," + . "DROP COLUMN sp_search_keywords," + . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," + . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," + . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," + . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'"); + } + + if ($spversion > 0) { + // update plugin version number + DB_query ("UPDATE {$_TABLES['plugins']} SET pi_version = '1.3', pi_gl_version = '1.3.8' WHERE pi_name = 'staticpages'"); + + // remove Static Pages 'lock' flag + DB_query ("DELETE FROM {$_TABLES['vars']} WHERE name = 'staticpages'"); + + // remove Static Pages Admin group id + DB_query ("DELETE FROM {$_TABLES['vars']} WHERE name = 'sp_group_id'"); + + if ($spversion == 1) { + $result = DB_query ("SELECT DISTINCT sp_uid FROM {$_TABLES['staticpage']}"); + $authors = DB_numRows ($result); + for ($i = 0; $i < $authors; $i++) { + $A = DB_fetchArray ($result); + DB_query ("UPDATE {$_TABLES['staticpage']} SET owner_id = '{$A['sp_uid']}' WHERE sp_uid = '{$A['sp_uid']}'"); + } + } + + $result = DB_query ("SELECT sp_label FROM {$_TABLES['staticpage']} WHERE sp_title = 'Frontpage'"); + if (DB_numRows ($result) > 0) { + $A = DB_fetchArray ($result); + if ($A['sp_label'] == 'nonews') { + DB_query ("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_where = 0 WHERE sp_title = 'Frontpage'"); + } else if (!empty ($A['sp_label'])) { + DB_query ("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_title = '{$A['sp_label']}' WHERE sp_title = 'Frontpage'"); + } else { + DB_query ("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1 WHERE sp_title = 'Frontpage'"); + } + } + } + + $current_gl_version = '1.3.8'; + $_SQL = ''; + break; + case '1.3.8': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.8_to_1.3.9.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + + $pos = strrpos ($_CONF['rdf_file'], '/'); + $filename = substr ($_CONF['rdf_file'], $pos + 1); + $sitename = addslashes ($_CONF['site_name']); + $siteslogan = addslashes ($_CONF['site_slogan']); + DB_query ("INSERT INTO {$_TABLES['syndication']} (title, description, limits, content_length, filename, charset, language, is_enabled, updated, update_info) VALUES ('{$sitename}', '{$siteslogan}', '{$_CONF['rdf_limit']}', {$_CONF['rdf_storytext']}, '{$filename}', '{$_CONF['default_charset']}', '{$_CONF['rdf_language']}', {$_CONF['backend']}, '0000-00-00 00:00:00', NULL)"); + + // upgrade static pages plugin + $spversion = get_SP_ver (); + if ($spversion > 0) { + if ($spversion < 4) { + if (!isset ($_SP_CONF['in_block'])) { + $_SP_CONF['in_block'] = 1; + } else if ($_SP_CONF['in_block'] > 1) { + $_SP_CONF['in_block'] = 1; + } else if ($_SP_CONF['in_block'] < 0) { + $_SP_CONF['in_block'] = 0; + } + DB_query ("ALTER TABLE {$_TABLES['staticpage']} ADD COLUMN sp_inblock tinyint(1) unsigned DEFAULT '{$_SP_CONF['in_block']}'"); + } + DB_query ("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4', pi_gl_version = '1.3.9' WHERE pi_name = 'staticpages'"); + } + + // recreate 'date' field for old links + $result = DB_query ("SELECT lid FROM {$_TABLES['links']} WHERE date IS NULL"); + $num = DB_numRows ($result); + if ($num > 0) { + for ($i = 0; $i < $num; $i++) { + $A = DB_fetchArray ($result); + + $myyear = substr ($A['lid'], 0, 4); + $mymonth = substr ($A['lid'], 4, 2); + $myday = substr ($A['lid'], 6, 2); + $myhour = substr ($A['lid'], 8, 2); + $mymin = substr ($A['lid'], 10, 2); + $mysec = substr ($A['lid'], 12, 2); + + $mtime = mktime ($myhour, $mymin, $mysec, + $mymonth, $myday, $myyear); + $date = date ("Y-m-d H:i:s", $mtime); + DB_query ("UPDATE {$_TABLES['links']} SET date = '$date' WHERE lid = '{$A['lid']}'"); + } + } + + // remove unused entries left over from deleted groups + $result = DB_query ("SELECT grp_id FROM {$_TABLES['groups']}"); + $num = DB_numRows ($result); + $groups = array (); + for ($i = 0; $i < $num; $i++) { + $A = DB_fetchArray ($result); + $groups[] = $A['grp_id']; + } + $grouplist = '(' . implode (',', $groups) . ')'; + + DB_query ("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_main_grp_id NOT IN $grouplist) OR (ug_grp_id NOT IN $grouplist)"); + + $current_gl_version = '1.3.9'; + $_SQL = ''; + break; + case '1.3.9': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.9_to_1.3.10.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + commentsToPreorderTree(); + + $result = DB_query ("SELECT sid,introtext,bodytext FROM {$_TABLES['stories']}"); + $numStories = DB_numRows ($result); + for ($i = 0; $i < $numStories; $i++) { + $A = DB_fetchArray ($result); + $related = addslashes (implode ("\n", UPDATE_extractLinks ($A['introtext'] . ' ' . $A['bodytext']))); + if (empty ($related)) { + DB_query ("UPDATE {$_TABLES['stories']} SET related = NULL WHERE sid = '{$A['sid']}'"); + } else { + DB_query ("UPDATE {$_TABLES['stories']} SET related = '$related' WHERE sid = '{$A['sid']}'"); + } + } + + $spversion = get_SP_ver (); + if ($spversion > 0) { + // no database changes this time, but set new version number + DB_query ("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.1', pi_gl_version = '1.3.10' WHERE pi_name = 'staticpages'"); + } + + // install SpamX plugin + // (also handles updates from version 1.0) + install_spamx_plugin (); + + $current_gl_version = '1.3.10'; + $_SQL = ''; + break; + case '1.3.10': + require_once($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.10_to_1.3.11.php'); + for ($i = 1; $i <= count($_SQL); $i++) { + DB_query(current($_SQL)); + next($_SQL); + } + + $current_gl_version = '1.3.11'; + $_SQL = ''; + break; + + case '1.3.11': + require_once ($_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.11_to_1.4.0.php'); + for ($i = 0; $i < count ($_SQL); $i++) { + DB_query (current ($_SQL)); + next ($_SQL); + } + + upgrade_addFeature (); + upgrade_uniqueGroupNames (); + + $current_gl_version = '1.4.0'; + $_SQL = ''; + break; + + default: + $done = true; + } + } + return true; +} + +// Main +if (isset ($_POST['page'])) { + $page = $_POST['page']; +} else { + $page = 0; +} + +if (isset ($_POST['action']) && ($_POST['action'] == '<< Previous')) { + $page = 0; +} + +// If possible, load the config file so we can get current settings. If we +// can't then that means this is a fresh installation OR they want to start +// with our system defaults. + +// Include template class if we got it +if ($page > 0) { + $geeklog_path = trim ($_POST['geeklog_path']); + $notapath = false; + if (!empty ($geeklog_path)) { + // do some sanity checks ... + + if (strpos ($geeklog_path, 'http:') !== false) { + $notapath = true; + } + if (strpos ($geeklog_path, 'config.php') !== false) { + $pos = strpos ($geeklog_path, 'config.php'); + if ($pos + strlen ('config.php') == strlen ($geeklog_path)) { + // strip 'config.php' silently ... + $geeklog_path = substr ($geeklog_path, 0, $pos); + } + } + + // silently fix the usual problems with slashes ... + $geeklog_path = str_replace ('\\', '/', $geeklog_path); + $geeklog_path = str_replace ('//', '/', $geeklog_path); + while (substr ($geeklog_path, -1) == '/') { + $geeklog_path = substr ($geeklog_path, 0, -1); + } + } + + if (!$notapath && !empty ($geeklog_path) && file_exists ($geeklog_path . '/config.php')) { + require_once($geeklog_path . '/system/classes/template.class.php'); + require_once($geeklog_path . '/config.php'); + require_once($geeklog_path . '/system/lib-database.php'); + } else { + $display = '' . LB; + $display .= '' . LB; + $display .= 'Geeklog Installation - Error' . LB; + $display .= '' . LB; + $display .= '

