if ( preg_match( "/(\d+)/", $qstring, $match ) ) { $this->entry_id = $match['1']; return TRUE; } /** ---------------------------------------- /** Parse URL title /** ----------------------------------------*/ if (strstr($qstring, '/')) { $xe = explode('/', $qstring); $qstring = current($xe); } $sql = "SELECT exp_weblog_titles.entry_id FROM exp_weblog_titles, exp_weblogs WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id AND exp_weblog_titles.url_title = '".$DB->escape_str($qstring)."'"; if (USER_BLOG !== FALSE) { $sql .= " AND exp_weblogs.weblog_id = '".UB_BLOG_ID."'"; } else { $sql .= " AND exp_weblogs.is_user_blog = 'n'"; } $query = $DB->query($sql); if ( $query->num_rows > 0 ) { $this->entry_id = $query->row['entry_id']; return TRUE; } } } return FALSE; } /** End entry id */ /** ---------------------------------------- /** Form /** ----------------------------------------*/ function _form( $data = array() ) { global $FNS, $TMPL; if ( count( $data ) == 0 AND ! isset( $this->data ) ) return ''; if ( ! isset( $this->data['tagdata'] ) OR $this->data['tagdata'] == '' ) { $tagdata = $TMPL->tagdata; } else { $tagdata = $this->data['tagdata']; unset( $this->data['tagdata'] ); } /** ---------------------------------------- /** Insert params /** ----------------------------------------*/ if ( ! $this->params_id = $this->_insert_params() ) { $this->params_id = 0; } $this->data['params_id'] = $this->params_id; /** ---------------------------------------- /** Generate form /** ----------------------------------------*/ $arr = array( 'hidden_fields' => $this->data, 'action' => $FNS->fetch_site_index(), 'id' => $this->data['id'], 'enctype' => ( $this->multipart ) ? 'multi': '', 'onsubmit' => ( $TMPL->fetch_param('onsubmit') ) ? $TMPL->fetch_param('onsubmit'): '' ); if ( $TMPL->fetch_param('name') !== FALSE ) { $arr['name'] = $TMPL->fetch_param('name'); } /** -------------------------------------------- /** HTTPS URLs? /** --------------------------------------------*/ if ($TMPL->fetch_param('secure_action') == 'yes') { if (isset($arr['action'])) { $arr['action'] = str_replace('http://', 'https://', $arr['action']); } } if ($TMPL->fetch_param('secure_return') == 'yes') { foreach(array('return', 'RET') as $return_field) { if (isset($arr['hidden_fields'][$return_field])) { if ( preg_match( "/".LD."\s*path=(.*?)".RD."/", $arr['hidden_fields'][$return_field], $match ) > 0 ) { $arr['hidden_fields'][$return_field] = $FNS->create_url( $match['1'] ); } elseif ( stristr( $arr['hidden_fields'][$return_field], "http://" ) === FALSE ) { $arr['hidden_fields'][$return_field] = $FNS->create_url( $arr['hidden_fields'][$return_field] ); } $arr['hidden_fields'][$return_field] = str_replace('http://', 'https://', $arr['hidden_fields'][$return_field]); } } } /** -------------------------------------------- /** Create and Return Form /** --------------------------------------------*/ $r = $FNS->form_declaration( $arr ); $r .= stripslashes($tagdata); $r .