Location: PHPKode > projects > QuickTalk Forum > quicktalk/qtf_adm_secu.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license.  If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @category   Forum
* @package    QuickTalk forum
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2008-2012 The PHP Group
* @version    2.5 build:20100924
* @since      File available since Release 1.0.0
* @deprecated File deprecated in Release 3.0.0
*/

session_start();
require_once('bin/qtf_init.php');
include(Translate('qtf_adm.php'));

if ( $oVIP->role!='A' ) die($L['E_admin']);

// INITIALISE

$oVIP->selfurl = 'qtf_adm_secu.php';
$oVIP->selfname = '<span class="upper">'.$L['Adm_settings'].'</span><br/>'.$L['Adm_security'];

// --------
// SUBMITTED
// --------

if ( isset($_POST['ok']) )
{
  // check form

  $_SESSION[QT]['visitor_right']=$_POST['pal'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_SESSION[QT]['visitor_right'].'" WHERE param="visitor_right"');

  $_SESSION[QT]['login_qte']=trim($_POST['login_qte']);
  if ( empty($_SESSION[QT]['login_qte']) || strlen($_SESSION[QT]['login_qte'])<3 ) $_SESSION[QT]['login_team']='0';
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_SESSION[QT]['login_qte'].'" WHERE param="login_qte"');

  $_SESSION[QT]['login_qte_web']=$_POST['login_qte_web'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_SESSION[QT]['login_qte_web'].'" WHERE param="login_qte_web"');

  $_SESSION[QT]['register_mode']=$_POST['regmode'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_POST['regmode'].'" WHERE param="register_mode"');

  $_SESSION[QT]['register_safe']=$_POST['regsafe'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_POST['regsafe'].'" WHERE param="register_safe"');

  $_SESSION[QT]['register_coppa']=$_POST['regcoppa'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_POST['regcoppa'].'" WHERE param="register_coppa"');

  $_SESSION[QT]['avatar']=$_POST['avatar'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_POST['avatar'].'" WHERE param="avatar"');

  $_SESSION[QT]['upload']=$_POST['upload'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_POST['upload'].'" WHERE param="upload"');

  $_SESSION[QT]['show_calendar'] = $_POST['show_calendar'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_SESSION[QT]['show_calendar'].'" WHERE param="show_calendar"');

  $_SESSION[QT]['show_stats'] = $_POST['show_stats'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_SESSION[QT]['show_stats'].'" WHERE param="show_stats"');
  
  $_SESSION[QT]['tags']=$_POST['tags'];
  $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$_POST['tags'].'" WHERE param="tags"');

  if ( $_SESSION[QT]['avatar']!='0' )
  {
    if ( isset($_POST['avatarwidth']) )
    {
      $str = strip_tags(trim($_POST['avatarwidth']));
      if ( !QTisbetween($str,20,200) ) { $error = $L['Max_picture_size'].S.$L['E_invalid'].' (20-200 pixels)'; }
      if ( empty($error) )
      {
      $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="avatar_width"');
      $_SESSION[QT]['avatar_width']=$str;
      }
    }
    if ( isset($_POST['avatarheight']) )
    {
      $str = strip_tags(trim($_POST['avatarheight']));
      if ( !QTisbetween($str,20,200) ) { $error = $L['Max_picture_size'].S.$L['E_invalid'].' (20-200 pixels)'; }
      if ( empty($error) )
      {
      $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="avatar_height"');
      $_SESSION[QT]['avatar_height']=$str;
      }
    }
    if ( isset($_POST['avatarsize']) )
    {
      $str = strip_tags(trim($_POST['avatarsize']));
      if ( !QTisbetween($str,10,100) ) $error = $L['Max_picture_size'].S.$L['E_invalid'].' (10-100 kb)';
      if ( empty($error) )
      {
      $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="avatar_size"');
      $_SESSION[QT]['avatar_size']=$str;
      }
    }
  }
  if ( $_SESSION[QT]['upload']!='0' )
  {
    if ( isset($_POST['uploadsize']) )
    {
      $str = strip_tags(trim($_POST['uploadsize']));
      if ( !QTisbetween($str,1,10000) ) { $error = $L['Allow_upload'].S.$L['E_invalid'].' (1-10000 Kb)'; }
      if ( empty($error) )
      {
      $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="upload_size"');
      $_SESSION[QT]['upload_size']=$str;
      }
    }
  }

