"); if ($page_end == FALSE) $page_end = strpos($file_content,""); $file_content = strip_tags(substr($file_content,$page_pos, $page_end-$page_pos)); $t_file_content = strtolower($file_content); foreach($queries as $query) { $file = $t_file_content; while (($file = stristr($file, $query)) !== FALSE) { $count++; $weight++; $file = substr($file,strlen($query)); } } if($count > 0) { $found_count[$filename] = $count; $found_weight[$filename] = $weight; $found_content[$filename] = $file_content; if ($file_title == "") $found_title[$filename] = $filename; else $found_title[$filename] = $file_title; } } } if($found_count != null) { arsort($found_weight); $i = 0; $pagine = ceil(count($found_count)/$this->results_per_page); if(($this->page >= $pagine) || ($this->page < 0)) $this->page = 0; foreach($found_weight as $name => $weight) { $count = $found_count[$name]; $i++; if(($i > $this->page*$this->results_per_page) && ($i <= ($this->page+1)*$this->results_per_page)) { $title = strip_tags($found_title[$name]); $file = $found_content[$name]; $file = strip_tags($file); $ap = 0; $filelen = strlen($file); $text = ""; for($j=0;$j<($count > 6 ? 6 : $count);$j++) { $minpos = $filelen; foreach($queries as $query) { if(($pos = strpos(strtoupper($file),strtoupper($query),$ap)) !== FALSE) { if($pos < $minpos) { $minpos = $pos; $word = $query; } } } $prev = explode(" ",substr($file,$ap,$minpos-$ap)); if(count($prev) > ($ap > 0 ? 9 : 8)) $prev = ($ap > 0 ? implode(" ",array_slice($prev,0,8)) : "") . " ... " . implode(" ",array_slice($prev,-8)); else $prev = implode(" ",$prev); $text .= $prev . "" . substr($file,$minpos,strlen($word)) . ""; $ap = $minpos + strlen($word); } $next = explode(" ",substr($file,$ap)); if(count($next) > 9) $text .= implode(" ",array_slice($next,0,8)) . "..."; else $text .= implode(" ",$next); $text = str_replace("|", "", $text); $text = str_replace("
", " ", $text); $text = str_replace("
", " ", $text); $text = str_replace("\n", " ", $text); $html .= "\n"; } } $html = preg_replace_callback('/\\s+/', create_function('$matches','return implode(\' \', $matches);'), $html); $html .= "

 

\n"; } return array("content" => $html, "count" => count($found_content)); } function searchBlog($queries) { global $l10n; global $imSettings; if (is_array($imSettings['blog']['posts'])) { foreach($imSettings['blog']['posts'] as $key => $value) { $count = 0; $weight = 0; $filename = 'blog/index.php?id=' . $key; $file_content = $value['body']; // Rimuovo le briciole dal contenuto while (stristr($file_content, "

0) { $found_count[$filename] = $count; $found_weight[$filename] = $weight; $found_content[$filename] = $file_content; $found_breadcrumbs[$filename] = "

" . $l10n['blog_published_by'] . " " . $value['author'] . " " . $l10n['blog_in'] . " " . $value['category'] . " · " . $value['timestamp'] . "

"; if ($title == "") $found_title[$filename] = $filename; else $found_title[$filename] = $title; } } } if($found_count != null) { arsort($found_weight); $i = 0; $pagine = ceil(count($found_count)/$this->results_per_page); if(($this->page >= $pagine) || ($this->page < 0)) $this->page = 0; foreach($found_weight as $name => $weight) { $count = $found_count[$name]; $i++; if(($i > $this->page*$this->results_per_page) && ($i <= ($this->page+1)*$this->results_per_page)) { $title = strip_tags($found_title[$name]); $file = $found_content[$name]; $file = strip_tags($file); $ap = 0; $filelen = strlen($file); $text = ""; for($j=0;$j<($count > 6 ? 6 : $count);$j++) { $minpos = $filelen; foreach($queries as $query) { if($ap < strlen($file) && ($pos = strpos(strtoupper($file),strtoupper($query),$ap)) !== FALSE) { if($pos < $minpos) { $minpos = $pos; $word = $query; } } } $prev = explode(" ",substr($file,$ap,$minpos-$ap)); if(count($prev) > ($ap > 0 ? 9 : 8)) $prev = ($ap > 0 ? implode(" ",array_slice($prev,0,8)) : "") . " ... " . implode(" ",array_slice($prev,-8)); else $prev = implode(" ",$prev); $text .= $prev . "" . substr($file,$minpos,strlen($word)) . " "; $ap = $minpos + strlen($word); } $next = explode(" ",substr($file,$ap)); if(count($next) > 9) $text .= implode(" ",array_slice($next,0,8)) . "..."; else $text .= implode(" ",$next); $text = str_replace("|", "", $text); $html .= "

" . strip_tags($title, "") . "

" . strip_tags($found_breadcrumbs[$name], "") . "\n" . strip_tags($text, "") . "

" . $domain . $name . "

\n"; } } echo "

 

\n"; } $html = preg_replace_callback('/\\s+/', create_function('$matches','return implode(\' \', $matches);'), $html); return array("content" => $html, "count" => count($found_content)); } // Di questa funzione manca la paginazione! function searchProducts($queries) { global $l10n; global $imSettings; $html = ""; foreach ($imSettings['search']['products'] as $id => $product) { $count = 0; $weight = 0; $t_title = strip_tags(strtolower($product['name'])); $t_description = strip_tags(strtolower($product['description'])); // Conto il numero di match nel titolo foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', $t_title, $matches); if ($t_count !== FALSE) { $weight += ($t_count * 4); $count += $t_count; } } // Conto il numero di match nella descrizione foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', $t_description, $matches); if ($t_count !== FALSE) { $weight++; $count += $t_count; } } if ($count > 0) { $found_products[$id] = $product; $found_weight[$id] = $weight; $found_count[$id] = $count; } } if (is_array($found_count) && count($found_count) > 0) { arsort($found_weight); $i = 0; foreach ($found_products as $id => $product) { $i++; if(($i > $this->page*$this->results_per_page) && ($i <= ($this->page+1)*$this->results_per_page)) { $count = $found_count[$id]; $html .= "

" . $product['name'] . "

"; $html .= "

"; $html .= $product['image']; $html .= strip_tags($product['description']) . "

"; $html .= "

" . $product['price']; $html .= " 

"; $html .= "

"; } } } return array("content" => $html, "count" => count($found_products)); } // Di questa funzione manca la paginazione! function searchImages($queries) { global $l10n; global $imSettings; $id = 0; $html = ""; foreach ($imSettings['search']['images'] as $image) { $count = 0; $weight = 0; $t_title = strip_tags(strtolower($image['title'])); $t_description = strip_tags(strtolower($image['description'])); // Conto il numero di match nel titolo foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', $t_title, $matches); if ($t_count !== FALSE) { $weight += ($t_count * 4); $count += $t_count; } } // Conto il numero di match nella location foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', strtolower($image['location']), $matches); if ($t_count !== FALSE) { $weight += ($t_count * 2); $count += $t_count; } } // Conto il numero di match nella descrizione foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', $t_description, $matches); if ($t_count !== FALSE) { $weight++; $count += $t_count; } } if ($count > 0) { $found_images[$id] = $image; $found_weight[$id] = $weight; $found_count[$id] = $count; } $id++; } if (is_array($found_count) && count($found_count) > 0) { arsort($found_weight); $i = 0; foreach ($found_images as $id => $image) { $i++; if(($i > $this->page*$this->results_per_page) && ($i <= ($this->page+1)*$this->results_per_page)) { $count = $found_count[$id]; $html .= "

"; $html .= "

"; $html .= "

"; $html .= "

" . $image['title']; if ($image['location'] != "") $html .= " (" . $image['location'] . ")"; $html .= "

"; $html .= strip_tags($image['description']); $html .= "

"; $html .= "

