Example #1
0
/**
 * Whether user can delete a post.
 *
 * @since 1.5
 * @deprecated 2.0
 * @deprecated Use current_user_can()
 * @see current_user_can()
 *
 * @param int $user_id
 * @param int $post_id
 * @param int $blog_id Not Used
 * @return bool returns true if $user_id can edit $post_id's comments
 */
function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1)
{
    _deprecated_function(__FUNCTION__, '2.0', 'current_user_can()');
    // right now if one can edit a post, one can edit comments made on it
    return user_can_edit_post($user_id, $post_id, $blog_id);
}
	function mt_publishPost($args) {

		$this->escape($args);

	  $post_ID     = $args[0];
	  $user_login  = $args[1];
	  $user_pass   = $args[2];

	  if (!$this->login_pass_ok($user_login, $user_pass)) {
	    return $this->error;
	  }

	  $user_data = get_userdatabylogin($user_login);
	  if (!user_can_edit_post($user_data->ID, $post_ID)) {
	    return new IXR_Error(401, 'Sorry, you can not edit this post.');
	  }

	  $postdata = wp_get_single_post($post_ID,ARRAY_A);

	  $postdata['post_status'] = 'publish';

	  // retain old cats
	  $cats = wp_get_post_cats('',$post_ID);
	  $postdata['post_category'] = $cats;
		$this->escape($postdata);

	  $result = wp_update_post($postdata);

