$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter();
}
// MAIN
CMT_updateCommentcodes();
$display = '';
// If reply specified, force comment submission form
if (isset($_REQUEST['reply'])) {
$_REQUEST['mode'] = '';
}
$mode = '';
if (!empty($_REQUEST['mode'])) {
$mode = COM_applyFilter($_REQUEST['mode']);
}
$formtype = '';
if (!empty($_REQUEST['formtype'])) {
$formtype = COM_applyFilter($_REQUEST['formtype']);
}
switch ($mode) {
case $LANG03[28]:
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
return PLG_RET_AUTH_FAILED;
}
require_once $_CONF['path_system'] . 'lib-comment.php';
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
// Store the first CATEGORY as the Topic ID
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
// - START: Set all the defaults -
/*
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid',
'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
} */
/* This is a solution for above but the above has issues
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topics selected or available';
return PLG_RET_ERROR;
}
*/
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
// - END: Set all the defaults -
// TEST CODE
/* foreach ($args as $k => $v) {
if (!is_array($v)) {
echo "$k => $v\r\n";
} else {
echo "$k => $v\r\n";
foreach ($v as $k1 => $v1) {
echo " $k1 => $v1\r\n";
}
}
}*/
// exit ();
// END TEST CODE
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
} else {
$args['sid'] = COM_makeSid();
}
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original story to check if it has been modified
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
// This function is also doing the security checks
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
// Check if topics selected if not prompt required field
if ($result == STORY_LOADED_OK) {
if (!TOPIC_checkTopicSelectionControl()) {
$result = STORY_EMPTY_REQUIRED_FIELDS;
}
}
switch ($result) {
case STORY_DUPLICATE_SID:
$output .= COM_errorLog($LANG24[24], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
return PLG_RET_ERROR;
break;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_EMPTY_REQUIRED_FIELDS:
$output .= COM_errorLog($LANG24[31], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output);
return PLG_RET_ERROR;
break;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new Upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $z . '.' . $fextension;
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$output .= '<li>' . $err . '</li>' . LB;
}
$output .= '</ul>' . LB;
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= storyeditor($sid);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s)
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_rdfUpToDateCheck('comment');
STORY_updateLastArticlePublished();
CMT_updateCommentcodes();
if ($story->type == 'submission') {
$output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
/**
* Returns the site header
*
* This loads the proper templates, does variable substitution and returns the
* HTML for the site header with or without blocks depending on the value of $what
*
* Programming Note:
*
* The two functions COM_siteHeader and COM_siteFooter provide the framework for
* page display in glFusion. COM_siteHeader controls the display of the Header
* and left blocks and COM_siteFooter controls the dsiplay of the right blocks
* and the footer. You use them like a sandwich. Thus the following code will
* display a glFusion page with both right and left blocks displayed.
*
* <code>
* <?php
* require_once('lib-common.php');
* $display .= COM_siteHeader(); //Change to COM_siteHeader('none') to not display left blocks
* $display .= "Here is your html for display";
* $display .= COM_siteFooter(true); // Change to COM_siteFooter() to not display right blocks
* echo $display;
* ? >
* </code>
*
* Note that the default for the header is to display the left blocks and the
* default of the footer is to not display the right blocks.
*
* This sandwich produces code like this (greatly simplified)
* <code>
* // COM_siteHeader
* <table><tr><td colspan="3">Header</td></tr>
* <tr><td>Left Blocks</td><td>
*
* // Your HTML goes here
* Here is your html for display
*
* // COM_siteFooter
* </td><td>Right Blocks</td></tr>
* <tr><td colspan="3">Footer</td></table>
* </code>
*
* @param string $what If 'none' then no left blocks are returned, if
* 'menu' (default) then right blocks are returned
* @param string $pagetitle optional content for the page's <title>
* @param string $headercode optional code to go into the page's <head>
* @return string Formatted HTML containing the site header
* @see function COM_siteFooter
*
*/
function COM_siteHeader($what = 'menu', $pagetitle = '', $headercode = '')
{
global $_CONF, $_SYSTEM, $_VARS, $_TABLES, $_USER, $LANG01, $LANG_BUTTONS, $LANG_DIRECTION, $_IMAGE_TYPE, $topic, $_COM_VERBOSE, $theme_what, $theme_pagetitle, $theme_headercode, $theme_layout, $blockInterface;
if (!isset($_USER['theme']) || $_USER['theme'] == '') {
$_USER['theme'] = $_CONF['theme'];
}
$function = $_USER['theme'] . '_siteHeader';
if (function_exists($function)) {
return $function($what, $pagetitle, $headercode);
}
$dt = new Date('now', $_USER['tzid']);
static $headerCalled = 0;
if ($headerCalled == 1) {
return '';
}
$headerCalled = 1;
if (is_array($what)) {
$theme_what = array();
}
$theme_pagetitle = $pagetitle;
$theme_headercode = $headercode;
if (isset($blockInterface['left'])) {
$currentURL = COM_getCurrentURL();
if (strpos($currentURL, $_CONF['site_admin_url']) === 0) {
if ($blockInterface['left']['location'] == 'right' || $blockInterface['left']['location'] == 'left') {
$theme_what = 'none';
} else {
$theme_what = $what;
}
} else {
$theme_what = $what;
}
} else {
$theme_what = $what;
}
$header = new Template($_CONF['path_layout']);
$header->set_file('header', 'htmlheader.thtml');
$cacheID = SESS_getVar('cacheID');
if (empty($cacheID) || $cacheID == '') {
if (!isset($_VARS['cacheid'])) {
$cacheID = 'css_' . md5(time());
$_VARS['cacheid'] = $cacheID;
} else {
$cacheID = $_VARS['cacheid'];
}
SESS_setVar('cacheID', $cacheID);
}
// give the theme a chance to load stuff....
