From codesite-noreply @ google.com Sat Aug 1 01:40:57 2009 From: codesite-noreply @ google.com (codesite-noreply @ google.com) Date: Fri, 31 Jul 2009 16:40:57 +0000 Subject: =?ISO-2022-JP?B?W2dlZWtsb2ctanBdIHIxNzM0IGNvbW1pdHRlZCAtIEdlZWtsb2cgMS41LjJzcjUbJEIkRxsoQg==?= =?ISO-2022-JP?B?GyRCJE4lOyUtJWUlaiVGJSM9JEA1JHIlMyVfJUMlSCQ3JF4kOSEjGyhC?= Message-ID: <000e0cd15194af88b304700315b4@google.com> Revision: 1734 Author: tacahi Date: Fri Jul 31 07:48:50 2009 Log: Geeklog 1.5.2sr5でのセキュリティ修正をコミットします。 http://code.google.com/p/geeklog-jp/source/detail?r=1734 Modified: /branches/geeklog-1.5.2-jp/public_html/profiles.php ======================================= --- /branches/geeklog-1.5.2-jp/public_html/profiles.php Sat Feb 7 02:32:45 2009 +++ /branches/geeklog-1.5.2-jp/public_html/profiles.php Fri Jul 31 07:48:50 2009 @@ -231,7 +231,7 @@ $mail_template->set_var ('lang_subject', $LANG08[13]); $mail_template->set_var ('subject', $subject); $mail_template->set_var ('lang_message', $LANG08[14]); - $mail_template->set_var ('message', $message); + $mail_template->set_var ('message', htmlspecialchars($message)); $mail_template->set_var ('lang_nohtml', $LANG08[15]); $mail_template->set_var ('lang_submit', $LANG08[16]); $mail_template->set_var ('uid', $uid); @@ -300,9 +300,13 @@ return $retval; } - $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'"; - $result = DB_query ($sql); - $A = DB_fetchArray ($result); + $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); + $result = DB_query($sql); + if (DB_numRows($result) == 0) { + return COM_refresh($_CONF['site_url'] . '/index.php'); + } + $A = DB_fetchArray($result); + $shortmsg = COM_stripslashes ($shortmsg); $mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB; if (strlen ($shortmsg) > 0) { @@ -391,6 +395,12 @@ return $retval; } + + $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND')); + $A = DB_fetchArray($result); + if ($A['count'] == 0) { + return COM_refresh($_CONF['site_url'] . '/index.php'); + } if ($msg > 0) { $retval .= COM_showMessage ($msg); @@ -421,7 +431,7 @@ $mail_template->set_var('lang_toemailaddress', $LANG08[19]); $mail_template->set_var('toemail', $toemail); $mail_template->set_var('lang_shortmessage', $LANG08[27]); - $mail_template->set_var('shortmsg', $shortmsg); + $mail_template->set_var('shortmsg', htmlspecialchars($shortmsg)); $mail_template->set_var('lang_warning', $LANG08[22]); $mail_template->set_var('lang_sendmessage', $LANG08[16]); $mail_template->set_var('story_id',$sid); From codesite-noreply @ google.com Sat Aug 1 01:45:14 2009 From: codesite-noreply @ google.com (codesite-noreply @ google.com) Date: Fri, 31 Jul 2009 16:45:14 +0000 Subject: =?ISO-2022-JP?B?W2dlZWtsb2ctanBdIHIxNzM2IGNvbW1pdHRlZCAtIHIxNzA5GyRCJEgbKEJyMTcxMBskQiROSlEbKEI=?= =?ISO-2022-JP?B?GyRCOTkkcjg1JEtMYSQ3JF4kOSEjGyhC?= Message-ID: <000e0cd32872fc2c45047003249a@google.com> Revision: 1736 Author: tacahi Date: Fri Jul 31 08:01:11 2009 Log: r1709とr1710の変更を元に戻します。 http://code.google.com/p/geeklog-jp/source/detail?r=1736 Modified: /trunk/geeklog-1-jp-extended/CHANGES.jp /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/README /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/css/compatible.css /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/css/story.css ======================================= --- /trunk/geeklog-1-jp-extended/CHANGES.jp Wed Jul 22 06:35:50 2009 +++ /trunk/geeklog-1-jp-extended/CHANGES.jp Fri Jul 31 08:01:11 2009 @@ -1,13 +1,5 @@ $Id$ -2009-07-22 Masuko Koeda - - * WAIproCSSで記事にメディアギャラリーから画像を挿入した際、 - 記事の中のレイアウトが崩れないようスタイルを設定し - 記事に画像を添付し、自動タグで左右寄せにした際、 - 余白が入るようにスタイルを設定しました。 - この2つの修正をREADMEの更新履歴に記載しました。 - 2009-07-14 Masuko Koeda * WAIproCSSのadmin/lists/inline.thtml、lists/inline/list.thtml、 @@ -15,6 +7,7 @@ また、多言語モード有効でない時もタグにlang属性が入るように header.thtmlを修正しました。 + 2009-07-10 Masuko Koeda * r1669拡張版ProfessionalCSS/functions.phpと同じように ======================================= --- /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/README Wed Jul 22 06:06:31 2009 +++ /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/README Fri Jul 31 08:01:11 2009 @@ -364,10 +364,8 @@ + 追加 - 削除 -■Ver.2.4.0(2009-7-22) +■Ver.2.4.0(2009-7-6)  ・Geeklog 1.6.0に合わせて、ファイルを追加・修正・削除しました。 - ・記事にメディアギャラリーから画像を挿入した際、記事の中のレイアウトが崩 れないようスタイルを設定しました。(*/css/story.css) - ・記事に画像を添付し、自動タグで左右寄せ([imageX_right]、[imageX_left])に した際、余白が入るようにスタイルを設定しました。(*/css/compatible.css) ・管理画面ブロックの編集ページのテーブルレイアウトを修正し、チェックボッ クス等をlabel要素と関連付ける為にinput要素にid属性を追加しました。 (*/admin/block/defaultblockeditor.thtml) ・聞き飛ばし部分に入れているテキスト「記事」を「本文」に変更しました。 (*/header.thtml) ・パーミッションのチェックボックスをlabelタグと関連付ける為にinputタグに id属性を追加しました。(*/admin/common/edit_permissions.thtml) ======================================= --- /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/css/compatible.css Wed Jul 22 06:35:50 2009 +++ /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/css/compatible.css Fri Jul 31 08:01:11 2009 @@ -26,67 +26,65 @@ /* general alignment classes **************************************************/ .alignleft { - text-align: left; + text-align:left; } .alignright { - text-align: right; + text-align:right; } .aligncenter { - text-align: center; + text-align:center; } .aligntop { - vertical-align: top; + vertical-align:top; } .floatright { - float: right; - padding: 5px; + float:right; } .floatleft { - float: left; - padding: 5px; + float:left; } .clearboth { - clear: both; + clear:both; } /* Admin lists ****************************************************************/ .admin-menu-icon { - float: left; - padding: 5px; + float:left; + padding:5px; } .admin-menu { /* the box around