	  return $result;
	}
function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1)
{
    // right now if one can edit a post, one can edit comments made on it
    return user_can_edit_post($user_id, $post_id, $blog_id);
}
Example #4
0
$posts = get_records_sql_array('SELECT p.id, p.parent, p.path, p.poster, p.subject, p.body, ' . db_format_tsfield('p.ctime', 'ctime') . ', p.deleted
    FROM {interaction_forum_post} p
    WHERE p.topic = ?
    ORDER BY ' . $order, array($topicid), $offset, $limit);
// This is only needed for the 'no_indent' option
$lastpostid = null;
if ($indentmode == 'no_indent') {
    $lastpost = get_record_select('interaction_forum_post', 'topic = ? ORDER by ctime DESC, id DESC LIMIT 1', array($topicid));
    $lastpostid = $lastpost->id;
}
// Get extra info of posts
$prevdeletedid = false;
foreach ($posts as $postid => $post) {
    // Get the number of posts
    $post->postcount = get_postcount($post->poster);
    $post->canedit = $post->parent && ($moderator || user_can_edit_post($post->poster, $post->ctime)) && $ineditwindow;
    $post->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $post->ctime);
    // Get post edit records
    $post->edit = get_postedits($post->id);
    // Get moderator info
    $post->moderator = is_moderator($post->poster) ? $post->poster : null;
    // Update the subject of posts
    $post->subject = !empty($post->subject) ? $post->subject : get_string('re', 'interaction.forum', get_ancestorpostsubject($post->id));
    // If this is the own post
    $post->ownpost = $USER->get('id') == $post->poster ? true : false;
    // Reported reason data
    $post->reports = get_records_select_array('objectionable', 'objecttype = ? AND objectid = ? AND resolvedby IS NULL AND resolvedtime IS NULL', array('forum', $post->id));
    // Consolidate deleted message posts by the same author into one "X posts by Spammer Joe were deleted"
    if ($post->deleted) {
        if ($prevdeletedid && $posts[$prevdeletedid]->poster == $post->poster) {
            $posts[$prevdeletedid]->deletedcount++;
$membership = user_can_access_forum((int) $parent->forum);
$moderator = (bool) ($membership & INTERACTION_FORUM_MOD);
if (!isset($postid)) {
    // post reply
    if (!$membership) {
        throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum'));
    }
    if (!$moderator && $parent->topicclosed) {
        throw new AccessDeniedException(get_string('cantaddposttotopic', 'interaction.forum'));
    }
    $action = get_string('postreply', 'interaction.forum');
    define('TITLE', $parent->topicsubject . ' - ' . $action);
} else {
    // edit post
    // no record for edits to own posts with 30 minutes
    if (user_can_edit_post($post->poster, $post->ctime)) {
        $post->editrecord = false;
    } else {
        if ($moderator) {
            $post->editrecord = true;
        } else {
            throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum'));
        }
    }
    $action = get_string('editpost', 'interaction.forum');
    define('TITLE', $parent->topicsubject . ' - ' . $action);
}
$parent->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $parent->ctime);
// Javascript to hide the subject box if it has nothing in it, with a link you
// click to expand it.
$clicksetsubject = json_encode(get_string('clicksetsubject', 'interaction.forum'));
Example #6
0
	<div class="storycontent">
	<?php 
        $content = apply_filters('the_content', $post->post_content);
        echo $content;
        ?>
	</div>
	</div>
	<?php 
        break;
    case 'editpost':
        // die(var_dump('<pre>', $_POST));
        if (!isset($blog_ID)) {
            $blog_ID = 1;
        }
        $post_ID = (int) $_POST['post_ID'];
        if (!user_can_edit_post($user_ID, $post_ID, $blog_ID)) {
            die(__('You are not allowed to edit this post.'));
        }
        $post_categories = $_POST['post_category'];
        if (!$post_categories) {
            $post_categories[] = 1;
        }
        $content = apply_filters('content_save_pre', $_POST['content']);
        $excerpt = apply_filters('excerpt_save_pre', $_POST['excerpt']);
        $post_title = $_POST['post_title'];
        $prev_status = $_POST['prev_status'];
        $post_status = $_POST['post_status'];
        $menu_order = (int) $_POST['menu_order'];
        if (!empty($_POST['post_author_override'])) {
            $post_author = (int) $_POST['post_author_override'];
        } else {
Example #7
0
}
if (!isset($topicid)) {
    // new topic
    define('TITLE', $forum->title . ' - ' . get_string('addtopic', 'interaction.forum'));
} else {
    // edit topic
    define('TITLE', $forum->title . ' - ' . get_string('edittopic', 'interaction.forum'));