= ""; //return $this->_chars_decode($r); return $r; } /** End form */ /** ---------------------------------------- /** Chars decode /** ----------------------------------------*/ function _chars_decode( $str = '' ) { global $PREFS; if ( $str == '' ) return; $charset = $PREFS->ini('charset'); if ( version_compare('5.0.0', PHP_VERSION, '>') ) { $valid_sets = array ( 'ISO-8859-1','ISO8859-1', 'ISO-8859-15','ISO8859-15', 'UTF-8', 'cp866','ibm866','866', 'cp1251','Windows-1251','win-1251','1251', 'cp1252','Windows-1252','1252', 'KOI8-R','koi8-ru','koi8r', 'BIG5','950', 'GB2312','936', 'BIG5-HKSCS', 'Shift_JIS','SJIS','932', 'EUC-JP' ); if ( ! in_array($charset, $valid_sets) ) $charset = 'ISO-8859-1'; } if ( function_exists( 'html_entity_decode' ) === TRUE ) { $str = $this->_html_entity_decode_full( $str, ENT_COMPAT, $charset ); } //$str = str_replace( array( '&', '/', ''' ), array( '&', '/', '' ), $str ); $str = stripslashes( $str ); return $str; } function _html_entity_decode_full($string, $quotes = ENT_COMPAT, $charset = 'ISO-8859-1') { return html_entity_decode(preg_replace_callback('/&([a-zA-Z][a-zA-Z0-9]+);/', array($this, '_convert_entity'), $string), $quotes, $charset); } function _convert_entity($matches, $destroy = true) { $table = array('quot' => '"','amp' => '&','lt' => '<','gt' => '>','OElig' => 'Œ','oelig' => 'œ','Scaron' => 'Š','scaron' => 'š','Yuml' => 'Ÿ','circ' => 'ˆ','tilde' => '˜','ensp' => ' ','emsp' => ' ','thinsp' => ' ','zwnj' => '‌','zwj' => '‍','lrm' => '‎','rlm' => '‏','ndash' => '–','mdash' => '—','lsquo' => '‘','rsquo' => '’','sbquo' => '‚','ldquo' => '“','rdquo' => '”','bdquo' => '„','dagger' => '†','Dagger' => '‡','permil' => '‰','lsaquo' => '‹','rsaquo' => '›','euro' => '€','fnof' => 'ƒ','Alpha' => 'Α','Beta' => 'Β','Gamma' => 'Γ','Delta' => 'Δ','Epsilon' => 'Ε','Zeta' => 'Ζ','Eta' => 'Η','Theta' => 'Θ','Iota' => 'Ι','Kappa' => 'Κ','Lambda' => 'Λ','Mu' => 'Μ','Nu' => 'Ν','Xi' => 'Ξ','Omicron' => 'Ο','Pi' => 'Π','Rho' => 'Ρ','Sigma' => 'Σ','Tau' => 'Τ','Upsilon' => 'Υ','Phi' => 'Φ','Chi' => 'Χ','Psi' => 'Ψ','Omega' => 'Ω','alpha' => 'α','beta' => 'β','gamma' => 'γ','delta' => 'δ','epsilon' => 'ε','zeta' => 'ζ','eta' => 'η','theta' => 'θ','iota' => 'ι','kappa' => 'κ','lambda' => 'λ','mu' => 'μ','nu' => 'ν','xi' => 'ξ','omicron' => 'ο','pi' => 'π','rho' => 'ρ','sigmaf' => 'ς','sigma' => 'σ','tau' => 'τ','upsilon' => 'υ','phi' => 'φ','chi' => 'χ','psi' => 'ψ','omega' => 'ω','thetasym' => 'ϑ','upsih' => 'ϒ','piv' => 'ϖ','bull' => '•','hellip' => '…','prime' => '′','Prime' => '″','oline' => '‾','frasl' => '⁄','weierp' => '℘','image' => 'ℑ','real' => 'ℜ','trade' => '™','alefsym' => 'ℵ','larr' => '←','uarr' => '↑','rarr' => '→','darr' => '↓','harr' => '↔','crarr' => '↵','lArr' => '⇐','uArr' => '⇑','rArr' => '⇒','dArr' => '⇓','hArr' => '⇔','forall' => '∀','part' => '∂','exist' => '∃','empty' => '∅','nabla' => '∇','isin' => '∈','notin' => '∉','ni' => '∋','prod' => '∏','sum' => '∑','minus' => '−','lowast' => '∗','radic' => '√','prop' => '∝','infin' => '∞','ang' => '∠','and' => '∧','or' => '∨','cap' => '∩','cup' => '∪','int' => '∫','there4' => '∴','sim' => '∼','cong' => '≅','asymp' => '≈','ne' => '≠','equiv' => '≡','le' => '≤','ge' => '≥','sub' => '⊂','sup' => '⊃','nsub' => '⊄','sube' => '⊆','supe' => '⊇','oplus' => '⊕','otimes' => '⊗','perp' => '⊥','sdot' => '⋅','lceil' => '⌈','rceil' => '⌉','lfloor' => '⌊','rfloor' => '⌋','lang' => '〈','rang' => '〉','loz' => '◊','spades' => '♠','clubs' => '♣','hearts' => '♥','diams' => '♦','nbsp' => ' ','iexcl' => '¡','cent' => '¢','pound' => '£','curren' => '¤','yen' => '¥','brvbar' => '¦','sect' => '§','uml' => '¨','copy' => '©','ordf' => 'ª','laquo' => '«','not' => '¬','shy' => '­','reg' => '®','macr' => '¯','deg' => '°','plusmn' => '±','sup2' => '²','sup3' => '³','acute' => '´','micro' => 'µ','para' => '¶','middot' => '·','cedil' => '¸','sup1' => '¹','ordm' => 