Geeklog Installation - Error

' . LB; + if ($notapath) { + $display .= '

' . $_POST['geeklog_path'] . ' is not a path.
Please enter the path to where config.php can be found on your webserver\'s file system.

'; + } else { + $display .= '

Geeklog could not find config.php in the path you just entered: ' . $_POST['geeklog_path'] . '
' . LB; + $display .= 'Please check this path and try again. Remember that you should be using absolute paths, starting at the root of your file system.

' . LB; + } + $display .= '
' . LB; + $display .= '

' . LB . '
'; + $display .= '' . LB . ''; + echo $display; + exit; + } +} + +$display = ''; + +switch ($page) { +case 1: + if ($_POST['install_type'] == 'complete_upgrade') { + $upgrade = 1; + } else { + $upgrade = 0; + } + $display .= INST_getDatabaseSettings ($_POST['install_type'], + $_POST['geeklog_path']); + break; + +case 2: + if (!empty ($_POST['version'])) { + if (INST_doDatabaseUpgrades ($_POST['version'], $_POST['prefix'])) { + // Great, installation is complete + // Done with installation...redirect to success page + echo ''; + } + } else { + $use_innodb = false; + if (isset ($_POST['innodb']) && ($_POST['innodb'] == 'on')) { + $use_innodb = true; + } + if (INST_createDatabaseStructures ($use_innodb)) { + // Done with installation...redirect to success page + echo ''; + // Great, installation is complete + } + } + break; + +default: + // Ok, let's display a welcome page + $display .= INST_welcomePage(); + break; +} + +echo $display; + +?> diff -ruN 1.3.11sr1/admin/install/success.php 1.4.0sr5-1/admin/install/success.php --- 1.3.11sr1/admin/install/success.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/success.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1,29 @@ +Installation of Geeklog ' . VERSION . ' complete!'; + +$display .= '

Congratulations, you have successfully installed Geeklog. Please take a minute to read the information displayed below.