the menu */ - padding: 5px; - border: 1px solid #EEEEEE; + padding:5px; + border:1px solid #EEEEEE; } .admin-menu-text { /* the text below the links */ - padding: 5px; + padding:5px; } .admin-menu-item { /* a single link in the menu */ padding: 0px 5px 0px 5px; } .admin-list-table { - width: 100%; - text-align: left; - border-spacing: 1px; + width:100%; + text-align:left; + border-spacing:1px; } .admin-list-table form { - margin: 0px; + margin:0px; } .admin-list-search { - text-align: center; - margin-top: 5px; - margin-bottom: 5px; + text-align:center; + margin-top:5px; + margin-bottom:5px; } .admin-list-field { - text-align: left; - padding-left: 5px; - padding-right: 5px; + text-align:left; + padding-left:5px; + padding-right:5px; } .admin-list-headerfield { - text-align: left; - padding-left: 5px; - padding-right: 5px; -/* font-size: larger;*/ + text-align:left; + padding-left:5px; + padding-right:5px; +/* font-size:larger;*/ } .plugin { @@ -143,7 +141,7 @@ .pluginHeader { padding-top: 3px; padding-bottom: 3px; - color: #204275; + color:#204275; font-weight: bolder; } ======================================= --- /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/css/story.css Wed Jul 22 06:35:50 2009 +++ /trunk/geeklog-1-jp-extended/public_html/layout/WAIproCSS/css/story.css Fri Jul 31 08:01:11 2009 @@ -85,7 +85,6 @@ /* 全文表示 */ div#centerblocks div.storytext p.more { - clear: both; margin: 0 0 2em; } @@ -156,7 +155,6 @@ /* 全文表示 */ div#centerblocks div.featuredstorytext p.more { - clear: both; margin: 0 0 2em; } From codesite-noreply @ google.com Sat Aug 1 01:51:40 2009 From: codesite-noreply @ google.com (codesite-noreply @ google.com) Date: Fri, 31 Jul 2009 16:51:40 +0000 Subject: [geeklog-jp] r1732 committed - Importing geeklog-1.5.2sr5-combo under externals. Message-ID: <000e0cd2e1a2f6446e0470033b16@google.com> Revision: 1732 Author: tacahi Date: Fri Jul 31 06:12:38 2009 Log: Importing geeklog-1.5.2sr5-combo under externals. http://code.google.com/p/geeklog-jp/source/detail?r=1732 Added: /externals/geeklog-1.5.2sr5-combo /externals/geeklog-1.5.2sr5-combo/README /externals/geeklog-1.5.2sr5-combo/public_html /externals/geeklog-1.5.2sr5-combo/public_html/profiles.php /externals/geeklog-1.5.2sr5-combo/public_html/usersettings.php /externals/geeklog-1.5.2sr5-combo/system /externals/geeklog-1.5.2sr5-combo/system/lib-admin.php /externals/geeklog-1.5.2sr5-combo/system/lib-sessions.php /externals/geeklog-1.5.2sr5-combo/system/lib-webservices.php ======================================= --- /dev/null +++ /externals/geeklog-1.5.2sr5-combo/README Fri Jul 31 06:12:38 2009 @@ -0,0 +1,77 @@ +"Combo" update for Geeklog 1.5.2 to Geeklog 1.5.2sr5 + +This archive contains only the files needed to upgrade from any Geeklog 1.5.2 +release to Geeklog 1.5.2sr5. + +To install, copy the 3 files in the "system" directory over the files of the +same name on your webserver. + +Then copy the files in the "public_html" directory over the file of the same +name on your webserver. + +Finally, edit public_html/siteconfig.php and change the version number +to 1.5.2sr5 like so: + + define('VERSION', '1.5.2sr5'); + + + +Jul 30, 2009 (1.5.2sr5) +------------ + +This release addresses the following security issues: +- Gerendi Sandor Attila reported an XSS in the forms to email a user and to + email a story to a friend. +- The "Mail Story to a Friend" function didn't check story permissions, so that + it was possible to email a story even if you didn't have the permissions to + view it on the site. + + +Apr 18, 2009 (1.5.2sr4) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, +targetting an old bug in usersettings.php. As with the previous issues, this +allowed an attacker to extract the password hash for any account and is fixed +with this release. + +See http://www.geeklog.net/article.php/geeklog-1.5.2sr4 for more information. + + +Apr 13, 2009 (1.5.2sr3) +------------ + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted another SQL injection exploit, this +time targetting the webservices API. As with the previous issue, this allowed +an attacker to extract the password hash for any account and is fixed with this +release. + +See http://www.geeklog.net/article.php/geeklog-1.5.2sr3 for more information. + + +Apr 4, 2009 (1.5.2sr2) +----------- + +This release addresses the following security issue: + +Bookoo of the Nine Situations Group posted an SQL injection exploit for glFusion +that also works with Geeklog. This issue allowed an attacker to extract the +password hash for any account and is fixed with this release. + +See http://www.geeklog.net/article.php/geeklog-1.5.2sr2 for more information. + + +Mar 30, 2009 (1.5.2sr1) +------------ + +This release addresses the following security issue: + +Fernando Munoz reported a possible XSS in the query form on most admin panels +that we are fixing with this release (bug #0000841). + +See http://www.geeklog.net/article.php/geeklog-1.5.2sr1 for more information. + ======================================= --- /dev/null +++ /externals/geeklog-1.5.2sr5-combo/public_html/profiles.php Fri Jul 31 06:12:38 2009 @@ -0,0 +1,545 @@ + 0) { + return COM_refresh ($_CONF['site_url'] . '/index.php?msg=85'); + } + + if (!empty($author) && !empty($subject) && !empty($message)) { + if (COM_isemail($authoremail)) { + $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = $uid"); + $A = DB_fetchArray($result); + + // Append the user's signature to the message + $sig = ''; + if (!COM_isAnonUser()) { + $sig = DB_getItem($_TABLES['users'], 'sig', + "uid={$_USER['uid']}"); + if (!empty ($sig)) { + $sig = strip_tags (COM_stripslashes ($sig)); + $sig = "\n\n-- \n" . $sig; + } + } + + $subject = COM_stripslashes ($subject); + $message = COM_stripslashes ($message); + + // do a spam check with the unfiltered message text and subject + $mailtext = $subject . "\n" . $message . $sig; + $result = PLG_checkforSpam ($mailtext, $_CONF['spamx']); + if ($result > 0) { + COM_updateSpeedlimit ('mail'); + COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); + } + + $msg = PLG_itemPreSave ('contact', $message); + if (!empty ($msg)) { + $retval .