"; } } } return array("content" => $html, "count" => count($found_images)); } // Di questa funzione manca la paginazione! function searchVideos($queries) { global $l10n; global $imSettings; $id = 0; $html = ""; $month = 7776000; foreach ($imSettings['search']['videos'] as $video) { $count = 0; $weight = 0; $t_title = strip_tags(strtolower($video['title'])); $t_description = strip_tags(strtolower($video['description'])); // Conto il numero di match nei tag foreach ($queries as $query) { $t_count = preg_match_all('/\\s*' . $query . '\\s*/', strtolower($video['tags']), $matches); if ($t_count !== FALSE) { $weight += ($t_count * 10); $count += $t_count; } } // I video più recenti hanno maggiore peso in proporzione $time = strtotime($video['date']); $ago = strtotime("-3 months"); if ($time - $ago > 0) $weight += 5 * max(0, ($time - $ago)/$month); // Conto il numero di match nel titolo foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', $t_title, $matches); if ($t_count !== FALSE) { $weight += ($t_count * 4); $count += $t_count; } } // Conto il numero di match nella categoria foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', strtolower($video['category']), $matches); if ($t_count !== FALSE) { $weight += ($t_count * 2); $count += $t_count; } } // Conto il numero di match nella descrizione foreach ($queries as $query) { $t_count = preg_match_all('/' . $query . '/', $t_description, $matches); if ($t_count !== FALSE) { $weight++; $count += $t_count; } } if ($count > 0) { $found_videos[$id] = $video; $found_weight[$id] = $weight; $found_count[$id] = $count; } $id++; } if (is_array($found_count) && count($found_count) > 0) { arsort($found_weight); foreach ($found_videos as $id => $video) { $i++; if(($i > $this->page*$this->results_per_page) && ($i <= ($this->page+1)*$this->results_per_page)) { $count = $found_count[$id]; $html .= "

"; $html .= "

"; $html .= "

"; $html .= "

" . $video['title']; if (!$video['familyfriendly']) $html .= " [18+]"; $html .= "

"; $html .= strip_tags($video['description']); if ($video['duration'] > 0) { if (function_exists('date_default_timezone_set')) date_default_timezone_set('UTC'); $html .= "" . $l10n['search_duration'] . ": " . date("H:i:s", $video['duration']) . ""; } $html .= "

"; $html .= "

"; } } } return array("content" => $html, "count" => count($found_videos)); } /** * Start the site search * @access public * @param keys The search keys as string (string) * @param page Page to show (integer) */ function search($keys, $page = "") { global $l10n; global $imSettings; $html = ""; $content = ""; $html .= "

" . $l10n['search_results'] . "

\n"; $html .= "

"; $html .= "

"; $html .= ""; $html .= ""; $html .= "

\n"; if ($keys == "" || $keys == NULL) { $html .= "

" . $l10n['search_empty'] . "

\n"; echo $html; return FALSE; } $domain = ""; $search = trim(strtolower($keys)); if($page == "" || $page == NULL) $page = 0; $this->page = $page; if($search != "") { $queries = explode(" ",$search); // Pages $pages = $this->searchPages($queries); if ($pages['count'] > 0) { $content .= "

" . $pages['content'] . "

\n"; } // Blog if (is_array($imSettings['blog']['posts']) && count($imSettings['blog']['posts']) > 0) { $blog = $this->searchBlog($queries); if ($blog['count'] > 0) { $content .= "

" . $blog['content'] . "

\n"; } } // Products if (is_array($imSettings['search']['products']) && count($imSettings['search']['products']) > 0) { $products = $this->searchProducts($queries); if ($products['count'] > 0) { $content .= "

" . $products['content'] . "

\n"; } } // Images if (is_array($imSettings['search']['images']) && count($imSettings['search']['images']) > 0) { $images = $this->searchImages($queries); if ($images['count'] > 0) { $content .= "

" . $images['content'] . "

\n"; } } // Videos if (is_array($imSettings['search']['videos']) && count($imSettings['search']['videos']) > 0) { $videos = $this->searchVideos($queries); if ($videos['count'] > 0) { $content .= "

" . $videos['content'] . "

\n"; } } $results_count = max($pages['count'], $blog['count'], $products['count'], $images['count'], $videos['count']); if ($pages['count'] == 0 && $blog['count'] == 0 && $products['count'] == 0 && $images['count'] == 0 && $videos['count'] == 0) { $html .= "

" . $l10n['search_empty'] . "

\n"; } else { $sidebar = "

\n"; if ($pages['count'] > 0) $sidebar .= "\t
• " . $l10n['search_pages'] . " (" . $pages['count'] . ")
\n"; if ($blog['count'] > 0) $sidebar .= "\t
• " . $l10n['search_blog'] . " (" . $blog['count'] . ")
\n"; if ($products['count'] > 0) $sidebar .= "\t
• " . $l10n['search_products'] . " (" . $products['count'] . ")
\n"; if ($images['count'] > 0) $sidebar .= "\t
• " . $l10n['search_images'] . " (" . $images['count'] . ")
\n"; if ($videos['count'] > 0) $sidebar .= "\t
• " . $l10n['search_videos'] . " (" . $videos['count'] . ")
\n"; $sidebar .= "

\n"; $html .= "

\n"; if ($imSettings['search']['general']['menu_position'] == "left") { $html .= "\t

" . $sidebar . "

\n"; $html .= "\t

" . $content . "

\n"; } else { $html .= "\t

" . $content . "

\n"; $html .= "\t

" . $sidebar . "

\n"; } $html .= "

\n"; } // Pagination if ($results_count > $this->results_per_page) { $html .= "

"; // Back if ($page > 0) { $html .= "<< "; } // Central pages $start = max($page - 5, 0); $end = min($page + 10 - $start, ceil($results_count/$this->results_per_page)); for ($i = $start; $i < $end; $i++) { if ($i != $this->page) $html .= "" . ($i + 1) . " "; else $html .= ($i + 1) . " "; } // Next if ($results_count > ($page + 1) * $this->results_per_page) { $html .= ">>"; } $html .= "

"; } } else $html .= "

" . $l10n['search_empty'] . "

\n"; $html .= "