  $str = strip_tags(trim($_POST['ppt']));
  if ( !QTisbetween($str,10,999) ) $error = $L['Max_replies_per_topics'].S.$L['E_invalid'].' (10-999)';
  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="posts_per_topic"');
    $_SESSION[QT]['posts_per_topic']=$str;
  }
  $str = strip_tags(trim($_POST['cpp']));
  if ( !QTisbetween($str,1,32) ) $error = $L['Max_char_per_post'].S.$L['E_invalid'].' (1-32)';
  if ( $oDB->type=='oci' && !QTisbetween($str,1,4) ) $error = $L['Max_char_per_post'].S.$L['E_invalid'].' (1-4)';
  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'000" WHERE param="chars_per_post"');
    $_SESSION[QT]['chars_per_post']=intval($str)*1000;
  }
  $str = strip_tags(trim($_POST['lpp']));
  if ( !QTisbetween($str,10,999) ) $error = $L['Max_line_per_post'].S.$L['E_invalid'].' (10-999)';
  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="lines_per_post"');
    $_SESSION[QT]['lines_per_post']=$str;
  }
  $str = strip_tags(trim($_POST['delay']));
  if ( !QTisbetween($str,1,99) ) $error = $L['Posts_delay'].S.$L['E_invalid'].' (1-99)';
  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="posts_delay"');
    $_SESSION[QT]['posts_delay']=$str;
  }
  $str = strip_tags(trim($_POST['ppd']));
  if ( !QTisbetween($str,1,999) ) $error = $L['Max_post_per_user'].S.$L['E_invalid'].' (1-999)';
  if ( empty($error) )
  {
    $oDB->Query('UPDATE '.TABSETTING.' SET setting="'.$str.'" WHERE param="posts_per_day"');
    $_SESSION[QT]['posts_per_day']=$str;
  }

  // end

  if ( empty($error) ) $strInfo = $L['S_save'];
}

// --------
// HTML START
// --------

$bJava=true;
include('qtf_adm_p_header.php');

// FORM

echo '
<script type="text/javascript">
<!--
function avatardisabled(str)
{
  ctrl1 = document.getElementById("avatarwidth");
  ctrl2 = document.getElementById("avatarheight");
  ctrl3 = document.getElementById("avatarsize");
  if (str=="0")
  {
  ctrl1.disabled=true;
  ctrl2.disabled=true;
  ctrl3.disabled=true;
  }
  else
  {
  ctrl1.disabled=false; if (ctrl1.value.length==0) { ctrl1.value="100"; }
  ctrl2.disabled=false; if (ctrl2.value.length==0) { ctrl2.value="100"; }
  ctrl3.disabled=false; if (ctrl3.value.length==0) { ctrl3.value="12"; }
  }
  return null;
}
function uploaddisabled(str)
{
  ctrl1 = document.getElementById("uploadsize");
  if (str=="0")
  {
  ctrl1.disabled=true;  
  }
  else
  {
  ctrl1.disabled=false; if (ctrl1.value.length==0) { ctrl1.value="500"; }
  }
  return null;
}
function ValidateForm(theForm)
{
  if (theForm.ppt.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Max_replies_per_topics'],'")); return false; }
  if (theForm.delay.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Posts_delay'],'")); return false; }
  if (theForm.ppd.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Max_post_per_user'],'")); return false; }
  if (theForm.cpp.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Max_char_per_post'],'")); return false; }
  if (theForm.lpp.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Max_line_per_post'],'")); return false; }
  if (!theForm.avatarwidth.disabled)
  {
    if (theForm.avatarwidth.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Maximum'],' pixels")); return false; }
  }
  if (!theForm.avatarheight.disabled)
  {
    if (theForm.avatarheight.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Maximum'],' pixels")); return false; }
  }
  if (!theForm.avatarsize.disabled)
  {
    if (theForm.avatarsize.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Maximum'],' Kb")); return false; }
  }
  if (!theForm.uploadsize.disabled)
  {
    if (theForm.uploadsize.value.length < 1) { alert(qtHtmldecode("',$L['E_mandatory'],': ',$L['Maximum'],' Kb")); return false; }
  }
  return null;
}
-->
</script>
';

