prekill
|
 Posted:
Mon Apr 14, 2008 4:23 am |
|
The skin is office 2003, here is my index.php review module file and fckconfig.js:
Code: <?php
/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* ===================== */
/* Base on Reviews Addon */
/* Copyright (c) 2000 by Jeff Lambert (jeffx@ican.net) */
/* http://www.qchc.com */
/* More scripts on http://www.jeffx.qchc.com */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
/* Additional security & Abstraction layer conversion */
/* 2003 chatserv */
/* http://www.nukefixes.com -- http://www.nukeresources.com */
/************************************************************************/
if (!eregi("modules.php", $_SERVER['SCRIPT_NAME'])) {
die ("You can't access this file directly...");
}
if (stristr($_SERVER['QUERY_STRING'], '%25')) header('Location: index.php');
require_once('mainfile.php');
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
$advanced_editor = 1;
if (!isset($rop)) { $rop = ''; }
if (!isset($page)) { $page = ''; }
if (!isset($field)) { $field = ''; }
if (!isset($order)) { $order = ''; }
if (!isset($date)) { $date = ''; }
if (!isset($hits)) { $hits = ''; }
if (!isset($id)) { $id = ''; }
if (!isset($xanonpost)) { $xanonpost = ''; }
if (strlen($rop) == 1 AND ctype_alnum($rop)) {
$order = strtoupper($order);
if ($order != '' && $order != 'DESC' && $order != 'ASC') $order = ''; //security measure as $order was not sanitized - montego
reviews($rop, $field, $order);
} else {
switch ($rop) {
default:
reviews_index();
break;
case 'showcontent':
showcontent($id, $page);
break;
case 'write_review':
write_review();
break;
case 'preview_review':
preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage);
break;
case 'send_review':
send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage);
break;
case 'del_review':
del_review($id_del);
break;
case 'mod_review':
mod_review($id);
break;
case 'postcomment':
postcomment($id, $title);
break;
case 'savecomment':
savecomment($xanonpost, $uname, $id, $score, $comments);
break;
case 'del_comment':
del_comment($cid, $id);
break;
}
}
die();
function display_score($score) {
$image = '<img src="images/blue.gif" alt="" />';
$halfimage = '<img src="images/bluehalf.gif" alt="" />';
$full = '<img src="images/star.gif" alt="" />';
echo $score . ' ';
if ($score == 10) {
for ($i = 0;$i < 5;$i++) {
echo $full;
}
} else if ($score%2) {
$score -= 1;
$score /= 2;
for ($i = 0;$i < $score;$i++) {
echo $image;
}
echo $halfimage;
} else {
$score /= 2;
for ($i = 0;$i < $score;$i++) {
echo $image;
}
}
}
function write_review() {
global $language, $admin, $sitename, $user, $cookie, $prefix, $user_prefix, $currentlang, $multilingual, $db, $module_name;
include_once('header.php');
echo "<center><font class=\"title\">"._RWELCOME."</font></center><br /><br />";
if (is_user($user)) {
echo '
<table width="95%" align="center" cellpadding="3" cellspacing="3"><tr><td>
<center><a href="reviews.html"><b><u>*çæøä ìòîåã äøàùé ùì ñéôåøé èééñéí*</u></b></a></center><br><br><i>' . _ENTERINFO . '</i><br /><br />
<form method="post" action="modules.php?name=' . $module_name . '">
<b>' . _PRODUCTTITLE . ':</b><br />
<input type="text" name="title" size="50" maxlength="150" /><br />';
if ($multilingual == 1) {
echo '<br /><b>' . _LANGUAGE . ': </b>'
. '<select name="rlanguage">';
$languageslist = '';
$handle = opendir('language');
while ($file = readdir($handle)) {
if (preg_match('/^lang\-(.+)\.php/', $file, $matches)) {
$langFound = $matches[1];
$languageslist .= $langFound . ' ';
}
}
closedir($handle);
$languageslist = explode(' ', $languageslist);
for ($i = 0;$i < sizeof($languageslist);$i++) {
if (!empty($languageslist[$i])) {
echo '<option value="' . $languageslist[$i] . '" ';
if ($languageslist[$i] == strtolower($currentlang)) echo 'selected="selected"';
echo '>' . $languageslist[$i] . '</option>' . "\n";
}
}
echo '</select><br /><br />';
} else {
echo '<input type="hidden" name="rlanguage" value="' . $language . '" /><br /><br />';
}
echo '<b>' . _REVIEW . ':</b><br />';
//<textarea name="text" rows="15" wrap="virtual" cols="60"></textarea><br />";
wysiwyg_textarea('text', '', 'NukeUser', 60, 18);
echo '<br />';
if (is_admin($admin)) {
echo '<font class="content">' . _PAGEBREAK . '</font><br />';
}
echo '
<b>' . _YOURNAME . ':</b><br />';
if (is_user($user)) {
$result = $db->sql_query('SELECT username, user_email FROM ' . $user_prefix . '_users WHERE user_id = \'' . intval($cookie[0]) . '\'');
list($rname, $email) = $db->sql_fetchrow($result);
$rname = check_html($rname, 'nohtml'); // montego:0000763 - check_html already strips slashes if GPC is on
$email = check_html($email, 'nohtml'); // montego:0000763 - same as above
} else {
$rname = '';
$email = '';
}
echo '<input type="text" name="reviewer" size="41" maxlength="40" value="' . $rname . '" /><br />
<i>' . _FULLNAMEREQ . '</i><br /><br />
<b>' . _REMAIL . ':</b><br />
<input type="text" name="email" size="40" maxlength="80" value="' . $email . '" /><br />
';
if (is_admin($admin)) {
echo '<b>' . _RIMAGEFILE . ':</b><br />
<input type="text" name="cover" size="40" maxlength="100" /><br />
<i>' . _RIMAGEFILEREQ . '</i><br /><br />
';
} else echo '<input type="hidden" name="cover" value="" /><br />';
echo '<i>' . _CHECKINFO . '</i><br /><br />
<center><input type="hidden" name="rop" value="preview_review" />
<input type="submit" value="' . _PREVIEW . '" /> <input type="button" onclick="history.go(-1)" value="' . _CANCEL . '" /></form></center></td></tr></table>
';
} else {
echo "<center><font color=\"red\"><b>çåáä ìäúçáø òì îðú ìùìåç ñéôåø. àí àéðê îùúîù øùåí áàôùøåúê ìäøùí áçéðí <a href=\"account-new_user.html\">ëàï.</a></b></font><br><br>";
echo "<center><a href=\"reviews.html\"><b><u>*çæøä ìòîåã äøàùé ùì ñéôåøé èééñéí*</u></b></a></center><br>";
}
include_once('footer.php');
}
function preview_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) {
global $admin, $multilingual, $module_name;
if (eregi('<!--pagebreak-->', $text)) {
$text = ereg_replace('<!--pagebreak-->', '<!--pagebreak-->', $text);
}
/*
* montego:0000763 - the following code had stripslashes. RavenNuke check_html() function
* already checks for magic quotes being on and does a strip if needed. Therefore,
* these are unnecessary and potentially even problematic (strips user entered backslashes).