    // no record for edits to own posts with 30 minutes
    if (user_can_edit_post($topic->poster, $topic->ctime)) {
        $topic->editrecord = false;
        $timeleft = (int) get_config_plugin('interaction', 'forum', 'postdelay') - round((time() - $topic->ctime) / 60);
    } else {
        if ($moderator) {
            $topic->editrecord = true;
        } else {
            if (user_can_edit_post($topic->poster, $topic->ctime, $USER->get('id'), false)) {
                $SESSION->add_error_msg(get_string('postaftertimeout', 'interaction.forum', get_config_plugin('interaction', 'forum', 'postdelay')));
                redirect('/interaction/forum/topic.php?id=' . $topicid);
            } else {
                throw new AccessDeniedException(get_string('cantedittopic', 'interaction.forum'));
            }
        }
    }
}
$editform = array('name' => isset($topic) ? 'edittopic' : 'addtopic', 'method' => 'post', 'autofocus' => isset($topic) ? 'body' : 'subject', 'elements' => array('subject' => array('type' => 'text', 'title' => get_string('Subject', 'interaction.forum'), 'defaultvalue' => isset($topic) ? $topic->subject : null, 'rules' => array('required' => true, 'maxlength' => 255)), 'body' => array('type' => 'wysiwyg', 'title' => get_string('Body', 'interaction.forum'), 'rows' => 18, 'cols' => 70, 'defaultvalue' => isset($topic) ? $topic->body : null, 'rules' => array('required' => true, 'maxlength' => 65536)), 'sticky' => array('type' => 'switchbox', 'title' => get_string('Sticky', 'interaction.forum'), 'description' => get_string('stickydescription', 'interaction.forum'), 'defaultvalue' => isset($topic) && $topic->sticky == 1 ? 'checked' : null), 'closed' => array('type' => 'switchbox', 'title' => get_string('Closed', 'interaction.forum'), 'description' => get_string('closeddescription', 'interaction.forum'), 'defaultvalue' => isset($topic) ? $topic->closed : !empty($forumconfig['closetopics']->value)), 'sendnow' => array('type' => 'switchbox', 'title' => get_string('sendnow', 'interaction.forum'), 'description' => get_string('sendnowdescription', 'interaction.forum', get_config_plugin('interaction', 'forum', 'postdelay')), 'defaultvalue' => false), 'submit' => array('type' => 'submitcancel', 'value' => array(isset($topic) ? get_string('save') : get_string('Post', 'interaction.forum'), get_string('cancel')), 'goto' => get_config('wwwroot') . 'interaction/forum/' . (isset($topic) && $returnto != 'view' ? 'topic.php?id=' . $topicid : 'view.php?id=' . $forumid)), 'post' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->postid : false), 'editrecord' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->editrecord : false)));
if (!$moderator) {
    if (!group_sendnow($forum->groupid) && !$admintutor) {
        unset($editform['elements']['sendnow']);
    }
    unset($editform['elements']['sticky']);
    unset($editform['elements']['closed']);
Example #8
0
    LEFT JOIN {interaction_forum_topic} t3 ON t3.id = p3.topic
    LEFT JOIN (
        SELECT m.forum, m.user
        FROM {interaction_forum_moderator} m
        INNER JOIN {usr} u ON (m.user = u.id AND u.deleted = 0)
    ) m2 ON (m2.forum = t3.forum AND m2.user = e.user)
    WHERE p1.topic = ?
    GROUP BY 1, 2, 3, 4, 5, p1.ctime, 7, 8, 10, 11, 12, e.ctime
    ORDER BY p1.ctime, p1.id, e.ctime', array($topic->groupid, $topicid));
// $posts has an object for every edit to a post
// this combines all the edits into a single object for each post
// also formats the edits a bit
$count = count($posts);
for ($i = 0; $i < $count; $i++) {
    $posts[$i]->postcount = get_string('postsvariable', 'interaction.forum', $posts[$i]->postcount);
    $posts[$i]->canedit = $posts[$i]->parent && ($moderator || user_can_edit_post($posts[$i]->poster, $posts[$i]->ctime));
    $posts[$i]->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $posts[$i]->ctime);
    $postedits = array();
    if ($posts[$i]->editor) {
        $postedits[] = array('editor' => $posts[$i]->editor, 'edittime' => relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $posts[$i]->edittime), 'moderator' => $posts[$i]->editormoderator);
    }
    $temp = $i;
    while (isset($posts[$i + 1]) && $posts[$i + 1]->id == $posts[$temp]->id) {
        // while the next object is the same post
        $i++;
        $postedits[] = array('editor' => $posts[$i]->editor, 'edittime' => relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $posts[$i]->edittime), 'moderator' => $posts[$i]->editormoderator);
        unset($posts[$i]);
    }
    $posts[$temp]->edit = $postedits;
}
// builds the first post (with index 0) which has as children all the posts in the topic
            comment_text();
            ?>

