/**
* Shows a given submission form
*
* This is the submission it is modular to allow us to write as little as
* possible. It takes a type and formats a form for the user. Currently the
* types is story. If no type is provided, Story is assumed.
*
* @param string $type type of submission ('story')
* @param string $mode calendar mode ('personal' or empty string)
* @return string HTML for submission form
*
*/
function submissionform($type = 'story', $mode = '')
{
global $_CONF, $_TABLES, $LANG12;
$retval = '';
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
} else {
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
return $retval;
} else {
$retval .= COM_startBlock($LANG12[19]) . $LANG12[9] . COM_endBlock();
if (strlen($type) > 0 && $type !== 'story') {
$formresult = PLG_showSubmitForm($type);
if ($formresult == false) {
COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1);
COM_displayMessageAndAbort(79, '', 410, 'Gone');
} else {
$retval .= $formresult;
}
} else {
$retval .= submitstory();
}
}
}
return $retval;
}
/**
* Shows a given submission form
*
* This is the submission it is modular to allow us to write as little as
* possible. It takes a type and formats a form for the user. Currently the
* types is story. If no type is provided, Story is assumed.
*
* @param string $type type of submission ('story')
* @param string $mode story mode ('personal' or empty string)
* @param string $topic topic (for stories)
* @return string HTML for submission form
*
*/
function submissionform($type = 'story', $mode = '', $topic = '')
{
global $_CONF, $_TABLES, $_USER, $LANG12, $LANG_LOGIN;
$retval = '';
$postmode = $_CONF['postmode'];
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26], false, 'error');
} else {
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) {
$display = COM_siteHeader('menu', $LANG_LOGIN[1]);
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
} else {
$retval .= COM_startBlock($LANG12[19], '', COM_getBlockTemplate('_submit_story', 'header')) . $LANG12[9] . COM_endBlock(COM_getBlockTemplate('_submit_story', 'footer'));
$retval .= '<div style="border-bottom:1px solid #cccccc"></div>';
if (strlen($type) > 0 && $type != 'story') {
$formresult = PLG_showSubmitForm($type);
if ($formresult == false) {
COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1);
COM_displayMessageAndAbort(79, '', 410, 'Gone');
} else {
$retval .= $formresult;
}
} else {
$retval .= submitstory($topic);
}
}
}
return $retval;
}
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return string HTML for poll listing
*
*/
function polllist()
{
global $_CONF, $_TABLES, $_PO_CONF, $LANG25, $LANG_POLLS;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
} else {
require_once $_CONF['path_system'] . 'lib-admin.php';
$header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true));
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '', 'form_url' => $_CONF['site_url'] . '/polls/index.php');
$query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(created) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
$retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr);
}
return $retval;
}
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return string HTML for poll listing
*
*/
function POLLS_pollList()
{
global $_CONF, $_TABLES, $_USER, $_PO_CONF, $LANG25, $LANG_LOGIN, $LANG_POLLS;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
} else {
USES_lib_admin();
$header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true, 'align' => 'center'), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true, 'align' => 'center'));
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '');
$query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(date) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
$retval .= ADMIN_list('polls', 'POLLS_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token = 'dummy');
}
return $retval;
}
/**
* Plugin function to display a specific comment thread
* $id Unique idenifier for item comment belongs to
* $cid Comment id to display (possibly including sub-comments)
* $title Page/comment title
* $order 'ASC' or 'DSC' or blank
* $format 'threaded', 'nested', or 'flat'
* $page Page number of comments to display
* $view True to view comment (by cid), false to display (by $pid)
*/
function _mg_displaycomment($id, $commentid, $title, $order, $format, $page, $view)
{
global $_CONF, $_USER, $_MG_CONF, $LANG_LOGIN;
if (COM_isAnonUser() && $_MG_CONF['loginrequired']) {