* Additional note, though, at this writing, check_html will also strip out anything after a < or >.
* Unfortunately, something for another day... a newer kses is out in July, 2007 which might be
* worth looking into more.
*/
$title = check_html($title, 'nohtml');
$text = check_html($text, '');
$reviewer = check_html($reviewer, 'nohtml');
$url_title = check_html($url_title, 'nohtml');
$email = check_html($email, 'nohtml');
$score = intval($score);
$cover = check_html($cover, 'nohtml');
$url = check_html($url, 'nohtml');
$hits = intval($hits);
$id = intval($id);
include_once('header.php');
echo '<table width="95%" align="center" cellpadding="3" cellspacing="3"><tr><td><form method="post" action="modules.php?name=' . $module_name . '">';
if (empty($title)) {
$error = 1;
echo _INVALIDTITLE . '<br />';
}
if (empty($text)) {
$error = 1;
echo _INVALIDTEXT . '<br />';
}
if (($hits < 0) && ($id != 0)) {
$error = 1;
echo _INVALIDHITS . '<br />';
}
if (empty($reviewer) || empty($email)) {
$error = 1;
echo _CHECKNAME . '<br />';
} elseif (!empty($reviewer) && !empty($email)) if (!(eregi('^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}$', $email))) {
$error = 1;
/* eregi checks for a valid email! works nicely for me! */
echo _INVALIDEMAIL . '<br />';
}
if (($url_title != '' && $url == '') || ($url_title == '' && $url != '')) {
$error = 1;
echo _INVALIDLINK . '<br />';
} else if (($url != '') && (!(eregi('(^http[s]*:[/]+)(.*)', $url)))) $url = 'http://' . urlencode($url);
/* If the user ommited the http, this nifty eregi will add it */
if (isset($error) AND ($error == 1)) echo '<br />' . _GOBACK;
else {
if (empty($date)) $date = date('Y-m-d');
$year2 = substr($date, 0, 4);
$month = substr($date, 5, 2);
$day = substr($date, 8, 2);
$fdate = date('F jS Y', mktime(0, 0, 0, $month, $day, $year2));
echo '<p class="title"><i>' . $title . '</i></p><div>';
if (!empty($cover)) echo '<img src="images/reviews/' . urlencode($cover) . '" border="1" alt="" />';
echo $text;
echo '</div><p><b>' . _ADDED . '</b> ' . $fdate . '<br />';
if ($multilingual == 1) {
echo '<b>' . _LANGUAGE . '</b> ' . $rlanguage . '<br />';
}
echo '<b>' . _REVIEWER . '</b> <a href="mailto:' . $email . '">' . $reviewer . '</a><br />';
if (!empty($url)) echo '<br /><b>' . _RELATEDLINK . ':</b> <a href="' . $url . '" target="_blank">' . $url_title . '</a>';
// $id = intval($id); // montego:0000763 - unnecessary as already taken care of above.
if ($id != 0) {
echo '<br /><b>' . _REVIEWID . ':</b> ' . $id . '<br />';
echo '<b>' . _HITS . ':</b> ' . $hits . '<br />';
}
echo '</p>';
echo '<p><i><b>' . _LOOKSRIGHT . '</b></i></p>';
/*
* montego:0000763 - added htmlspecialchars to ensure values are passed properly as if entered in the form,
* as well as to help ensure XHTML compliance. I am a bit unsure on the $date; wondering if some validation
* is needed.
*/
echo '<input type="hidden" name="id" value="' . $id . '" />
<input type="hidden" name="hits" value="' . $hits . '" />
<input type="hidden" name="rop" value="send_review" />
<input type="hidden" name="date" value="' . $date . '" />
<input type="hidden" name="title" value="' . htmlspecialchars($title) . '" />
<input type="hidden" name="text" value="' . htmlspecialchars($text) . '" />
<input type="hidden" name="reviewer" value="' . htmlspecialchars($reviewer) . '" />
<input type="hidden" name="email" value="' . $email . '" />
<input type="hidden" name="score" value="' . $score . '" />
<input type="hidden" name="url" value="' . htmlspecialchars($url) . '" />
<input type="hidden" name="url_title" value="' . htmlspecialchars($url_title) . '" />
<input type="hidden" name="cover" value="' . htmlspecialchars($cover) . '" />
';
echo '<input type="hidden" name="rlanguage" value="' . $rlanguage . '" />';
echo '<input type="submit" value="' . _YES . '" /> <input type="button" onclick="history.go(-1)" value="' . _NO . '" />';
$id = intval($id);
if ($id != 0) $word = _RMODIFIED;
else $word = _RADDED;
if (is_admin($admin)) echo '<p><b>' . _NOTE . '</b> ' . _ADMINLOGGED . ' ' . $word . '</p>';
}
echo '</td></tr></table></form>';
include_once('footer.php');
}
function send_review($date, $title, $text, $reviewer, $email, $score, $cover, $url, $url_title, $hits, $id, $rlanguage) {
global $admin, $EditedMessage, $prefix, $db, $module_name;
include_once('header.php');
/*
* montego:0000763 - if the above captcha code is ever "broken" by a hacker/spammer, it will be possible
* to add reviews via this function alone, therefore, the input would need to be sanitized here as in preview_review().
*/
if (eregi('<!--pagebreak-->', $text)) {
$text = ereg_replace('<!--pagebreak-->', '<!--pagebreak-->;', $text);
}
/*
* montego:0000763 - the following code had stripslashes. RavenNuke check_html() function
* already checks for magic quotes being on and does a strip if needed. Therefore,
* these are unnecessary. In addition, these values are being used in SQL updates
* therefore, they really should be addslashes(). FixQuotes was removed as well as it is
* a very poor-man's escape tool.
*
* Unfortunately, because check_html() will leave any "&" signs in its entity form of "&"
* I am not sure what to do with this... I will have to do an entity decode coming out of the db.