        <p><?php 
            _e('Posted');
            echo ' ';
            comment_date('M j, g:i A');
            if (user_can_edit_post_comments($user_ID, $comment->comment_post_ID)) {
                echo " | <a href=\"post.php?action=editcomment&amp;comment=" . $comment->comment_ID . "\">" . __('Edit Comment') . "</a>";
            }
            if (user_can_delete_post_comments($user_ID, $comment->comment_post_ID)) {
                echo " | <a href=\"post.php?action=deletecomment&amp;p=" . $comment->comment_post_ID . "&amp;comment=" . $comment->comment_ID . "\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \\'%s\\'\\n  \\'Cancel\\' to stop, \\'OK\\' to delete."), $comment->comment_author) . "')\">" . __('Delete Comment') . "</a> &#8212; ";
            }
            // end if any comments to show
            // Get post title
            if (user_can_edit_post($user_ID, $comment->comment_post_ID)) {
                $post_title = $wpdb->get_var("SELECT post_title FROM {$wpdb->posts} WHERE ID = {$comment->comment_post_ID}");
                $post_title = '' == $post_title ? "# {$comment->comment_post_ID}" : $post_title;
                ?>
 <a href="post.php?action=edit&amp;post=<?php 
                echo $comment->comment_post_ID;
                ?>
"><?php 
                printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title));
                ?>
</a>
				<?php 
            }
            ?>
			 | <a href="<?php 
            echo get_permalink($comment->comment_post_ID);
Example #10
0
    throw new NotFoundException(get_string('cantfindforum', 'interaction.forum', $forumid));
}
define('GROUP', $forum->groupid);
$membership = user_can_access_forum((int) $forumid);
$moderator = (bool) ($membership & INTERACTION_FORUM_MOD);
if (!$membership) {
    throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum'));
}
if (!isset($topicid)) {
    // new topic
    define('TITLE', $forum->title . ' - ' . get_string('addtopic', 'interaction.forum'));
} else {
    // edit topic
    define('TITLE', $forum->title . ' - ' . get_string('edittopic', 'interaction.forum'));
    // no record for edits to own posts with 30 minutes
    if (user_can_edit_post($topic->poster, $topic->ctime)) {
        $topic->editrecord = false;
    } else {
        if ($moderator) {
            $topic->editrecord = true;
        } else {
            throw new AccessDeniedException(get_string('cantedittopic', 'interaction.forum'));
        }
    }
}
$editform = array('name' => isset($topic) ? 'edittopic' : 'addtopic', 'method' => 'post', 'autofocus' => false, 'elements' => array('subject' => array('type' => 'text', 'title' => get_string('Subject', 'interaction.forum'), 'defaultvalue' => isset($topic) ? $topic->subject : null, 'rules' => array('required' => true, 'maxlength' => 255)), 'body' => array('type' => 'wysiwyg', 'title' => get_string('Body', 'interaction.forum'), 'rows' => 10, 'cols' => 70, 'defaultvalue' => isset($topic) ? $topic->body : null, 'rules' => array('required' => true)), 'sticky' => array('type' => 'checkbox', 'title' => get_string('Sticky', 'interaction.forum'), 'description' => get_string('stickydescription', 'interaction.forum'), 'defaultvalue' => isset($topic) && $topic->sticky == 1 ? 'checked' : null), 'closed' => array('type' => 'checkbox', 'title' => get_string('Closed', 'interaction.forum'), 'description' => get_string('closeddescription', 'interaction.forum'), 'defaultvalue' => isset($topic) && $topic->closed == 1 ? 'checked' : null), 'submit' => array('type' => 'submitcancel', 'value' => array(isset($topic) ? get_string('edit') : get_string('Post', 'interaction.forum'), get_string('cancel')), 'goto' => get_config('wwwroot') . 'interaction/forum/' . (isset($topic) && $returnto != 'view' ? 'topic.php?id=' . $topicid : 'view.php?id=' . $forumid)), 'post' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->postid : false), 'editrecord' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->editrecord : false)));
if (!$moderator) {
    unset($editform['elements']['sticky']);
    unset($editform['elements']['closed']);
}
$editform = pieform($editform);
Example #11
0
		<?php 
                    break;
                case 'control_edit':
                    ?>
		<td><?php 