echo SEC_loginRequiredForm();
exit;
}
$retval = '';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-media.php';
list($ptitle, $retval, $themeCSS, $album_id) = MG_displayMediaImage($id, 0, 0, 0);
$retval = $themeCSS . $retval;
if (SEC_hasRights('mediagallery.admin')) {
$delete_option = true;
} else {
$delete_option = false;
}
$view = $view == 1 ? true : false;
$retval .= CMT_userComments($id, $title, 'mediagallery', $order, $format, $commentid, $page, $view, $delete_option);
return $retval;
}
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
/**
* Geeklog common function library
*/
require_once 'lib-common.php';
// configuration option:
// List stories for the current month on top of the overview page
// (if set = true)
$conf_list_current_month = false;
// name of this script
define('THIS_SCRIPT', 'directory.php');
$display = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['directoryloginrequired'] == 1)) {
$display = COM_createHTMLDocument(SEC_loginRequiredForm(), array('pagetitle' => $LANG_DIR['title']));
COM_output($display);
exit;
}
$theme = isset($_USER['theme']) ? $_USER['theme'] : $_CONF['theme'];
clearstatcache();
define('TEMPLATE_EXISTS', file_exists($_CONF['path_themes'] . $theme . '/directory.thtml'));
/**
* Helper function: Calculate last day of a given month
*
* @param int $month Month
* @param int $year Year
* @return int Number of days in that month
* @todo Bug: Will fail from 2038 onwards ...
* "The last day of any given month can be expressed as the "0" day
* of the next month", http://www.php.net/manual/en/function.mktime.php
/**
* Displays the contact form
*
* @param int $uid User ID of article author
* @param bool $cc Whether to send a copy of the message to the author
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string HTML for the contact form
*
*/
function CONTACT_contactform($uid, $cc = false, $subject = '', $message = '')
{
global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG08, $LANG_CONTACT_1;
$retval = '';
if (COM_isAnonUser() && $_CONTACT_CONF['contactloginrequired'] == 1) {
$retval .= SEC_loginRequiredForm();
} else {
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
$displayname = COM_getDisplayName($uid);
if ($P['emailfromadmin'] == 1 && $isAdmin || $P['emailfromuser'] == 1 && !$isAdmin) {
if ($cc) {
$cc = ' checked="checked"';
}
$retval = '';
$mail_template = COM_newTemplate($_CONF['path'] . 'plugins/contact/templates');
$mail_template->set_file('form', 'contactuserform.thtml');
$mail_template->set_var('contact_form', $LANG_CONTACT_1['contact_form']);
$mail_template->set_var('form_message', $_CONTACT_CONF['message']);
$mail_template->set_var('lang_username', $LANG_CONTACT_1['name']);
$mail_template->set_var('add_your_name', $LANG_CONTACT_1['add_your_name']);
if (COM_isAnonUser()) {
$sender = '';
if (isset($_POST['author'])) {
$sender = strip_tags($_POST['author']);
$sender = substr($sender, 0, strcspn($sender, "\r\n"));
$sender = htmlspecialchars(trim($sender), ENT_QUOTES);
}
$mail_template->set_var('username', $sender);
} else {
$mail_template->set_var('username', COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']));
}
$mail_template->set_var('lang_useremail', $LANG_CONTACT_1['email']);
$mail_template->set_var('add_valid_address', $LANG_CONTACT_1['add_valid_address']);
if (COM_isAnonUser()) {
$email = '';
if (isset($_POST['authoremail'])) {
$email = strip_tags($_POST['authoremail']);
$email = substr($email, 0, strcspn($email, "\r\n"));
$email = htmlspecialchars(trim($email), ENT_QUOTES);
}
$mail_template->set_var('useremail', $email);
} else {
$mail_template->set_var('useremail', $_USER['email']);
}
$mail_template->set_var('cc', $cc);
$mail_template->set_var('lang_cc', $LANG08[36]);
$mail_template->set_var('lang_cc_description', $LANG08[37]);
$mail_template->set_var('lang_message', $LANG_CONTACT_1['message']);
$mail_template->set_var('message', htmlspecialchars($message));
$mail_template->set_var('lang_submit', $LANG08[16]);
$mail_template->set_var('uid', $uid);
PLG_templateSetVars('contact', $mail_template);
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
} else {
$retval = COM_startBlock($LANG08[10] . ' ' . $displayname, '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG08[35];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
}
return $retval;
}
/**
* Send report about abusive comment
*
* @param string $cid comment id
* @param string $type type of comment ('article', 'poll', ...)