*/
$id = intval($id);
$title = addslashes(check_html($title, 'nohtml'));
$text = addslashes(check_html($text, ''));
$reviewer = check_html($reviewer, 'nohtml'); // montego:0000763 - this one is different as its used within the page
$url_title = addslashes(check_html($url_title, 'nohtml'));
$email = addslashes(check_html($email, 'nohtml'));
$score = intval($score);
$cover = addslashes(check_html($cover, 'nohtml'));
$url = addslashes(check_html($url, 'nohtml'));
$url_title = addslashes(check_html($url_title, 'nohtml'));
$hits = intval($hits);
if (eregi('<!--pagebreak-->', $text)) {
$text = ereg_replace('<!--pagebreak-->', '<!--pagebreak-->', $text);
}
echo '<br /><center>' . _RTHANKS;
$id = intval($id);
if ($id != 0) echo ' ' . _MODIFICATION;
else echo ', ' . $reviewer;
echo '!<br />';
if ($score < 0 OR $score > 10) {
$score = 0;
}
$reviewer = addslashes($reviewer); // montego:0000763 - now going to be used in a SQL string so need to escape it
if ((is_admin($admin)) && ($id == 0)) {
$db->sql_query('INSERT INTO ' . $prefix . '_reviews VALUES ' . '(NULL, \'' . $date . '\', \'' . $title . '\', \'' . $text . '\', \'' . $reviewer . '\', \'' . $email . '\', \'' . $score . '\', \'' . $cover . '\', \'' . $url . '\', \'' . $url_title . '\', \'1\', \'' . $rlanguage . '\')');
echo _ISAVAILABLE;
} elseif ((is_admin($admin)) && ($id != 0)) {
$db->sql_query('UPDATE ' . $prefix . '_reviews SET ' . 'date=\'' . $date . '\', title=\'' . $title . '\', text=\'' . $text . '\', reviewer=\'' . $reviewer . '\', email=\'' . $email . '\', score=\'' . $score . '\', cover=\'' . $cover . '\', url=\'' . $url . '\', url_title=\'' . $url_title . '\', hits=\'' . $hits . '\', rlanguage=\'' . $rlanguage . '\' where id = \'' . $id . '\'');
echo _ISAVAILABLE;
} else {
$db->sql_query('INSERT INTO ' . $prefix . '_reviews_add VALUES ' . '(NULL, \'' . $date . '\', \'' . $title . '\', \'' . $text . '\', \'' . $reviewer . '\', \'' . $email . '\', \'' . $score . '\', \'' . $url . '\', \'' . $url_title . '\', \'' . $rlanguage . '\')');
echo _EDITORWILLLOOK;
}
echo '<br /><br />[ <a href="modules.php?name=' . $module_name . '">' . _RBACK . '</a> ]<br /></center>';
include_once('footer.php');
}
function reviews_index() {
global $bgcolor3, $bgcolor2, $prefix, $multilingual, $currentlang, $db, $module_name;
include ('header.php');
if ($multilingual == 1) {
$querylang = "WHERE rlanguage='$currentlang'";
} else {
$querylang = "";
}
OpenTable();
echo "<table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\">
<tr><td><tr><td colspan=\"2\"><center><font class=\"title\">"._RWELCOME."</font></center>";
$result = $db->sql_query("select title, description from ".$prefix."_reviews_main");
list($title, $description) = $db->sql_fetchrow($result);
$title = stripslashes(check_html($title, "nohtml"));
$description = stripslashes($description);
echo "<b>$title</b><br><br>$description";
echo "</td></tr></table>";
echo "<table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\"><tr><td><a href=\"reviews-new.html\"><img src=\"modules/Reviews/images/writestoy.jpg\" border=\"0\"></a><br><br></td><td align=\"left\"><img src=\"modules/Reviews/images/ss583a.jpg\" border=\"1\"> <img src=\"modules/Reviews/images/454469d5.jpg\" border=\"1\"> <img src=\"modules/Reviews/images/fs92008-03-2513-46-28-70.png\" border=\"1\"> <img src=\"modules/Reviews/images/ScreenShot_1192.jpg\" border=\"1\"><br><br></td></tr></table><table border=\"0\" width=\"95%\" CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\"><tr><td width=\"50%\" bgcolor=\"#e1e1e1\"><b><center>"._10MOSTPOP."</center></b></td>";
echo "<td width=\"50%\" bgcolor=\"#e1e1e1\"><b><center>"._10MOSTREC."</center></b></td></tr>";
$result_pop = $db->sql_query("SELECT id, title, hits from ".$prefix."_reviews $querylang order by hits DESC limit 10");
$result_rec = $db->sql_query("SELECT id, title, date, hits from ".$prefix."_reviews $querylang order by date DESC limit 10");
$y = 1;
for ($x = 0; $x < 10; $x++) {
$myrow = $db->sql_fetchrow($result_pop);
$id = intval($myrow['id']);
$title = stripslashes(check_html($myrow['title'], "nohtml"));
$hits = intval($myrow['hits']);
echo "<tr><td width=\"50%\" bgcolor=\"#eaedf4\">$y) <a href=\"modules.php?name=$module_name&rop=showcontent&id=$id\">$title</a></td>";
$myrow2 = $db->sql_fetchrow($result_rec);
$id = intval($myrow2['id']);
$title = stripslashes(check_html($myrow2['title'], "nohtml"));
$hits = intval($myrow2['hits']);
echo "<td width=\"50%\" bgcolor=\"#f8f9fa\">$y) <a href=\"modules.php?name=$module_name&rop=showcontent&id=$id\">$title</a></td></tr>";
$y++;
}
echo "<tr><td colspan=\"2\"><br></td></tr>";
$result2 = $db->sql_query("SELECT * FROM ".$prefix."_reviews $querylang");
$numresults = $db->sql_numrows($result2);
echo "</td></tr></table>";
// áøâò ùäøùéîä ðäééú àøåëä îéãé, úëðéñ àú ä÷åã äáà ëôåð÷öéä ùì òîåã çãù.
