function migrate_deletestory($sid)
{
global $_TABLES, $_CONF;
$result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'");
$nrows = DB_numRows($result);
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename'];
if (!@unlink($filename)) {
// log the problem but don't abort the script
COM_errorLog('Unable to remove the following image from the article: ' . $filename);
}
// remove unscaled image, if it exists
$lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1);
$lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large;
if (file_exists($lFilename_large_complete)) {
if (!@unlink($lFilename_large_complete)) {
// ;og the problem but don't abort the script
COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete);
}
}
}
DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid));
DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid));
DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
// update RSS feed and Older Stories block
COM_rdfUpToDateCheck();
COM_olderStuff();
return;
}
/**
* Handles a comment submission
*
* @copyright Vincent Furia 2005
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @return string HTML (possibly a refresh)
*/
function handleSubmit()
{
global $_CONF, $_TABLES, $LANG03;
$display = '';
$type = COM_applyFilter($_POST['type']);
$sid = COM_applyFilter($_POST['sid']);
$pid = COM_applyFilter($_POST['pid'], true);
$postmode = COM_applyFilter($_POST['postmode']);
$title = strip_tags(COM_stripslashes($_POST['title']));
if ($type == 'article') {
$commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND') . COM_getTopicSQL('AND'));
if (!isset($commentcode) || $commentcode != 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$ret = CMT_saveComment($title, $_POST['comment'], $sid, $pid, 'article', $postmode);
if ($ret == -1) {
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
$url .= (strpos($url, '?') ? '&' : '?') . 'msg=15';
$display = COM_refresh($url);
} elseif ($ret > 0) {
// failure
// FIXME: some failures should not return to comment form
$display .= COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $LANG03[14], $postmode) . COM_siteFooter();
} else {
// success
$comments = DB_count($_TABLES['comments'], 'sid', $sid);
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
COM_olderStuff();
// update comment count in Older Stories block
$display = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}"));
}
} else {
// assume plugin
if (!($display = PLG_commentSave($type, $title, $_POST['comment'], $sid, $pid, $postmode))) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
}
}
return $display;
}
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
// don't delete topic blocks - assign them to 'all' and disable them
DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// delete comments, trackbacks, images associated with stories in this topic
$result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
}
// delete these
DB_delete($_TABLES['stories'], 'tid', $tid);
DB_delete($_TABLES['storysubmission'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article');
COM_olderStuff();
return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$title = addslashes(COM_stripslashes(strip_tags($title)));
$phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn)));
if (empty($title)) {
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} elseif (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
if ($allow_autotags == 1) {
// Remove any autotags the user doesn't have permission to use
$content = PLG_replaceTags($content, '', true);
}
$content = addslashes($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = addslashes($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = array();
$sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
$sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
$retval .= COM_siteHeader('menu', $LANG21[32]);
if (empty($name)) {
// empty block name
$msgtxt = $LANG21[50];
} elseif ($type == 'portal') {
// Portal block is missing fields
$msgtxt = $LANG21[33];
} elseif ($type == 'phpblock') {
// PHP Block is missing field
$msgtxt = $LANG21[34];
} elseif ($type == 'normal') {
// Normal block is missing field
$msgtxt = $LANG21[35];
} elseif ($type == 'gldefault') {
// Default geeklog field missing
$msgtxt = $LANG21[42];
} else {
// Layout block missing content
$msgtxt = $LANG21[36];
}
$retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid) . COM_siteFooter();
}
return $retval;
}
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
require_once $_CONF['path_system'] . 'lib-comment.php';
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
/* Store the first CATEGORY as the Topic ID */
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
/* Apply filters to the parameters passed by the webservice */
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
/* - START: Set all the defaults - */
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
}
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
/* Permissions */
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
/* - END: Set all the defaults - */
// TEST CODE
/* foreach ($args as $k => $v) {
if (!is_array($v)) {
echo "$k => $v\r\n";
} else {
echo "$k => $v\r\n";
foreach ($v as $k1 => $v1) {
echo " $k1 => $v1\r\n";
}
}
}*/
// exit ();
// END TEST CODE
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
/* First load the original story to check if it has been modified */
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
/* This function is also doing the security checks */
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
switch ($result) {
case STORY_DUPLICATE_SID:
$output .= COM_siteHeader('menu', $LANG24[5]);
$output .= COM_errorLog($LANG24[24], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_EMPTY_REQUIRED_FIELDS:
$output .= COM_siteHeader('menu');
$output .= COM_errorLog($LANG24[31], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $upload->printErrors(false);
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $z . '.' . $fextension;
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_siteHeader('menu', $LANG24[30]);
$retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $upload->printErrors(false);
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->insertImages();
if (count($errors) > 0) {
$output = COM_siteHeader('menu', $LANG24[54]);
$output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG24[55] . '<p>';
for ($i = 1; $i <= count($errors); $i++) {
$output .= current($errors) . '<br' . XHTML . '>';
next($errors);
}
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= storyeditor($sid);
$output .= COM_siteFooter();
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_olderStuff();
CMT_updateCommentcodes();
if ($story->type == 'submission') {
$output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
/**
* Saves a story submission.