echo '
<form method="post" action="',$oVIP->selfurl,'" onsubmit="return ValidateForm(this);">
<table class="data_o" cellspacing="0" summary="security">
<tr class="data_o">
<td class="colhd colhdgroup" colspan="2">',$L['Public_access_level'],'</td>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Visitors_can'],'">
<td class="colhd colhdfirst"><label for="pal">',$L['Visitors_can'],'</label></td>
<td class="colct">
<select id="pal" name="pal" onchange="bEdited=true;">',QTasTag($L['Pal'],$_SESSION[QT]['visitor_right']),'</select></td>
</tr>
';
echo '<tr class="data_o">
<td class="colhd colhdgroup" colspan="2">',$L['Registration'],'</td>
</tr>
';
echo '<tr class="data_o" title="',$L['Reg_mode'],'">
<td class="colhd colhdfirst" style="width:250px;"><label for="regmode">',$L['Reg_mode'],'</label></td>
<td class="colct">
<select id="regmode" name="regmode" onchange="bEdited=true;">
<option value="direct"',($_SESSION[QT]['register_mode']=='direct' ? QSEL : ''),'>',$L['Direct'],'</option>
<option value="email"',($_SESSION[QT]['register_mode']=='email' ? QSEL : ''),'>',$L['By_email'],'</option>
</select>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Reg_security'],'">
<td class="colhd colhdfirst"><label for="regsafe">',$L['Reg_security'],'</label></td>
<td class="colct">
<select id="regsafe" name="regsafe" onchange="bEdited=true;">
<option value="none"',($_SESSION[QT]['register_safe']=='none' ? QSEL : ''),'>',$L['None'],'</option>
<option value="text"',($_SESSION[QT]['register_safe']=='text' ? QSEL : ''),'>',$L['Text_code'],'</option>
<option value="image"',($_SESSION[QT]['register_safe']=='image' ? QSEL : ''),'>',$L['Image_code'],'</option>
</select>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Register_coppa'],'">
<td class="colhd colhdfirst"><label for="regcoppa">',$L['Register_coppa'],'</label></td>
<td class="colct">
<select id="regcoppa" name="regcoppa" onchange="bEdited=true;">
<option value="0"',($_SESSION[QT]['register_coppa']=='0' ? QSEL : ''),'>',$L['N'],'</option>
<option value="1"',($_SESSION[QT]['register_coppa']=='1' ? QSEL : ''),'>',$L['Y'],'</option>
</select>
</tr>
';
echo '<tr class="data_o">
<td class="colhd colhdgroup" colspan="2">',$L['Login'],'</td>
</tr>
';
echo '<tr class="data_o">
<td class="colhd colhdfirst"><label for="login_qte">',$L['Login_qte'],'</label></td>
<td class="colct"><input type="text" id="login_qte" name="login_qte" size="4" maxlength="4" value="',(empty($_SESSION[QT]['login_qte']) ? '' : $_SESSION[QT]['login_qte']),'" onchange="bEdited=true;"/>
 <span class="help">',$L['H_Login_qte'],'</span> <a class="small" href="qtf_adm_secu_help.php" target="_blank">',$L['Help'],'</a></td>
</tr>
';
echo '<tr class="data_o">
<td class="colhd colhdfirst"><label for="login_qte_web">',$L['Login_qte_web'],'</label></td>
<td class="colct">
<select id="login_qte_web" name="login_qte_web" onchange="bEdited=true;">
<option value="0"',($_SESSION[QT]['login_qte_web']=='0' ? QSEL : ''),'>',$L['N'],'</option>
<option value="1"',($_SESSION[QT]['login_qte_web']=='1' ? QSEL : ''),'>',$L['Y'],'</option>
</select>
 <span class="help">',$L['H_Login_qte_web'],'</span></td>
</tr>
';
echo '<tr class="data_o">
<td class="colhd colhdgroup" colspan="2">',$L['Security_rules'],'</td>
</tr>
';
echo '<tr title="',$L['H_Posts_delay'],'">
<td class="colhd colhdfirst"><label for="delay">',$L['Posts_delay'],'</label></td>
<td class="colct"><input type="text" id="delay" name="delay" size="2" maxlength="2" value="',$_SESSION[QT]['posts_delay'],'" onchange="bEdited=true;"/> '.strtolower($L['Seconds']).'</td>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Max_replies_per_topics'],'">
<td class="colhd colhdfirst"><label for="ppt">',$L['Max_replies_per_topics'],'</label></td>
<td class="colct"><input type="text" id="ppt" name="ppt" size="3" maxlength="3" value="',$_SESSION[QT]['posts_per_topic'],'" onchange="bEdited=true;"/> / ',strtolower($L['Topic']),'</td>
</tr>
';
echo '<tr class="data_o" title="',$L['H_hacking_day'],'">
<td class="colhd colhdfirst" style="width:200px;"><label for="ppd">',$L['Max_post_per_user'],'</label></td>