'º','raquo' => '»','frac14' => '¼','frac12' => '½','frac34' => '¾','iquest' => '¿','Agrave' => 'À','Aacute' => 'Á','Acirc' => 'Â','Atilde' => 'Ã','Auml' => 'Ä','Aring' => 'Å','AElig' => 'Æ','Ccedil' => 'Ç','Egrave' => 'È','Eacute' => 'É','Ecirc' => 'Ê','Euml' => 'Ë','Igrave' => 'Ì','Iacute' => 'Í','Icirc' => 'Î','Iuml' => 'Ï','ETH' => 'Ð','Ntilde' => 'Ñ','Ograve' => 'Ò','Oacute' => 'Ó','Ocirc' => 'Ô','Otilde' => 'Õ','Ouml' => 'Ö','times' => '×','Oslash' => 'Ø','Ugrave' => 'Ù','Uacute' => 'Ú','Ucirc' => 'Û','Uuml' => 'Ü','Yacute' => 'Ý','THORN' => 'Þ','szlig' => 'ß','agrave' => 'à','aacute' => 'á','acirc' => 'â','atilde' => 'ã','auml' => 'ä','aring' => 'å','aelig' => 'æ','ccedil' => 'ç','egrave' => 'è','eacute' => 'é','ecirc' => 'ê','euml' => 'ë','igrave' => 'ì','iacute' => 'í','icirc' => 'î','iuml' => 'ï','eth' => 'ð','ntilde' => 'ñ','ograve' => 'ò','oacute' => 'ó','ocirc' => 'ô','otilde' => 'õ','ouml' => 'ö','divide' => '÷','oslash' => 'ø','ugrave' => 'ù','uacute' => 'ú','ucirc' => 'û','uuml' => 'ü','yacute' => 'ý','thorn' => 'þ','yuml' => 'ÿ'); if (isset($table[$matches[1]])) return $table[$matches[1]]; // else return $destroy ? '' : $matches[0]; } /** ---------------------------------------- /** Params /** ----------------------------------------*/ function _param( $which = '', $type = 'all' ) { global $DB, $IN, $LOC, $TMPL; /** ---------------------------------------- /** Which? /** ----------------------------------------*/ if ( $which == '' ) return FALSE; /** ---------------------------------------- /** Params set? /** ----------------------------------------*/ if ( count( $this->params ) == 0 ) { /** ---------------------------------------- /** Empty id? /** ----------------------------------------*/ if ( ! $this->params_id = $IN->GBL('params_id') ) { return FALSE; } /** ---------------------------------------- /** Select from DB /** ----------------------------------------*/ $query = $DB->query( "SELECT data FROM $this->params_tbl WHERE params_id = '".$DB->escape_str( $this->params_id )."'" ); /** ---------------------------------------- /** Empty? /** ----------------------------------------*/ if ( $query->num_rows == 0 ) return FALSE; /** ---------------------------------------- /** Unserialize /** ----------------------------------------*/ $this->params = unserialize( $query->row['data'] ); $this->params['set'] = TRUE; /** ---------------------------------------- /** Delete /** ----------------------------------------*/ $DB->query( "DELETE FROM $this->params_tbl WHERE entry_date < ".$DB->escape_str( ($LOC->now - 7200) )."" ); } /** ---------------------------------------- /** Fetch from params array /** ----------------------------------------*/ if ( isset( $this->params[$which] ) ) { $return = str_replace( "/", "/", $this->params[$which] ); return $return; } /** ---------------------------------------- /** Fetch TMPL /** ----------------------------------------*/ if ( $TMPL AND $TMPL->fetch_param($which) ) { return $TMPL->fetch_param($which); } /** ---------------------------------------- /** Return /** ----------------------------------------*/ return TRUE; } /** End params */ /** ---------------------------------------- /** Insert params /** ----------------------------------------*/ function _insert_params( $params = array() ) { global $DB, $LOC; /** ---------------------------------------- /** Empty? /** ----------------------------------------*/ if ( count( $params ) > 0 ) { $this->params = $params; } elseif ( ! isset( $this->params ) OR count( $this->params ) == 0 ) { return FALSE; } /** ---------------------------------------- /** Serialize /** ----------------------------------------*/ $this->params = serialize( $this->params ); /** ---------------------------------------- /** Delete excess when older than 2 hours /** ----------------------------------------*/ $DB->query( "DELETE FROM $this->params_tbl WHERE entry_date < ".