*
* @return integer result code explaining behaviour.
*/
function saveSubmission()
{
global $_USER, $_CONF, $_TABLES;
$this->_sid = COM_makeSid();
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$tmptid = addslashes(COM_sanitizeID($this->_tid));
$result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND'));
if (DB_numRows($result) == 0) {
// user doesn't have access to this topic - bail
return STORY_NO_ACCESS_TOPIC;
}
$T = DB_fetchArray($result);
if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
$this->_sid = addslashes($this->_sid);
$this->_tid = $tmptid;
$this->_title = addslashes($this->_title);
$this->_introtext = addslashes($this->_introtext);
$this->_bodytext = addslashes($this->_bodytext);
$this->_postmode = addslashes($this->_postmode);
DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'");
return STORY_SAVED_SUBMISSION;
} else {
// post this story directly. First establish the necessary missing data.
$this->_sanitizeData();
if (!isset($_CONF['show_topic_icon'])) {
$_CONF['show_topic_icon'] = 1;
}
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_oldsid = $this->_sid;
$this->_date = mktime();
$this->_featured = 0;
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_statuscode = 0;
$this->_show_topic_icon = $_CONF['show_topic_icon'];
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
$this->_group_id = $T['group_id'];
$this->_perm_owner = $T['perm_owner'];
$this->_perm_group = $T['perm_group'];
$this->_perm_members = $T['perm_members'];
$this->_perm_anon = $T['perm_anon'];
$this->saveToDatabase();
PLG_itemSaved($this->_sid, 'article');
COM_rdfUpToDateCheck();
COM_olderStuff();
return STORY_SAVED;
}
}
for ($i = 0; $i < $num_userphoto_images; $i++) {
$userphoto_image = DB_fetchArray($result);
if (!file_exists($html_path . 'images/userphotos/' . $userphoto_image['photo'])) {
// If userphoto image does not exist
// Log the error
COM_errorLog($LANG_MIGRATE[26] . $LANG_MIGRATE[29] . $userphoto_image['photo'] . $LANG_MIGRATE[30] . $_TABLES['users'] . $LANG_MIGRATE[31] . $html_path . 'images/userphotos/');
$missing_userphoto_images = true;
$missing_images = true;
}
}
// did the site URL change?
if (!empty($_OLD_CONF['site_url']) & !empty($_CONF['site_url']) && $_OLD_CONF['site_url'] != $_CONF['site_url']) {
INST_updateSiteUrl($_OLD_CONF['site_url'], $_CONF['site_url']);
} else {
// refresh "Older Stories" block
COM_olderStuff();
}
/**
* Import complete.
*
*/
// Check if there are any missing files or plugins
if ($missing_images || $missing_plugins > 0 || $disabled_plugins > 0) {
$display .= '<h2>' . $LANG_MIGRATE[37] . '</h2>' . LB . '<p>' . $LANG_MIGRATE[38] . '</p>' . LB;
// Plugins
if ($missing_plugins > 0) {
$display .= INST_getAlertMsg($LANG_MIGRATE[32] . ' <code>' . $_CONF['path'] . 'plugins/</code> ' . $LANG_MIGRATE[33], 'notice');
}
if ($disabled_plugins > 0) {
$display .= INST_getAlertMsg($LANG_MIGRATE[48]);
}
/**
* Moderates an item
*
* This will actually perform moderation (approve or delete) one or more items
*
* @param array $mid Array of items
* @param array $action Array of actions to perform on items
* @param string $type Type of items ('story', etc.)
* @param int $count Number of items to moderate
* @return string HTML for "command and control" page
*
*/
function moderation($mid, $action, $type, $count)
{
global $_CONF, $_TABLES;
$retval = '';
switch ($type) {
case 'story':
$id = 'sid';
$table = $_TABLES['stories'];
$submissiontable = $_TABLES['storysubmission'];
$fields = 'sid,uid,tid,title,introtext,date,postmode';
break;
case 'comment':
$id = 'cid';
$submissiontable = $_TABLES['commentsubmissions'];
$sidArray[] = '';
break;
default:
if (strlen($type) <= 0) {
// something is terribly wrong, bail
$retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php");
return $retval;
}
list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
}
// Set true if an valid action other than delete_all is selected
$formaction = false;
for ($i = 0; $i < $count; $i++) {
if (isset($action[$i]) and $action[$i] != '') {
$formaction = true;
} else {
continue;
}
switch ($action[$i]) {
case 'delete':
if (!empty($type) && $type != 'story' && $type != 'draft') {
// There may be some plugin specific processing that needs to
// happen first.
