Author: dgoette Date: Tue Nov 25 13:10:11 2008 New Revision: 37644

URL: http://svn.reactos.org/svn/reactos?rev=37644&view=rev Log: * switch back from rdf * implement moving entries only at one place, simplyfy backend code * trim whitespaces from entry names * insert 'http://' if no protocoll for homepage is given

Modified: branches/danny-web/reactos.org/htdocs/roscms/custom.php branches/danny-web/reactos.org/htdocs/roscms/index.php branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Page.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Activate.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Login.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_LostPassword.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Register.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php branches/danny-web/reactos.org/htdocs/roscms/lib/Subsystem_PHPBB.class.php

Modified: branches/danny-web/reactos.org/htdocs/roscms/custom.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/custom.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/custom.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -25,7 +25,6 @@ $roscms_intern_webserver_pages = "/reactos/"; $roscms_intern_webserver_roscms = "/reactos/roscms/"; - $roscms_SET_path_ex = $roscms_intern_webserver_roscms."index.php/"; $roscms_intern_page_link = $roscms_intern_webserver_roscms . "?page=";

$roscms_standard_language="en"; // en/de/fr/...

Modified: branches/danny-web/reactos.org/htdocs/roscms/index.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -47,28 +47,13 @@ $rpm_page=""; $rpm_lang="";

- if (array_key_exists("page", $_GET)) $rpm_page=htmlspecialchars($_GET["page"]); if (array_key_exists("lang", $_GET)) $rpm_lang=htmlspecialchars($_GET["lang"]);

require("lang.php"); // lang code outsourced require("custom.php"); // custom on-screen information - - $rdf_URI_tree = $_SERVER['REQUEST_URI']; - $rdf_URI_tree = str_replace($roscms_intern_webserver_roscms,'',$rdf_URI_tree); - $rdf_URI_tree = str_replace('index.php/','',$rdf_URI_tree); - - $rdf_URI_tree_split = explode('/', $rdf_URI_tree); - - $rdf_uri_2 = @$rdf_URI_tree_split[1]; - $rdf_uri_3 = @$rdf_URI_tree_split[2]; - - if ($rpm_page != "") { - $rdf_URI_tree_split[0] = $rpm_page; - } - - $rdf_uri_str = $rdf_URI_tree_split[0]."/"; +

$RosCMS_GET_d_use = ""; // data usage (where the data will be used) @@ -77,10 +62,6 @@ $RosCMS_GET_d_value2 = ""; // data transport value $RosCMS_GET_d_value3 = ""; // data transport value $RosCMS_GET_d_value4 = ""; // data transport value - - $RosCMS_GET_d_id = ""; // data_id - $RosCMS_GET_d_r_id = ""; // data rev id - $RosCMS_GET_d_r_lang = ""; // data rev language (e.g. "en", "de", etc.)

if (array_key_exists("d_u", $_GET)) $RosCMS_GET_d_use=htmlspecialchars($_GET["d_u"]); if (array_key_exists("d_fl", $_GET)) $RosCMS_GET_d_flag=htmlspecialchars($_GET["d_fl"]); @@ -88,10 +69,6 @@ if (array_key_exists("d_val2", $_GET)) $RosCMS_GET_d_value2=htmlspecialchars($_GET["d_val2"]); if (array_key_exists("d_val3", $_GET)) $RosCMS_GET_d_value3=htmlspecialchars($_GET["d_val3"]); if (array_key_exists("d_val4", $_GET)) $RosCMS_GET_d_value4=htmlspecialchars($_GET["d_val4"]); - - if (array_key_exists("d_id", $_GET)) $RosCMS_GET_d_id=htmlspecialchars($_GET["d_id"]); - if (array_key_exists("d_r_id", $_GET)) $RosCMS_GET_d_r_id=htmlspecialchars($_GET["d_r_id"]); - if (array_key_exists("d_r_lang", $_GET)) $RosCMS_GET_d_r_lang=htmlspecialchars($_GET["d_r_lang"]);

if (isset($_GET['d_arch']) && $_GET['d_arch'] == true) { @@ -111,12 +88,12 @@ echo str_replace("\r",'',$text); }

- -switch ($rdf_URI_tree_split[0]) { +// select page +switch (@$_GET['page']) {

// Login user case 'login': - switch (@$rdf_URI_tree_split[1]) { + switch (@$_GET['subpage']) { case 'lost': new HTML_User_LostPassword(); break; @@ -136,12 +113,12 @@

// Register new user case 'register': - if (@$rdf_URI_tree_split[1] == 'captcha') { - new CaptchaSecurityImages(); - } - else { - new HTML_User_Register(); - } + new HTML_User_Register(); + break; + + // Captcha + case 'captcha': + new CaptchaSecurityImages(); break;

// User Profile (view | edit) @@ -149,7 +126,7 @@ case 'user': default: // select action - switch (@$rdf_URI_tree_split[1]) { + switch (@$_GET['subpage']) { case 'edit': case 'activate': new HTML_User_ProfileEdit();

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Data.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -114,7 +114,7 @@ * @param int rev_id * @access public */ - public static function updateRevision( $data_id, $rev_id, $lang, $version, $user_name, $date, $time, $new_data_name, $new_data_type ) + public static function updateRevision( $data_id, $rev_id, $lang, $version, $user_name, $date, $time ) { global $h_a; global $h_a2; @@ -184,7 +184,6 @@ // date + time (check for Y-m-d and valid-date) + (H:i:s) if (preg_match('/^([12][0-9]{3})-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])$/', $date,$date_matches) && checkdate($date_matches[2], $date_matches[3], $date_matches[1]) && preg_match('/^([01][0-9]|2[0-3])(:[0-5][0-9]){2}$/',$time) && ($data['rev_date'] != $date || $data['rev_time'] != $time) ) {

- // $stmt=DBConnection::getInstance()->prepare("UPDATE data_revision".$h_a." SET rev_datetime = :datetime, rev_date = :date, rev_time = :time WHERE rev_id = :rev_id LIMIT 1"); $stmt->bindValue('datetime',$date." ".$time,PDO::PARAM_STR); @@ -193,40 +192,6 @@ $stmt->bindParam('rev_id',$rev_id,PDO::PARAM_INT); $stmt->execute(); Log::writeMedium('entry date+time changed: '.$data['rev_date'].' '.$data['rev_time'].' => '.$date.' '.$time.Log::prepareInfo($data_id, $rev_id).'{alterentry}'); - } - - // move revision to another data - //@CHECKME is that correct behaviour - if ($new_data_name != '' && $new_data_type != '') { - - $stmt=DBConnection::getInstance()->prepare("SELECT data_id FROM data_".$h_a2." WHERE data_name = :name AND data_type = :type LIMIT 1"); - $stmt->bindParam('name',$new_data_name,PDO::PARAM_STR); - $stmt->bindParam('type',$new_data_type,PDO::PARAM_STR); - $stmt->execute(); - $new_data_id = $stmt->fetchColumn(); - - if ($new_data_id > 0) { - $stmt=DBConnection::getInstance()->prepare("UPDATE data_revision".$h_a." SET data_id = :new_data_id WHERE rev_id = :rev_id LIMIT 1"); - $stmt->bindParam('new_data_id',$new_data_id,PDO::PARAM_INT); - $stmt->bindParam('rev_id',$rev_id,PDO::PARAM_INT); - $stmt->execute(); - - $stmt=DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM data_revision".$h_a." WHERE data_id = :data_id"); - $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT); - $stmt->execute(); - $data_count = $stmt->fetchColumn(); - - - Log::writeMedium('entry moved to another data-id: '.$data_id.' => '.$new_data_id.Log::prepareInfo($data_id, $rev_id).'{alterentry}'); - - - if ($data_count === 0) { - $stmt=DBConnection::getInstance()->prepare("DELETE FROM data_".$h_a2." WHERE data_id = :data_id LIMIT 1"); - $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT); - $stmt->execute(); - Log::writeMedium('unused data-id deleted: '.$data_id.Log::prepareInfo($data_id, $rev_id).'{alterentry}'); - } - } } } // end of member function getCookieDomain