<td class="colct"><input type="text" id="ppd" name="ppd" size="3" maxlength="3" value="',$_SESSION[QT]['posts_per_day'],'" onchange="bEdited=true;"/> / '.strtolower($L['Day']).'</td>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Max_char_per_post'],'">
<td class="colhd colhdfirst"><label for="cpp">',$L['Max_char_per_post'],'</label></td>
<td class="colct"><input type="text" id="cpp" name="cpp" size="2" maxlength="2" value="',($_SESSION[QT]['chars_per_post']/1000),'" onchange="bEdited=true;"/> x 1000</td>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Max_line_per_post'],'">
<td class="colhd colhdfirst"><label for="lpp">',$L['Max_line_per_post'],'</label></td>
<td class="colct"><input type="text" id="lpp" name="lpp" size="3" maxlength="3" value="',$_SESSION[QT]['lines_per_post'],'" onchange="bEdited=true;"/></td>
</tr>
';
echo '<tr class="data_o">
<td class="colhd colhdgroup" colspan="2">',$L['User_interface'],'</td>
</tr>
';
echo '<tr class="data_o" title="',$L['H_Allow_avatar'],'">
<td class="colhd colhdfirst"><label for="avatar">',$L['Allow_avatar'],'</label></td>
<td class="colct"><select id="avatar" name="avatar" onchange="avatardisabled(this.value); bEdited=true;">
<option value="0"',($_SESSION[QT]['avatar']=='0' ? QSEL : ''),'>',$L['N'],'</option>
<option value="jpg,jpeg"',($_SESSION[QT]['avatar']=='jpg,jpeg' ? QSEL : ''),'>',$L['Y'],' (',$L['Jpg_only'],')</option>
<option value="gif,jpg,jpeg,png"'.($_SESSION[QT]['avatar']=='gif,jpg,jpeg,png' ? QSEL : '').'>',$L['Y'],' (',$L['Gif_jpg_png'],')</option>
</select> ',$L['Maximum'],' <input type="text" id="avatarwidth" name="avatarwidth" size="3" maxlength="3" value="',$_SESSION[QT]['avatar_width'],'"'.($_SESSION[QT]['avatar']=='0' ? QDIS : '').' onchange="bEdited=true;"/> x <input type="text" id="avatarheight" name="avatarheight" size="3" maxlength="3" value="',$_SESSION[QT]['avatar_height'],'"'.($_SESSION[QT]['avatar']=='0' ? QDIS : '').' onchange="bEdited=true;"/> pixels, <input type="text" id="avatarsize" name="avatarsize" size="3" maxlength="3" value="',$_SESSION[QT]['avatar_size'],'"'.($_SESSION[QT]['avatar']=='0' ? QDIS : '').' onchange="bEdited=true;"/>Kb</td>
</tr>
';
$arr = array(
  'M'=>$L['Y'].' ('.$L['Userrole']['M'].')',
  'U'=>$L['Y'].' ('.$L['Userrole']['U'].')',
  'V'=>$L['Y'].' ('.$L['Userrole']['V'].')');
echo '<tr class="data_o" title="',$L['H_Allow_upload'],'">
<td class="colhd colhdfirst"><label for="upload">',$L['Allow_upload'],'</label></td>
<td class="colct">
<select id="upload" name="upload" onchange="uploaddisabled(this.value); bEdited=true;">
',QTasTag($arr,$_SESSION[QT]['upload']),'
</select> ',$L['Maximum'],' <input type="text" id="uploadsize" name="uploadsize" size="4" maxlength="4" value="',$_SESSION[QT]['upload_size'],'"',($_SESSION[QT]['upload']=='0' ? QDIS : ''),' onchange="bEdited=true;"/>Kb</td>
</tr>
';
echo '<tr title="',$L['H_Show_calendar'],'">
<td class="colhd colhdfirst"><label for="show_calendar">',$L['Show_calendar'],'</label></td>
<td class="colct">
<select id="show_calendar" name="show_calendar" onchange="bEdited=true;">',QTasTag($arr,$_SESSION[QT]['show_calendar']),'</select>
</td>
</tr>
';
echo '<tr title="',$L['H_Show_statistics'],'">
<td class="colhd colhdfirst"><label for="show_stats">',$L['Show_statistics'],'</label></td>
<td class="colct">
<select id="show_stats" name="show_stats" onchange="bEdited=true;">',QTasTag($arr,$_SESSION[QT]['show_stats']),'</select>
</td>
</tr>
';
$arr = array(
  '0'=>$L['N'],
  'M'=>$L['Y'].' ('.$L['Userrole']['M'].')',
  'U'=>$L['Y'].' ('.$L['Userrole']['U'].')',
  'V'=>$L['Y'].' ('.$L['Userrole']['V'].')');
echo '<tr class="data_o">
<td class="colhd colhdfirst"><label for="tags">',$L['Allow_tags'],'</label></td>
<td class="colct"><select id="tags" name="tags">
',QTasTag($arr,$_SESSION[QT]['tags']),'
</select> *</td>
</tr>
';

echo '<tr class="data_o">
<td class="colhd" colspan="2" style="padding:6px; text-align:center"><input type="submit" name="ok" value="',$L['Save'],'"/></td>
</tr>
';
echo '</table>
</form>
<p class="small">* ',$L['H_Allow_tags'],'</p>
';

// HTML END

include('qtf_adm_p_footer.php');

?>
Return current item: QuickTalk Forum