$result = mysql_query("SELECT id, title, date, hits, reviewer FROM ".$prefix."_reviews $querylang order by date");
echo "<center><u><h3>ëì ñéôåøé äèééñéí:</h3></u>";
echo "<table width=\"95%\" cellpadding=\"2\" cellspacing=\"1\" align=\"center\" style=\"border:1 solid $bgcolor2\">"
."<tr height=\"25\">"
."<td align=\"center\" bgcolor=\"#e1e1e1\"><b>ùí äñéôåø</b></td>"
."<td align=\"center\" bgcolor=\"#e1e1e1\"><b>ëåúá</b></td>"
."<td align=\"center\" bgcolor=\"#e1e1e1\"><b>ð÷øà</b></td>"
."</tr>";
while (list($id, $title, $date, $hits, $reviewer) = mysql_fetch_row($result)){
echo "<tr height=\"20\"><td align=\"center\" bgcolor=\"#eaedf4\"><a href=\"reviews-$id.html\"><font color=\"blue\"><b>$title</b></font></a></td><td align=\"center\" bgcolor=\"#f8f9fa\">$reviewer</td><td align=\"center\" bgcolor=\"#eaedf4\">$hits</td></tr>";
}
echo "</table><br><br>";
echo "<table CELLPADDING=\"2\" CELLSPACING=\"4\" align=\"center\" border=\"1\" bordercolor=\"#e1e1e1\"><tr><td bgcolor=\"#f8f9fa\"><center><b>"._THEREARE." $numresults "._REVIEWSINDB."</b></center></td></tr></td></tr></table>";
CloseTable();
include ("footer.php");
}
function reviews($letter, $field, $order) {
global $bgcolor4, $sitename, $prefix, $multilingual, $currentlang, $db, $module_name;
include_once('header.php');
$letter = substr($letter, 0, 1);
if ($multilingual == 1) {
$querylang = 'AND rlanguage=\'' . $currentlang . '\'';
} else {
$querylang = '';
}
OpenTable();
echo '<center><b>' . $sitename . ' ' . _REVIEWS . '</b><br />';
echo '<i>' . _REVIEWSLETTER . ' ' . $letter . '</i><br /><br /></center>';
switch ($field) {
default:
$result = $db->sql_query('SELECT id, title, hits, reviewer, score, email FROM ' . $prefix . '_reviews WHERE UPPER(title) LIKE \'' . $letter . '%\' ' . $querylang . ' ORDER by title ' . $order);
break;
case 'reviewer':
$result = $db->sql_query('SELECT id, title, hits, reviewer, score, email FROM ' . $prefix . '_reviews WHERE UPPER(title) LIKE \'' . $letter . '%\' ' . $querylang . ' ORDER by reviewer ' . $order);
break;
case 'score':
$result = $db->sql_query('SELECT id, title, hits, reviewer, score, email FROM ' . $prefix . '_reviews WHERE UPPER(title) LIKE \'' . $letter . '%\' ' . $querylang . ' ORDER by score ' . $order);
break;
case 'hits':
$result = $db->sql_query('SELECT id, title, hits, reviewer, score, email FROM ' . $prefix . '_reviews WHERE UPPER(title) LIKE \'' . $letter . '%\' ' . $querylang . ' ORDER by hits ' . $order);
break;
}
$numresults = $db->sql_numrows($result);
if ($numresults == 0) {
echo '<center><i><b>' . _NOREVIEWS . ' ' . $letter . '</b></i><br /><br /></center>';
} elseif ($numresults > 0) {
echo '<table border="0" width="100%" cellpadding="2" cellspacing="4">
<tr>
<td width="50%" bgcolor="' . $bgcolor4 . '" align="left">
<a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=title&order=asc" title="' . _SORTASC . '"><img src="images/up.gif" border="0" width="15" height="9" alt="' . _SORTASC . '" /></a><b> ' . _PRODUCTTITLE . ' </b><a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=title&order=DESC" title="' . _SORTDESC . '"><img src="images/down.gif" border="0" width="15" height="9" alt="' . _SORTDESC . '" /></a>
</td>
<td width="18%" bgcolor="' . $bgcolor4 . '" align="center">
<a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=reviewer&order=asc" title="' . _SORTASC . '"><img src="images/up.gif" border="0" width="15" height="9" alt="' . _SORTASC . '" /></a><b> ' . _REVIEWER . ' </b><a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=reviewer&order=desc" title="' . _SORTDESC . '"><img src="images/down.gif" border="0" width="15" height="9" alt="' . _SORTDESC . '" /></a>
</td>
<td width="18%" bgcolor="' . $bgcolor4 . '" align="center">
<a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=score&order=asc" title="' . _SORTASC . '"><img src="images/up.gif" border="0" width="15" height="9" alt="' . _SORTASC . '" /></a><b> ' . _SCORE . ' </b><a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=score&order=DESC" title="' . _SORTDESC . '"><img src="images/down.gif" border="0" width="15" height="9" alt="' . _SORTDESC . '" /></a>
</td>
<td width="14%" bgcolor="' . $bgcolor4 . '" align="center">
<a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=hits&order=asc" title="' . _SORTASC . '"><img src="images/up.gif" border="0" width="15" height="9" alt="' . _SORTASC . '" /></a><b> ' . _HITS . ' </b><a href="modules.php?name=' . $module_name . '&rop=' . $letter . '&field=hits&order=DESC" title="' . _SORTDESC . '"><img src="images/down.gif" border="0" width="15" height="9" alt="' . _SORTDESC . '" /></a>
</td>
</tr>';
/*
* montego:0000763 - check_html was already done prior to adding to the DB and will end up stripping slashes again!
* check_html() is really not necessary coming out of the DB. If SQL injection is possible from another poorly coded
* module, then there will be much bigger problems than doing no checks here!