* @return string Meta refresh or HTML for error message
*
*/
function CMT_sendReport($cid, $type)
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09, $LANG_LOGIN;
if (COM_isAnonUser()) {
$retval = COM_siteHeader('menu', $LANG_LOGIN[1]);
$retval .= SEC_loginRequiredForm();
$retval .= COM_siteFooter();
return $retval;
}
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}");
$result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid . " AND type = '" . DB_escapeString($type) . "'");
$A = DB_fetchArray($result);
$title = $A['title'];
$comment = $A['comment'];
// strip HTML if posted in HTML mode
if (preg_match('/<.*>/', $comment) != 0) {
$comment = strip_tags($comment);
}
$author = COM_getDisplayName($A['uid']);
if ($A['uid'] <= 1 && !empty($A['ipaddress'])) {
// add IP address for anonymous posters
$author .= ' (' . $A['ipaddress'] . ')';
}
$mailbody = sprintf($LANG03[26], $username);
$mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n";
if ($type != 'article' && $type != 'poll') {
$mailbody .= "{$LANG09['5']}: {$type}\n";
}
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $comment . "\n\n";
}
$mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27];
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
COM_updateSpeedlimit('mail');
return COM_refresh($_CONF['site_url'] . '/index.php?msg=27');
}
/**
* Kicks off the appropriate search(es)
*
* Initiates the search engine and returns HTML formatted
* results. It also provides support to plugins using a
* search API. Backwards compatibility has been incorporated
* in this function to allow legacy support to plugins using
* the old API calls defined versions prior to Geeklog 1.5.1
*
* @return string HTML output for search results
*
*/
public function doSearch()
{
global $_CONF, $LANG01, $LANG09, $LANG31;
// Verify current user can perform requested search
if (!$this->_isSearchAllowed()) {
return SEC_loginRequiredForm();
}
// When full text searches are enabled, make sure the min. query length
// is 3 characters. Otherwise, make sure at least one of query string,
// author, or topic is not empty.
if (empty($this->_query) && empty($this->_author) && empty($this->_topic) || $_CONF['search_use_fulltext'] && strlen($this->_query) < 3) {
$retval = '<p>' . $LANG09[41] . '</p>' . LB;
$retval .= $this->showForm();
return $retval;
}
// Build the URL strings
$this->_searchURL = $_CONF['site_url'] . '/search.php?query=' . urlencode($this->_query) . (!empty($this->_keyType) ? '&keyType=' . $this->_keyType : '') . (!empty($this->_dateStart) ? '&datestart=' . $this->_dateStart : '') . (!empty($this->_dateEnd) ? '&dateend=' . $this->_dateEnd : '') . (!empty($this->_topic) ? '&topic=' . $this->_topic : '') . (!empty($this->_author) ? '&author=' . $this->_author : '') . ($this->_titlesOnly ? '&title=true' : '');
$url = "{$this->_searchURL}&type={$this->_type}&mode=";
$obj = new ListFactory($url . 'search', $_CONF['search_limits'], $_CONF['num_search_results']);
$obj->setField('ID', 'id', false);
$obj->setField('URL', 'url', false);
$show_num = $_CONF['search_show_num'];
$show_type = $_CONF['search_show_type'];
$show_user = $_CONF['contributedbyline'];
$show_hits = !$_CONF['hideviewscount'];
$style = isset($_CONF['search_style']) ? $_CONF['search_style'] : 'google';
if ($style == 'table') {
$obj->setStyle('table');
// Title Name Display Sort Format
$obj->setField($LANG09[62], LF_ROW_NUMBER, $show_num, false, '<b>%d.</b>');
$obj->setField($LANG09[5], LF_SOURCE_TITLE, $show_type, true, '<b>%s</b>');
$obj->setField($LANG09[16], 'title', true, true);
$obj->setField($LANG09[63], 'description', true, false);
$obj->setField($LANG09[17], 'date', true, true);
$obj->setField($LANG09[18], 'uid', $show_user, true);
$obj->setField($LANG09[50], 'hits', $show_hits, true);
$this->_wordlength = 7;
} else {
if ($style == 'google') {
$sort_uid = $this->_author == '' ? true : false;
$sort_date = empty($this->_dateStart) || empty($this->_dateEnd) || $this->_dateStart != $this->_dateEnd ? true : false;
$sort_type = $this->_type == 'all' ? true : false;
$obj->setStyle('inline');