                    if (user_can_edit_post($user_ID, $post->ID)) {
                        echo "<a href='post.php?action=edit&amp;post={$id}' class='edit'>" . __('Edit') . "</a>";
                    }
                    ?>
</td>
		<?php 
                    break;
                case 'control_delete':
                    ?>
		<td><?php 
                    if (user_can_edit_post($user_ID, $post->ID)) {
                        echo "<a href='post.php?action=delete&amp;post={$id}' class='delete' onclick=\"return confirm('" . sprintf(__("You are about to delete this post \\'%s\\'\\n  \\'OK\\' to delete, \\'Cancel\\' to stop."), wp_specialchars(get_the_title('', ''), 1)) . "')\">" . __('Delete') . "</a>";
                    }
                    ?>
</td>
		<?php 
                    break;
                default:
                    ?>
		<td><?php 
                    do_action('manage_posts_custom_column', $column_name, $id);
                    ?>
</td>
		<?php 
                    break;
            }
 function &get_posts()
 {
     global $wpdb, $pagenow, $request, $user_ID;
     // Shorthand.
     $q = $this->query_vars;
     // First let's clear some variables
     $whichcat = '';
     $whichauthor = '';
     $result = '';
     $where = '';
     $limits = '';
     $distinct = '';
     $join = '';
     if (!isset($q['posts_per_page']) || $q['posts_per_page'] == 0) {
         $q['posts_per_page'] = get_settings('posts_per_page');
     }
     if (!isset($q['what_to_show'])) {
         $q['what_to_show'] = get_settings('what_to_show');
     }
     if (isset($q['showposts']) && $q['showposts']) {
         $q['showposts'] = (int) $q['showposts'];
         $q['posts_per_page'] = $q['showposts'];
     }
     if (isset($q['posts_per_archive_page']) && $q['posts_per_archive_page'] != 0 && ($this->is_archive || $this->is_search)) {
         $q['posts_per_page'] = $q['posts_per_archive_page'];
     }
     if (!isset($q['nopaging'])) {
         if ($q['posts_per_page'] == -1) {
             $q['nopaging'] = true;
         } else {
             $q['nopaging'] = false;
         }
     }
     if ($this->is_feed) {
         $q['posts_per_page'] = get_settings('posts_per_rss');
         $q['what_to_show'] = 'posts';
     }
     if (isset($q['page'])) {
         $q['page'] = trim($q['page'], '/');
         $q['page'] = (int) $q['page'];
     }
     $add_hours = intval(get_settings('gmt_offset'));
     $add_minutes = intval(60 * (get_settings('gmt_offset') - $add_hours));
     $wp_posts_post_date_field = "post_date";
     // "DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)";
     // If a month is specified in the querystring, load that month
     if ((int) $q['m']) {
         $q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']);
         $where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4);
         if (strlen($q['m']) > 5) {
             $where .= ' AND MONTH(post_date)=' . substr($q['m'], 4, 2);
         }
         if (strlen($q['m']) > 7) {
             $where .= ' AND DAYOFMONTH(post_date)=' . substr($q['m'], 6, 2);
         }
         if (strlen($q['m']) > 9) {
             $where .= ' AND HOUR(post_date)=' . substr($q['m'], 8, 2);
         }
         if (strlen($q['m']) > 11) {
             $where .= ' AND MINUTE(post_date)=' . substr($q['m'], 10, 2);
         }
         if (strlen($q['m']) > 13) {
             $where .= ' AND SECOND(post_date)=' . substr($q['m'], 12, 2);
         }
     }
     if ((int) $q['hour']) {
         $q['hour'] = '' . intval($q['hour']);
         $where .= " AND HOUR(post_date)='" . $q['hour'] . "'";
     }
     if ((int) $q['minute']) {
         $q['minute'] = '' . intval($q['minute']);
         $where .= " AND MINUTE(post_date)='" . $q['minute'] . "'";
     }
     if ((int) $q['second']) {
         $q['second'] = '' . intval($q['second']);
         $where .= " AND SECOND(post_date)='" . $q['second'] . "'";
     }
     if ((int) $q['year']) {
         $q['year'] = '' . intval($q['year']);
         $where .= " AND YEAR(post_date)='" . $q['year'] . "'";
     }
     if ((int) $q['monthnum']) {
         $q['monthnum'] = '' . intval($q['monthnum']);
         $where .= " AND MONTH(post_date)='" . $q['monthnum'] . "'";
     }