'; + +$display .= '

Then click here to go to your site\'s front page and learn about the default login.

'; + +$display .= '

Check Permissions

'; +$display .= '

Geeklog requires certain files and directories to be writable. To check if those are set up properly, please use this script.

'; + +$display .= '

Security Warning

'; +$display .= '

Once your site is up and running, don\'t forget to remove the install directory, ' . $_CONF['path_html'] . 'admin/install, and change the password of the default \'Admin\' account.

'; + +// note for those upgrading from Geeklog 1.2.5-1 or older +if (DB_count ($_TABLES['users'], 'username', 'NewAdmin') > 0) { + $display .= '

Note: Because the security model has been changed, we have created a new account with the rights you need to administer your new site. The username for this new account is NewAdmin and the password is password

.'; +} + +$display .= COM_endBlock (); +$display .= COM_siteFooter (); + +echo $display; + +?> diff -ruN 1.3.11sr1/admin/install/toinnodb.php 1.4.0sr5-1/admin/install/toinnodb.php --- 1.3.11sr1/admin/install/toinnodb.php 1969-12-31 18:00:00.000000000 -0600 +++ 1.4.0sr5-1/admin/install/toinnodb.php 2006-08-08 02:39:06.000000000 -0500 @@ -0,0 +1,107 @@ +This may take a while ...

' . LB; + flush (); + + $opt_time = new timerobject (); + $opt_time->startTimer (); + + $result = DB_query ("SHOW TABLES"); + $numTables = DB_numRows ($result); + for ($i = 0; $i < $numTables; $i++) { + $A = DB_fetchArray ($result, true); + if (in_array ($A[0], $_TABLES)) { + DB_query ("ALTER TABLE $A[0] TYPE=InnoDB"); + } + } + + $exectime = $opt_time->stopTimer (); + + echo '

Changing ' . sizeof ($_TABLES) . ' tables to InnoDB took ' + . $exectime . ' seconds.

' . LB; + +} else { + + echo '

Sorry, your database does not support InnoDB tables.

' . LB; + +} + +echo COM_endBlock (); +echo COM_siteFooter (); + +?> diff -ruN 1.3.11sr1/admin/link.php 1.4.0sr5-1/admin/link.php --- 1.3.11sr1/admin/link.php 2004-12-31 10:02:26.000000000 -0600 +++ 1.4.0sr5-1/admin/link.php 1969-12-31 18:00:00.000000000 -0600 @@ -1,433 +0,0 @@ -set_file('editor','linkeditor.thtml'); - $link_templates->set_var('site_url', $_CONF['site_url']); - $link_templates->set_var('site_admin_url', $_CONF['site_admin_url']); - $link_templates->set_var('layout_url',$_CONF['layout_url']); - if ($mode <> 'editsubmission' AND !empty($lid)) { - $result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='$lid'"); - $A = DB_fetchArray($result); - $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); - if ($access == 0 OR $access == 2) { - $retval .= COM_startBlock($LANG24[16], '', - COM_getBlockTemplate ('_msg_block', 'header')); - $retval .= $LANG23[17]; - $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); - COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link $lid."); - return $retval; - } - } else { - if ($mode == 'editsubmission') { - $result = DB_query ("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '$lid'"); - $A = DB_fetchArray($result); - } - $A['hits'] = 0; - $A['owner_id'] = $_USER['uid']; - if (isset ($_GROUPS['Link Admin'])) { - $A['group_id'] = $_GROUPS['Link Admin']; - } else { - $A['group_id'] = SEC_getFeatureGroup ('link.edit'); - } - $A['perm_owner'] = 3; - $A['perm_group'] = 2; - $A['perm_members'] = 2; - $A['perm_anon'] = 2; - $access = 3; - } - $retval .= COM_startBlock ($LANG23[1], '', - COM_getBlockTemplate ('_admin_block', 'header')); - - $link_templates->set_var('link_id', $A['lid']); - if (!empty($lid) && SEC_hasRights('link.edit')) { - $link_templates->set_var ('delete_option', ''); - } - $link_templates->set_var('lang_linktitle', $LANG23[3]); - $link_templates->set_var('link_title', - htmlspecialchars (stripslashes ($A['title']))); - $link_templates->set_var('lang_linkurl', $LANG23[4]); - $link_templates->set_var('max_url_length', 255); - $link_templates->set_var('link_url', $A['url']); - $link_templates->set_var('lang_includehttp', $LANG23[6]); - $link_templates->set_var('lang_category', $LANG23[5]); - $result = DB_query("SELECT DISTINCT category FROM {$_TABLES['links']}"); - $nrows = DB_numRows($result); - $catdd = ''; - if ($nrows > 0) { - for ($i = 1; $i <= $nrows; $i++) { - $C = DB_fetchArray($result); - $category = $C['category']; - $catdd .= '