= COM_siteHeader ('menu', '') + . COM_errorLog ($msg, 2) + . contactform ($uid, $subject, $message) + . COM_siteFooter (); + + return $retval; + } + + $subject = strip_tags ($subject); + $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); + $message = strip_tags ($message) . $sig; + if (!empty ($A['fullname'])) { + $to = COM_formatEmailAddress ($A['fullname'], $A['email']); + } else { + $to = COM_formatEmailAddress ($A['username'], $A['email']); + } + $from = COM_formatEmailAddress ($author, $authoremail); + + $sent = COM_mail($to, $subject, $message, $from); + COM_updateSpeedlimit('mail'); + + $retval .= COM_refresh($_CONF['site_url'] + . '/users.php?mode=profile&uid=' . $uid + . '&msg=' . ($sent ? '27' : '85')); + } else { + $subject = strip_tags ($subject); + $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); + $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); + $retval .= COM_siteHeader ('menu', $LANG04[81]) + . COM_errorLog ($LANG08[3], 2) + . contactform ($uid, $subject, $message) + . COM_siteFooter (); + } + } else { + $subject = strip_tags ($subject); + $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); + $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); + $retval .= COM_siteHeader ('menu', $LANG04[81]) + . COM_errorLog ($LANG08[4], 2) + . contactform ($uid, $subject, $message) + . COM_siteFooter (); + } + + return $retval; +} + +/** +* Displays the contact form +* +* @param int $uid User ID of article author +* @param string $subject Subject of email +* @param string $message Text of message to send +* @return string HTML for the contact form +* +*/ +function contactform ($uid, $subject = '', $message = '') +{ + global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN; + + $retval = ''; + + if (COM_isAnonUser() && (($_CONF['loginrequired'] == 1) || + ($_CONF['emailuserloginrequired'] == 1))) { + $retval = COM_startBlock ($LANG_LOGIN[1], '', + COM_getBlockTemplate ('_msg_block', 'header')); + $login = new Template($_CONF['path_layout'] . 'submit'); + $login->set_file (array ('login'=>'submitloginrequired.thtml')); + $login->set_var ( 'xhtml', XHTML ); + $login->set_var ('site_url', $_CONF['site_url']); + $login->set_var ('site_admin_url', $_CONF['site_admin_url']); + $login->set_var ('layout_url', $_CONF['layout_url']); + $login->set_var ('login_message', $LANG_LOGIN[2]); + $login->set_var ('lang_login', $LANG_LOGIN[3]); + $login->set_var ('lang_newuser', $LANG_LOGIN[4]); + $login->parse ('output', 'login'); + $retval .= $login->finish ($login->get_var('output')); + $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); + } else { + $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'"); + $P = DB_fetchArray ($result); + if (SEC_inGroup ('Root') || SEC_hasRights ('user.mail')) { + $isAdmin = true; + } else { + $isAdmin = false; + } + + $displayname = COM_getDisplayName ($uid); + if ((($P['emailfromadmin'] == 1) && $isAdmin) || + (($P['emailfromuser'] == 1) && !$isAdmin)) { + + $retval = COM_startBlock ($LANG08[10] . ' ' . $displayname); + $mail_template = new Template ($_CONF['path_layout'] . 'profiles'); + $mail_template->set_file ('form', 'contactuserform.thtml'); + $mail_template->set_var ( 'xhtml', XHTML ); + $mail_template->set_var ('site_url', $_CONF['site_url']); + $mail_template->set_var ('lang_description', $LANG08[26]); + $mail_template->set_var ('lang_username', $LANG08[11]); + if (COM_isAnonUser()) { + $sender = ''; + if (isset ($_POST['author'])) { + $sender = strip_tags ($_POST['author']); + $sender = substr ($sender, 0, strcspn ($sender, "\r\n")); + $sender = htmlspecialchars (trim ($sender), ENT_QUOTES); + } + $mail_template->set_var ('username', $sender); + } else { + $mail_template->set_var ('username', + COM_getDisplayName ($_USER['uid'], $_USER['username'], + $_USER['fullname'])); + } + $mail_template->set_var ('lang_useremail', $LANG08[12]); + if (COM_isAnonUser()) { + $email = ''; + if (isset ($_POST['authoremail'])) { + $email = strip_tags ($_POST['authoremail']); + $email = substr ($email, 0, strcspn ($email, "\r\n")); + $email = htmlspecialchars (trim ($email), ENT_QUOTES); + } + $mail_template->set_var ('useremail', $email); + } else { + $mail_template->set_var ('useremail', $_USER['email']); + } + $mail_template->set_var ('lang_subject', $LANG08[13]); + $mail_template->set_var ('subject', $subject); + $mail_template->set_var ('lang_message', $LANG08[14]); + $mail_template->set_var ('message', htmlspecialchars($message)); + $mail_template->set_var ('lang_nohtml', $LANG08[15]); + $mail_template->set_var ('lang_submit', $LANG08[16]); + $mail_template->set_var ('uid', $uid); + PLG_templateSetVars ('contact', $mail_template); + $mail_template->parse ('output', 'form'); + $retval .= $mail_template->finish ($mail_template->get_var ('output')); + $retval .= COM_endBlock (); + } else { + $retval = COM_startBlock ($LANG08[10] . ' ' . $displayname, '', + COM_getBlockTemplate ('_msg_block', 'header')); + $retval .