"; echo $html; } } /** * Private area * @access public */ class imPrivateArea { var $session_uname; var $session_uid; var $session_page; var $cookie_name; // PHP 5 function __contruct() { $this->session_uname = "im_access_uname"; $this->session_real_name = "im_access_real_name"; $this->session_page = "im_access_request_page"; $this->session_uid = "im_access_uid"; $this->cookie_name = "im_access_cookie_uid"; } // PHP 4 function imPrivateArea() { $this->session_uname = "im_access_uname"; $this->session_real_name = "im_access_real_name"; $this->session_page = "im_access_request_page"; $this->session_uid = "im_access_uid"; $this->cookie_name = "im_access_cookie_uid"; } /** * Encode the string * @param string $string The string to encode * @param $key The encryption key * @return string The encoded string */ function _encode($s, $k) { $r = array(); for($i = 0; $i < strlen($s); $i++) $r[] = ord($s[$i]) + ord($k[$i % strlen($k)]); // Try to encode it using base64 if (function_exists("base64_encode") && function_exists("base64_decode")) return base64_encode(implode('.', $r)); return implode('.', $r); } /** * Decode the string * @param string $s The string to decode * @param string $k The encryption key * @return string The decoded string */ function _decode($s, $k) { // Try to decode it using base64 if (function_exists("base64_encode") && function_exists("base64_decode")) $s = base64_decode($s); $s = explode(".", $s); $r = array(); for($i = 0; $i < count($s); $i++) $r[$i] = chr($s[$i] - ord($k[$i % strlen($k)])); return implode('', $r); } /** * Login * @access public * @param uname Username (string) * @param pwd Password (string) */ function login($uname, $pwd) { global $imSettings; // Check if the user exists if ($imSettings['access']['users'][$uname] != NULL && $imSettings['access']['users'][$uname]['password'] == $pwd) { // Save the session session_regenerate_id(); $_SESSION[$this->session_uid] = $this->_encode($imSettings['access']['users'][$uname]['id'], $imSettings['general']['salt']); $_SESSION[$this->session_uname] = $this->_encode($uname, $imSettings['general']['salt']); $_SESSION[$this->session_real_name] = $this->_encode($imSettings['access']['users'][$uname]['name'], $imSettings['general']['salt']); $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT'] . $imSettings['general']['salt']); setcookie($this->cookie_name, $this->_encode($imSettings['access']['users'][$uname]['id'], $imSettings['general']['salt']), time() + 60 * 60 * 24 * 30, "/"); return TRUE; } return FALSE; } /** * Logout * @access public */ function logout() { $_SESSION[$this->session_uname] = ""; $_SESSION[$this->session_uid] = ""; $_SESSION[$this->session_page] = ""; $_SESSION['HTTP_USER_AGENT'] = ""; setcookie($this->cookie_name, "", time() - 3600, "/"); $_COOKIE[$this->cookie_name] = ""; } /** * Save the referrer page * @access public */ function save_page() { global $imSettings; $_SESSION[$this->session_page] = $this->_encode(basename($_SERVER['PHP_SELF']), $imSettings['general']['salt']); } /** * Return to the referrer page * @access public */ function saved_page() { global $imSettings; if ($_SESSION[$this->session_page] != "" && $_SESSION[$this->session_page] != null) return $this->_decode($_SESSION[$this->session_page], $imSettings['general']['salt']); return FALSE; } /** * Get an array of data about the logged user * @access public */ function who_is_logged() { global $imSettings; if ($_SESSION[$this->session_uname] != "" && $_SESSION[$this->session_uname] != null) return array( "username" => $this->_decode($_SESSION[$this->session_uname], $imSettings['general']['salt']), "uid" => $this->_decode($_SESSION[$this->session_uid], $imSettings['general']['salt']), "realname" => $this->_decode($_SESSION[$this->session_real_name], $imSettings['general']['salt']) ); return FALSE; } /** * Check if the logged user can access to a page * @access public * @param page The page id (string) */ function checkAccess($page) { global $imSettings; // // The session can live only in the same browser // if (!isset($_SESSION['HTTP_USER_AGENT']) || $_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'] . $imSettings['general']['salt'])) return -1; if (!isset($_SESSION[$this->session_uname]) || !isset($_COOKIE[$this->cookie_name]) || $_SESSION[$this->session_uname] == null || $_SESSION[$this->session_uname] == '' || $_SESSION[$this->session_uid] == null || $_SESSION[$this->session_uid] == '') return -1; // Wrong login data $uid = $this->_decode($_SESSION[$this->session_uid], $imSettings['general']['salt']); if (!@in_array($uid, $imSettings['access']['pages'][$page]) && !@in_array($uid, $imSettings['access']['admins'])) return -2; // The user cannot access to this page return 0; } /** * Get the user's landing page * @access public */ function getLandingPage() { global $imSettings; if ($_SESSION[$this->session_uname] === null || $_SESSION[$this->session_uname] === '' || $_SESSION[$this->session_uid] === null || $_SESSION[$this->session_uid] === '') return FALSE; return $imSettings['access']['users'][$this->_decode($_SESSION[$this->session_uname], $imSettings['general']['salt'])]['page']; } } /** * MySQL Storage class * @access public */ class imDatabase { var $host_name; var $db_name; var $user_name; var $password; var $table_name; var $file_storage; var $field_names; var $conn; //DB Connection handler /** * PHP 5 Constuctor * @param host_name (string) * @param db_name (string) * @param user_name (string) * @param password (string) * @param table_name (string) * @param file_storage The folder in which the uploaded files are stored (string) */ function __construct($host_name, $db_name, $user_name, $password, $table_name, $file_storage) { $this->host_name = $host_name; $this->db_name = $db_name; $this->user_name = $user_name; $this->password = $password; $this->table_name = $table_name; if ($file_storage[strlen($file_storage) - 1] == "/"); $file_storage = substr($file_storage, 0, strlen($file_storage) - 1); $this->file_storage = $file_storage; $this->field_names = array(); $this->conn = @mysql_connect($this->host_name, $this->user_name, $this->password); if ($this->conn !== FALSE) { if (function_exists('mysql_set_charset')) @mysql_set_charset("utf8", $this->conn); else @mysql_query('SET NAMES "utf8"', $this->conn); } } /** * PHP 4 Constuctor * @param host_name (string) * @param db_name (string) * @param user_name (string) * @param password (string) * @param table_name (string) * @param file_storage The folder in which the uploaded files are stored (string) */ function imDatabase($host_name, $db_name, $user_name, $password, $table_name, $file_storage) { $this->host_name = $host_name; $this->db_name = $db_name; $this->user_name = $user_name; $this->password = $password; $this->table_name = $table_name; if ($file_storage[strlen($file_storage) - 1] == "/"); $file_storage = substr($file_storage, 0, strlen($file_storage) - 1); $this->file_storage = $file_storage; $this->field_names = array(); $this->conn = @mysql_connect($this->host_name, $this->user_name, $this->password); if ($this->conn !== FALSE) { if (function_exists('mysql_set_charset')) @mysql_set_charset("utf8", $this->conn); else @mysql_query('SET NAMES "utf8"', $this->conn); } } function test_connection() { return $this->conn; } function __destruct() { if ($this->conn) mysql_close($this->conn); } /** * Save the data to the DB * @param post an associative array as "tablefield_id" => "data_to_save" * @param files an associative array. Normally it's $_FILES */ function addData($post = null, $files = null) { if ($post == null && $files == null) return FALSE; if ($post == null) $post = array(); if ($files == null) $files = array(); $empty = true; foreach ($post as $field) { if ($field != "" && $field != null) $empty = FALSE; } foreach ($files as $field) { if ($field != "" && $field != null) $empty = FALSE; } if ($empty) return FALSE; $fields_name = array_keys($post); foreach ($files as $file) array_push($fields_name, $file['label']); $fields_count = count($fields_name); if (count($fields_name) < $fields_count) { $d = $fields_count - count($fields_name); for ($i = 0; $i < $d; $i++) $fields_name[] = "field_" + ($i + $d); } // If the table does not exists, create it $result = mysql_query("SHOW FULL TABLES FROM `" . $this->db_name . "` LIKE '" . mysql_real_escape_string($this->table_name) . "'", $this->conn); if ($result && mysql_num_rows($result) == 0) { $query = "CREATE TABLE `" . $this->db_name . "`.`" . $this->table_name . "` (`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,"; for ($i=0; $i<$fields_count; $i++) { $query .= "`" . $fields_name[$i] . "` TEXT CHARACTER SET utf8 COLLATE utf8_bin NOT NULL"; if ($i != $fields_count - 1) $query .= ","; } $query .= ") ENGINE = MYISAM ;"; mysql_query($query, $this->conn); } else // If the table has not enough fields, update it { $result = mysql_query("SHOW COLUMNS FROM `" . $this->db_name . "`.`" . $this->table_name . "`", $this->conn); if ($result) { // Actual fields $row = mysql_fetch_array($result); $query = "ALTER TABLE `" . $this->db_name. "`.`" . $this->table_name . "`"; $act_fields = array(); while ($row = mysql_fetch_array($result)) $act_fields[] = $row[0]; // New fields $new_fields = array_diff($fields_name, $act_fields); $new_fields = array_merge($new_fields); // Order the indexes if (count($new_fields) > 0) { for ($j = 0; $j < count($new_fields); $j++) { $query .= " ADD `" . $new_fields[$j] . "` TEXT CHARACTER SET utf8 COLLATE utf8_bin NOT NULL "; if ($j != count($new_fields) - 1) $query .= ","; } mysql_query($query, $this->conn); } } } // Save $query = "INSERT INTO `" . $this->db_name . "`.`" . $this->table_name . "` ("; $fields = array(); for ($i = 0; $i<$fields_count; $i++) array_push ($fields, "`" . $fields_name[$i] . "`"); $query .= join(",", $fields); $query .= ") VALUES ("; $data = array(); $p_keys = array_keys($post); for ($i = 0; $i 0) ? ", " : "") . $post[$p_keys[$i]][$x]; array_push($data, "'" . mysql_real_escape_string(str_replace(array("\n", "\r"), array("
", ""), $s)). "'"); } else array_push($data, "'" . mysql_real_escape_string(str_replace(array("\n", "\r"), array("
", ""), $post[$p_keys[$i]])). "'"); } $f = true; foreach ($files as $file) { if ($file['value']['tmp_name'] != "") { // Upload files using an unique name $fname = $this->findFileName($file['value']['name']); $f = @move_uploaded_file($file['value']['tmp_name'], ($this->file_storage != "" ? $this->file_storage . "/" : "../") . $fname); array_push($data, "'" . mysql_real_escape_string($fname). "'"); } else array_push($data, "''"); } $query .= join(",", $data); $query .=")"; $r = mysql_query($query, $this->conn); if ($r && $f) return TRUE; return FALSE; } /** * Set the field names * @param array An array containing the field names (array) */ function setFieldNames($array) { $this->field_names = $array; } /** * Show the current storage table (read only version) * @param order ASC or DESC */ function showTable($order = "ASC") { $result = mysql_query("SHOW COLUMNS FROM `" . $this->db_name . "`.`" . $this->table_name . "`", $this->conn); if ($result && mysql_num_rows($result)>1) { echo "\n"; echo " \n"; $row = mysql_fetch_array($result); for ($i=1; $ifield_names)) $field = $this->field_names[$i - 1]; else $field = $row[0]; echo " \n"; } echo " \n"; $result = mysql_query("SELECT * FROM `" . $this->db_name. "`.`" . $this->table_name . "` ORDER BY id " . $order, $this->conn); while ($row = mysql_fetch_array($result)){ echo " \n"; for ($i = 1; $i < mysql_num_fields($result); $i++) { if (file_exists($this->file_storage . "/" . $row[$i])) echo " \n"; else echo " \n"; } echo " \n"; } echo "