@@ -498,6 +463,17 @@ return; }

+ // update data type + if ($data_type != '' && $data_type != $data['data_type']) { + $stmt=DBConnection::getInstance()->prepare("UPDATE data_".$h_a2." SET data_type = :type_new WHERE data_id = :data_id LIMIT 1"); + $stmt->bindParam('type_new',$data_type,PDO::PARAM_STR); + $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT); + $stmt->execute(); + Log::writeMedium('data-type changed: '.$data['data_type'].' => '.$data_type.Log::prepareInfo($data_id).'{altersecurityfields}'); + $new_data_type = $data_type; + } + + // update data name if ($data_name != '' && $data_name != $data['data_name']) { $stmt=DBConnection::getInstance()->prepare("UPDATE data_".$h_a2." SET data_name = :name_new WHERE data_id = :id LIMIT 1"); $stmt->bindParam('name_new',$data_name,PDO::PARAM_STR); @@ -506,77 +482,75 @@

Log::writeMedium('data-name changed: '.$data['data_name'].' => '.$data_name.Log::prepareInfo($data_id).'{altersecurityfields}');

+ // update dependent entries if ($update_links == true) { - if ($data_type == '') { - $data_type = $data['data_type']; + if ($new_data_type == '') { + $new_data_type = $data['data_type']; }

- switch ($data_type) { + // old type + switch ($data['data_type']) { case 'content': - $type_short = 'cont'; + $new_type_short = 'cont'; break; case 'template': - $type_short = 'templ'; + $new_type_short = 'templ'; break; case 'script': - $type_short = 'inc'; + $new_type_short = 'inc'; break; case 'system': - $type_short = 'sys'; + $new_type_short = 'sys'; break; case 'page': default: - $type_short = 'no'; + $new_type_short = 'no'; break; }

- // prepare for usage in while loop - $stmt_update=DBConnection::getInstance()->prepare("UPDATE data_text".$h_a." SET text_content = :content WHERE text_id = :text_id LIMIT 1"); + // new type + switch ($new_data_type) { + case 'content': + $old_type_short = 'cont'; + break; + case 'template': + $old_type_short = 'templ'; + break; + case 'script': + $old_type_short = 'inc'; + break; + case 'system': + $old_type_short = 'sys'; + break; + case 'page': + default: + $old_type_short = 'no'; + break; + }

// update text content with new name //@ADD check, for only updating dependent entries - $stmt=DBConnection::getInstance()->prepare("SELECT text_id, text_content FROM data_text".$h_a." ORDER BY text_id ASC"); + $stmt=DBConnection::getInstance()->prepare("UPDATE data_text".$h_a." SET text_content = REPLACE(REPLACE(text_content, :old_type_name, :new_type_name), :old_link, :new_link) WHERE text_content LIKE :search1 OR text_content LIKE :search2 ORDER BY text_id ASC"); + $stmt->bindParam('search1','%[#'.$old_type_short.'_'.$data['data_name'].']%',PDO::PARAM_STR); + $stmt->bindParam('search2','%[#link_'.$data['data_name'].']%',PDO::PARAM_STR); + $stmt->bindParam('old_type_name','[#'.$old_type_short.'_'.$data['data_name'].']',PDO::PARAM_STR); + $stmt->bindParam('new_type_name','[#'.$new_type_short.'_'.$data_name.']',PDO::PARAM_STR); + $stmt->bindParam('old_link','[#link_'.$data['data_name'].']',PDO::PARAM_STR); + $stmt->bindParam('new_link','[#link_'.$data_name.']',PDO::PARAM_STR); $stmt->execute(); - while ($text = $stmt->fetch(PDO::FETCH_ASSOC)) { - $text_content = $text['text_content']; - - // update imports - if ($type_short != 'no') { - $text_content = str_replace('[#'.$type_short.'_'.$data['data_name'].']', '[#'.$type_short.'_'.$data_name.']', $text_content); - } - - // update links - if ($data['data_type'] == 'page') { - $text_content = str_replace('[#link_'.$data['data_name'].']', '[#link_'.$data_name.']', $text_content); - } - - // write update, if something has changed - if ($text['text_content'] != $text_content) { - $stmt_update->bindParam('content',$text_content,PDO::PARAM_STR); - $stmt_update->bindParam('text_id',$text['text_id'],PDO::PARAM_INT); - $stmt_update->execute(); - } - } // while

Log::writeMedium('data-interlinks updated due data-name change'.Log::prepareInfo($data_id).'{altersecurityfields}'); } } // end data_name changes

- if ($data_type != '' && $data_type != $data['data_type']) { - $stmt=DBConnection::getInstance()->prepare("UPDATE data_".$h_a2." SET data_type = :type_new WHERE data_id = :data_id LIMIT 1"); - $stmt->bindParam('type_new',$data_type,PDO::PARAM_STR); - $stmt->bindParam('data_id',$data_id,PDO::PARAM_INT); - $stmt->execute(); - Log::writeMedium('data-type changed: '.$data['data_type'].' => '.$data_type.Log::prepareInfo($data_id).'{altersecurityfields}'); - } // end data_type changes - + // change ACL if ($data_acl != '' && $data_acl != $data['data_acl']) { $stmt=DBConnection::getInstance()->prepare("UPDATE data_".$h_a2." SET data_acl = :acl_new WHERE data_id = :data_id LIMIT 1"); $stmt->bindParam('acl_new',$data_acl); $stmt->bindParam('data_id',$data_id); $stmt->execute(); Log::writeMedium('data-acl changed: '.$data['data_acl'].' => '.$data_acl.Log::prepareInfo($data_id).'{altersecurityfields}'); - } // end data_acl changes + }

} // end of member function getCookieDomain

@@ -595,7 +569,7 @@ { $thisuser = &ThisUser::getInstance();

- $data_name = @htmlspecialchars($_GET['d_name']); + $data_name = trim(@htmlspecialchars($_GET['d_name']));

$stmt=DBConnection::getInstance()->prepare("SELECT data_id FROM data_ WHERE data_name = :name AND data_type = :type LIMIT 1"); $stmt->bindParam('name',$data_name,PDO::PARAM_STR);

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Editor_Website.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -31,7 +31,7 @@ const FIELDS = 1; const HISTORY = 2; const SECURITY = 3; - const ENTRY = 4; + const REVISION = 4; const DEPENCIES= 5;

// types of new entries @@ -52,8 +52,6 @@

global $roscms_standard_language; global $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3, $RosCMS_GET_d_value4; - global $RosCMS_GET_d_id, $RosCMS_GET_d_r_id; - global $RosCMS_GET_d_r_lang;

switch ($action) {

@@ -117,18 +115,18 @@

// update Field details case 'alterfields2': - Data::updateText($RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $RosCMS_GET_d_value2, @$_GET['d_arch']); + Data::updateText($_GET['d_r_id'], $RosCMS_GET_d_value, $RosCMS_GET_d_value2, @$_GET['d_arch']); $this->show(); break;

- // show entry details + // show revision details case 'showentry': - $this->showEntryDetails(self::ENTRY); - break; - - // update Entry details + $this->showEntryDetails(self::REVISION); + break; + + // update revision details case 'alterentry': - Data::updateRevision($RosCMS_GET_d_id, $RosCMS_GET_d_r_id,$RosCMS_GET_d_value,$RosCMS_GET_d_value2,$RosCMS_GET_d_value3,$RosCMS_GET_d_value4,htmlspecialchars(@$_GET["d_val5"]),htmlspecialchars(@$_GET["d_val6"]),htmlspecialchars(@$_GET["d_val7"])); + Data::updateRevision($_GET['d_id'], $_GET['d_r_id'],$RosCMS_GET_d_value,$RosCMS_GET_d_value2,$RosCMS_GET_d_value3,$RosCMS_GET_d_value4,htmlspecialchars(@$_GET["d_val5"])); $this->show(); break;