*/
while ($myrow = $db->sql_fetchrow($result)) {
$title = $myrow['title'];
$id = intval($myrow['id']);
$reviewer = $myrow['reviewer'];
$email = $myrow['email'];
$score = intval($myrow['score']);
$hits = intval($myrow['hits']);
echo '<tr>
<td width="50%" bgcolor="' . $bgcolor4 . '"><a href="modules.php?name=' . $module_name . '&rop=showcontent&id=' . $id . '">' . $title . '</a></td>
<td width="18%" bgcolor="' . $bgcolor4 . '">';
if (!empty($reviewer)) echo '<center>' . $reviewer . '</center>';
echo '</td><td width="18%" bgcolor="' . $bgcolor4 . '" align="center">';
display_score($score);
echo '</td><td width="14%" bgcolor="' . $bgcolor4 . '" align="center">' . $hits . '</td>
</tr>';
}
echo '</table>';
echo '<br />' . $numresults . ' ' . _TOTALREVIEWS . '<br /><br />';
}
echo '<center>[ <a href="modules.php?name=' . $module_name . '">' . _RETURN2MAIN . '</a> ]</center>';
CloseTable();
include_once('footer.php');
}
function postcomment($id, $title) {
global $user, $cookie, $AllowableHTML, $anonymous, $module_name;
cookiedecode($user);
$title = stripslashes(FixQuotes(check_html($title, nohtml)));
$title = htmlspecialchars(urldecode($title));
OpenTable();
echo "<form action=modules.php?name=$module_name method=post>";
if (!is_user($user)) {
echo "<center><font color=\"red\"><b>çåáä ìäúçáø òì îðú ìäâéá åìãøâ. àí àéðê îùúîù øùåí áàôùøåúê ìäøùí áçéðí <a href=\"account-new_user.html\">ëàï.</a></b></font><br><br>";
$uname = $anonymous;
} else {
echo "<center><font class=\"title\"><b>"._YOURNICK."</font> $cookie[1]</b><br>";
$uname = $cookie[1];
echo "
<input type=hidden name=uname value=$uname>
<input type=hidden name=id value=$id>
<font class=\"title\">"._YOURCOMMENT."</font><br>
<textarea name=comments rows=1 cols=100></textarea><br>";
echo "
<input type=hidden name=rop value=savecomment>
<input type=submit value=\"ùìç úâåáä\">
</form></center>
";
}
CloseTable();
}
function savecomment($xanonpost, $uname, $id, $score, $comments) {
global $anonymous, $user, $cookie, $prefix, $db, $module_name;
if ($xanonpost) {
$uname = $anonymous;
}
$comments = stripslashes(FixQuotes(check_html($comments)));
$id = intval($id);
$score = intval($score);
$db->sql_query("insert into ".$prefix."_reviews_comments values (NULL, '$id', '$uname', now(), '$comments', '$score')");
Header("Location: modules.php?name=$module_name&rop=showcontent&id=$id");
}
function r_comments($id, $title) {
global $admin, $prefix, $db, $module_name;
$id = intval($id);
$result = $db->sql_query("SELECT cid, userid, date, comments, score from ".$prefix."_reviews_comments where rid='$id' ORDER BY date DESC");
while ($row = $db->sql_fetchrow($result)) {
$cid = intval($row['cid']);
$uname = stripslashes($row['userid']);
$date = $row['date'];
$comments = stripslashes($row['comments']);
$score = intval($row['score']);
echo "<tr><td align=\"center\" bgColor=\"#d0dff5\" vAlign=\"top\" width=\"140\">";
$title = htmlspecialchars(urldecode(check_html($title, "nohtml")));
if ($uname == "Anonymous") {
echo " $uname<br>$date<br>";
} else {
echo " $uname<br>$date<br>";
}
if (is_admin($admin)) {
echo "<br><b>"._ADMIN."</b> [ <a href=\"modules.php?name=$module_name&rop=del_comment&cid=$cid&id=$id\">"._DELETE."</a> ]</font><hr noshade size=1><br><br>";
} else {
echo "</font>";
}
echo "</td><td align=\"right\" bgColor=\"#eaedf4\" vAlign=\"top\">";
$comments = FixQuotes(nl2br(filter_text($comments)));
echo "
$comments
";
echo "</td></tr>";
}
}
function showcontent($id, $page) {
global $admin, $uimages, $prefix, $db, $module_name;
$id = intval($id);
$page = intval($page);
include_once('header.php');
OpenTable();
if (($page == 1) OR (empty($page))) {
$db->sql_query('UPDATE ' . $prefix . '_reviews SET hits=hits+1 WHERE id=\'' . $id . '\'');
}
$result = $db->sql_query('SELECT * FROM ' . $prefix . '_reviews WHERE id=\'' . $id . '\'');
$myrow = $db->sql_fetchrow($result);
// $id = intval($myrow['id']); // montego:0000763 - uuggh, why on earth do we need to get this? We already have this.
$date = $myrow['date'];
$year = substr($date, 0, 4);
$month = substr($date, 5, 2);
$day = substr($date, 8, 2);
$fdate = date('F jS Y', mktime(0, 0, 0, $month, $day, $year));
$title = $myrow['title']; // montego:0000763 - check_html was already done prior to adding to the DB and will end up stripping slashes again!
$text = $myrow['text'];
$cover = $myrow['cover'];
$reviewer = $myrow['reviewer'];
$email = $myrow['email'];
$hits = intval($myrow['hits']);
$url = $myrow['url'];
$url_title = $myrow['url_title'];
$score = intval($myrow['score']);
$rlanguage = $myrow['rlanguage'];
$contentpages = explode('<!--pagebreak-->', $text);
$pageno = count($contentpages);
if ($page == '' || $page < 1) $page = 1;
if ($page > $pageno) $page = $pageno;
$arrayelement = (int)$page;
$arrayelement--;
echo '<table width="95%" align="center" cellpadding="3" cellspacing="3"><tr><td><p class="title"><i>' . $title . '</i></p>';
echo '<div align="left">';
if (!empty($cover)) echo '<img src="images/reviews/' . $cover . '" align="right" border="1" vspace="2" alt="" />';
echo $contentpages[$arrayelement] . '</div><p>';
if (is_admin($admin)) echo '<b>' . _ADMIN . '</b> [ <a href="modules.php?name=' . $module_name . '&rop=mod_review&id=' . $id . '">' . _EDIT . '</a> | <a href="modules.php?name=' . $module_name . '&rop=del_review&id_del=' . $id . '">' . _DELETE . '</a> ]<br />';
echo '<b>' . _ADDED . '</b> ' . $fdate . '<br />';
if (!empty($reviewer)) echo '<b>' . _REVIEWER . '</b> ' . $reviewer . '<br />';
if (!empty($url)) echo '<br /><b>' . _RELATEDLINK . ':</b> <a href="' . $url . '" target="_blank">' . $url_title . '</a>';
echo '<b>' . _HITS . ':</b> ' . $hits;
if ($pageno > 1) {
echo '<br /><b>' . _PAGE . ':</b> ' . $page . '/' . $pageno . '<br />';
}
postcomment($id, $title);
echo "
<center><font class=\"title\"><img src=\"modules/My_eGallery/images/comments.gif\"> úâåáåú:</font><div class=\"gallery\"><TABLE border=\"0\" bgcolor=\"white\" cellPadding=\"2\" cellSpacing=\"2\" width=\"600\" align=\"center\">";
r_comments($id, $title);
echo "</table></div></center>";
// $title = urlencode($title); // montego:0000763 - inappropriate placement as it screws up r_comments(). Added it to the anchor below.