" . $field . "
file_storage . "/" . $row[$i] . "\" target=\"_blank\">" . $row[$i] . "	" . $row[$i] . "

\n"; } } /** * Show the current storage table (r/w version) * @param order ASC or DESC */ function showAdminTable($order = "ASC") { $form_id = "tt_form_" . rand(0, 10000000); $result = mysql_query("SHOW COLUMNS FROM `" . $this->db_name . "`.`" . $this->table_name . "`", $this->conn); if ($result && mysql_num_rows($result)>1) { echo "

\n"; echo "\n"; echo " \n"; $row = mysql_fetch_array($result); for ($i=1; $ifield_names)) $field = $this->field_names[$i - 1]; else $field = $row[0]; echo " \n"; } echo " \n"; $result = mysql_query("SELECT * FROM `" . $this->db_name. "`.`" . $this->table_name . "` ORDER BY id " . $order, $this->conn); while ($row = mysql_fetch_array($result)){ echo " \n"; for ($i = 1; $i < mysql_num_fields($result); $i++) { if (file_exists($this->file_storage . "/" . $row[$i]) && !is_dir($this->file_storage . "/" . $row[$i])) echo " \n"; else echo " \n"; } echo " \n"; echo " \n"; } echo " \n"; echo " \n"; echo " \n"; echo "

" . $field . "
file_storage . "/" . $row[$i] . "\" target=\"_blank\">" . $row[$i] . "	" . $row[$i] . "
Se selezionati:

\n"; } } /** * Find a free file name */ function findFileName($tmp_name) { $ext = substr($tmp_name, strrpos($tmp_name, ".")); $fname = basename($tmp_name, $ext); // Prevent code injection changing the file extension if (!in_array(strtolower($ext), array('.zip', '.txt', '.pdf', '.jpg', '.jpeg', '.bmp', '.png', '.gif', '.rar', '.gz', '.tar', '.7zip', '.7z', '.doc', '.docx', '.xls', '.xslx', '.odf', '.odt'))) $ext .= ".txt"; do { $rname = $fname . "_" . date("Ymdhis") . rand(100,10000) . $ext; } while (file_exists($this->file_storage . "/" . $rname)); return $rname; } /** * Delete a row from the storage table * @param post The ids of the rows to deleted */ function deleteRow($post) { if ($post != null) { $results = mysql_query("SELECT * FROM `" . $this->db_name . "`.`" . $this->table_name . "` WHERE id IN (" . join(",", $post) . ")", $this->conn); //Segna come eliminati i file linkati while ($results && $row = mysql_fetch_array($results)) for ($i = 1; $i < mysql_num_fields($results); $i++) if (file_exists($this->file_storage . "/" . $row[$i]) && !is_dir($this->file_storage . "/" . $row[$i])) rename($this->file_storage . "/" . $row[$i], $this->file_storage . "/" . $row[$i] . ".deleted"); //Cancella i record mysql_query("DELETE FROM `" . $this->db_name . "`.`" . $this->table_name . "` WHERE id IN (" . join(",", $post) . ")", $this->conn); } } } /** * XML Handling class * @access public */ class imXML { var $tree = array(); var $force_to_array = array(); var $error = null; var $parser; // PHP 5 function __construct($encoding = 'UTF-8') { $this->parser = xml_parser_create($encoding); xml_set_object($this->parser, $this); // $this was passed as reference &$this xml_parser_set_option($this->parser, XML_OPTION_CASE_FOLDING, 0); xml_parser_set_option($this->parser, XML_OPTION_SKIP_WHITE, 1); xml_set_element_handler($this->parser, "startEl", "stopEl"); xml_set_character_data_handler($this->parser, "charData"); xml_parser_set_option($this->parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); } // PHP 4 function imXML($encoding = 'UTF-8') { $this->parser = xml_parser_create($encoding); xml_set_object($this->parser, $this); // $this was passed as reference &$this xml_parser_set_option($this->parser, XML_OPTION_CASE_FOLDING, 0); xml_parser_set_option($this->parser, XML_OPTION_SKIP_WHITE, 1); xml_set_element_handler($this->parser, "startEl", "stopEl"); xml_set_character_data_handler($this->parser, "charData"); xml_parser_set_option($this->parser, XML_OPTION_TARGET_ENCODING, 'UTF-8'); } function parse_file($file) { $fp = @fopen($file, "r"); if (!$fp) return FALSE; while ($data = fread($fp, 4096)) { if (!xml_parse($this->parser, $data, feof($fp))) { return FALSE; } } fclose($fp); return $this->tree[0]["content"]; } function parse_string($str) { if (!xml_parse($this->parser, $str)) return FALSE; return $this->tree[0]["content"]; } function startEl($parser, $name, $attrs) { array_unshift($this->tree, array("name" => $name)); } function stopEl($parser, $name) { if ($name != $this->tree[0]["name"]) return FALSE; if (count($this->tree) > 1) { $elem = array_shift($this->tree); if (isset($this->tree[0]["content"][$elem["name"]])) { if (is_array($this->tree[0]["content"][$elem["name"]]) && isset($this->tree[0]["content"][$elem["name"]][0])) { array_push($this->tree[0]["content"][$elem["name"]], $elem["content"]); } else { $this->tree[0]["content"][$elem["name"]] = array($this->tree[0]["content"][$elem["name"]],$elem["content"]); } } else { if (in_array($elem["name"],$this->force_to_array)) { $this->tree[0]["content"][$elem["name"]] = array($elem["content"]); } else { if (!isset($elem["content"])) $elem["content"] = ""; $this->tree[0]["content"][$elem["name"]] = $elem["content"]; } } } } function charData($parser, $data) { if (!is_string($this->tree[0]["content"]) && !preg_match("/\\S/", $data)) return FALSE; $this->tree[0]["content"] .= $data; } } /** * Captcha handling class * @access public */ class imCaptcha { /** * Show the captcha chars */ function show($sCode) { global $oNameList; global $oCharList; $text = " "; for ($i=0; $i"; $text .= ""; return $text; } /** * Check the sent data * @param sCode The correct code (string) * @param dans The user's answer (string) */ function check($sCode, $ans) { global $oCharList; if ($ans == "") return '-1'; for ($i=0; $i.*<\/\1>/i', '', $xmlstring); $xmlstring = preg_replace('/\s*<\/comment>/i', '', $xmlstring); $comments = $xml->parse_string($xmlstring); if ($comments !== FALSE && is_array($comments)) { if (!is_array($comments['comment'][0])) $comments['comment'] = array($comments['comment']); for ($i = 0; $i < count($comments['comment']); $i++) { $comments['comment'][$i]['body'] = str_replace(array("\\'", '\\"'), array("'", '"'), htmlspecialchars_decode($comments['comment'][$i]['body'])); $comments['comment'][$i]['name'] = str_replace(array("\\'", '\\"'), array("'", '"'), htmlspecialchars_decode($comments['comment'][$i]['name'])); $comments['comment'][$i]['body'] = str_replace("\\\"", "\"", htmlspecialchars_decode($comments['comment'][$i]['body'])); $comments['comment'][$i]['name'] = str_replace("\\\"", "\"", htmlspecialchars_decode($comments['comment'][$i]['name'])); } return $comments['comment']; } else { // The comments cannot be retrieved. The XML is jammed. // Do a backup copy of the file and then reset the xml. // Hashed names ensure that a file is not copied more than once $n = $file . "_version_" . md5($xmlstring); if (!file_exists($n)) copy($file, $n); return array(); } } else return $this->getComments_old($file); } /** * Get the comments from a v8 comments file * @param file The source file path */ function getComments_old($file) { if(file_exists($file)) { $f = file_get_contents($file); $f = explode("\n",$f); for($i = 0;$i < count($f)-1; $i += 6) { $c[$i/6]['name'] = stripslashes($f[$i]); $c[$i/6]['email'] = $f[$i+1]; $c[$i/6]['url'] = $f[$i+2]; $c[$i/6]['body'] = stripslashes($f[$i+3]); $c[$i/6]['timestamp'] = $f[$i+4]; $c[$i/6]['approved'] = $f[$i+5]; $c[$i/6]['rating'] = 0; } return $c; } else return -1; } /** * Save the comments in a xml file * @param file The destination file path * @param comments An associative array containing the comments data */ function writeXML($file, $comments) { $xml = "\n"; $xml .= "\n"; foreach ($comments as $comment) { $txml = ""; foreach ($comment as $key => $value) { // Well formed content only if (!preg_match('/[0-9]+/', $key) && in_array(gettype($value), array('string', 'integer', 'double'))) { $code = str_replace(array("\\'", '\\"', "\\\""), array("'", '"', "\""), preg_replace('/[\n\r\t]*/', '', nl2br($value))); $txml .= "\t\t<" . $key . ">\n"; } } if ($txml != "") $xml .= "\t\n" . $txml . "\t\n"; } $xml .= ""; if ((is_writable($file) || !file_exists($file))) { if (!$f = fopen($file, 'w+')) return -3; else { if (flock($f, LOCK_EX)) $locked = 1; if (fwrite($f, $xml) === FALSE) return -4; else { if($locked) flock($f, LOCK_UN); fclose($f); return 0; } } } else return -2; } /** * Add a comment to a file * @param file The destination file path * @param name The user's name * @param email The user's email * @param url The user's site url * @param body The user's message * @param abuse Set 1 to mark the message as an abuse * @param approved Set 1 to mark the message as approved */ function addComment($file,$name,$email,$url,$body,$abuse = "0",$approved = 0) { global $imSettings; $name = filterCode($name); $email = filterCode($email); $url = filterCode($url); $body = filterCode($body, TRUE); $locked = 0; $comments = $this->getComments($file); if (!is_array($comments)) $comments = array(); if ($url != "" && imstripos($url, "http://") === FALSE) $url = "http://" . $url; $comments[] = array("name" => $name, "email" => $email, "url" => $url, "body" => $body, "abuse" => $abuse, "timestamp" => date("d-m-Y H:i:s"), "approved" => $approved); if($file != "" && trim($name) != "" && trim($email) != "" && trim($body) != "") { // Do a backup of the current message if it contains comments if (count($comments) > 1) @copy($file, $file . "_bk"); return $this->writeXML($file, $comments); } else return -1; } /** * Add a comment to a file * @param file The destination file * @param n The comment number (0 is the first comment) * @param approved Set 1 to approve the comment, 0 to unapprove */ function approveComment($file,$n,$approved) { $locked = 0; $fn = $file; if(!copy($fn,$fn . "_bk")) return -1; $c = $this->getComments($file); if($c == -1) return -2; if(!file_exists($fn)) return -3; if(!is_writable($fn)) return -4; $c[$n - 1]['approved'] = $approved; $this->writeXML($file, $c); return 0; } /** * Delete a comment * @param file The destination file * @param n The comment number (0 is the first comment) */ function removeComment($file,$n) { $locked = 0; $fn = $file; if(!copy($fn,$fn . "_bk")) return -1; $c = $this->getComments($file); if($c == -1) return -2; if(!file_exists($fn)) return -3; if(!is_writable($fn)) return -4; for ($i = 0; $i < count($c); $i++) { if ($i != $n - 1) $comments[] = $c[$i]; } $this->writeXML($file, $comments); return 0; } /** * Set the abuse * @param file The destination file * @param n The comment number (0 is the first comment) * @param abuse Set 1 to set as an abuse */ function setAbuse($file, $n, $abuse) { $locked = 0; $fn = $file; if(!copy($fn,$fn . "_bak")) return -1; $c = $this->getComments($file); if($c == -1) return -2; if(!file_exists($fn)) return -3; if(!is_writable($fn)) return -4; $c[$n - 1]['abuse'] = $abuse; $this->writeXML($file, $c); return 0; } } /** * Blog class * @access public */ class imBlog { var $comments; //Comments class // PHP 5 function __construct() { $this->comments = new imComment(); } // PHP 4 function imBlog() { $this->comments = new imComment(); } function formatTimestamp($ts) { return date("d/m/Y H:i:s", strtotime($ts)); } /** * Get the comments from a post * @param post the post ID */ function getComments($post) { global $imSettings; return $this->comments->getComments($imSettings['general']['dir'] . $imSettings['blog']['file_prefix'] . 'pc' . $post); } /** * Add a comment to a post * @param post the post ID * @param file The destination file path * @param name The user's name * @param email The user's email * @param url The user's site url * @param body The user's message */ function addComment($post,$name,$email,$url,$body) { global $imSettings; if (!file_exists($imSettings['general']['dir']) && $imSettings['general']['dir'] != "" && $imSettings['general']['dir'] != "./.") @mkdir($imSettings['general']['dir'], 0777, TRUE); return $this->comments->addComment($imSettings['general']['dir'] . $imSettings['blog']['file_prefix'] . 'pc' . $post,$name,$email,$url,$body, "0", ($imSettings['blog']['approve_comments'] == 1) ? 0 : 1); } /** * Approve a comment * @param post the post ID * @param n The comment number * @param approved Set 1 to approve */ function approveComment($post,$n,$approved) { global $imSettings; return $this->comments->approveComment($imSettings['general']['dir'] . $imSettings['blog']['file_prefix'] . 'pc' . $post,$n,$approved); } /** * Remove a comment * @param post the post ID * @param n The comment number */ function removeComment($post,$n) { global $imSettings; return $this->comments->removeComment($imSettings['general']['dir'] . $imSettings['blog']['file_prefix'] . 'pc' . $post, $n); } /** * Abuse a comment * @param post the post ID * @param n The comment number * @param abuse Set 1 to abuse */ function setAbuse($post, $n, $abuse) { global $imSettings; return $this->comments->setAbuse($imSettings['general']['dir'] . $imSettings['blog']['file_prefix'] . 'pc' . $post, $n, $abuse); } /** * Get the last update date */ function getLastModified() { global $imSettings; $c = $this->comments->getComments($_GET['id']); if($_GET['id'] != "" && $c != -1) { return $this->formatTimestamp($c[count($c)-1]['timestamp']); } else { $last_post = $imSettings['blog']['posts']; $last_post = array_shift($last_post); return $last_post['timestamp']; } } /** * Show a post * @param id the post id * @param ext Set 1 to show as extended * @param first Set 1 if this is the first post in the list */ function showPost($id,$ext=0,$first=0) { global $imSettings; global $l10n; $bp = $imSettings['blog']['posts'][$id]; echo "

" . $bp['title'] . "

\n"; echo "