@@ -139,13 +137,13 @@

// update Security details case 'altersecurity': - Data::update($RosCMS_GET_d_id, $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3, $RosCMS_GET_d_value4); + Data::update($_GET['d_id'], $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3, $RosCMS_GET_d_value4); $this->show(); break;

// add new tag case 'addtag': - Tag::add($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3); + Tag::add(, $_GET['d_r_id'], $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3); $this->showEntryDetails(self::METADATA); break;

@@ -164,23 +162,23 @@ // update tag by id case 'changetag': Tag::deleteById($RosCMS_GET_d_value4, $RosCMS_GET_d_value3); - Tag::add($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3); - echo Tag::getIdByUser($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $thisuser->id()); + Tag::add($_GET['d_id'], $_GET['d_r_id'], $RosCMS_GET_d_value, $RosCMS_GET_d_value2, $RosCMS_GET_d_value3); + echo Tag::getIdByUser($_GET['d_id'], $_GET['d_r_id'], $RosCMS_GET_d_value, $thisuser->id()); break;

// update tag by name/user case 'changetag2': case 'changetag3': - Tag::deleteByName($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value , $RosCMS_GET_d_value3); - Tag::add($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value , $RosCMS_GET_d_value2, $RosCMS_GET_d_value3); - echo Tag::getIdByName($RosCMS_GET_d_id, $RosCMS_GET_d_r_id, $RosCMS_GET_d_value, $RosCMS_GET_d_value3); + Tag::deleteByName($_GET['d_id'], $_GET['d_r_id'], $RosCMS_GET_d_value , $RosCMS_GET_d_value3); + Tag::add($_GET['d_id'], $_GET['d_r_id'], $RosCMS_GET_d_value , $RosCMS_GET_d_value2, $RosCMS_GET_d_value3); + echo Tag::getIdByName($_GET['d_id'], $_GET['d_r_id'], $RosCMS_GET_d_value, $RosCMS_GET_d_value3); break;

// Change Tags around Data entry case 'changetags': // only call function if some entries are given ($_GET['d_val'] holds number of id's) if ($_GET['d_val'] > 0) { - Data::evalAction($RosCMS_GET_d_value2 /* entry rev_id's */, $RosCMS_GET_d_value3 /* action */, $RosCMS_GET_d_r_lang, $RosCMS_GET_d_value4); + Data::evalAction($RosCMS_GET_d_value2 /* entry rev_id's */, $RosCMS_GET_d_value3 /* action */, $_GET['d_r_lang'], $RosCMS_GET_d_value4); } break;

@@ -206,8 +204,6 @@ */ protected function performDefaultAction() { - global $RosCMS_GET_d_r_lang; - // normal (contains NO "tr") if (!isset($_GET['d_r_id']) || strpos($_GET['d_r_id'], 'tr') === false) { $this->show(); @@ -224,7 +220,7 @@ if (Security::hasRight($revision['data_id'], 'trans')) {

// copy existing entry to new language - if (Data::copy($revision['data_id'], $revision['rev_id'], 1 /* copy mode */, $RosCMS_GET_d_r_lang)) { + if (Data::copy($revision['data_id'], $revision['rev_id'], 1 /* copy mode */, $_GET['d_r_lang'])) { $stmt=DBConnection::getInstance()->prepare("SELECT data_id, rev_id, rev_language FROM data_revision WHERE data_id = :data_id AND rev_usrid = :user_id AND rev_version = 0 AND rev_language = :lang AND rev_date = :date ORDER BY rev_id DESC LIMIT 1"); $stmt->bindParam('data_id',$revision['data_id'],PDO::PARAM_STR); $stmt->bindParam('user_id',ThisUser::getInstance()->id(),PDO::PARAM_INT); @@ -290,7 +286,7 @@ $stext_num++;

echo_strip(' - <label for="estext"'.$stext_num.'" class="frmeditheadline" style="font-weight: bold;">'); echo ucfirst($stext['stext_name']);echo_strip(':</label> + <label for="estext"'.$stext_num.'" class="frmeditheadline" style="font-weight: bold;">'.$stext['stext_name'].':</label> <span id="edstext'.$stext_num.'" style="display:none;">'.$stext['stext_name'].'</span><br /> <input name="estext"'.$stext_num.'" type="text" id="estext'.$stext_num.'" size="50" maxlength="250" value="');echo $stext['stext_content'].'" /><br /><br />'; } @@ -311,7 +307,7 @@ $text_num++;

echo_strip(' - <label class="frmeditheadline" for="elm'.$text_num.'">');echo ucfirst($text['text_name']); echo_strip('</label> + <label class="frmeditheadline" for="elm'.$text_num.'">'.$text['text_name'].'</label> <button type="button" id="butRTE'.$text_num.'" onclick="'."toggleEditor('elm".$text_num."', this.id)".'">Rich Text</button> <span id="swraped'.$text_num.'"> <input id="wraped'.$text_num.'" type="checkbox" onclick="'."toggleWordWrap(this.id, 'elm".$text_num."');".'" checked="checked" /> @@ -654,11 +650,11 @@ } echo '&nbsp;|&nbsp;';

- if ($mode == self::ENTRY) { - echo '<strong>Entry</strong>'; + if ($mode == self::REVISION) { + echo '<strong>Revision</strong>'; } else { - echo '<span class="detailmenu" onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Entry</span>'; + echo '<span class="detailmenu" onclick="'."bshowentry(".$this->data_id.",".$this->rev_id.", '".$thisuser->id()."')".'">Revision</span>'; } }

@@ -696,8 +692,8 @@ case self::FIELDS: $this->showEntryDetailsFields(); break; - case self::ENTRY: - $this->showEntryDetailsEntry(); + case self::REVISION: + $this->showEntryDetailsRevision(); break; }

@@ -1018,7 +1014,7 @@ * * @access private */ - private function showEntryDetailsEntry( ) + private function showEntryDetailsRevision( ) { global $h_a, $h_a2;

@@ -1057,16 +1053,6 @@ <div class="frmeditheadline">Time</div><br /> <input type="text" name="vertime" id="vertime" size="8" maxlength="8" value="'.$revision['rev_time'].'" /> (hour:minute:second) <img src="images/attention.gif" width="22" height="22" /><br /> - <br /> - <div class="frmeditheadline">Move Entry</div><br /> - <input type="text" name="chgdataname" id="chgdataname" size="25" maxlength="100" value="'.$revision['data_name'].'" /> - <select id="cbmchgdatatype"> - <option value="page"'.(($revision['data_type'] == 'page') ? ' selected="selected"' : '').'>Page</option> - <option value="content"'.(($revision['data_type'] == 'content') ? ' selected="selected"' : '').'>Content</option> - <option value="template"'.(($revision['data_type'] == 'template') ? ' selected="selected"' : '').'>Template</option> - <option value="script"'.(($revision['data_type'] == 'script') ? ' selected="selected"' : '').'>Script</option> - <option value="system"'.(($revision['data_type'] == 'system') ? ' selected="selected"' : '').'>System</option> - </select> <img src="images/attention.gif" width="22" height="22" /><br /> <br /> <br /> <button type="button" id="beditsaveentry" onclick="editsaveentrychanges('.$this->data_id.','.$this->rev_id.')">Save Changes</button> &nbsp;