     if ((int) $q['day']) {
         $q['day'] = '' . intval($q['day']);
         $where .= " AND DAYOFMONTH(post_date)='" . $q['day'] . "'";
     }
     if ('' != $q['name']) {
         $q['name'] = sanitize_title($q['name']);
         $where .= " AND post_name = '" . $q['name'] . "'";
     } else {
         if ('' != $q['pagename']) {
             $q['pagename'] = sanitize_title(basename(str_replace('%2F', '/', urlencode($q['pagename']))));
             $q['name'] = $q['pagename'];
             $where .= " AND post_name = '" . $q['pagename'] . "'";
         }
     }
     if ((int) $q['w']) {
         $q['w'] = '' . intval($q['w']);
         $where .= " AND WEEK(post_date, 1)='" . $q['w'] . "'";
     }
     if (intval($q['comments_popup'])) {
         $q['p'] = intval($q['comments_popup']);
     }
     // If a post number is specified, load that post
     if ($q['p'] != '' && intval($q['p']) != 0) {
         $q['p'] = (int) $q['p'];
         $where = ' AND ID = ' . $q['p'];
     }
     if ($q['page_id'] != '' && intval($q['page_id']) != 0) {
         $q['page_id'] = intval($q['page_id']);
         $q['p'] = $q['page_id'];
         $where = ' AND ID = ' . $q['page_id'];
     }
     // If a search pattern is specified, load the posts that match
     if (!empty($q['s'])) {
         $q['s'] = addslashes_gpc($q['s']);
         $search = ' AND (';
         $q['s'] = preg_replace('/, +/', ' ', $q['s']);
         $q['s'] = str_replace(',', ' ', $q['s']);
         $q['s'] = str_replace('"', ' ', $q['s']);
         $q['s'] = trim($q['s']);
         if ($q['exact']) {
             $n = '';
         } else {
             $n = '%';
         }
         if (!$q['sentence']) {
             $s_array = explode(' ', $q['s']);
             $q['search_terms'] = $s_array;
             $search .= '((post_title LIKE \'' . $n . $s_array[0] . $n . '\') OR (post_content LIKE \'' . $n . $s_array[0] . $n . '\'))';
             for ($i = 1; $i < count($s_array); $i = $i + 1) {
                 $search .= ' AND ((post_title LIKE \'' . $n . $s_array[$i] . $n . '\') OR (post_content LIKE \'' . $n . $s_array[$i] . $n . '\'))';
             }
             $search .= ' OR (post_title LIKE \'' . $n . $q['s'] . $n . '\') OR (post_content LIKE \'' . $n . $q['s'] . $n . '\')';
             $search .= ')';
         } else {
             $search = ' AND ((post_title LIKE \'' . $n . $q['s'] . $n . '\') OR (post_content LIKE \'' . $n . $q['s'] . $n . '\'))';
         }
     }
     // Category stuff
     if (empty($q['cat']) || $q['cat'] == '0' || ($this->is_single || $this->is_page)) {
         $whichcat = '';
     } else {
         $q['cat'] = '' . urldecode($q['cat']) . '';
         $q['cat'] = addslashes_gpc($q['cat']);
         if (stristr($q['cat'], '-')) {
             // Note: if we have a negative, we ignore all the positives. It must
             // always mean 'everything /except/ this one'. We should be able to do
             // multiple negatives but we don't :-(
             $eq = '!=';
             $andor = 'AND';
             $q['cat'] = explode('-', $q['cat']);
             $q['cat'] = intval($q['cat'][1]);
         } else {
             $eq = '=';
             $andor = 'OR';
         }
         $join = " LEFT JOIN {$wpdb->post2cat} ON ({$wpdb->posts}.ID = {$wpdb->post2cat}.post_id) ";
         $cat_array = preg_split('/[,\\s]+/', $q['cat']);
         $whichcat .= ' AND (category_id ' . $eq . ' ' . intval($cat_array[0]);
         $whichcat .= get_category_children($cat_array[0], ' ' . $andor . ' category_id ' . $eq . ' ');
         for ($i = 1; $i < count($cat_array); $i = $i + 1) {
             $whichcat .= ' ' . $andor . ' category_id ' . $eq . ' ' . intval($cat_array[$i]);
             $whichcat .= get_category_children($cat_array[$i], ' ' . $andor . ' category_id ' . $eq . ' ');
         }
         $whichcat .= ')';
         if ($eq == '!=') {
             $q['cat'] = '-' . $q['cat'];
             // Put back the knowledge that we are excluding a category.
         }
     }
     // Category stuff for nice URIs
     if ('' != $q['category_name']) {
         if (stristr($q['category_name'], '/')) {
             $q['category_name'] = explode('/', $q['category_name']);