$DB->escape_str( ($LOC->now - 7200) )."" ); /** ---------------------------------------- /** Insert /** ----------------------------------------*/ $DB->query( $DB->insert_string( $this->params_tbl, array( 'entry_date' => $LOC->now, 'data' => $this->params ) ) ); /** ---------------------------------------- /** Return /** ----------------------------------------*/ return $DB->insert_id; } /** End insert params */ /** ---------------------------------------- /** Upload files /** ----------------------------------------*/ function _upload_files ( $errors_only = FALSE ) { global $DB, $IN, $LANG, $LOC, $OUT, $SESS; $LANG->fetch_language_file('upload'); /** ---------------------------------------- /** Invoke upload class /** ----------------------------------------*/ if ( ! class_exists( 'Upload' ) ) { require PATH_CORE.'core.upload'.EXT; $this->UP = new Upload(); } /** ---------------------------------------- /** Handle files from submission /** ---------------------------------------- /* Note that if you have trouble getting /* files to submit, if the FILES array is /* empty, make sure that you are not /* submitting the gallery upload form inside /* of another form. If the forms are nested, /* the FILES array can be wiped out. /** ----------------------------------------*/ if ( ! isset($_FILES) OR count( $_FILES ) == 0 OR count( $_FILES ) > $this->upload_limit ) { return FALSE; } $full = FALSE; foreach ( $_FILES as $key => $val ) { if ( $val['name'] != '' ) { $full = TRUE; } } if ( ! $full ) { return FALSE; } /** ---------------------------------------- /** Check destination /** ----------------------------------------*/ $query = $DB->query( "SELECT * FROM exp_upload_prefs WHERE name = '".$DB->escape_str($this->_param('file_upload'))."'" ); if ( $query->num_rows == 0 ) { return $OUT->show_user_error( 'general', $LANG->line( 'upload_destination_not_exists' ) ); } else { $this->upload = $query->row; } /** ---------------------------------------- /** Check path /** ----------------------------------------*/ if ( $this->UP->set_upload_path( $this->upload['server_path'] ) !== TRUE ) { $this->upload['server_path'] = str_replace( "..", ".", $this->upload['server_path'] ); if ( $this->UP->set_upload_path( $this->upload['server_path'] ) !== TRUE ) { return $OUT->show_user_error( 'general', $LANG->line( $this->UP->error_msg ) ); } } /** ---------------------------------------- /** Only checking errors? /** ----------------------------------------*/ if ( $errors_only ) return; /** ---------------------------------------- /** Set attributes /** ----------------------------------------*/ $this->UP->set_max_width($this->upload['max_width']); $this->UP->set_max_height($this->upload['max_height']); $this->UP->set_max_filesize($this->upload['max_size']); $this->UP->set_allowed_types( ($SESS->userdata['group_id'] == 1) ? 