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Page.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Page.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Export_Page.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -52,7 +52,6 @@ public function page( ) { global $RosCMS_GET_d_value, $RosCMS_GET_d_value2,$RosCMS_GET_d_value3; - global $RosCMS_GET_d_r_lang; global $roscms_standard_language;

$dynamic_num = $RosCMS_GET_d_value3; @@ -66,7 +65,7 @@ default: if (empty($_GET['d_r_id']) || strpos($_GET['d_r_id'], 'tr') >= 0) { // translation mode (contains "tr") - $RosCMS_GET_d_value2 = $RosCMS_GET_d_r_lang; + $RosCMS_GET_d_value2 = $_GET['d_r_lang']; }

// remove "tr" so that it also work in translation view

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -56,8 +56,7 @@ { global $roscms_intern_webserver_pages; global $roscms_intern_webserver_roscms; - global $roscms_SET_path_ex; - global $rdf_uri_str; + global $roscms_intern_page_link; global $rpm_lang; global $roscms_langres;

@@ -82,8 +81,8 @@ <div class="navTitle">'.$roscms_langres['Account'].'</div> <ol> <li title="'.$thisuser->name().'">&nbsp;Nick:&nbsp;'.substr($thisuser->name(), 0, 9).'</li> - <li><a href="'.$roscms_SET_path_ex.'my/">My Profile</a></li> - <li><a href="'.$roscms_SET_path_ex.'search/">User Search</a></li> + <li><a href="'.$roscms_intern_page_link.'my">My Profile</a></li> + <li><a href="'.$roscms_intern_page_link.'search">User Search</a></li> <li><a href="'.$roscms_intern_webserver_pages.'peoplemap/">User Map</a></li>'); if ($thisuser->securityLevel() > 0) { echo '<li><a href="'.$roscms_intern_webserver_roscms.'?page=data&amp;branch=welcome">RosCMS Interface</a></li>'; @@ -97,8 +96,8 @@ echo_strip(' <div class="navTitle">'.$roscms_langres['Account'].'</div> <ol> - <li><a href="'.$roscms_SET_path_ex.'login/">Login</a></li> - <li><a href="'.$roscms_SET_path_ex.'register/">Register</a></li> + <li><a href="'.$roscms_intern_page_link.'login">Login</a></li> + <li><a href="'.$roscms_intern_page_link.'register">Register</a></li> </ol> <br />'); } @@ -121,7 +120,7 @@ <ol> <li> <div style="text-align:center;"> - <select id="select" size="1" name="select" class="selectbox" style="width:140px" onchange="'."window.location.href = '".$roscms_SET_path_ex.$rdf_uri_str."?lang=' + this.options[this.selectedIndex].value".'"> + <select id="select" size="1" name="select" class="selectbox" style="width:140px" onchange="'."window.location.href = '".$roscms_intern_webserver_roscms.'?'.$_SERVER['QUERY_STRING']."&lang=' + this.options[this.selectedIndex].value".'"> <optgroup label="current language">');

$stmt=DBConnection::getInstance()->prepare("SELECT lang_name FROM languages WHERE lang_id = :lang_id");

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Activate.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Activate.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Activate.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -45,22 +45,21 @@ */ protected function body( ) { - global $rdf_uri_3; - global $roscms_SET_path_ex; + global $roscms_intern_page_link; global $rdf_logon_system_name;

$err_message = ''; // error message box text $mail_exists = false; // email already exists in the database (true = email exists) $activation_code_exists = false; // pwd-id exists in the database (true = pwd-id exists)

- $activation_code = $rdf_uri_3; + $activation_code = @$_GET['code'];

echo_strip(' <h1>Activate myReactOS Account</h1> <div class="u-h1">Activate myReactOS Account</div> - <div class="u-h2">Already a member? <a href="'.$roscms_SET_path_ex.'login/">Login now</a>!<br /> - Don't have a '.$rdf_logon_system_name.' account yet? <a href="'.$roscms_SET_path_ex.'register/">Join now</a>, it's free and just takes a minute.</div> - <form action="'.$roscms_SET_path_ex.'login/activate/" method="post"> + <div class="u-h2">Already a member? <a href="'.$roscms_intern_page_link.'login">Login now</a>!<br /> + Don't have a '.$rdf_logon_system_name.' account yet? <a href="'.$roscms_intern_page_link.'register">Join now</a>, it's free and just takes a minute.</div> + <form action="'.$roscms_intern_page_link.'login&amp;subpage=activate" method="post"> <div align="center"> <div style="background: #e1eafb none repeat scroll 0%; width: 300px;"> <div class="corner1"> @@ -111,7 +110,7 @@

echo_strip(' <div class="login-title">Account activated</div> - <div><a href="'.$roscms_SET_path_ex.'login/" style="color:red !important; text-decoration:underline;">Login now</a>!</div>'); + <div><a href="'.$roscms_intern_page_link.'login" style="color:red !important; text-decoration:underline;">Login now</a>!</div>'); } elseif ($activation_code_exists) { echo_strip('

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Login.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Login.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Login.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -48,7 +48,7 @@ */ protected function body( ) { - global $roscms_SET_path_ex; + global $roscms_intern_page_link; global $rdf_login_cookie_usrkey; global $rdf_login_cookie_seckey; global $rdf_login_cookie_usrname; @@ -192,7 +192,7 @@ exit; }

- header('Location: '.$roscms_SET_path_ex.'my/'); + header('Location: '.$roscms_intern_page_link.'my'); exit; } } // end of member function body @@ -210,12 +210,12 @@ global $rdf_login_cookie_usrpwd; global $rdf_login_cookie_loginname; global $rdf_name; - global $roscms_SET_path_ex; + global $roscms_intern_page_link;

//@ADD comment -> why do we need this $random_string_security = '';

- if (isset($_GET['sec']) && $_GET['sec'] == "security") { + if (isset($_GET['sec']) && $_GET['sec'] == 'security') { $random_string_security = self::makeKey(); setcookie($rdf_login_cookie_seckey, $random_string_security, 0, '/', Cookie::getDomain()); } @@ -228,7 +228,7 @@ $target_clean = $matches[1]; }

- echo '<form action="'.$roscms_SET_path_ex.'login/" method="post">'; + echo '<form action="'.$roscms_intern_page_link.'login" method="post">';

if ($target_clean != '' ) { echo_strip(' @@ -240,7 +240,7 @@ echo_strip(' <h1>Login</h1> <div class="u-h1">Login to '.$rdf_name.'</div> - <div class="u-h2">You don't have a '.$rdf_name.' account yet? <a href="'.$roscms_SET_path_ex.'register/">Join now</a>, it's free and just takes a minute.</div> + <div class="u-h2">You don't have a '.$rdf_name.' account yet? <a href="'.$roscms_intern_page_link.'register">Join now</a>, it's free and just takes a minute.</div> <div> <div style="margin: 0px auto; background: #e1eafb none repeat scroll 0%; width: 300px;"> <div class="corner1"> @@ -266,7 +266,7 @@ <input name="'.$rdf_login_cookie_usrpwd.'" type="password" class="input" tabindex="2" id="'.$rdf_login_cookie_usrpwd.'" size="50" maxlength="50" /> </div>');

- if (isset($_GET['sec']) && ($_GET['sec'] == '' || $_GET['sec'] == 'standard')) { + if (empty($_GET['sec']) || $_GET['sec'] == 'standard') { echo_strip(' <div class="login-options"> <input name="loginoption1" type="checkbox" id="loginoption1" value="save"'.(isset($_COOKIE[$rdf_login_cookie_loginname]) ? 'checked' : '').' tabindex="3" /> @@ -306,16 +306,16 @@

echo '<div style="margin:10px;text-align:center;">';