$function = $_USER['theme'] . '_headerVars';
if (function_exists($function)) {
$function($header);
}
// get topic if not on home page
if (!isset($_GET['topic'])) {
if (isset($_GET['story'])) {
$sid = COM_applyFilter($_GET['story']);
} elseif (isset($_GET['sid'])) {
$sid = COM_applyFilter($_GET['sid']);
} elseif (isset($_POST['story'])) {
$sid = COM_applyFilter($_POST['story']);
}
if (empty($sid) && $_CONF['url_rewrite'] && strpos($_SERVER['PHP_SELF'], 'article.php') !== false) {
COM_setArgNames(array('story', 'mode'));
$sid = COM_applyFilter(COM_getArgument('story'));
}
if (!empty($sid)) {
$topic = DB_getItem($_TABLES['stories'], 'tid', "sid='" . DB_escapeString($sid) . "'");
}
} else {
$topic = COM_applyFilter($_GET['topic']);
}
$feed_url = array();
if ($_CONF['backend'] == 1) {
// add feed-link to header if applicable
if (SESS_isSet('feedurl')) {
$feed_url = unserialize(SESS_getVar('feedurl'));
} else {
$baseurl = SYND_getFeedUrl();
$sql = 'SELECT format, filename, title, language FROM ' . $_TABLES['syndication'] . " WHERE (header_tid = 'all')";
if (!empty($topic)) {
$sql .= " OR (header_tid = '" . DB_escapeString($topic) . "')";
}
$result = DB_query($sql);
$numRows = DB_numRows($result);
for ($i = 0; $i < $numRows; $i++) {
$A = DB_fetchArray($result);
if (!empty($A['filename'])) {
$format = explode('-', $A['format']);
$format_type = strtolower($format[0]);
$format_name = ucwords($format[0]);
$feed_url[] = '<link rel="alternate" type="application/' . $format_type . '+xml"' . ' href="' . $baseurl . $A['filename'] . '" title="' . $format_name . ' Feed: ' . $A['title'] . '"/>';
}
}
SESS_setVar('feedurl', serialize($feed_url));
}
}
$header->set_var('feed_url', implode(LB, $feed_url));
$relLinks = array();
if (!COM_onFrontpage()) {
$relLinks['home'] = '<link rel="home" href="' . $_CONF['site_url'] . '/" title="' . $LANG01[90] . '"/>';
} else {
CMT_updateCommentcodes();
}
$loggedInUser = !COM_isAnonUser();
if ($loggedInUser || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) {
if (substr($_SERVER['PHP_SELF'], -strlen('/search.php')) != '/search.php' || isset($_GET['mode'])) {
$relLinks['search'] = '<link rel="search" href="' . $_CONF['site_url'] . '/search.php" title="' . $LANG01[75] . '"/>';
}
}
if ($loggedInUser || $_CONF['loginrequired'] == 0 && $_CONF['directoryloginrequired'] == 0) {
if (strpos($_SERVER['PHP_SELF'], '/article.php') !== false) {
$relLinks['contents'] = '<link rel="contents" href="' . $_CONF['site_url'] . '/directory.php" title="' . $LANG01[117] . '"/>';
}
}
if (!$_CONF['disable_webservices']) {
$relLinks['service'] = '<link rel="service" ' . 'type="application/atomsvc+xml" ' . 'href="' . $_CONF['site_url'] . '/webservices/atom/index.php?introspection" ' . 'title="' . $LANG01[130] . '"/>' . LB;
}
$header->set_var('rel_links', implode(LB, $relLinks));
if (empty($pagetitle) && isset($_CONF['pagetitle'])) {
$pagetitle = $_CONF['pagetitle'];
}
if (empty($pagetitle)) {
if (empty($topic)) {
$pagetitle = $_CONF['site_slogan'];
} else {
$pagetitle = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($topic) . "'");
}
}
if (!empty($pagetitle)) {
$header->set_var('page_site_splitter', ' - ');
} else {
$header->set_var('page_site_splitter', '');
}
$header->set_var('page_title', $pagetitle);
$header->set_var('site_name', $_CONF['site_name']);
if (COM_onFrontpage()) {
$title_and_name = $_CONF['site_name'];
if (!empty($pagetitle)) {
$title_and_name .= ' - ' . $pagetitle;
}
} else {
$title_and_name = '';
if (!empty($pagetitle)) {
$title_and_name = $pagetitle . ' - ';
}
$title_and_name .= $_CONF['site_name'];
}
$header->set_var('page_title_and_site_name', $title_and_name);
$rdf = substr_replace($_CONF['rdf_file'], $_CONF['site_url'], 0, strlen($_CONF['path_html']) - 1) . LB;
list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation();
list($cacheFile, $js_cache_url) = COM_getJSCacheLocation();
$header->set_var(array('site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'rdf_file' => $rdf, 'rss_url' => $rdf, 'css_url' => $_CONF['layout_url'] . '/style.css', 'theme' => $_USER['theme'], 'style_cache_url' => $style_cache_url, 'js_cache_url' => $js_cache_url, 'charset' => COM_getCharset(), 'cacheid' => $_USER['theme'] . $cacheID, 'direction' => empty($LANG_DIRECTION) ? 'ltr' : $LANG_DIRECTION, 'plg_headercode' => $headercode . PLG_getHeaderCode()));
// Call to plugins to set template variables in the header
PLG_templateSetVars('header', $header);
$header->parse('index_header', 'header');
$retval = $header->finish($header->get_var('index_header'));
echo $retval;
// Start caching / capturing output from glFusion / plugins
ob_start();
return '';
}