= $LANG08[35]; + $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', + 'footer')); + } + } + + return $retval; +} + +/** +* Email story to a friend +* +* @param string $sid id of story to email +* @param string $to name of person / friend to email +* @param string $toemail friend's email address +* @param string $from name of person sending the email +* @param string $fromemail sender's email address +* @param string $shortmsg short intro text to send with the story +* @return string Meta refresh +* +* Modification History +* +* Date Author Description +* ---- ------ ----------- +* 4/17/01 Tony Bibbs Code now allows anonymous users to send email +* and it allows user to input a message as well +* Thanks to Yngve Wassvik Bergheim for some of +* this code +* +*/ +function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) +{ + global $_CONF, $_TABLES, $LANG01, $LANG08; + + $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); + if ($_CONF['url_rewrite']) { + $retval = COM_refresh($storyurl . '?msg=85'); + } else { + $retval = COM_refresh($storyurl . '&msg=85'); + } + + // check for correct $_CONF permission + if (COM_isAnonUser() && (($_CONF['loginrequired'] == 1) || + ($_CONF['emailstoryloginrequired'] == 1))) { + return $retval; + } + + // check if emailing of stories is disabled + if ($_CONF['hideemailicon'] == 1) { + return $retval; + } + + // check mail speedlimit + COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); + if (COM_checkSpeedlimit('mail') > 0) { + return $retval; + } + + $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); + $result = DB_query($sql); + if (DB_numRows($result) == 0) { + return COM_refresh($_CONF['site_url'] . '/index.php'); + } + $A = DB_fetchArray($result); + + $shortmsg = COM_stripslashes ($shortmsg); + $mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB; + if (strlen ($shortmsg) > 0) { + $mailtext .= LB . sprintf ($LANG08[28], $from) . $shortmsg . LB; + } + + // just to make sure this isn't an attempt at spamming users ... + $result = PLG_checkforSpam ($mailtext, $_CONF['spamx']); + if ($result > 0) { + COM_updateSpeedlimit ('mail'); + COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); + } + + $mailtext .= '------------------------------------------------------------' + . LB . LB + . COM_undoSpecialChars (stripslashes ($A['title'])) . LB + . strftime ($_CONF['date'], $A['day']) . LB; + + if ($_CONF['contributedbyline'] == 1) { + $author = COM_getDisplayName ($A['uid']); + $mailtext .= $LANG01[1] . ' ' . $author . LB; + } + $mailtext .= LB + . COM_undoSpecialChars(stripslashes(strip_tags($A['introtext']))).LB.LB + . COM_undoSpecialChars(stripslashes(strip_tags($A['bodytext']))).LB.LB + . '------------------------------------------------------------'.LB; + if ($A['commentcode'] == 0) { // comments allowed + $mailtext .= $LANG08[24] . LB + . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' + . $sid . '#comments'); + } else { // comments not allowed - just add the story's URL + $mailtext .= $LANG08[33] . LB + . COM_buildUrl ($_CONF['site_url'] . '/article.php?story=' + . $sid); + } + + $mailto = COM_formatEmailAddress ($to, $toemail); + $mailfrom = COM_formatEmailAddress ($from, $fromemail); + $subject = COM_undoSpecialChars(strip_tags(stripslashes('Re: '.$A['title']))); + + $sent = COM_mail ($mailto, $subject, $mailtext, $mailfrom); + COM_updateSpeedlimit ('mail'); + + // Increment numemails counter for story + DB_query ("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '$sid'"); + + if ($_CONF['url_rewrite']) { + $retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85')); + } else { + $retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85')); + } + + return $retval; +} + +/** +* Display form to email a story to someone. +* +* @param string $sid ID of article to email +* @return string HTML for email story form +* +*/ +function mailstoryform ($sid, $to = '', $toemail = '', $from = '', + $fromemail = '', $shortmsg = '', $msg = 0) +{ + global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN; + + $retval = ''; + + if (COM_isAnonUser() && (($_CONF['loginrequired'] == 1) || + ($_CONF['emailstoryloginrequired'] == 1))) { + $retval = COM_startBlock ($LANG_LOGIN[1], '', + COM_getBlockTemplate ('_msg_block', 'header')); + $login = new Template($_CONF['path_layout'] . 'submit'); + $login->set_file (array ('login'=>'submitloginrequired.thtml')); + $login->set_var ( 'xhtml', XHTML ); + $login->set_var ('site_url', $_CONF['site_url']); + $login->set_var ('site_admin_url', $_CONF['site_admin_url']); + $login->set_var ('layout_url', $_CONF['layout_url']); + $login->set_var ('login_message', $LANG_LOGIN[2]); + $login->set_var ('lang_login', $LANG_LOGIN[3]); + $login->set_var ('lang_newuser', $LANG_LOGIN[4]); + $login->parse ('output', 'login'); + $retval .= $login->finish ($login->get_var('output')); + $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); + + return $retval; + } + + $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND')); + $A = DB_fetchArray($result); + if ($A['count'] == 0) { + return COM_refresh($_CONF['site_url'] . '/index.php'); + } + + if ($msg > 0) { + $retval .= COM_showMessage ($msg); + } + + if (empty ($from) && empty ($fromemail)) { + if (!COM_isAnonUser()) { + $from = COM_getDisplayName ($_USER['uid'], $_USER['username'], + $_USER['fullname']); + $fromemail = DB_getItem ($_TABLES['users'], 'email', + "uid = {$_USER['uid']}"); + } + } + + $mail_template = new Template($_CONF['path_layout'] . 