$next_page = '';
if ($page < $pageno) {
$next_pagenumber = $page + 1;
if ($page != 1) {
$next_page .= '<img src="images/blackpixel.gif" width="10" height="2" border="0" alt="" /> ';
}
$next_page .= '<a href="modules.php?name=' . $module_name . '&rop=showcontent&id=' . $id . '&page=' . $next_pagenumber . '">' . _NEXT . ' (' . $next_pagenumber . '/' . $pageno . ')</a> <a href="modules.php?name=' . $module_name . '&rop=showcontent&id=' . $id . '&page=' . $next_pagenumber . '"><img src="images/right.gif" border="0" alt="' . _NEXT . '" /></a>';
}
if ($page <= 1) {
$previous_page = '';
} else {
$previous_pagenumber = $page - 1;
$previous_page = '<a href="modules.php?name=' . $module_name . '&rop=showcontent&id=' . $id . '&page=' . $previous_pagenumber . '"><img src="images/left.gif" border="0" alt="' . _PREVIOUS . '" /></a> <a href="modules.php?name=' . $module_name . '&rop=showcontent&id=' . $id . '&page=' . $previous_pagenumber . '">' . _PREVIOUS . ' (' . $previous_pagenumber . '/' . $pageno . ')</a>';
}
echo '<br><br><center><a href="reviews.html"><b><u>*çæøä ìòîåã äøàùé ùì ñéôåøé èééñéí*</u></b></a></center></td></tr></table>';
CloseTable();
include_once('footer.php');
}
function mod_review($id) {
global $admin, $prefix, $db, $module_name, $advanced_editor;
$id = intval($id);
include_once('header.php');
OpenTable();
if (($id == 0) || (!is_admin($admin))) echo 'This function must be passed argument id, or you are not admin.';
elseif (($id != 0) && (is_admin($admin))) {
$result = $db->sql_query('SELECT * FROM ' . $prefix . '_reviews WHERE id = \'' . $id . '\'');
/*
* montego:0000763 - check_html was already done prior to adding to the DB and will end up stripping slashes again!
* check_html() is really not necessary coming out of the DB. If SQL injection is possible from another poorly coded
* module, then there will be much bigger problems than doing no checks here!
*/
while ($myrow = $db->sql_fetchrow($result)) {
$date = $myrow['date'];
$title = $myrow['title'];
$text = $myrow['text'];
$cover = $myrow['cover'];
$reviewer = $myrow['reviewer'];
$email = $myrow['email'];
$hits = intval($myrow['hits']);
$url = $myrow['url'];
$url_title = $myrow['url_title'];
$score = intval($myrow['score']);
$rlanguage = $myrow['rlanguage'];
}
echo '<center><p><b>' . _REVIEWMOD . '</b></p></center>';
echo '<form method="post" action="modules.php?name=' . $module_name . '&rop=preview_review"><input type="hidden" name="id" value="' . $id . '" />';
echo '<table border="0" width="100%">
<tr>
<td width="12%"><b>' . _RDATE . '</b></td>
<td><input type="text" name="date" size="15" value="' . $date . '" maxlength="10" /></td>
</tr>
<tr>
<td width="12%"><b>' . _RTITLE . '</b></td>
<td><input type="text" name="title" size="50" maxlength="150" value="' . htmlspecialchars($title) . '" /></td>
</tr>
<tr>';
echo '<td width="12%"><b>' . _LANGUAGE . ':</b></td>
<td><select name="rlanguage">';
$languageslist = '';
$handle = opendir('language');
while ($file = readdir($handle)) {
if (preg_match('/^lang\-(.+)\.php/', $file, $matches)) {
$langFound = $matches[1];
$languageslist .= $langFound . ' ';
}
}
closedir($handle);
$languageslist = explode(' ', $languageslist);
for ($i = 0;$i < sizeof($languageslist);$i++) {
if (!empty($languageslist[$i])) {
echo '<option value="' . $languageslist[$i] . '" ';
if ($languageslist[$i] == $rlanguage) echo 'selected="selected"';
echo '>' . $languageslist[$i] . '</option>' . "\n";
}
}
echo '</select></td></tr>';
echo '<tr>
<td width="12%"><b>' . _RTEXT . '</b></td>
<td><div>';
//<textarea class="textbox" name="text" rows="20" wrap="virtual" cols="60">$text</textarea>
if (!isset($advanced_editor) || $advanced_editor == 0) $text = htmlentities($text, ENT_QUOTES); //montego - Necessary to pass XHTML compliance when not using the editor
wysiwyg_textarea('text', $text, 'NukeUser', 60, 23);
echo '</div></td>
</tr>
<tr>
<td width="12%"><b>' . _REVIEWER . '</b></td>
<td><input type="text" name="reviewer" size="41" maxlength="40" value="' . htmlspecialchars($reviewer) . '" /></td>
</tr>
<tr>
<td width="12%"><b>' . _REVEMAIL . '</b></td>
<td><input type="text" name="email" value="' . $email . '" size="30" maxlength="80" /></td>
</tr>
<tr>
<td width="12%"><b>' . _SCORE . '</b></td>
<td><input type="text" name="score" value="' . $score . '" size="3" maxlength="2" /></td>
</tr>
<tr>
<td width="12%"><b>' . _RLINK . '</b></td>
<td><input type="text" name="url" value="' . htmlspecialchars($url) . '" size="30" maxlength="100" /></td>
</tr>
<tr>
<td width="12%"><b>' . _RLINKTITLE . '</b></td>
<td><input type="text" name="url_title" value="' . htmlspecialchars($url_title) . '" size="30" maxlength="50" /></td>
</tr>
<tr>
<td width="12%"><b>' . _COVERIMAGE . '</b></td>
<td><input type="text" name="cover" value="' . htmlspecialchars($cover) . '" size="30" maxlength="100" /></td>
</tr>
<tr>
<td width="12%"><b>' . _HITS . ':</b></td>
<td><input type="text" name="hits" value="' . $hits . '" size="5" maxlength="5" /></td>
</tr>
</table>';
echo '<input type="hidden" name="rop" value="preview_review" /><input type="submit" value="' . _PREMODS . '" /> <input type="button" onclick="history.go(-1)" value="' . _CANCEL . '" /></form>';
}
CloseTable();
include_once('footer.php');
}
function del_review($id_del) {
global $admin, $prefix, $db, $module_name;
$id_del = intval($id_del);
if (is_admin($admin)) {
$db->sql_query('DELETE FROM ' . $prefix . '_reviews WHERE id = \'' . $id_del . '\'');
$db->sql_query('DELETE FROM ' . $prefix . '_reviews_comments WHERE rid=\'' . $id_del . '\'');
Header('Location: modules.php?name=' . $module_name);
die();
} else {
echo 'ACCESS DENIED';
}
}
function del_comment($cid, $id) {
global $admin, $prefix, $db, $module_name;
$id = intval($id);
$cid = intval($cid);
if (is_admin($admin)) {
$db->sql_query('DELETE FROM ' . $prefix . '_reviews_comments WHERE cid=' . $cid);
Header('Location: modules.php?name=' . $module_name . '&rop=showcontent&id=' . $id);
die();
} else {
echo 'ACCESS DENIED';
}
}
?>
|
Code:/*
* FCKeditor - The text editor for internet
* Copyright (C) 2003-2006 Frederico Caldeira Knabben
*
* Licensed under the terms of the GNU Lesser General Public License:
* http://www.opensource.org/licenses/lgpl-license.php
*
* For further information visit:
* http://www.fckeditor.net/
*
* "Support Open Source software. What about a donation today?"