- if (isset($_GET['sec']) && ($_GET['sec'] == '' || $_GET['sec'] == 'standard')) { - echo '<a href="'.$roscms_SET_path_ex.'login/?sec=security'.(($target_clean != '') ? '&amp;target='.urlencode($target_clean) : '').'">Use enhanced security</a>'; + if (empty($_GET['sec']) || $_GET['sec'] == 'standard') { + echo '<a href="'.$roscms_intern_page_link.'login&amp;sec=security'.(($target_clean != '') ? '&amp;target='.urlencode($target_clean) : '').'">Use enhanced security</a>'; } else { - echo '<a href="'.$roscms_SET_path_ex.'login/?sec=standard'.(($target_clean != '') ? '&amp;target='.urlencode($target_clean) : '').'">Use standard security</a>'; + echo '<a href="'.$roscms_intern_page_link.'login&amp;sec=standard'.(($target_clean != '') ? '&amp;target='.urlencode($target_clean) : '').'">Use standard security</a>'; }

echo_strip(' <br /> - <a href="'.$roscms_SET_path_ex.'login/lost/">Lost username or password?</a> + <a href="'.$roscms_intern_page_link.'login&amp;subpage=lost">Lost username or password?</a> </div> </div> </form>');

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_LostPassword.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_LostPassword.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_LostPassword.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -45,8 +45,7 @@ */ protected function body( ) { - global $rdf_uri_3; - global $roscms_SET_path_ex; + global $roscms_intern_page_link, $roscms_intern_webserver_roscms; global $rdf_name, $rdf_name_long; global $rdf_register_user_pwd_min, $rdf_register_user_pwd_max; global $rdf_support_email_str; @@ -55,25 +54,25 @@ $mail_exists = false; // email already exists in the database (true = email exists) $password_id_exists = null; // pwd-id exists in the database (true = pwd-id exists)

- $activation_code = $rdf_uri_3; + $activation_code = @$_GET['code']; $mail_exists = isset($_POST['registerpost']) && isset($_POST['useremail']) && $_POST['useremail'] != '' && ROSUser::hasEmail($_POST['useremail']); $password_id_exists = ROSUser::hasPasswordReset($activation_code);

if (strlen($activation_code > 6)) { echo_strip(' - <h1><a href="'.$roscms_SET_path_ex.'login/">Login</a> &gt; Reset your Password</h1> + <h1><a href="'.$roscms_intern_page_link.'login">Login</a> &gt; Reset your Password</h1> <div class="u-h1">Reset your Password</div> <div class="u-h2">Have you forgotten your password of your '.$rdf_name.' account? Don't panic. You have already requested us that we reset your password. Now it's your turn to enter a new password for your '.$rdf_name.' account.</div>'); } else { echo_strip(' - <h1><a href="'.$roscms_SET_path_ex.'login/">Login</a> &gt; Lost Username or Password?</h1> + <h1><a href="'.$roscms_intern_page_link.'login">Login</a> &gt; Lost Username or Password?</h1> <div class="u-h1">Lost Username or Password?</div> <div class="u-h2">Have you forgotten your username and/or password of your '.$rdf_name.' account? Don't panic. We can send you your username and let you reset your password. All you need is your email address.</div>'); }

echo_strip(' - <form action="'.$roscms_SET_path_ex.'login/lost/" method="post"> + <form action="'.$roscms_intern_page_link.'login&amp;subpage=lost" method="post"> <div style="text-align: center;"> <div style="margin:0px auto; background: #e1eafb none repeat scroll 0%; width: 300px;"> <div class="corner1"> @@ -105,7 +104,7 @@

echo_strip(' <div class="login-title">Password changed</div> - <div><a href="'.$roscms_SET_path_ex.'login/" style="color:red !important; text-decoration:underline;">Login now</a>!</div>'); + <div><a href="'.$roscms_intern_page_link.'login" style="color:red !important; text-decoration:underline;">Login now</a>!</div>');

} elseif (strlen($activation_code) < 6 && isset($_POST['registerpost']) && !empty($_POST['useremail']) && EMail::isValid($_POST['useremail']) && !empty($_POST['usercaptcha']) && !empty($_SESSION['rdf_security_code']) && strtolower($_SESSION['rdf_security_code']) == strtolower($_POST['usercaptcha']) && $mail_exists) { @@ -128,7 +127,7 @@ $subject = $rdf_name_long.' - Lost username or password?';

// Email message - $message = $rdf_name_long." - Lost username or password?\n\n\nYou have requested your ".$rdf_name." account login data.\n\nYou haven't requested your account login data? Oops, then someone has tried the 'Lost username or password?' function with your email address, just ignore this email.\n\n\nUsername: ".$user['user_name']."\n\n\nLost your password? Reset your password: ".$roscms_SET_path_ex."login/lost/".$activation_code."/\n\n\nBest regards,\nThe ".$rdf_name." Team\n\n\n(please do not reply as this is an auto generated email!)"; + $message = $rdf_name_long." - Lost username or password?\n\n\nYou have requested your ".$rdf_name." account login data.\n\nYou haven't requested your account login data? Oops, then someone has tried the 'Lost username or password?' function with your email address, just ignore this email.\n\n\nUsername: ".$user['user_name']."\n\n\nLost your password? Reset your password: ".$roscms_intern_page_link."login&subpage=lost&code=".$activation_code."/\n\n\nBest regards,\nThe ".$rdf_name." Team\n\n\n(please do not reply as this is an auto generated email!)";

// send the Email if (EMail::send($_POST['useremail'], $subject, $message)) { @@ -197,14 +196,14 @@ function CaptchaReload() { ++BypassCacheNumber; - document.getElementById('captcha').src = '".$roscms_SET_path_ex."register/captcha/' + BypassCacheNumber; + document.getElementById('captcha').src = '".$roscms_intern_page_link."captcha' + BypassCacheNumber; }

document.write('".'<br /><span style="color:#817A71;">If you can't read this, try <a href="javascript:CaptchaReload()">another one</a>.</span>'."'); -->".' </script>'; echo_strip(' - <img id="captcha" src="'.$roscms_SET_path_ex.'register/captcha" style="padding-top:10px;" alt="If you can\'t read this, try another one or email '.$rdf_support_email_str.' for help." title="Are you human?" /> + <img id="captcha" src="'.$roscms_intern_page_link.'captcha" style="padding-top:10px;" alt="If you can\'t read this, try another one or email '.$rdf_support_email_str.' for help." title="Are you human?" /> <br />');

if (isset($_POST['registerpost'])) { @@ -217,7 +216,7 @@ </div> <div class="login-button"> <input type="submit" name="submit" value="Send" tabindex="8" /><br /> - <input type="button" onclick="'."window.location=".$roscms_SET_path_ex."'".'" tabindex="9" value="Cancel" name="cancel" style="color:#777777;" /> + <input type="button" onclick="'."window.location=".$roscms_intern_webserver_roscms."'".'" tabindex="9" value="Cancel" name="cancel" style="color:#777777;" /> <input name="registerpost" type="hidden" id="registerpost" value="reg" /> </div>'); }

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Profile.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -49,8 +49,7 @@ */ protected function body( ) { - global $rdf_uri_2; - global $roscms_SET_path_ex; + global $roscms_intern_page_link;

if ($this->search) {

@@ -73,13 +72,14 @@ }

// more than one user was found (or none) - if ($users_found != 1 && ($rdf_uri_2 == '' || isset($_GET['search']) && $_GET['search'] != '')) { + if ($users_found != 1 && (empty($_GET['user_name']) || !empty($_GET['search']))) { echo_strip(' - <h1><a href="'.$roscms_SET_path_ex.'my/">myReactOS</a> &gt; Profile Search</h1> + <h1><a href="'.$roscms_intern_page_link.'my">myReactOS</a> &gt; Profile Search</h1> <div class="u-h1">Profile Search</div> - <form id="form1" name="form1" method="get" action="'.$roscms_SET_path_ex.'search/"> + <form id="form1" method="get" action="'.$roscms_intern_page_link.'search"> + <input type="hidden" name="page" id="page" value="search" /> <input name="search" type="text" id="search" value="'.@htmlentities($_GET['search']).'" /> - <input name="cmdsearch" type="submit" id="cmdsearch" value="Search" /> + <button type="submit">Search</button> </form> <br />');