'profiles'); + $mail_template->set_file('form', 'contactauthorform.thtml'); + $mail_template->set_var( 'xhtml', XHTML ); + $mail_template->set_var('site_url', $_CONF['site_url']); + $mail_template->set_var('site_admin_url', $_CONF['site_admin_url']); + $mail_template->set_var('layout_url', $_CONF['layout_url']); + $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17])); + $mail_template->set_var('lang_fromname', $LANG08[20]); + $mail_template->set_var('name', $from); + $mail_template->set_var('lang_fromemailaddress', $LANG08[21]); + $mail_template->set_var('email', $fromemail); + $mail_template->set_var('lang_toname', $LANG08[18]); + $mail_template->set_var('toname', $to); + $mail_template->set_var('lang_toemailaddress', $LANG08[19]); + $mail_template->set_var('toemail', $toemail); + $mail_template->set_var('lang_shortmessage', $LANG08[27]); + $mail_template->set_var('shortmsg', htmlspecialchars($shortmsg)); + $mail_template->set_var('lang_warning', $LANG08[22]); + $mail_template->set_var('lang_sendmessage', $LANG08[16]); + $mail_template->set_var('story_id',$sid); + PLG_templateSetVars ('emailstory', $mail_template); + $mail_template->set_var('end_block', COM_endBlock()); + $mail_template->parse('output', 'form'); + $retval .= $mail_template->finish($mail_template->get_var('output')); + + return $retval; +} + + +// MAIN +$display = ''; + +if (isset ($_POST['what'])) { + $what = COM_applyFilter ($_POST['what']); +} else if (isset ($_GET['what'])) { + $what = COM_applyFilter ($_GET['what']); +} else { + $what = ''; +} + +switch ($what) { + case 'contact': + $uid = COM_applyFilter ($_POST['uid'], true); + if ($uid > 1) { + $display .= contactemail ($uid, $_POST['author'], + $_POST['authoremail'], $_POST['subject'], + $_POST['message']); + } else { + $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); + } + break; + + case 'emailstory': + $sid = COM_applyFilter ($_GET['sid']); + if (empty ($sid)) { + $display = COM_refresh ($_CONF['site_url'] . '/index.php'); + } else if ($_CONF['hideemailicon'] == 1) { + $display = COM_refresh (COM_buildUrl ($_CONF['site_url'] + . '/article.php?story=' . $sid)); + } else { + $display .= COM_siteHeader ('menu', $LANG08[17]) + . mailstoryform ($sid) + . COM_siteFooter (); + } + break; + + case 'sendstory': + $sid = COM_applyFilter ($_POST['sid']); + if (empty ($sid)) { + $display = COM_refresh ($_CONF['site_url'] . '/index.php'); + } else { + if (empty ($_POST['toemail']) || empty ($_POST['fromemail']) + || !COM_isEmail ($_POST['toemail']) + || !COM_isEmail ($_POST['fromemail'])) { + $display .= COM_siteHeader ('menu', $LANG08[17]) + . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), + COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), + $_POST['shortmsg'], 52) + . COM_siteFooter (); + } else if (empty ($_POST['to']) || empty ($_POST['from']) || + empty ($_POST['shortmsg'])) { + $display .= COM_siteHeader ('menu', $LANG08[17]) + . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), + COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), + $_POST['shortmsg']) + . COM_siteFooter (); + } else { + $msg = PLG_itemPreSave ('emailstory', $_POST['shortmsg']); + if (!empty ($msg)) { + $display .= COM_siteHeader ('menu', '') + . COM_errorLog ($msg, 2) + . mailstoryform ($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), + COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), + $_POST['shortmsg']) + . COM_siteFooter (); + } else { + $display .= mailstory ($sid, $_POST['to'], $_POST['toemail'], + $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']); + } + } + } + break; + + default: + if (isset ($_GET['uid'])) { + $uid = COM_applyFilter ($_GET['uid'], true); + } else { + $uid = 0; + } + if ($uid > 1) { + $subject = ''; + if (isset ($_GET['subject'])) { + $subject = strip_tags ($_GET['subject']); + $subject = substr ($subject, 0, strcspn ($subject, "\r\n")); + $subject = htmlspecialchars (trim ($subject), ENT_QUOTES); + } + $display .= COM_siteHeader ('menu', $LANG04[81]) + . contactform ($uid, $subject) + . COM_siteFooter (); + } else { + $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); + } + break; +} + +echo $display; + +?> ======================================= --- /dev/null +++ /externals/geeklog-1.5.2sr5-combo/public_html/usersettings.php Fri Jul 31 06:12:38 2009 @@ -0,0 +1,1540 @@ +set_file (array ('profile' => 'profile.thtml', + 'photo' => 'userphoto.thtml', + 'username' => 'username.thtml', + 'deleteaccount' => 'deleteaccount.thtml')); + + include ($_CONF['path_system'] . 'classes/navbar.class.php'); + $navbar = new navbar; + $cnt = 0; + foreach ($LANG_MYACCOUNT as $id => $label) { + $navbar->add_menuitem($label,'showhideProfileEditorDiv("'.$id.'",'.$cnt.');return false;',true); + $cnt++; + } + $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']); + $preferences->set_var ( 'xhtml', XHTML ); + $preferences->set_var ('navbar', $navbar->generate()); + + $preferences->set_var ('site_url', $_CONF['site_url']); + $preferences->set_var ('layout_url', $_CONF['layout_url']); + $preferences->set_var ('no_javascript_warning',$LANG04[150]); + + $preferences->set_var ('cssid1', 1); + $preferences->set_var ('cssid2', 2); + + $preferences->set_var ('preview', userprofile($_USER['uid'])); + $preferences->set_var ('prefs', editpreferences()); + + // some trickery to ensure alternating colors with the available options ... + if ($_CONF['allow_username_change'] == 1) { + $first = 1; + $second = 2; + } else { + $first = 2; + $second = 1; + } + $preferences->set_var ('cssid1u', $first); + $preferences->set_var ('cssid2u', $second); + + if ($_CONF['allow_user_photo'] == 1) { + $tmp = $first; + $first = $second; + $second = $tmp; + } + $preferences->set_var ('cssid1p', $first); + $preferences->set_var ('cssid2p', $second); + + $preferences->set_var ('lang_fullname', $LANG04[3]); + $preferences->set_var ('lang_fullname_text', $LANG04[34]); + $preferences->set_var ('lang_username', $LANG04[2]); + $preferences->set_var ('lang_username_text', $LANG04[87]); + $preferences->set_var ('lang_password_help_title', $LANG04[146]); + $preferences->set_var ('lang_password_help', $LANG04[147]); + $preferences->set_var ('lang_password', $LANG04[4]); + $preferences->set_var ('lang_password_text', $LANG04[35]); + $preferences->set_var ('lang_password_conf', $LANG04[108]); + $preferences->set_var ('lang_password_text_conf', $LANG04[109]); + $preferences->set_var ('lang_old_password', $LANG04[110]); + $preferences->set_var ('lang_old_password_text', $LANG04[111]); + $preferences->set_var ('lang_cooktime', $LANG04[68]); + $preferences->set_var ('lang_cooktime_text', $LANG04[69]); + $preferences->set_var ('lang_email', $LANG04[5]); + $preferences->set_var ('lang_email_text', $LANG04[33]); + $preferences->set_var ('lang_email_conf', $LANG04[124]); + $preferences->set_var ('lang_email_conf_text', $LANG04[126]); + $preferences->set_var ('lang_userinfo_help_title', $LANG04[148]); + $preferences->set_var ('lang_userinfo_help', $LANG04[149]); + $preferences->set_var ('lang_homepage', $LANG04[6]); + $preferences->set_var ('lang_homepage_text', $LANG04[36]); + $preferences->set_var ('lang_location', $LANG04[106]); + $preferences->set_var ('lang_location_text', $LANG04[107]); + $preferences->set_var ('lang_signature', $LANG04[32]); + $preferences->set_var ('lang_signature_text', $LANG04[37]); + $preferences->set_var ('lang_userphoto', $LANG04[77]); + $preferences->set_var ('lang_userphoto_text', $LANG04[78]); + $preferences->set_var ('lang_about', $LANG04[7]); + $preferences->set_var ('lang_about_text', $LANG04[38]); + $preferences->set_var ('lang_pgpkey', $LANG04[8]); + $preferences->set_var ('lang_pgpkey_text', $LANG04[39]); + $preferences->set_var ('lang_submit', $LANG04[9]); + $preferences->set_var ('lang_cancel',$LANG_ADMIN['cancel']); + $preferences->set_var ('lang_preview_title', $LANG04[145]); + $preferences->set_var ('lang_enter_current_password', $LANG04[127]); + $preferences->set_var ('lang_name_legend', $LANG04[128]); + $preferences->set_var ('lang_password_email_legend', $LANG04[129]); + $preferences->set_var ('lang_personal_info_legend', $LANG04[130]); + + $display_name = COM_getDisplayName ($_USER['uid']); + + //$preferences->set_var ('start_block_profile', + // COM_startBlock ($LANG04[1] . ' ' . $display_name)); + //$preferences->set_var ('end_block', COM_endBlock ()); + + $preferences->set_var ('profile_headline', + $LANG04[1] . ' ' . $display_name); + + if ($_CONF['allow_user_photo'] == 1) { + $preferences->set_var ('enctype', 'enctype="multipart/form-data"'); + } else { + $preferences->set_var ('enctype', ''); + } + $preferences->set_var ('fullname_value', htmlspecialchars ($A['fullname'])); + $preferences->set_var ('new_username_value', + htmlspecialchars ($_USER['username'])); + $preferences->set_var ('password_value', ''); + if ($_CONF['allow_username_change'] == 1) { + $preferences->parse ('username_option', 'username', true); + } else { + $preferences->set_var ('username_option', ''); + } + + $selection = ''; + $preferences->set_var ('cooktime_selector', $selection); + + $preferences->set_var ('email_value', htmlspecialchars ($A['email'])); + $preferences->set_var ('homepage_value', + htmlspecialchars (COM_killJS ($A['homepage']))); + $preferences->set_var ('location_value', + htmlspecialchars (strip_tags ($A['location']))); + $preferences->set_var ('signature_value', htmlspecialchars ($A['sig'])); + + if ($_CONF['allow_user_photo'] == 1) { + $photo = USER_getPhoto ($_USER['uid'], $A['photo'], $A['email'], -1); + if (empty ($photo)) { + $preferences->set_var ('display_photo', ''); + } else { + if (empty ($A['photo'])) { // external avatar + $photo = '' . $photo; + } else { // uploaded photo - add delete option + $photo = '' . $photo . '' . $LANG04[79] + . ' ' + . LB; + } + $preferences->set_var ('display_photo', $photo); + } + $preferences->parse ('userphoto_option', 'photo', true); + } else { + $preferences->set_var ('userphoto_option', ''); + } + + $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}"); + $A = DB_fetchArray($result); + + $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); + DB_change ($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']); + + $preferences->set_var ('about_value', htmlspecialchars ($A['about'])); + $preferences->set_var ('pgpkey_value', htmlspecialchars ($A['pgpkey'])); + $preferences->set_var ('uid_value', $reqid); + $preferences->set_var ('username_value', + htmlspecialchars ($_USER['username'])); + + if ($_CONF['allow_account_delete'] == 1) { + $preferences->set_var ('lang_deleteaccount', $LANG04[156]); + $preferences->set_var ('delete_text', $LANG04[95]); + $preferences->set_var ('lang_button_delete', $LANG04[96]); + $preferences->set_var ('delete_mode', 'confirmdelete'); + $preferences->set_var ('account_id', $reqid); + if (isset ($LANG04[157])) { + $preferences->set_var ('lang_deleteoption', $LANG04[157]); + } else { + $preferences->set_var ('lang_deleteoption', $LANG04[156]); + } + $preferences->parse ('delete_account_option', 'deleteaccount', false); + } else { + $preferences->set_var ('delete_account_option', ''); + } + + // Call custom account form and edit function if enabled and exists + if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) { + $preferences->set_var ('customfields', CUSTOM_userEdit($_USER['uid']) ); + } + + PLG_profileVariablesEdit ($_USER['uid'], $preferences); + + $retval = $preferences->finish ($preferences->parse ('output', 'profile')); + $retval .