*
* File Name: fckconfig.js
* Editor configuration settings.
*
* Follow this link for more information:
* http://wiki.fckeditor.net/Developer%27s_Guide/Configuration/Configurations_Settings
*
* File Authors:
* Frederico Caldeira Knabben (fredck@fckeditor.net)
*/
FCKConfig.CustomConfigurationsPath = '' ;
FCKConfig.EditorAreaCSS = FCKConfig.BasePath + 'css/fck_editorarea.css' ;
FCKConfig.ToolbarComboPreviewCSS = '' ;
FCKConfig.DocType = '' ;
FCKConfig.BaseHref = '';
FCKConfig.FullPage = false ;
FCKConfig.Debug = false ;
FCKConfig.AllowQueryStringDebug = true ;
FCKConfig.SkinPath = FCKConfig.BasePath + 'skins/office2003/' ;
FCKConfig.PreloadImages = [ FCKConfig.SkinPath + 'images/toolbar.start.gif', FCKConfig.SkinPath + 'images/toolbar.buttonarrow.gif' ] ;
FCKConfig.PluginsPath = FCKConfig.BasePath + 'plugins/' ;
// FCKConfig.Plugins.Add( 'autogrow' ) ;
FCKConfig.AutoGrowMax = 400 ;
// FCKConfig.ProtectedSource.Add( /<%[\s\S]*?%>/g ) ; // ASP style server side code <%...%>
// FCKConfig.ProtectedSource.Add( /<\?[\s\S]*?\?>/g ) ; // PHP style server side code
// FCKConfig.ProtectedSource.Add( /(<asp:[^\>]+>[\s|\S]*?<\/asp:[^\>]+>)|(<asp:[^\>]+\/>)/gi ) ; // ASP.Net style tags <asp:control>
FCKConfig.AutoDetectLanguage = true ;
FCKConfig.DefaultLanguage = 'he' ;
FCKConfig.ContentLangDirection = 'rtl' ;
FCKConfig.ProcessHTMLEntities = true ;
FCKConfig.IncludeLatinEntities = true ;
FCKConfig.IncludeGreekEntities = true ;
FCKConfig.ProcessNumericEntities = false ;
FCKConfig.AdditionalNumericEntities = '' ; // Single Quote: "'"
FCKConfig.FillEmptyBlocks = true ;
FCKConfig.FormatSource = true ;
FCKConfig.FormatOutput = true ;
FCKConfig.FormatIndentator = ' ' ;
FCKConfig.ForceStrongEm = true ;
FCKConfig.GeckoUseSPAN = false ;
FCKConfig.StartupFocus = false ;
FCKConfig.ForcePasteAsPlainText = false ;
FCKConfig.AutoDetectPasteFromWord = true ; // IE only.
FCKConfig.ForceSimpleAmpersand = false ;
FCKConfig.TabSpaces = 0 ;
FCKConfig.ShowBorders = true ;
FCKConfig.SourcePopup = false ;
FCKConfig.UseBROnCarriageReturn = false ; // IE only.
FCKConfig.ToolbarStartExpanded = true ;
FCKConfig.ToolbarCanCollapse = true ;
FCKConfig.IgnoreEmptyParagraphValue = true ;
FCKConfig.PreserveSessionOnFileBrowser = false ;
FCKConfig.FloatingPanelsZIndex = 10000 ;
FCKConfig.TemplateReplaceAll = true ;
FCKConfig.TemplateReplaceCheckbox = true ;
FCKConfig.ToolbarLocation = 'In' ;
FCKConfig.ToolbarSets["NukeUser"] = [
['Source','FitWindow','-'],
['Cut','Copy','Paste','PasteText','PasteWord','-','Print'],
['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
['Bold','Italic','Underline','StrikeThrough','-','Subscript','Superscript'],
['OrderedList','UnorderedList','-','Outdent','Indent'],
['JustifyLeft','JustifyCenter','JustifyRight','JustifyFull'],
['Link','Unlink','Anchor'],
['Table','Rule','ImageButton','SpecialChar','PageBreak','UniversalKey'],
['TextColor','BGColor'],
['-','About']
] ;
FCKConfig.ToolbarSets["Artikel"] = [
['Source','FitWindow','-'],
['Cut','Copy','Paste','PasteText','PasteWord','-','Print'],
['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
['Bold','Italic','Underline','StrikeThrough','-','Subscript','Superscript'],
['OrderedList','UnorderedList','-','Outdent','Indent'],
['JustifyLeft','JustifyCenter','JustifyRight','JustifyFull'],
['Link','Unlink','Anchor'],
['Table','Rule','ImageButton','SpecialChar','PageBreak','UniversalKey'],
['TextColor','BGColor'],
['-','About']
] ;
FCKConfig.ToolbarSets["PHPNukeAdmin"] = [
['Source','FitWindow','DocProps','-','Save','NewPage','-','Templates'],
['Cut','Copy','Paste','PasteText','PasteWord','-','Print'],
['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
['Bold','Italic','Underline','StrikeThrough','-','Subscript','Superscript'],
['OrderedList','UnorderedList','-','Outdent','Indent'],
['JustifyLeft','JustifyCenter','JustifyRight','JustifyFull'],
['Link','Unlink','Anchor'],
['Image','Flash','Table','Rule','ImageButton','SpecialChar','PageBreak','UniversalKey'],
'/',
['Style','FontFormat','FontName','FontSize'],
['TextColor','BGColor'],
['-','About']
] ;
FCKConfig.ToolbarSets["Default"] = [
['Source','DocProps','-','Save','NewPage','Preview','-','Templates'],
['Cut','Copy','Paste','PasteText','PasteWord','-','Print','SpellCheck'],
['Undo','Redo','-','Find','Replace','-','SelectAll','RemoveFormat'],
['Form','Checkbox','Radio','TextField','Textarea','Select','Button','ImageButton','HiddenField'],
'/',
['Bold','Italic','Underline','StrikeThrough','-','Subscript','Superscript'],
['OrderedList','UnorderedList','-','Outdent','Indent'],
['JustifyLeft','JustifyCenter','JustifyRight','JustifyFull'],
['Link','Unlink','Anchor'],
['Image','Flash','Table','Rule','ImageButton','SpecialChar','PageBreak','UniversalKey'],
'/',
['Style','FontFormat','FontName','FontSize'],
['TextColor','BGColor'],
['FitWindow','-','About']
] ;
FCKConfig.ToolbarSets["Basic"] = [
['Bold','Italic','-','OrderedList','UnorderedList','-','Link','Unlink','-','About']
] ;
FCKConfig.ToolbarSets["PHPNuke"] = [