$retval .= PLG_deleteSubmission($type, $mid[$i]);
}
if (empty($mid[$i])) {
$retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id. Please report this immediately to your site administrator");
return $retval;
}
if ($type == 'draft') {
STORY_deleteStory($mid[$i]);
} else {
DB_delete($submissiontable, "{$id}", $mid[$i]);
}
break;
case 'approve':
if ($type == 'story') {
$result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'");
$A = DB_fetchArray($result);
$A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext'])));
$A['owner_id'] = $A['uid'];
$A['title'] = addslashes($A['title']);
$A['introtext'] = addslashes($A['introtext']);
$A['bodytext'] = addslashes($A['bodytext']);
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
$T = DB_fetchArray($result);
if ($T['archive_flag'] == 1) {
$frontpage = 0;
} else {
if (isset($_CONF['frontpage'])) {
$frontpage = $_CONF['frontpage'];
} else {
$frontpage = 1;
}
}
DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]);
PLG_itemSaved($A['sid'], 'article');
COM_rdfUpToDateCheck();
COM_olderStuff();
} else {
if ($type == 'draft') {
DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'");
COM_rdfUpToDateCheck();
COM_olderStuff();
} else {
if ($type == 'comment') {
$sid = CMT_approveModeration($mid[$i]);
if (!in_array($sid, $sidArray)) {
$sidArray[$i] = $sid;
}
} else {
// This is called in case this is a plugin. There may be some
// plugin specific processing that needs to happen.
DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]);
$retval .= PLG_approveSubmission($type, $mid[$i]);
}
}
}
break;
}
}
// after loop update comment tree and count for each story
if (isset($sidArray)) {
foreach ($sidArray as $sid) {
CMT_rebuildTree($sid);
//update comment count of stories;
$comments = DB_count($_TABLES['comments'], 'sid', $sid);
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
}
}
//Add new comment users to group comment.submit group
if (isset($_POST['publishfuture'])) {
for ($i = 0; $i < count($_POST['publishfuture']); $i++) {
$uid = COM_applyFilter($_POST['publishfuture'][$i], true);
if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) {
SEC_addUserToGroup($uid, 'Comment Submitters');
}
}
}
// Check if there was no direct action used on the form
// and if the delete_all submit action was used
if (!$formaction and isset($_POST['delitem'])) {
foreach ($_POST['delitem'] as $delitem) {
$delitem = COM_applyFilter($delitem);
if (!empty($type) && $type != 'story' && $type != 'draft') {
// There may be some plugin specific processing that needs to
// happen first.
$retval .= PLG_deleteSubmission($type, $delitem);
}
if ($type == 'draft') {
STORY_deleteStory($delitem);
} else {
DB_delete($submissiontable, "{$id}", $delitem);
}
}
}
$retval .= commandcontrol(SEC_createToken());
return $retval;
}
/**
* article: saves a comment
*
* @param string $title comment title
* @param string $comment comment text
* @param string $id Item id to which $cid belongs
* @param int $pid comment parent
* @param string $postmode 'html' or 'text'
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_savecomment_article($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_TABLES, $LANG03, $_USER;
$retval = '';
$commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'));
if (!isset($commentcode) || $commentcode != 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode);
if ($ret > 0) {
// failure
$msg = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error');
SESS_unSet('glfusion.commentpresave.error');
} else {
if (empty($title) || empty($comment)) {
$msg = COM_showMessageText($LANG03[12], '', 1, 'error');
}
}
$retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode);
} else {
// success
$comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
COM_olderStuff();
// update comment count in Older Stories block
$retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments"));
}
return $retval;
}
/**
* Delete an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
$sid = $args['sid'];
$result = DB_query("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$access = min($access, SEC_hasTopicAccess($A['tid']));
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}.");
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
STORY_deleteImages($sid);
DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article'");
DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
// delete Trackbacks
DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article';");
PLG_itemDeleted($sid, 'article');
// update RSS feed and Older Stories block
COM_rdfUpToDateCheck();
COM_olderStuff();
COM_setMessage(10);
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
return PLG_RET_OK;
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $name Block name
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @param int $allow_autotags Flag, indicates if autotags are enabed or not
* @return string HTML redirect or error message
*
*/