" . $l10n['blog_published_by'] . " " . $bp['author'] . " "; echo $l10n['blog_in'] . " " . $bp['category'] . " · " . $bp['timestamp']; // Media audio/video if ($bp['media'] != null) { echo " · Download " . basename($bp['media']) . ""; } if (count($bp['tag']) > 0) { echo "
Tags: "; for ($i = 0; $i < count($bp['tag']); $i++) { echo "" . $bp['tag'][$i] . ""; if ($i < count($bp['tag']) - 1) echo ", "; } } echo "

\n"; if($ext != 0 || $first != 0) { echo "

\n"; if ($bp['mediahtml'] != null) { echo $bp['mediahtml'] . "\n"; } echo $bp['body']; if (count($bp['sources']) > 0) { echo "\t

\n"; echo "\t\t" . $l10n['blog_sources'] . ":
\n"; echo "\t\t

\n"; foreach ($bp['sources'] as $source) { echo "\t\t\t
• " . $source . "
\n"; } echo "\t\t

\n\t

\n"; } echo (($imSettings['blog']['addThis'] != null) ? "
" . $imSettings['blog']['addThis'] : "") . "

\n"; } else { echo "

" . $bp['summary'] . "

\n"; } if($ext == 0) { echo "

" . $l10n['blog_read_all'] ." »

\n"; } else { echo "

" . $bp['foo_html'] . "

\n"; } if($ext != 0 && $bp['comments'] == true) { //&& @chdir($imSettings['general']['dir']) echo "

\n"; if(($c = $this->getComments($id)) != -1) { if(is_array($c)) foreach($c as $comment) if($comment['approved'] == 1) $ca[] = $comment; echo "\t

" . (count($ca) > 0 ? count($ca) . " " . (count($ca) > 1 ? $l10n['blog_comments'] : $l10n['blog_comment']) : $l10n['blog_no_comment']) . "

\n"; for($i = 0;$i < count($ca); $i++) { echo "\t

" . (stristr($ca[$i]['url'],"http") ? "" . $ca[$i]['name'] . "" : $ca[$i]['name']) . "

\n"; echo "\t

" . $this->formatTimestamp($ca[$i]['timestamp']) . "

\n"; echo "\t

" . $ca[$i]['body'] . "

\n"; echo "\t

\n"; } echo "
"; } else { echo "\t

" . $l10n['blog_no_comment'] . "

\n"; } if($_GET['ok'] == 1 && $imSettings['blog']['approve_comments']) { echo "

" . $l10n['blog_send_confirmation'] . "

"; } if($_GET['err'] != "") { echo "

" . $l10n['blog_send_error'] . "

"; } echo "

" . $l10n['blog_name'] . "*

" . $l10n['blog_email'] . "*

" . $l10n['blog_website'] . "

" . $l10n['blog_message'] . "*

"; if ($imSettings['blog']['captcha']) echo "

" . $l10n['form_captcha_title'] . " 

"; echo "

"; } } /** * Find the posts tagged with tag * @param tag The searched tag */ function showTag($tag) { global $imSettings; if (count($imSettings['blog']['posts']) > 0) { $i = 0; foreach ($imSettings['blog']['posts'] as $id => $post) { if (in_array($tag, $post['tag'])) echo $this->showPost($id,0,(($i == 0) ? 1 : 0)); if ($i > 0) echo "

\n"; $i++; } } else { echo "

Empty blog

"; } } /** * Find the post in a category * @param category the category ID */ function showCategory($category) { global $imSettings; $bps = $imSettings['blog']['posts_cat'][$category]; if(is_array($bps)) { $bpsc = count($bps); for($i = 0; $i < $bpsc; $i++) $this->showPost($bps[$i],0,($i == 0 ? 1 : 0)); } else { echo "

Empty category

"; } } /** * Find the posts of the month * @param month */ function showMonth($month) { global $imSettings; $bps = $imSettings['blog']['posts_month'][$month]; if(is_array($bps)) { $bpsc = count($bps); for($i = 0; $i < $bpsc; $i++) $this->showPost($bps[$i],0,($i == 0 ? 1 : 0)); } else { echo "

Empty month

"; } } /** * Show the last n posts * @param count the number of posts to show */ function showLast($count) { global $imSettings; $bps = array_keys($imSettings['blog']['posts']); if(is_array($bps)) { $bpsc = count($bps); for($i = 0; $i < ($bpsc<$count ? $bpsc : $count); $i++) $this->showPost($bps[$i],0,($i == 0 ? 1 : 0)); } else { echo "

Empty blog

"; } } /** * Show the search results * @param search the search query */ function showSearch($search) { global $imSettings; $bps = array_keys($imSettings['blog']['posts']); $j = 0; if(is_array($bps)) { $bpsc = count($bps); for($i = 0; $i < $bpsc; $i++) { if(stristr($imSettings['blog']['posts'][$bps[$i]]['title'],$search) || stristr($imSettings['blog']['posts'][$bps[$i]]['summary'],$search) || stristr($imSettings['blog']['posts'][$bps[$i]]['body'],$search)) { $this->showPost($bps[$i],0,($j == 0 ? 1 : 0)); $j++; } } if($j == 0) { echo "

Empty search

"; } } else { echo "

Empty blog

"; } } /** * Show the categories sideblock * @param n The number of categories to show */ function showBlockCategories($n) { global $imSettings; if (is_array($imSettings['blog']['posts_cat'])) { $categories = array_keys($imSettings['blog']['posts_cat']); array_multisort($categories); echo "

"; for ($i = 0; $i < count($categories) && $i < $n; $i++) { $post = $imSettings['blog']['posts'][$imSettings['blog']['posts_cat'][$categories[$i]][0]]; echo "
• " . $post['category'] . "
"; } echo "

"; } } /** * Show the cloud sideblock * @param type TAGS or CATEGORY */ function showBlockCloud($type) { global $imSettings; $max = 0; if ($type == "tags") { $tags = array(); foreach ($imSettings['blog']['posts'] as $id => $post) { foreach ($post['tag'] as $tag) { if ($tags[$tag] == null) $tags[$tag] = 1; else $tags[$tag] = $tags[$tag] + 1; if ($tags[$tag] > $max) $max = $tags[$tag]; } } $tags = shuffle_assoc($tags); $min_em = 0.95; $max_em = 1.25; foreach ($tags as $name => $number) { $size = number_format(($number/$max * ($max_em - $min_em)) + $min_em, 2, '.', ''); echo "\t\t\t\n"; echo "\t\t\t\t" . str_replace("_", " ", $name) . "\n"; echo "\t\t\t\n"; } } else if ($type == "categories") { $categories = array(); foreach ($imSettings['blog']['posts'] as $id => $post) { if ($categories[$post['category']] == null) $categories[$post['category']] = 1; else $categories[$post['category']] = $categories[$post['category']] + 1; if ($categories[$post['category']] > $max) $max = $categories[$post['category']]; } $categories[$category] = shuffle_assoc($categories[$category]); $min_em = 0.95; $max_em = 1.25; foreach ($categories as $name => $number) { $size = number_format(($number/$max * ($max_em - $min_em)) + $min_em, 2, '.', ''); echo "\t\t\t\n"; echo "\t\t\t\t" . $name . "\n"; echo "\t\t\t\n"; } } } /** * Show the month sideblock * @param n Number of entries */ function showBlockMonths($n) { global $imSettings; if (is_array($imSettings['blog']['posts_month'])) { $months = array_keys($imSettings['blog']['posts_month']); array_multisort($months, SORT_DESC); echo "

"; for ($i = 0; $i < count($months) && $i < $n; $i++) { $post = $imSettings['blog']['posts'][$imSettings['blog']['posts_cat'][$categories[$i]][0]]; echo "
• " . substr($months[$i], 4) . "/" . substr($months[$i], 0, 4) . "
"; } echo "

"; } } /** * Show the last posts block * @param n The number of post to show */ function showBlockLast($n) { global $imSettings; if (is_array($imSettings['blog']['posts'])) { echo "

"; for ($i = 0; $i < count($imSettings['blog']['posts']) && $i < $n; $i++) { $post = array_keys($imSettings['blog']['posts']); $post = $imSettings['blog']['posts'][$post[$i]]; echo "
• " . $post['title'] . "
"; } echo "