             if ($q['category_name'][count($q['category_name']) - 1]) {
                 $q['category_name'] = $q['category_name'][count($q['category_name']) - 1];
                 // no trailing slash
             } else {
                 $q['category_name'] = $q['category_name'][count($q['category_name']) - 2];
                 // there was a trailling slash
             }
         }
         $q['category_name'] = sanitize_title($q['category_name']);
         $tables = ", {$wpdb->post2cat}, {$wpdb->categories}";
         $join = " LEFT JOIN {$wpdb->post2cat} ON ({$wpdb->posts}.ID = {$wpdb->post2cat}.post_id) LEFT JOIN {$wpdb->categories} ON ({$wpdb->post2cat}.category_id = {$wpdb->categories}.cat_ID) ";
         $whichcat = " AND (category_nicename = '" . $q['category_name'] . "'";
         $q['cat'] = $wpdb->get_var("SELECT cat_ID FROM {$wpdb->categories} WHERE category_nicename = '" . $q['category_name'] . "'");
         $whichcat .= get_category_children($q['cat'], " OR category_id = ");
         $whichcat .= ")";
     }
     // Author/user stuff
     if (empty($q['author']) || $q['author'] == '0') {
         $whichauthor = '';
     } else {
         $q['author'] = '' . urldecode($q['author']) . '';
         $q['author'] = addslashes_gpc($q['author']);
         if (stristr($q['author'], '-')) {
             $eq = '!=';
             $andor = 'AND';
             $q['author'] = explode('-', $q['author']);
             $q['author'] = '' . intval($q['author'][1]);
         } else {
             $eq = '=';
             $andor = 'OR';
         }
         $author_array = preg_split('/[,\\s]+/', $q['author']);
         $whichauthor .= ' AND (post_author ' . $eq . ' ' . intval($author_array[0]);
         for ($i = 1; $i < count($author_array); $i = $i + 1) {
             $whichauthor .= ' ' . $andor . ' post_author ' . $eq . ' ' . intval($author_array[$i]);
         }
         $whichauthor .= ')';
     }
     // Author stuff for nice URIs
     if ('' != $q['author_name']) {
         if (stristr($q['author_name'], '/')) {
             $q['author_name'] = explode('/', $q['author_name']);
             if ($q['author_name'][count($q['author_name']) - 1]) {
                 $q['author_name'] = $q['author_name'][count($q['author_name']) - 1];
                 #no trailing slash
             } else {
                 $q['author_name'] = $q['author_name'][count($q['author_name']) - 2];
                 #there was a trailling slash
             }
         }
         $q['author_name'] = sanitize_title($q['author_name']);
         $q['author'] = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE user_nicename='" . $q['author_name'] . "'");
         $whichauthor .= ' AND (post_author = ' . intval($q['author']) . ')';
     }
     $where .= $search . $whichcat . $whichauthor;
     if (empty($q['order']) || strtoupper($q['order']) != 'ASC' && strtoupper($q['order']) != 'DESC') {
         $q['order'] = 'DESC';
     }
     // Order by
     if (empty($q['orderby'])) {
         $q['orderby'] = 'date ' . $q['order'];
     } else {
         // Used to filter values
         $allowed_keys = array('author', 'date', 'category', 'title');
         $q['orderby'] = urldecode($q['orderby']);
         $q['orderby'] = addslashes_gpc($q['orderby']);
         $orderby_array = explode(' ', $q['orderby']);
         if (!in_array($orderby_array[0], $allowed_keys)) {
             $orderby_array[0] = 'date';
         }
         $q['orderby'] = $orderby_array[0] . ' ' . $q['order'];
         if (count($orderby_array) > 1) {
             for ($i = 1; $i < count($orderby_array); $i = $i + 1) {
                 // Only allow certain values for safety
                 if (in_array($orderby_array[$i], $allowed_keys)) {
                     $q['orderby'] .= ',post_' . $orderby_array[$i] . ' ' . $q['order'];
                 }
             }
         }
     }
     $now = gmdate('Y-m-d H:i:59');
     if ($pagenow != 'post.php' && $pagenow != 'edit.php') {
         $where .= " AND post_date_gmt <= '{$now}'";
         $distinct = 'DISTINCT';
     }
     if ($this->is_page) {
         $where .= ' AND (post_status = "static")';
     } elseif ($this->is_single) {
         $where .= ' AND (post_status != "static")';
     } else {
         $where .= ' AND (post_status = "publish"';