@@ -93,7 +93,7 @@ $stmt->execute();

while ($search = $stmt->fetch(PDO::FETCH_ASSOC)) { - echo '<li><a style="font-weight:bold;" href="'.$roscms_SET_path_ex.'search/'.$search['user_name'].'">'.$search['user_name'].'</a>'; + echo '<li><a style="font-weight:bold;" href="'.$roscms_intern_page_link.'search&amp;phrase'.$search['user_name'].'">'.$search['user_name'].'</a>'; if ($search['user_fullname']) { echo '<br />'.$search['user_fullname']; } @@ -106,7 +106,7 @@ else { if (empty($user_id)|| $user_id === false) { $stmt=DBConnection::getInstance()->prepare("SELECT user_id FROM users WHERE user_name = :user_name LIMIT 1"); - $stmt->bindParam('user_name',rawurldecode($rdf_uri_2)); + $stmt->bindParam('user_name',rawurldecode(@$_GET['user_name'])); $stmt->execute(); $user_id = $stmt->fetchColumn(); } @@ -125,7 +125,7 @@ */ private function profile( $user_id = null ) { - global $roscms_SET_path_ex; + global $roscms_intern_page_link; global $roscms_intern_webserver_pages; global $rdf_name;

@@ -226,7 +226,7 @@ echo_strip(' <div class="login-form"> <div class="u-desc">Private Website</div> - <div class="u-title"><a href="'.$profile['user_website'].'" rel="nofollow">.'.htmlspecialchars($profile['user_website']).'</a></div> + <div class="u-title"><a href="'.$profile['user_website'].'" rel="nofollow">'.htmlspecialchars($profile['user_website']).'</a></div> </div>'); }

@@ -268,14 +268,14 @@ if ($profile['user_id'] == $thisuser->id()) { echo_strip(' <div>&nbsp;</div> - <div class="u-link"><a href="'.$roscms_SET_path_ex.'my/edit/">Edit My Profile</a></div> + <div class="u-link"><a href="'.$roscms_intern_page_link.'my&amp;subpage=edit">Edit My Profile</a></div> <div>&nbsp;</div>'); } else { echo_strip(' <div>&nbsp;</div> <div> - <a href="'.$roscms_SET_path_ex.'search/" style="color:#333333 !important; text-decoration:underline; font-weight:bold;"> + <a href="'.$roscms_intern_page_link.'search" style="color:#333333 !important; text-decoration:underline; font-weight:bold;"> <strong>&raquo; Profile Search</strong> </a> </div>

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_ProfileEdit.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -34,7 +34,6 @@ public function __construct() { Login::required(); - session_start(); parent::__construct(); }

@@ -46,8 +45,7 @@ */ protected function body( ) { - global $roscms_SET_path_ex; - global $rdf_uri_3; + global $roscms_intern_page_link; global $rdf_name_long; global $rdf_name; global $rdf_register_user_pwd_min; @@ -55,16 +53,15 @@ global $rdf_register_user_name_max; global $roscms_intern_webserver_pages;

- $activation_code = $rdf_uri_3; - - $err_message = ''; // error message box text + $activation_code = @$_GET['code']; + $existemail = false; // email already exists in the database (true = email exists) $safepwd = ''; // unsafe password, common cracked passwords ("" = not checked; "true" = fine; "false" = match with a db entry => protected name) $password_change = false; // new password

if ($activation_code != '' && strlen($activation_code) > 6) { echo_strip(' - <h1><a href="'.$roscms_SET_path_ex.'my/">myReactOS</a> &gt; <a href="'.$roscms_SET_path_ex.'my/edit/">Edit My Profile</a> &gt; Activate E-Mail Address</h1> + <h1><a href="'.$roscms_intern_page_link.'my">myReactOS</a> &gt; <a href="'.$roscms_intern_page_link.'my&amp;subpage=edit">Edit My Profile</a> &gt; Activate E-Mail Address</h1> <div class="u-h1">Activate E-Mail Address</div> <div class="u-h2"> So you have a new email address and would like to keep your '.$rdf_name.' account up-to-date? That is a very good idea. To confirm your email address change, please enter your new email address again. @@ -72,13 +69,13 @@ } else { echo_strip(' - <h1><a href="'.$roscms_SET_path_ex.'my/">myReactOS</a> &gt; Edit My Profile</h1> + <h1><a href="'.$roscms_intern_page_link.'my">myReactOS</a> &gt; Edit My Profile</h1> <div class="u-h1">Edit My Profile</div> <div class="u-h2">Update your user account profile data to reflect the current state.</div>'); }

echo_strip(' - <form action="'.$roscms_SET_path_ex.'my/edit/" method="post"> + <form action="'.$roscms_intern_page_link.'my&amp;subpage=edit" method="post"> <div style="text-align:center;"> <div style="margin: 0px auto; background: #e1eafb none repeat scroll 0%; width: 300px;"> <div class="corner1"> @@ -104,7 +101,7 @@ echo_strip(' <div class="login-title">E-Mail Address Changed</div> <div> - <a href="'.$roscms_SET_path_ex.'my/" style="color: red !important; text-decoration:underline;">My Profile</a> + <a href="'.$roscms_intern_page_link.'my" style="color: red !important; text-decoration:underline;">My Profile</a> </div>'); return; } @@ -164,6 +161,11 @@ $stmt->bindValue('activation_code',htmlspecialchars($_POST['useremail']).$account_act_code,PDO::PARAM_STR); $stmt->bindParam('user_id',$profile['user_id'],PDO::PARAM_INT); $stmt->execute(); + } + + // validate website + if (!preg_match('#://#',$_POST['userwebsite'])) { + $_POST['userwebsite'] = 'http://%27.$_POST%5B%27userwebsite']; }

// update account data @@ -189,7 +191,7 @@ $subject = $rdf_name_long." - Email Address Activation";

// message - $message = $rdf_name_long." - Email Address Activation\n\n\nYou have requested an email address change for your account on ".$rdf_name.". The next step in order to enable the new email address for the account is to activate it by using the hyperlink below.\n\n\nCurrent E-Mail Address: ".$profile['user_email']."\nNew E-Mail Address: ".$_POST['useremail']."\n\nActivation-Hyperlink: ".$roscms_SET_path_ex."my/activate/".$account_act_code."/\n\n\nBest regards,\nThe ".$rdf_name." Team\n\n\n(please do not reply as this is an auto generated email!)"; + $message = $rdf_name_long." - Email Address Activation\n\n\nYou have requested an email address change for your account on ".$rdf_name.". The next step in order to enable the new email address for the account is to activate it by using the hyperlink below.\n\n\nCurrent E-Mail Address: ".$profile['user_email']."\nNew E-Mail Address: ".$_POST['useremail']."\n\nActivation-Hyperlink: ".$roscms_intern_page_link."my&amp;subpage=activate&code=".$account_act_code."/\n\n\nBest regards,\nThe ".$rdf_name." Team\n\n\n(please do not reply as this is an auto generated email!)";

// send the mail if (EMail::send($_POST['useremail'], $subject, $message)) { @@ -204,11 +206,9 @@ echo '<div>Password changed.</div>'; }

- echo '<div><a href="'.$roscms_SET_path_ex.'my/" style="color:red !important; text-decoration:underline;">My Profile</a></div>'; + echo '<div><a href="'.$roscms_intern_page_link.'my" style="color:red !important; text-decoration:underline;">My Profile</a></div>';