'all' : $this->upload['allowed_types']); /** ---------------------------------------- /** Loop /** ----------------------------------------*/ $data = array(); foreach ( $_FILES as $key => $val ) { if ( preg_match( "/file(\d+)/s", $key, $match ) ) { if ( $_FILES[ $match['0'] ]['name'] == '' ) continue; $n = ( $match['1'] != '' ) ? $match['1']: 0; /** ---------------------------------------- /** Set data /** ----------------------------------------*/ $data[$n]['userfile'] = $val; } } /** ---------------------------------------- /** Loop and insert /** ----------------------------------------*/ foreach ( $data as $key => $val ) { $this->_upload_file( $val ); } } /** End upload files */ /** ---------------------------------------- /** Upload file /** ----------------------------------------*/ function _upload_file ( $val ) { global $IN, $DSP, $DB, $LANG, $LOC, $OUT, $SESS; $LANG->fetch_language_file('upload'); /** ---------------------------------------- /** Unset some globals /** ---------------------------------------- /* If we leave this set through every loop, /* all successive uploads will fail after /* the first on account of Paul and his /* silly concatenation. /** ----------------------------------------*/ $this->UP->new_name = ''; /** ---------------------------------------- /** Force the userfile in post /** ----------------------------------------*/ $_FILES['userfile'] = $val['userfile']; /** ---------------------------------------- /** Perform the upload /** ----------------------------------------*/ if ( ! $this->UP->upload_file()) { return $OUT->show_user_error( 'general', $LANG->line( $this->UP->error_msg ) ); } $file_name = $this->UP->file_name; if ($this->UP->file_exists == TRUE) { $file_name = $this->_rename_file($this->UP->upload_path, $this->UP->file_name); if ( ! $this->UP->file_overwrite($this->UP->file_name, $file_name)) { // return $this->_fetch_error( $LANG->line('file_overwrite'), $IN->GBL('template') ); } } /** ---------------------------------------- /** Set filename /** ----------------------------------------*/ $x = explode(".", $file_name); $extension = '.'.end($x); $name = str_replace($extension, '', $file_name); /** ---------------------------------------- /** Log in DB /** ----------------------------------------*/ $data = array( 'entry_id' => $this->entry_id, 'pref_id' => $this->upload['id'], 'server_path' => $this->UP->upload_path, 'filename' => $name, 'extension' => $extension, 'filesize' => $this->UP->file_size, 'entry_date' => $LOC->now ); $DB->query( $DB->insert_string( 'exp_freeform_attachments', $data ) ); $this->attachments[ $DB->insert_id ]['filepath'] = $this->UP->upload_path.$file_name; $this->attachments[ $DB->insert_id ]['filename'] = $file_name; } /** End upload file */ /** ---------------------------------------- /** Auto-Rename File /** ---------------------------------------- /* This function determines if a file /* exists. If so, it'll append a number to /* the filename and call itself again. It /* does this as many times as necessary /* until a filename is clear. /** ----------------------------------------*/ function _rename_file($path, $name, $i = 0) { if (file_exists($path.$name)) { $xy = explode(".", $name); $ext = end($xy); $name = str_replace('.'.$ext, '', $name); if (eregi($i."$", $name)) { $name = substr($name, 0, -strlen($i)); } $i = $i+1; $name .= $i.'.'.$ext; return $this->_rename_file($path, $name, $i); } return $name; } /** End rename file */ } /** End class */ ?>