= PLG_profileBlocksEdit ($_USER['uid']); + + return $retval; +} + +/** +* Ask user for confirmation to delete his/her account. +* +* @param string form_reqid request id +* @return string confirmation form +* +*/ +function confirmAccountDelete ($form_reqid) +{ + global $_CONF, $_TABLES, $_USER, $LANG04; + + if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), array ($form_reqid, $_USER['uid'])) != 1) { + // not found - abort + return COM_refresh ($_CONF['site_url'] . '/index.php'); + } + + // to change the password, email address, or cookie timeout, + // we need the user's current password + if (empty($_POST['old_passwd']) || + (SEC_encryptPassword($_POST['old_passwd']) != $_USER['passwd'])) { + return COM_refresh($_CONF['site_url'] + . '/usersettings.php?msg=84'); + } + + $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); + DB_change ($_TABLES['users'], 'pwrequestid', "$reqid", + 'uid', $_USER['uid']); + + $retval = ''; + + $retval .= COM_siteHeader ('menu', $LANG04[97]); + $retval .= COM_startBlock ($LANG04[97], '', + COM_getBlockTemplate ('_msg_block', 'header')); + $retval .= '

' . $LANG04[98] . '

' . LB; + $retval .= '
' . LB; + $retval .= '

' . LB; + $retval .= '' . LB; + $retval .= '' . LB; + $retval .= '
' . LB; + $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); + $retval .= COM_siteFooter (); + + return $retval; +} + +/** +* Delete an account +* +* @param string form_reqid request id +* @return string redirection to main page (+ success msg) +* +*/ +function deleteUserAccount ($form_reqid) +{ + global $_CONF, $_TABLES, $_USER; + + if (DB_count ($_TABLES['users'], array ('pwrequestid', 'uid'), + array ($form_reqid, $_USER['uid'])) != 1) { + // not found - abort + return COM_refresh ($_CONF['site_url'] . '/index.php'); + } + + if (!USER_deleteAccount ($_USER['uid'])) { + return COM_refresh ($_CONF['site_url'] . '/index.php'); + } + + return COM_refresh ($_CONF['site_url'] . '/index.php?msg=57'); +} + +/** +* Displays user preferences +* +*/ +function editpreferences() +{ + global $_TABLES, $_CONF, $LANG04, $_USER, $_GROUPS; + + $result = DB_query("SELECT noicons,willing,dfid,tzid,noboxes,maxstories,tids,aids,boxes,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userprefs']},{$_TABLES['userindex']} WHERE {$_TABLES['userindex']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']}"); + + $A = DB_fetchArray($result); + + // 'maxstories' may be 0, in which case it will pick up the default + // setting for the current topic or $_CONF['limitnews'] (see index.php) + if (empty ($A['maxstories'])) { + $A['maxstories'] = 0; + } else if ($A['maxstories'] > 0) { + if ($A['maxstories'] < $_CONF['minnews']) { + $A['maxstories'] = $_CONF['minnews']; + } + } + + $preferences = new Template ($_CONF['path_layout'] . 'preferences'); + $preferences->set_file (array ('prefs' => 'displayprefs.thtml', + 'display' => 'displayblock.thtml', + 'exclude' => 'excludeblock.thtml', + 'digest' => 'digestblock.thtml', + 'boxes' => 'boxesblock.thtml', + 'comment' => 'commentblock.thtml', + 'language' => 'language.thtml', + 'theme' => 'theme.thtml', + 'privacy' => 'privacyblock.thtml' + )); + $preferences->set_var ( 'xhtml', XHTML ); + $preferences->set_var ('site_url', $_CONF['site_url']); + $preferences->set_var ('layout_url', $_CONF['layout_url']); + + $preferences->set_var ('user_name', $_USER['username']); + + $preferences->set_var ('lang_language', $LANG04[73]); + $preferences->set_var ('lang_theme', $LANG04[72]); + $preferences->set_var ('lang_theme_text', $LANG04[74]); + $preferences->set_var ('lang_misc_title', $LANG04[138]); + $preferences->set_var ('lang_misc_help_title', $LANG04[139]); + $preferences->set_var ('lang_misc_help', $LANG04[140]); + $preferences->set_var ('lang_noicons', $LANG04[40]); + $preferences->set_var ('lang_noicons_text', $LANG04[49]); + $preferences->set_var ('lang_noboxes', $LANG04[44]); + $preferences->set_var ('lang_noboxes_text', $LANG04[51]); + $preferences->set_var ('lang_maxstories', $LANG04[43]); + if (strpos ($LANG04[52], '%d') === false) { + $maxtext = $LANG04[52] . ' ' . $_CONF['limitnews']; + } else { + $maxtext = sprintf ($LANG04[52], $_CONF['limitnews']); + } + $preferences->set_var ('lang_maxstories_text', $maxtext); + $preferences->set_var ('lang_dateformat', $LANG04[42]); + $preferences->set_var ('lang_excluded_items_title', $LANG04[137]); + $preferences->set_var ('lang_excluded_items', $LANG04[54]); + $preferences->set_var ('lang_exclude_title', $LANG04[136]); + $preferences->set_var ('lang_topics', $LANG04[48]); + $preferences->set_var ('lang_emailedtopics', $LANG04[76]); + $preferences->set_var ('lang_digest_top_header', $LANG04[131]); + $preferences->set_var ('lang_digest_help_header', $LANG04[132]); + $preferences->set_var ('lang_boxes_title', $LANG04[144]); + $preferences->set_var ('lang_boxes_help_title', $LANG04[143]); + $preferences->set_var ('lang_boxes', $LANG04[55]); + $preferences->set_var ('lang_displaymode', $LANG04[57]); + $preferences->set_var ('lang_displaymode_text', $LANG04[60]); + $preferences->set_var ('lang_sortorder', $LANG04[58]); + $preferences->set_var ('lang_sortorder_text', $LANG04[61]); + $preferences->set_var ('lang_comment_title', $LANG04[133]); + $preferences->set_var ('lang_comment_help_title', $LANG04[134]); + $preferences->set_var ('lang_comment_help', $LANG04[135]); + $preferences->set_var ('lang_commentlimit', $LANG04[59]); + $preferences->set_var ('lang_commentlimit_text', $LANG04[62]); + $preferences->set_var ('lang_privacy_title', $LANG04[141]); + $preferences->set_var ('lang_privacy_help_title', $LANG04[141]); + $preferences->set_var ('lang_privacy_help', $LANG04[142]); + $preferences->set_var ('lang_emailfromadmin', $LANG04[100]); + $preferences->set_var ('lang_emailfromadmin_text', $LANG04[101]); + $preferences->set_var ('lang_emailfromuser', $LANG04[102]); + $preferences->set_var ('lang_emailfromuser_text', $LANG04[103]); + $preferences->set_var ('lang_showonline', $LANG04[104]); + $preferences->set_var ('lang_showonline_text', $LANG04[105]); + $preferences->set_var ('lang_submit', $LANG04[9]); + + $display_name = COM_getDisplayName ($_USER['uid']); + + $preferences->set_var ('lang_authors_exclude', $LANG04[46]); + $preferences->set_var ('lang_boxes_exclude', $LANG04[47]); + + $preferences->set_var ('start_block_display', + COM_startBlock ($LANG04[45] . ' ' . $display_name)); + $preferences->set_var ('start_block_digest', + COM_startBlock ($LANG04[75] . ' ' . $display_name)); + $preferences->set_var ('start_block_comment', + COM_startBlock ($LANG04[64] . ' ' . $display_name)); + $preferences->set_var ('start_block_privacy', + COM_startBlock ($LANG04[99] . ' ' . $display_name)); + $preferences->set_var ('end_block', COM_endBlock ()); + + $preferences->set_var ('display_headline', + $LANG04[45] . ' ' . $display_name); + $preferences->set_var ('exclude_headline', + $LANG04[46] . ' ' . $display_name); + $preferences->set_var ('digest_headline', + $LANG04[75] . ' ' . $display_name); + $preferences->set_var ('boxes_headline', + $LANG04[47] . ' ' . $display_name); + $preferences->set_var ('comment_headline', + $LANG04[64] . ' ' . $display_name); + $preferences->set_var ('privacy_headline', + $LANG04[99] . ' ' . $display_name); + + // display preferences block + if ($_CONF['allow_user_language'] == 1) { + + if (empty ($_USER['language'])) { + $userlang = $_CONF['language']; + } else { + $userlang = $_USER['language']; + } + + // Get available languages + $language = MBYTE_languageList ($_CONF['default_charset']); + + $has_valid_language = count (array_keys ($language, $userlang)); + if ($has_valid_language == 0) { + // The user's preferred language is no longer available. + // We have a problem now, since we've overwritten $_CONF['language'] + // with the user's preferred language ($_USER['language']) and + // therefore don't know what the system's default language is. + // So we'll try to find a similar language. If that doesn't help, + // the dropdown will default to the first language in the list ... + $tmp = explode ('_', $userlang); + $similarLang = $tmp[0]; + } + + $selection = ''; + $preferences->set_var ('language_selector', $selection); + $preferences->parse ('language_selection', 'language', true); + } else { + $preferences->set_var ('language_selection', ''); + } + + if ($_CONF['allow_user_themes'] == 1) { + $selection = ''; + $preferences->set_var ('theme_selector', $selection); + $preferences->parse ('theme_selection', 'theme', true); + } else { + $preferences->set_var ('theme_selection', ''); + } + + require_once ('Date/TimeZone.php'); + // Timezone + if (empty($_USER['tzid']) && isset($_CONF['timezone'])) { + $timezone = $_CONF['timezone']; + } else if (!empty($_USER['tzid'])) { + $timezone = $_USER['tzid']; + } else { + $tz_obj = Date_TimeZone::getDefault(); + $timezone = $tz_obj->id; + } + $selection = ''; + $preferences->set_var ('timezone_selector', $selection); + $preferences->set_var ('lang_timezone', $LANG04[158]); + + if ($A['noicons'] == '1') { + $preferences->set_var ('noicons_checked', 'checked="checked"'); + } else { + $preferences->set_var ('noicons_checked', ''); + } + + if ($A['noboxes'] == 1) { + $preferences->set_var ('noboxes_checked', 'checked="checked"'); + } else { + $preferences->set_var ('noboxes_checked', ''); + } + + $preferences->set_var ('maxstories_value', $A['maxstories']); + $selection = ''; + $preferences->set_var ('dateformat_selector', $selection); + $preferences->parse ('display_block', 'display', true); + + // privacy options block + if ($A['emailfromadmin'] == 1) { + $preferences->set_var ('emailfromadmin_checked', 'checked="checked"'); + } else { + $preferences->set_var ('emailfromadmin_checked', ''); + } + if ($A['emailfromuser'] == 1) { + $preferences->set_var ('emailfromuser_checked', 'checked="checked"'); + } else { + $preferences->set_var ('emailfromuser_checked', ''); + } + if ($A['showonline'] == 1) { + $preferences->set_var ('showonline_checked', 'checked="checked"'); + } else { + $preferences->set_var ('showonline_checked', ''); + } + PLG_profileVariablesEdit ($_USER['uid'], $preferences); + $preferences->parse ('privacy_block', 'privacy', true); + + // excluded items block + $permissions = COM_getPermSQL (''); + $preferences->set_var ('exclude_topic_checklist', + COM_checkList($_TABLES['topics'],'tid,topic',$permissions,$A['tids'])); + + if (($_CONF['contributedbyline'] == 1) && + ($_CONF['hide_author_exclusion'] == 0)) { + $preferences->set_var ('lang_authors', $LANG04[56]); + $sql = "SELECT DISTINCT story.uid, users.username,users.fullname FROM {$_TABLES['stories']} story, {$_TABLES['users']} users WHERE story.uid = users.uid"; + if ($_CONF['show_fullname'] == 1) { + $sql .= ' ORDER BY users.fullname'; + } else { + $sql .= ' ORDER BY users.username'; + } + $query = DB_query ($sql); + $nrows = DB_numRows ($query ); + $authors = explode (' ', $A['aids']); + + $selauthors = ''; + for( $i = 0; $i < $nrows; $i++ ) { + $B = DB_fetchArray ($query); + $selauthors .= '