$obj->setField('', LF_ROW_NUMBER, $show_num, false, '<b>%d.</b>');
$obj->setField($LANG09[16], 'title', true, true, '%s<br' . XHTML . '>');
$obj->setField('', 'description', true, false, '%s<br' . XHTML . '>');
$obj->setField('', '_html', true, false, '<span class="searchresult-byline">');
$obj->setField($LANG09[18], 'uid', $show_user, $sort_uid, $LANG01[104] . ' %s ');
$obj->setField($LANG09[17], 'date', true, $sort_date, $LANG01[36] . ' %s');
$obj->setField($LANG09[5], LF_SOURCE_TITLE, $show_type, $sort_type, ' - %s');
$obj->setField($LANG09[50], 'hits', $show_hits, true, ' - %s ' . $LANG09[50]);
$obj->setField('', '_html', true, false, '</span>');
$this->_wordlength = 50;
}
}
// get default sort order
$default_sort = explode('|', $_CONF['search_def_sort']);
$obj->setDefaultSort($default_sort[0], $default_sort[1]);
// set this only now, for compatibility with PHP 4
$obj->setRowFunction(array($this, 'searchFormatCallback'));
// Start search timer
$searchtimer = new timerobject();
$searchtimer->setPrecision(4);
$searchtimer->startTimer();
// Have plugins do their searches
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 1;
$result_plugins = PLG_doSearch($this->_query, $this->_dateStart, $this->_dateEnd, $this->_topic, $this->_type, $this->_author, $this->_keyType, $page, 5);
// Add core searches
$result_plugins = array_merge($result_plugins, $this->_searchStories());
// Loop through all plugins separating the new API from the old
$new_api = 0;
$old_api = 0;
$num_results = 0;
foreach ($result_plugins as $result) {
if (is_a($result, 'SearchCriteria')) {
$debug_info = $result->getName() . ' using APIv2';
if ($this->_type != 'all' && $this->_type != $result->getName()) {
if ($this->_verbose) {
$new_api++;
COM_errorLog($debug_info . '. Skipped as type is not ' . $this->_type);
}
continue;
}
$api_results = $result->getResults();
if (!empty($api_results)) {
$obj->addResultArray($api_results);
}
$api_callback_func = $result->getCallback();
if (!empty($api_callback_func)) {
$debug_info .= ' with Callback Function.';
$obj->setCallback($result->getLabel(), $result->getName(), $api_callback_func, $result->getRank(), $result->getTotal());
} else {
if ($result->getSQL() != '' || $result->getFTSQL() != '') {
if ($_CONF['search_use_fulltext'] == true && $result->getFTSQL() != '') {
$sql = $result->getFTSQL();
} else {
$sql = $result->getSQL();
}
$sql = $this->_convertsql($sql);
$debug_info .= ' with SQL = ' . print_r($sql, 1);
$obj->setQuery($result->getLabel(), $result->getName(), $sql, $result->getRank());
}
}
$this->_url_rewrite[$result->getName()] = $result->UrlRewriteEnable();
$this->_append_query[$result->getName()] = $result->AppendQueryEnable();
if ($this->_verbose) {
$new_api++;
COM_errorLog($debug_info);
}
} else {
if (is_a($result, 'Plugin') && $result->num_searchresults != 0) {
// Some backwards compatibility
if ($this->_verbose) {
$old_api++;
$debug_info = $result->plugin_name . ' using APIv1 with backwards compatibility.';
$debug_info .= ' Count: ' . $result->num_searchresults;
$debug_info .= ' Headings: ' . implode(',', $result->searchheading);
COM_errorLog($debug_info);
}
// Find the column heading names that closely match what we are looking for
// There may be issues here on different languages, but this _should_ capture most of the data
$col_title = $this->_findColumn($result->searchheading, array($LANG09[16], $LANG31[4], 'Question', 'Site Page'));
//Title,Subject
$col_desc = $this->_findColumn($result->searchheading, array($LANG09[63], 'Answer'));
$col_date = $this->_findColumn($result->searchheading, array($LANG09[17]));
//'Date','Date Added','Last Updated','Date & Time'
$col_user = $this->_findColumn($result->searchheading, array($LANG09[18], 'Submited by'));
$col_hits = $this->_findColumn($result->searchheading, array($LANG09[50], $LANG09[23], 'Downloads', 'Clicks'));
//'Hits','Views'
$label = str_replace($LANG09[59], '', $result->searchlabel);
$num_results += $result->num_itemssearched;
// Extract the results
for ($i = 0; $i < 5; $i++) {
// If the plugin does not repect the $perpage perameter force it here.