['Bold','Italic','-','OrderedList','UnorderedList','-','Link','Unlink','-','About']
] ;
FCKConfig.ContextMenu = ['Generic','Link','Anchor','Image','Flash','Select','Textarea','Checkbox','Radio','TextField','HiddenField','ImageButton','Button','BulletedList','NumberedList','Table','Form'] ;
FCKConfig.FontColors = '000000,993300,333300,003300,003366,000080,333399,333333,800000,FF6600,808000,808080,008080,0000FF,666699,808080,FF0000,FF9900,99CC00,339966,33CCCC,3366FF,800080,999999,FF00FF,FFCC00,FFFF00,00FF00,00FFFF,00CCFF,993366,C0C0C0,FF99CC,FFCC99,FFFF99,CCFFCC,CCFFFF,99CCFF,CC99FF,FFFFFF' ;
FCKConfig.FontNames = 'Arial;Comic Sans MS;Courier New;Tahoma;Times New Roman;Verdana' ;
FCKConfig.FontSizes = '1/xx-small;2/x-small;3/small;4/medium;5/large;6/x-large;7/xx-large' ;
FCKConfig.FontFormats = 'p;div;pre;address;h1;h2;h3;h4;h5;h6' ;
FCKConfig.StylesXmlPath = FCKConfig.EditorPath + 'fckstyles.xml' ;
FCKConfig.TemplatesXmlPath = FCKConfig.EditorPath + 'fcktemplates.xml' ;
FCKConfig.SpellChecker = 'ieSpell' ; // 'ieSpell' | 'SpellerPages'
FCKConfig.IeSpellDownloadUrl = 'http://wcarchive.cdrom.com/pub/simtelnet/handheld/webbrow1/ieSpellSetup240428.exe' ;
FCKConfig.MaxUndoLevels = 15 ;
FCKConfig.DisableObjectResizing = false ;
FCKConfig.DisableFFTableHandles = true ;
FCKConfig.LinkDlgHideTarget = false ;
FCKConfig.LinkDlgHideAdvanced = false ;
FCKConfig.ImageDlgHideLink = false ;
FCKConfig.ImageDlgHideAdvanced = false ;
FCKConfig.FlashDlgHideAdvanced = false ;
// The following value defines which File Browser connector and Quick Upload
// "uploader" to use. It is valid for the default implementaion and it is here
// just to make this configuration file cleaner.
// It is not possible to change this value using an external file or even
// inline when creating the editor instance. In that cases you must set the
// values of LinkBrowserURL, ImageBrowserURL and so on.
// Custom implementations should just ignore it.
var _FileBrowserLanguage = 'php' ; // asp | aspx | cfm | lasso | perl | php | py
var _QuickUploadLanguage = 'php' ; // asp | aspx | cfm | lasso | php
// Don't care about the following line. It just calculates the correct connector
// extension to use for the default File Browser (Perl uses "cgi").
var _FileBrowserExtension = _FileBrowserLanguage == 'perl' ? 'cgi' : _FileBrowserLanguage ;
//FCKConfig.LinkBrowser = true ;
FCKConfig.LinkBrowser = false ;
FCKConfig.LinkBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Connector=connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ;
FCKConfig.LinkBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ; // 70%
FCKConfig.LinkBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ; // 70%
FCKConfig.ImageBrowser = false ;
FCKConfig.ImageBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Type=Image&Connector=connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ;
FCKConfig.ImageBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ; // 70% ;
FCKConfig.ImageBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ; // 70% ;
FCKConfig.FlashBrowser = false ;
FCKConfig.FlashBrowserURL = FCKConfig.BasePath + 'filemanager/browser/default/browser.html?Type=Flash&Connector=connectors/' + _FileBrowserLanguage + '/connector.' + _FileBrowserExtension ;
FCKConfig.FlashBrowserWindowWidth = FCKConfig.ScreenWidth * 0.7 ; //70% ;
FCKConfig.FlashBrowserWindowHeight = FCKConfig.ScreenHeight * 0.7 ; //70% ;
FCKConfig.LinkUpload = false ;
FCKConfig.LinkUploadURL = FCKConfig.BasePath + 'filemanager/upload/' + _QuickUploadLanguage + '/upload.' + _QuickUploadLanguage ;
FCKConfig.LinkUploadAllowedExtensions = "" ; // empty for all
FCKConfig.LinkUploadDeniedExtensions = ".(php|php3|php5|phtml|asp|aspx|ascx|jsp|cfm|cfc|pl|bat|exe|dll|reg|cgi)$" ; // empty for no one
FCKConfig.ImageUpload = false ;
FCKConfig.ImageUploadURL = FCKConfig.BasePath + 'filemanager/upload/' + _QuickUploadLanguage + '/upload.' + _QuickUploadLanguage + '?Type=Image' ;
FCKConfig.ImageUploadAllowedExtensions = ".(jpg|gif|jpeg|png)$" ; // empty for all
FCKConfig.ImageUploadDeniedExtensions = "" ; // empty for no one
FCKConfig.FlashUpload = false;
FCKConfig.FlashUploadURL = FCKConfig.BasePath + 'filemanager/upload/' + _QuickUploadLanguage + '/upload.' + _QuickUploadLanguage + '?Type=Flash' ;
FCKConfig.FlashUploadAllowedExtensions = ".(swf|fla)$" ; // empty for all
FCKConfig.FlashUploadDeniedExtensions = "" ; // empty for no one
FCKConfig.SmileyPath = FCKConfig.BasePath + 'images/smiley/msn/' ;
FCKConfig.SmileyImages = ['regular_smile.gif','sad_smile.gif','wink_smile.gif','teeth_smile.gif','confused_smile.gif','tounge_smile.gif','embaressed_smile.gif','omg_smile.gif','whatchutalkingabout_smile.gif','angry_smile.gif','angel_smile.gif','shades_smile.gif','devil_smile.gif','cry_smile.gif','lightbulb.gif','thumbs_down.gif','thumbs_up.gif','heart.gif','broken_heart.gif','kiss.gif','envelope.gif'] ;
FCKConfig.SmileyColumns = 8 ;
FCKConfig.SmileyWindowWidth = 320 ;
FCKConfig.SmileyWindowHeight = 240 ;
|
|
| |
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