"; } } } /** * Guestbook class * @access public */ class imGuestBook { var $comments; var $path; var $email; var $direct_approval; // PHP 5 function __construct($path, $email = '', $direct_approval = TRUE) { if ($direct_approval == TRUE) $this->direct_approval = 1; else $this->direct_approval = 0; if ($email != "" && $email != null) $this->email = $email; $this->comments = new imComment(); if (substr($path, -1, 1) != "/" && $path != "") $path .= "/"; if ($path != null) $this->path = $path; else $this->path = $imSettings['general']['dir']; if (!file_exists($this->path) && $this->path != "" && $this->path != "./.") { mkdir($this->path, 0777, TRUE); } } // PHP 4 function imGuestBook($path, $email = '', $direct_approval = TRUE) { if ($direct_approval == TRUE) $this->direct_approval = 1; else $this->direct_approval = 0; if ($email != "" && $email != null) $this->email = $email; $this->comments = new imComment(); if (substr($path, -1, 1) != "/" && $path != "") $path .= "/"; if ($path != null) $this->path = $path; else $this->path = $imSettings['general']['dir']; if (!file_exists($this->path) && $this->path != "" && $this->path != "./.") { mkdir($this->path, 0777, TRUE); } } function formatTimestamp($ts) { return date("d/m/Y H:i:s", strtotime($ts)); } /** * Get the comments of the guestbook ID * @param id The guestbook ID */ function getComments($id) { global $imSettings; return $this->comments->getComments($this->path . "gb" . $id); } /** * Add a comment * @param id The guestbook ID * @param name The user's name * @param email The user's email * @param url The user's site url * @param body The user's message */ function addComment($id,$name,$email,$url,$body) { global $imSettings; if (!file_exists($this->path) && $this->path != "" && $this->path != "./.") @mkdir($this->path, 0777, TRUE); $em = new imSendEmail(); $em->sendGuestbookEmail($id, $name, $email, $url, $body, $this->direct_approval, $this->email); return $this->comments->addComment($this->path . "gb" . $id,$name,$email,$url,$body, "0", $this->direct_approval); } /** * Approve a comment * @param id the guestbook ID * @param n The comment number * @param approved Set 1 to approve */ function approveComment($id,$n,$approved) { global $imSettings; return $this->comments->approveComment($this->path . "gb" . $id,$n,$approved); } /** * Delete a comment * @param id the guestbook ID * @param n The comment number */ function removeComment($id,$n) { global $imSettings; return $this->comments->removeComment($this->path . "gb" . $id, $n); } /** * Abuse a comment * @param post the post ID * @param n The comment number * @param abuse Set 1 to abuse */ function setAbuse($id, $n, $abuse) { global $imSettings; return $this->comments->setAbuse($this->path . "gb" . $id, $n, $abuse); } /** * Show a guestbook * @param id the guestbook ID * @param captcha Set TRUE to show */ function showGuestBook($id, $captcha = TRUE) { global $imSettings; global $l10n; echo "

"; if(($c = $this->getComments($id)) != -1) { if(is_array($c)) foreach($c as $comment) if($comment['approved'] == 1) $ca[] = $comment; echo "

" . (count($ca) > 0 ? count($ca) . " " . (count($ca) > 1 ? $l10n['blog_comments'] : $l10n['blog_comment']) : $l10n['blog_no_comment']) . "

"; for($i = 0;$i < count($ca); $i++) { echo "

" . (stristr($ca[$i]['url'],"http") ? "" . $ca[$i]['name'] . "" : $ca[$i]['name']) . "

"; echo "

" . $this->formatTimestamp($ca[$i]['timestamp']) . "

"; echo "

" . $ca[$i]['body'] . "

"; echo "

"; } } else { echo "

" . $l10n['blog_no_comment'] . "

"; } if($_GET['ok_' . $id] == 1 && $this->direct_approval == 0) { echo "

" . $l10n['blog_send_confirmation'] . "

"; } if($_GET['err_' . $id] != "") { echo "

" . $l10n['blog_send_error'] . "

"; } echo "

" . $l10n['blog_name'] . "*

" . $l10n['blog_email'] . "*

" . $l10n['blog_website'] . "

" . $l10n['blog_message'] . "*

"; if ($captcha) echo "

" . $l10n['form_captcha_title'] . " 

"; echo "

"; } } /** * Star rating class * @access public */ class imStarRating { var $id; var $scale; // PHP 5 function __construct($id, $scale) { $this->id = $id; $this->scale = $scale; } // PHP 4 function imStarRating($id, $scale) { $this->id = $id; $this->scale = $scale; } /** * Get the rating from a file */ function getRating() { global $imSettings; $xml = new imXML(); $rating = $xml->parse_file($imSettings['general']['dir'] . "/" . $imSettings['guestbook']['file_prefix'] . "sr" . $this->id); if ($rating['scale'] == "" || $rating['scale'] == null) $rating['scale'] = $this->scale; if (is_array($rating)) return $rating; else return FALSE; } /** * Set a rating * @param value The rating value * @param scale The rating maximum value */ function setRating($value, $scale) { global $imSettings; $rating = $this->getRating(); if (!$rating) $rating = array('scale' => $scale, 'vote_sum' => 0, 'count' => 0); $rating['vote_sum'] += $value; $rating['count'] += 1; $fp = fopen($imSettings['general']['dir'] . "/" . $imSettings['guestbook']['file_prefix'] . "sr" . $this->id, "w"); if (!$fp) return FALSE; $xml = "\n"; $xml .= "\n"; $xml .= "\t" . $rating['count'] . "\n"; $xml .= "\t" . $rating['vote_sum'] . "\n"; $xml .= "\t" . $rating['scale'] . "\n"; $xml .= ""; fwrite($fp, $xml); fclose($fp); return TRUE; } /** * Show the rating widget */ function showWidget() { $html = "

\n"; $avg_vote = 0; if (@$_COOKIE[$this->id] != "y" && @$_POST['id'] != "" && @$_POST['scale'] != "" && @$_POST['value'] != "" && @$_POST['id'] == $this->id) { $this->setRating(@$_POST['value'], @$_POST['scale']); } $rating = $this->getRating(); if ($rating['count'] > 0) $avg_vote = round($rating['vote_sum'] / $rating['count'], 1); $html .= "Vote: " . $avg_vote . "/" . $this->scale . "
"; if (@$_COOKIE[$this->id] != "y") { for ($i = 0; $i < $rating['scale']; $i++) $html .= "id . "_star" . ($i + 1) . "\" class=\"imStarRating[" . ($i + 1) . "]\" />"; $html .= "\n"; } $html .= "

\n"; echo $html; } } /** * Server Test Class * @access public */ class imTest { /* * Session check */ function session_test() { global $l10n; if (!isset($_SESSION)) return array(FALSE, null); $_SESSION['imAdmin_test'] = "test_message"; if ($_SESSION['imAdmin_test'] != "test_message") return array(FALSE, $l10n['admin_test_session_suggestion']); return array(TRUE); } /* * Writable files check */ function writable_folder_test() { global $imSettings; global $l10n; $root = getcwd(); $dir = $imSettings['general']['dir']; if (!file_exists($imSettings['general']['dir']) && $imSettings['general']['dir'] != "" && $imSettings['general']['dir'] != "./.") @mkdir($imSettings['general']['dir'], 0777, TRUE); if ($dir != "" && !@chdir($dir)) { @chdir($root); return array(FALSE, $l10n['admin_test_folder_suggestion']); } $fp = @fopen("imAdmin_test_file", "w"); if (!$fp) { @chdir($root); return array(FALSE, $l10n['admin_test_folder_suggestion']); } if (fwrite($fp, "test") === FALSE) { @chdir($root); return array(FALSE, $l10n['admin_test_folder_suggestion']); } fclose($fp); if (file_exists("imAdmin_test_file")) { unlink("imAdmin_test_file"); @chdir($root); return array(TRUE); } @chdir($root); return array(FALSE, $l10n['admin_test_folder_suggestion']); } /* * PHP Version check */ function php_version_test() { global $l10n; $php_version = PHP_VERSION; if (version_compare($php_version, '4.0.0') < 0) return array(FALSE, $l10n['admin_test_version_suggestion']); return array(TRUE, $l10n['admin_test_version_suggestion']); } /* * MySQL Connection check */ function mysql_test() { global $imSettings; global $l10n; $r = TRUE; $dir = "mail"; if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== FALSE) { if ($file != ".." && $file != ".") include($dir . "/" . $file); } closedir($dh); } } if (is_array($settings)) { foreach ($settings as $form) { if ($form['db_host'] != NULL) { $test = new imDatabase($form['db_host'], $form['db_name'], $form['db_username'], $form['db_password'], "", ""); if ($test->test_connection() === FALSE) $r = FALSE; } } } return array($r, $l10n['admin_test_database_suggestion']); } /* * Do the test */ function doTest($name, $funct) { $result = $this->$funct(); if ($result[0]) echo "