ROSUser::syncSubsystems($profile['user_id']); - - unset($_SESSION['rdf_security_code']); } elseif ($activation_code != '' && strlen($activation_code) > 6) { echo_strip(' @@ -220,7 +220,7 @@ <div class="login-button"> <input type="submit" name="submit" value="Save" tabindex="16" /> <br /> - <input type="button" onclick="'."window.location='".$roscms_SET_path_ex."'".'" tabindex="17" value="Cancel" name="cancel" style="color:#777777;" /> + <input type="button" onclick="'."window.location='".$roscms_intern_webserver_pages."'".'" tabindex="17" value="Cancel" name="cancel" style="color:#777777;" /> <input name="registerpost" type="hidden" id="registerpost" value="reg" /> </div>'); } @@ -274,7 +274,7 @@ if (isset($_POST['registerpost']) && $existemail && $_POST['useremail'] != $profile['user_email']) { echo_strip(' <br /> - <em>That email address is already with an account. Do you have several accounts? Please <a href="'.$roscms_SET_path_ex.'login/" style="color:red !important; text-decoration:underline;"><strong>login</strong></a>!</em>'); + <em>That email address is already with an account. Do you have several accounts? Please <a href="'.$roscms_intern_page_link.'login" style="color:red !important; text-decoration:underline;"><strong>login</strong></a>!</em>'); }

echo_strip(' @@ -380,7 +380,7 @@

<div class="login-button"> <input type="submit" name="submit" value="Save" tabindex="16" /> - <input type="button" onclick="'.("window.location='".$roscms_SET_path_ex."'").'" tabindex="17" value="Cancel" name="cancel" style="color:#777777;" /> + <input type="button" onclick="'.("window.location='".$roscms_intern_webserver_roscms."'").'" tabindex="17" value="Cancel" name="cancel" style="color:#777777;" /> <input name="registerpost" type="hidden" id="registerpost" value="reg" /> </div>'); }

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Register.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Register.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_User_Register.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -47,7 +47,7 @@ { global $rdf_name; global $rdf_logon_system_name; - global $roscms_SET_path_ex; + global $roscms_intern_page_link, $roscms_intern_webserver_roscms; global $rdf_support_email_str; global $rdf_register_user_name_min, $rdf_register_user_name_max;

@@ -62,11 +62,11 @@ <div class="u-h1">Register to '.$rdf_name.'</div> <span class="u-h2">Become a member of the '.$rdf_name.' Community. </span> The <span class="u-h2">'.$rdf_logon_system_name.'</span> account offers single sign-on for all <span class="u-h2">'.$rdf_name.'</span> web services. <ul> - <li>Already a member? <a href="'.$roscms_SET_path_ex.'login/">Login now</a>! </li> - <li><a href="'.$roscms_SET_path_ex.'login/lost/">Lost username or password?</a></li> + <li>Already a member? <a href="'.$roscms_intern_page_link.'login">Login now</a>! </li> + <li><a href="'.$roscms_intern_page_link.'login&amp;subpage=lost">Lost username or password?</a></li> </ul>

- <form action="'.$roscms_SET_path_ex.'register/" method="post"> + <form action="'.$roscms_intern_page_link.'register" method="post"> <div> <div style="margin: 0px auto; background: #e1eafb none repeat scroll 0%; width: 300px;"> <div class="corner1"> @@ -160,7 +160,7 @@ $subject = $rdf_name_long." - Account Activation";

// message - $message = $rdf_name_long." - Account Activation\n\n\nYou have registered an account on ".$rdf_name.". The next step in order to enable the account is to activate it by using the hyperlink below.\n\nYou haven't registered an account? Oops, then someone has tried to register an account with your email address. Just ignore this email, no one can use it anyway as it is not activated and the account will get deleted soon.\n\n\nUsername: ".$_POST['username']."\nPassword: ".$_POST['userpwd1']."\n\nActivation-Hyperlink: ".$roscms_SET_path_ex."login/activate/".$account_act_code."/\n\n\nBest regards,\nThe ".$rdf_name." Team\n\n\n(please do not reply as this is an auto generated email!)"; + $message = $rdf_name_long." - Account Activation\n\n\nYou have registered an account on ".$rdf_name.". The next step in order to enable the account is to activate it by using the hyperlink below.\n\nYou haven't registered an account? Oops, then someone has tried to register an account with your email address. Just ignore this email, no one can use it anyway as it is not activated and the account will get deleted soon.\n\n\nUsername: ".$_POST['username']."\nPassword: ".$_POST['userpwd1']."\n\nActivation-Hyperlink: ".$roscms_intern_page_link."login&subpage=activate&code=".$account_act_code."/\n\n\nBest regards,\nThe ".$rdf_name." Team\n\n\n(please do not reply as this is an auto generated email!)";

// send the mail if (Email::send($_POST['useremail'], $subject, $message)) { @@ -221,7 +221,7 @@ if (isset($_POST['registerpost']) && $mail_exists) { echo_strip(' <br /> - <em>That email address is already with an account. Please <a href="'.$roscms_SET_path_ex.'login/" style="color:red !important; font-weight: bold; text-decoration:underline;">login</a>!</em>'); + <em>That email address is already with an account. Please <a href="'.$roscms_intern_page_link.'login" style="color:red !important; font-weight: bold; text-decoration:underline;">login</a>!</em>'); }

echo_strip(' @@ -237,14 +237,14 @@ function CaptchaReload() { ++BypassCacheNumber; - document.getElementById('captcha').src = '".$roscms_SET_path_ex.">register/captcha/' + BypassCacheNumber; + document.getElementById('captcha').src = '".$roscms_intern_page_link."captcha' + BypassCacheNumber; }

- document.write(<![CDATA['<br /><span style=\"color:#817A71; \">If you can't read this, try <a href=\"javascript:CaptchaReload()\">another one</a>.</span>']]>); + document.write('<br /><span style="color:#817A71; ">If you can't read this, try <a href="javascript:CaptchaReload()">another one</a>.</span>');

-->";echo_strip(' </script> - <img id="captcha" src="'.$roscms_SET_path_ex.'register/captcha" style="padding-top:10px;" alt="If you can\'t read this, try another one or email '.$rdf_support_email_str.' for help." title="Are you human?" /> + <img id="captcha" src="'.$roscms_intern_page_link.'captcha" style="padding-top:10px;" alt="If you can\'t read this, try another one or email '.$rdf_support_email_str.' for help." title="Are you human?" /> <br />'); if (isset($_POST['registerpost'])) { echo_strip(' @@ -256,7 +256,7 @@ </div> <div class="login-button"> <input type="submit" name="submit" value="Register" tabindex="8" /> - <input type="button" onclick="'."window.location='".$roscms_SET_path_ex."'".'" tabindex="9" value="Cancel" name="cancel" style="color:#777777;" /> + <input type="button" onclick="'."window.location='".$roscms_intern_webserver_roscms."'".'" tabindex="9" value="Cancel" name="cancel" style="color:#777777;" /> <input name="registerpost" type="hidden" id="registerpost" value="reg" /> </div>'); } // end registration form

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Login.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -123,7 +123,7 @@ public static function out( $target = '' ) { global $rdf_login_cookie_usrkey; - global $roscms_SET_path_ex; + global $roscms_intern_page_link;

if (isset($_COOKIE[$rdf_login_cookie_usrkey])) { @@ -147,7 +147,7 @@ exit; }

- header('Location: '.$roscms_SET_path_ex); + header('Location: '.$roscms_intern_page_link.'my'); exit; } // end of member function login

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Security.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -166,7 +166,7 @@ while($usergroup = $stmt->fetch(PDO::FETCH_ASSOC)) {