         if (isset($user_ID) && '' != intval($user_ID)) {
             $where .= " OR post_author = {$user_ID} AND post_status != 'draft' AND post_status != 'static')";
         } else {
             $where .= ')';
         }
     }
     // Apply filters on where and join prior to paging so that any
     // manipulations to them are reflected in the paging by day queries.
     $where = apply_filters('posts_where', $where);
     $join = apply_filters('posts_join', $join);
     // Paging
     if (empty($q['nopaging']) && !$this->is_single) {
         $page = $q['paged'];
         if (empty($page)) {
             $page = 1;
         }
         if ($q['what_to_show'] == 'posts') {
             $pgstrt = '';
             $pgstrt = (intval($page) - 1) * $q['posts_per_page'] . ', ';
             $limits = 'LIMIT ' . $pgstrt . $q['posts_per_page'];
         } elseif ($q['what_to_show'] == 'days') {
             $startrow = $q['posts_per_page'] * (intval($page) - 1);
             $start_date = $wpdb->get_var("SELECT max(post_date) FROM {$wpdb->posts} {$join} WHERE (1=1) {$where} GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT {$startrow},1");
             $endrow = $startrow + $q['posts_per_page'] - 1;
             $end_date = $wpdb->get_var("SELECT min(post_date) FROM {$wpdb->posts} {$join} WHERE (1=1) {$where} GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT {$endrow},1");
             if ($page > 1) {
                 $where .= " AND post_date >= '{$end_date}' AND post_date <= '{$start_date}'";
             } else {
                 $where .= " AND post_date >= '{$end_date}'";
             }
         }
     }
     // Apply post-paging filters on where and join.  Only plugins that
     // manipulate paging queries should use these hooks.
     $where = apply_filters('posts_where_paged', $where);
     $where .= " GROUP BY {$wpdb->posts}.ID";
     $join = apply_filters('posts_join_paged', $join);
     $orderby = "post_" . $q['orderby'];
     $orderby = apply_filters('posts_orderby', $orderby);
     $request = " SELECT {$distinct} * FROM {$wpdb->posts} {$join} WHERE 1=1" . $where . " ORDER BY " . $orderby . " {$limits}";
     $this->posts = $wpdb->get_results($request);
     // Check post status to determine if post should be displayed.
     if ($this->is_single) {
         if ('publish' != $this->posts[0]->post_status) {
             if (!(isset($user_ID) && '' != intval($user_ID))) {
                 // User must be logged in to view unpublished posts.
                 $this->posts = array();
             } else {
                 if ('draft' == $this->posts[0]->post_status) {
                     // User must have edit permissions on the draft to preview.
                     if (!user_can_edit_post($user_ID, $this->posts[0]->ID)) {
                         $this->posts = array();
                     }
                 } elseif ('private' == $this->posts[0]->post_status) {
                     if ($this->posts[0]->post_author != $user_ID) {
                         $this->posts = array();
                     }
                 }
             }
         }
     }
     $this->posts = apply_filters('the_posts', $this->posts);
     $this->post_count = count($this->posts);
     if ($this->post_count > 0) {
         $this->post = $this->posts[0];
     }
     update_post_caches($this->posts);
     // Save any changes made to the query vars.
     $this->query_vars = $q;
     return $this->posts;
 }
function edit_post_link($link = 'Edit This', $before = '', $after = '') {
	global $user_ID, $post;

	get_currentuserinfo();

	if ( !user_can_edit_post($user_ID, $post->ID) ) {
		return;
	}

	if ( is_attachment() )
		return;
	else
		$file = 'post';

	$location = get_settings('siteurl') . "/wp-admin/{$file}.php?action=edit&amp;post=$post->ID";
	echo $before . "<a href=\"$location\">$link</a>" . $after;
}
function edit_post_link($link = 'Edit This', $before = '', $after = '') {
    global $user_ID, $post;

    get_currentuserinfo();

	if (!user_can_edit_post($user_ID, $post->ID)) {
        return;
    }

    $location = get_settings('siteurl') . "/wp-admin/post.php?action=edit&amp;post=$post->ID";
    echo "$before <a href=\"$location\">$link</a> $after";
}