$j = $i + $page * 5 - 5;
if ($j >= count($result->searchresults)) {
break;
}
$old_row = $result->searchresults[$j];
if ($col_date != -1) {
// Convert the date back to a timestamp
$date = $old_row[$col_date];
$date = substr($date, 0, strpos($date, '@'));
$date = $date == '' ? $old_row[$col_date] : strtotime($date);
}
$api_results = array(LF_SOURCE_NAME => $result->plugin_name, LF_SOURCE_TITLE => $label, 'title' => $col_title == -1 ? '<i>' . $LANG09[70] . '</i>' : $old_row[$col_title], 'description' => $col_desc == -1 ? '<i>' . $LANG09[70] . '</i>' : $old_row[$col_desc], 'date' => $col_date == -1 ? ' ' : $date, 'uid' => $col_user == -1 ? ' ' : $old_row[$col_user], 'hits' => $col_hits == -1 ? '0' : str_replace(',', '', $old_row[$col_hits]));
preg_match('/href="([^"]+)"/i', $api_results['title'], $links);
$api_results['url'] = empty($links) ? '#' : $links[1];
$obj->addResult($api_results);
}
}
}
}
// Find out how many plugins are on the old/new system
if ($this->_verbose) {
COM_errorLog('Search Plugins using APIv1: ' . $old_api . ' APIv2: ' . $new_api);
}
// Execute the queries
$results = $obj->ExecuteQueries();
// Searches are done, stop timer
$searchtime = $searchtimer->stopTimer();
$escquery = htmlspecialchars($this->_query);
$escquery = str_replace(array('{', '}'), array('{', '}'), $escquery);
if ($this->_keyType == 'any') {
$searchQuery = str_replace(' ', "</b>' " . $LANG09[57] . " '<b>", $escquery);
$searchQuery = "<b>'{$searchQuery}'</b>";
} else {
if ($this->_keyType == 'all') {
$searchQuery = str_replace(' ', "</b>' " . $LANG09[56] . " '<b>", $escquery);
$searchQuery = "<b>'{$searchQuery}'</b>";
} else {
$searchQuery = $LANG09[55] . " '<b>{$escquery}</b>'";
}
}
// Clean the query string so that sprintf works as expected
$searchQuery = str_replace('%', '%%', $searchQuery);
$retval = "{$LANG09[25]} {$searchQuery}. ";
if (count($results) == 0) {
$retval .= sprintf($LANG09[24], 0);
$retval = '<p>' . $retval . '</p>' . LB;
$retval .= '<p>' . $LANG09[13] . '</p>' . LB;
$retval .= $this->showForm();
} else {
$retval .= $LANG09[64] . " ({$searchtime} {$LANG09[27]}). ";
$retval .= str_replace('%', '%%', COM_createLink($LANG09[61], $url . 'refine'));
$retval = '<p>' . $retval . '</p>' . LB;
$retval = $obj->getFormattedOutput($results, $LANG09[11], $retval, '', $_CONF['search_show_sort'], $_CONF['search_show_limit']);
}
return $retval;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($mode !== 'autotag') {
$_CONF['pagetitle'] = $output['sp_title'];
}
} else {
// an error occured (page not found, access denied, ...)