// - $pos = strpos($rights['sec_allow'], "|".$usergroup['usergroupmember_usergroupid']."|"); + $pos = strpos($rights['sec_allow'], '|'.$usergroup['usergroupmember_usergroupid'].'|'); if ($pos !== false) { $acl_allow = true; } @@ -179,7 +179,7 @@ while($usergroup = $stmt->fetch(PDO::FETCH_ASSOC)) {

// - $pos = strpos($rights['sec_deny'], "|".$usergroup['usergroupmember_usergroupid']."|"); + $pos = strpos($rights['sec_deny'], '|'.$usergroup['usergroupmember_usergroupid'].'|'); if ($pos !== false) { $acl_deny = true; } @@ -206,6 +206,7 @@ return $rights_list; } // end of member function getRightsList

+ /** * checks if the user has the given right to do things * @@ -221,11 +222,11 @@ return false; }

- // return if the requested kind of right is in the rights list for the user $pos = strpos(self::getRightsList($data_id), '|'.$kind.'|'); return ($pos !== false); } // end of member function hasRight +

/** * gives a short overview about user rights

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/Subsystem_PHPBB.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ros... ============================================================================== --- branches/danny-web/reactos.org/htdocs/roscms/lib/Subsystem_PHPBB.class.php [iso-8859-1] (original) +++ branches/danny-web/reactos.org/htdocs/roscms/lib/Subsystem_PHPBB.class.php [iso-8859-1] Tue Nov 25 13:10:11 2008 @@ -74,7 +74,7 @@ $inconsistencies = 0;

$stmt=DBConnection::getInstance()->prepare("SELECT u.user_id, u.user_name, u.user_email, u.user_register, p.username AS subsys_name, p.user_email AS subsys_email, FROM_UNIXTIME(p.user_regdate) AS subsys_register FROM users u, subsys_mappings m, ".$this->user_table." p WHERE m.map_roscms_userid = u.user_id AND m.map_subsys_name = 'phpbb' AND p.user_id = m.map_subsys_userid AND (u.user_name != p.username OR u.user_email != p.user_email OR u.user_register != FROM_UNIXTIME(p.user_regdate)) "); - $stmt->execute() or die("DB error (subsys_phpbb #1)"); + $stmt->execute() or die('DB error (subsys_phpbb #1)'); while ($mapping = $stmt->fetch(PDO::FETCH_ASSOC)) { echo 'Info mismatch for RosCMS userid '.$mapping['user_id'].': ';

@@ -112,7 +112,7 @@ $stmt->bindParam('user_name',$user_name,PDO::PARAM_STR); $stmt->bindParam('user_email',$user_email,PDO::PARAM_STR); $stmt->bindParam('user_id',$subsys_user,PDO::PARAM_INT); - $stmt->execute() or die("DB error (subsys_phpbb #7)"); + $stmt->execute() or die('DB error (subsys_phpbb #7)'); if ($stmt->fetchColumn() > 0) { echo 'User name ('.$user_name.') and/or email address ('.$user_email.') collision<br />'; return false; @@ -124,7 +124,7 @@ $stmt->bindParam('reg_date',$user_register,PDO::PARAM_STR); $stmt->bindParam('user_email',$user_email,PDO::PARAM_STR); $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT); - $stmt->execute() or die("DB error (subsys_phpbb #8)"); + $stmt->execute() or die('DB error (subsys_phpbb #8)');

return true; } // end of member function updateUserPrivate @@ -143,7 +143,7 @@ { // Determine the next available userid $stmt=DBConnection::getInstance()->prepare("SELECT MAX(user_id) FROM ".$this->user_table); - $stmt->execute() or die("DB error (subsys_phpbb #20)"); + $stmt->execute() or die('DB error (subsys_phpbb #20)'); $phpbb_user_id = $stmt->fetchColumn() + 1;

$dbh = DBConnection::getInstance(); @@ -153,27 +153,27 @@ $stmt->bindValue('user_clean_name',strtolower($name),PDO::PARAM_STR); $stmt->bindParam('user_email',$email,PDO::PARAM_STR); $stmt->bindParam('reg_date',$register,PDO::PARAM_STR); - $stmt->execute() or die("DB error (subsys_phpbb #10)"); + $stmt->execute() or die('DB error (subsys_phpbb #10)');

// Put the user in the REGISTERED group $stmt=DBConnection::getInstance()->prepare("SELECT group_id FROM ".self::DB_NAME.".phpbb_groups WHERE group_name = 'REGISTERED' LIMIT 1"); - $stmt->execute() or die("DB error (subsys_phpbb #18)"); + $stmt->execute() or die('DB error (subsys_phpbb #18)'); $group_id = $stmt->fetchColumn();

if($group_id === false){ - die("DB error (subsys_phpbb #20)"); + die('DB error (subsys_phpbb #20)'); }

$stmt=DBConnection::getInstance()->prepare("INSERT INTO ".self::DB_NAME.".phpbb_user_group (group_id, user_id, user_pending) VALUES (:group_id, :user_id, 0)"); $stmt->bindParam('group_id',$group_id,PDO::PARAM_INT); $stmt->bindParam('user_id',$phpbb_user_id,PDO::PARAM_INT); - $stmt->execute() or die("DB error (subsys_phpbb #19)"); + $stmt->execute() or die('DB error (subsys_phpbb #19)');

// Finally, insert a row in the mapping table - $query=DBConnection::getInstance()->prepare("INSERT INTO subsys_mappings (map_roscms_userid, map_subsys_name, map_subsys_userid) VALUES(:roscms_user, 'phpbb', :phpbb_user)"); + $stmt=DBConnection::getInstance()->prepare("INSERT INTO subsys_mappings (map_roscms_userid, map_subsys_name, map_subsys_userid) VALUES(:roscms_user, 'phpbb', :phpbb_user)"); $stmt->bindParam('roscms_user',$id,PDO::PARAM_INT); $stmt->bindParam('phpbb_user',$phpbb_user_id,PDO::PARAM_INT); - $stmt->execute() or die("DB error (subsys_phpbb #11)"); + $stmt->execute() or die('DB error (subsys_phpbb #11)');

return true; } // end of member function addUser @@ -194,14 +194,14 @@ // First, try to match on email address $stmt=DBConnection::getInstance()->prepare("SELECT user_id FROM ".$this->user_table." WHERE LOWER(user_email) = LOWER(:user_email)"); $stmt->bindParam('user_email',$user['email'],PDO::PARAM_STR); - $stmt->execute() or die("DB error (subsys_phpbb #5)"); + $stmt->execute() or die('DB error (subsys_phpbb #5)'); $phpbb_user_id = $stmt->fetchColumn(); if ($phpbb_user_id === false) {

// That failed. Let's try to match on user name then $stmt=DBConnection::getInstance()->prepare("SELECT user_id FROM ".$this->user_table." WHERE LOWER(username) = LOWER(:user_name)"); $stmt->bindParam('user_name',$user['name'],PDO::PARAM_STR); - $stmt->execute() or die("DB error (subsys_phpbb #6)"); + $stmt->execute() or die('DB error (subsys_phpbb #6)'); $phpbb_user_id = $stmt->fetchColumn(); }

@@ -221,7 +221,7 @@ $stmt=DBConnection::getInstance()->prepare("INSERT INTO subsys_mappings (map_roscms_userid, map_subsys_name, map_subsys_userid) VALUES(:roscms_user, 'phpbb', :phpbb_user)"); $stmt->bindParam('roscms_user',$user_id,PDO::PARAM_INT); $stmt->bindParam('phpbb_user',$phpbb_user_id,PDO::PARAM_INT); - $stmt->execute() or die("DB error (subsys_phpbb #9)"); + $stmt->execute() or die('DB error (subsys_phpbb #9)');

return true; }