function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$B['bid'] = (int) $bid;
$B['name'] = $name;
$B['title'] = $title;
$B['type'] = $type;
$B['blockorder'] = $blockorder;
$B['content'] = $content;
$B['tid'] = $tid;
$B['rdfurl'] = $rdfurl;
$B['rdfupdated'] = $rdfupdated;
$B['rdflimit'] = $rdflimit;
$B['phpblockfn'] = $phpblockfn;
$B['onleft'] = $onleft;
$B['owner_id'] = $owner_id;
$B['group_id'] = $group_id;
$B['perm_owner'] = $perm_owner;
$B['perm_group'] = $perm_group;
$B['perm_members'] = $perm_members;
$B['perm_anon'] = $perm_anon;
$B['is_enabled'] = $is_enabled;
$B['allow_autotags'] = $allow_autotags;
$bid = (int) $bid;
$MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small";
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
$title = $filter->filterHTML($title);
$title = DB_escapeString($title);
$phpblockfn = DB_escapeString(trim($phpblockfn));
if (empty($title) || !BLOCK_validateName($name)) {
if (empty($title)) {
$msg = $LANG21[64];
} else {
$msg = $LANG21[70];
}
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 1) {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '1000-01-01 00:00:00';
}
$name = DB_escapeString($name);
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
CTL_clearCache();
COM_setMessage(11);
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
} else {
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[32]);
if ($type == 'portal') {
// Portal block is missing fields
$msg = $LANG21[33];
} else {
if ($type == 'phpblock') {
// PHP Block is missing field
$msg = $LANG21[34];
} else {
if ($type == 'normal') {
// Normal block is missing field
$msg = $LANG21[35];
} else {
if ($type == 'gldefault') {
// Default glFusion field missing
$msg = $LANG21[42];
} else {
// Layout block missing content
$msg = $LANG21[36];
}
}
}
}
$retval .= COM_showMessageText($msg, $LANG21[32], true);
$retval .= BLOCK_edit($bid, $B);
$retval .= COM_siteFooter();
}
return $retval;
}
/**
* Moderates a single item
*
* This will actually perform moderation (approve or delete) one or more items
*
* @param string $action Action to perform ('delete' or 'approve')
* @param string $type Type of item ('user', 'draftstory', 'story', etc.)
* @param string $id ID of item to approve or delete
* @return string HTML for "command and control" page
*
*/
function MODERATE_item($action = '', $type = '', $id = '')
{
global $_CONF, $_TABLES;
$retval = '';
if (empty($action)) {
// null action
$retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null action.");
return $retval;
}
if (empty($type)) {
// null item type
$retval .= COM_errorLog("Submissions Error: An attempt was made to moderate a null item type.");
return $retval;
}
if (empty($id)) {
// null item type
$retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null id.");
return $retval;
}
list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
switch ($action) {
case 'delete':
switch ($type) {
case 'user':
// user
if ($id > 1) {
USER_deleteAccount($id);
}
break;
case 'story':
// story (needs to move to a plugin)
DB_delete($submissiontable, "{$key}", $id);
break;
case 'draftstory':
// draft story
STORY_deleteStory($id);
break;
default:
// plugin
$retval .= PLG_deleteSubmission($type, $id);
DB_delete($submissiontable, "{$key}", $id);
break;
}
break;
case 'approve':
switch ($type) {
case 'story':
// story (needs to move to a plugin)
$result = DB_query("SELECT * FROM {$submissiontable} WHERE {$key} = '{$id}'");
$A = DB_fetchArray($result);
$A['related'] = DB_escapeString(implode("\n", STORY_extractLinks($A['introtext'])));
$A['owner_id'] = $A['uid'];
$A['title'] = DB_escapeString($A['title']);
$A['introtext'] = DB_escapeString($A['introtext']);
$A['bodytext'] = DB_escapeString($A['bodytext']);
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
$T = DB_fetchArray($result);
if ($T['archive_flag'] == 1) {
$frontpage = 0;
} else {
if (isset($_CONF['frontpage'])) {
$frontpage = $_CONF['frontpage'];
} else {
$frontpage = 1;
}
}
DB_save($table, 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
DB_delete($submissiontable, "{$key}", $id);
PLG_itemSaved($A['sid'], 'article');
COM_rdfUpToDateCheck();
COM_olderStuff();
break;
case 'draftstory':
// draft story
DB_query("UPDATE {$table} SET draft_flag = 0 WHERE {$key} = '{$id}'");
COM_rdfUpToDateCheck();
COM_olderStuff();
break;
case 'user':
// user
$result = DB_query("SELECT {$fields} FROM {$table} WHERE {$key} = '{$id}'");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['registration_type'] == 1) {
$sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_VERIFICATION . " WHERE {$key} = '{$A['uid']}'";
} else {
$sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE {$key} = '{$A['uid']}'";
}
DB_query($sql);
USER_createAndSendPassword($A['username'], $A['email'], $A['uid']);
}
break;
default:
// plugin
DB_copy($table, $fields, $fields, $submissiontable, $key, $id);
$retval .= PLG_approveSubmission($type, $id);
break;
}
break;
}
// switch ($action)
return $retval;
}