" . $name . "PASS

"; else echo "

" . $name . "FAIL
" . $result[1] . "

"; } } /** * Google Webmaster Tools Class * @access public */ class imGoogle { var $auth; var $err = false; // PHP 5 function __construct($uname, $pwd, $service) { global $phpError; $curl = curl_init(); if (curl_setopt($curl, CURLOPT_URL, "https://www.google.com/accounts/ClientLogin") && !$phpError) { curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_POST, true); $post = array( 'accountType' => 'HOSTED_OR_GOOGLE', 'Email' => $uname, 'Passwd' => $pwd, 'service' => $service, 'source' => '' ); curl_setopt($curl, CURLOPT_POSTFIELDS, $post); $output = curl_exec($curl); $info = curl_getinfo($curl); curl_close($curl); if($info['http_code'] == 200) { preg_match('/Auth=(.*)/', $output, $match); if(isset($match[1])) $this->auth = $match[1]; else $this->auth = FALSE; } } else { $this->err = TRUE; return FALSE; } } // PHP 4 function imGoogle($uname, $pwd, $service) { global $phpError; $curl = curl_init(); if (curl_setopt($curl, CURLOPT_URL, "https://www.google.com/accounts/ClientLogin") && !$phpError) { curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_POST, true); $post = array( 'accountType' => 'HOSTED_OR_GOOGLE', 'Email' => $uname, 'Passwd' => $pwd, 'service' => $service, 'source' => '' ); curl_setopt($curl, CURLOPT_POSTFIELDS, $post); $output = curl_exec($curl); $info = curl_getinfo($curl); curl_close($curl); if($info['http_code'] == 200) { preg_match('/Auth=(.*)/', $output, $match); if(isset($match[1])) $this->auth = $match[1]; else $this->auth = FALSE; } } else { $this->err = TRUE; return FALSE; } } function urlencoding($site) { return str_replace(".", "%2E", urlencode($site)); } /** * Get an array with the data results from Google * @param site The site url * @param operation the operation id */ function readServiceData($site, $operation) { if ($this->auth === FALSE) return FALSE; if(strlen($site)>0)$request = $this->urlencoding($site) . "/" . $operation . "/"; else $request = $operation."/"; $url = "https://www.google.com/webmasters/tools/feeds/" . $request; $curl = curl_init(); $head = array("Authorization: GoogleLogin auth=" . $this->auth,"GData-Version: 2"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_HTTPHEADER, $head); $result = curl_exec($curl); $info = curl_getinfo($curl); curl_close($curl); if ($info['http_code']!=200) return FALSE; $xml = new imXML(); $xml_output = $xml->parse_string($result); return $xml_output; } function getKeywords($site) { return $this->readServiceData($site, "keywords"); } function getSitemap($site) { return $this->readServiceData($site, "sitemaps"); } function getMessages($site) { return $this->readServiceData($site, "messages"); } function getCrawler($site) { return $this->readServiceData($site, "crawlissues"); } } /** * Set the error handler */ function imErrorHandler($errno, $errstr, $errfile, $errline) { global $phpError; $phpError = true; return true; } set_error_handler("imErrorHandler"); /** * Useful functions */ function filterCode($str, $allow_links = FALSE) { global $imSettings; if (gettype($str) != 'string') return ""; // Remove javascript while (($start = imstripos($str, "") + strlen(""); $str = substr($str, 0, $start) . substr($str, $end); } // Remove PHP Code while (($start = imstripos($str, "") + strlen("?>"); $str = substr($str, 0, $start) . substr($str, $end); } // Remove ASP code while (($start = imstripos($str, "<%")) !== FALSE) { $end = imstripos($str, "%>") + strlen("<%"); $str = substr($str, 0, $start) . substr($str, $end); } // Allow only few tags $str = strip_tags($str, '' . ($allow_links ? '' : '')); // Remove XML injection code while (($start = imstripos($str, "") !== FALSE) { $end = imstripos($str, "]]>") + strlen("]]>"); $str = substr($str, 0, $start) . substr($str, $end); } else { $str = str_replace("")) !== FALSE) { $str = str_replace("]]>", "", $str); } $count = 1; while ($count) $str = preg_replace("/(<[\\s\\S]+) on.*\\=(['\"\"])[\\s\\S]+\\2/i", "\\1", $str, -1, $count); $matches = array(); preg_match_all('~~isU', $str, $matches); for ($i = 0; $i < count($matches[0]); $i++){ if (imstripos($matches[0][$i], 'nofollow') === FALSE && imstripos($matches[0][$i], $imSettings['general']['url']) === FALSE){ $result = trim($matches[0][$i], ">") . ' rel="nofollow">'; $str = str_replace(strtolower($matches[0][$i]), strtolower($result), $str); } } return $str; } function imPrintJsError() { global $l10n; $html = ""; $html .= $l10n['form_js_error']; $html .= ""; return $html; } function imCheckAccess($page) { $pa = new imPrivateArea(); $stat = $pa->checkAccess($page); if ($stat !== 0) { $pa->save_page(); header("Location: imlogin.php" . ($stat == -2 ? "?err=1" : "")); exit; } } function showGuestBook($id, $path, $email, $captcha = TRUE, $direct_approval = TRUE) { $gb = new imGuestBook($path, $email, $direct_approval); if (isset($_GET['abuse'])) $gb->setAbuse($id, $_GET['abuse'], 1); if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['body']) && isset($_POST['post_id']) && $_POST['post_id'] == $id) { $result = $gb->addComment($id,$_POST['name'],$_POST['email'],$_POST['url'],$_POST['body']); if ($result === 0) echo ""; else echo ""; } else $gb->showGuestBook($id, $captcha); } function showStarRating($id) { $rating = new imStarRating($id, 5); $rating->showWidget(); } function imCurrency($amount,$from,$to) { $amount = urlencode($amount); $from = urlencode($from); $to = urlencode($to); $url = "http://www.google.com/ig/calculator?hl=en&q=" . $amount . $from . "=?" . $to; $curl = curl_init(); $timeout = 0; curl_setopt ($curl, CURLOPT_URL, $url); curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($curl, CURLOPT_USERAGENT , "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)"); curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, $timeout); $rawdata = curl_exec($curl); curl_close($curl); $data = explode('"', $rawdata); $data = explode(' ', $data['3']); $var = $data['0']; return "{ \"value\": " . $var . "}"; } function imValidateVAT($vat, $country) { $url = "http://isvat.appspot.com/" . $country . "/" . $vat . "/?callback=?"; $curl = curl_init(); $timeout = 0; curl_setopt ($curl, CURLOPT_URL, $url); curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($curl, CURLOPT_USERAGENT , "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)"); curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, $timeout); return curl_exec($curl); } function shuffle_assoc($list) { if (!is_array($list)) return $list; $keys = array_keys($list); shuffle($keys); $random = array(); foreach ($keys as $key) $random[$key] = $list[$key]; return $random; } function imstripos($haystack, $needle , $offset = 0) { if (function_exists('stripos')) // Is PHP5+ return stripos($haystack, $needle, $offset); // PHP4 fallback return strpos(strtolower($haystack), strtolower($needle), $offset); } // End of file x5engine.php