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter();
}
} else {
if ($mode !== 'autotag') {
COM_404();
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['sp_date']));
$output['updated'] = date('c', strtotime($output['sp_date']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY sp_date DESC";
$sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['sp_date']));
$output_item['updated'] = date('c', strtotime($output_item['sp_date']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @return string HTML for user profile page
*
*/
function userprofile()
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN;
// @param int $user User ID of profile to get
// @param int $msg Message to display (if != 0)
// @param string $plugin optional plugin name for message
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
return $retval;
}
if (isset($_GET['uid'])) {
$user = COM_applyFilter($_GET['uid'], true);
if (!is_numeric($user) || $user < 2) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
if (isset($_GET['username'])) {
$username = $_GET['username'];
if (!USER_validateUsername($username, 1)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
if (empty($username) || $username == '') {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_escapeString($username);
$user = DB_getItem($_TABLES['users'], 'uid', "username = '******'");
if ($user < 2) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
}
$msg = 0;
if (isset($_GET['msg'])) {
$msg = COM_applyFilter($_GET['msg'], true);
}
$plugin = '';
if ($msg > 0 && isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
$nrows = DB_numRows($result);
if ($nrows == 0) {
// no such user
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
}
$display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt());
if ($msg > 0) {
$retval .= COM_showMessage($msg, $plugin, '', 0, 'info');
}
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('tooltip', COM_getTooltipStyle());
if ($_CONF['show_fullname'] == 1) {
if (empty($A['fullname'])) {
$username = $A['username'];
$fullname = '';
} else {
$username = $A['fullname'];
$fullname = $A['username'];
}
} else {
$username = $A['username'];
$fullname = '';
}
$username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt());
$fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt());
if ($A['status'] == USER_ACCOUNT_DISABLED) {
$username = sprintf('%s - %s', $username, $LANG28[42]);
if (!empty($fullname)) {
$fullname = sprintf('% - %s', $fullname, $LANG28[42]);
}
}
$user_templates->set_var('username', $username);
$user_templates->set_var('user_fullname', $fullname);
if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) {
global $_IMAGE_TYPE, $LANG_ADMIN;
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
if ($_USER['uid'] == $A['uid']) {
$edit_url = "{$_CONF['site_url']}/usersettings.php";
} else {
$edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&uid={$A['uid']}";
}
$edit_link_url = COM_createLink($edit_icon, $edit_url);
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_url);
} else {
$user_templates->set_var('user_edit', '');
}
if (isset($A['photo']) && empty($A['photo'])) {
$A['photo'] = '(none)';
// user does not have a photo
}
$lastlogin = $A['lastlogin'];
$lasttime = COM_getUserDateTimeFormat($lastlogin);
$photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
if ($_CONF['lastlogin'] && $A['showonline']) {
$user_templates->set_var('lang_lastlogin', $LANG28[35]);
if (!empty($lastlogin)) {
$user_templates->set_var('user_lastlogin', $lasttime[0]);
} else {
$user_templates->set_var('user_lastlogin', $LANG28[36]);
}
}
if ($A['showonline']) {
if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) {
$user_templates->set_var('online', 'online');
}
}
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
if ($A['email'] == '' || $A['emailfromuser'] == 0) {
$user_templates->set_var('email_option', '');
} else {
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->parse('email_option', 'email', true);
}
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_online', $LANG04[160]);
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br($A['about']));
$user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml'));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
}
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name);
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name);
}
$user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name);
$result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$nrows = DB_numRows($result);
$tids = array();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (sizeof($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => '')));
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
}
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
// list of last 10 comments by this user
$sidArray = array();
if (sizeof($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray($result);
$sidArray[] = $S['sid'];
}
}
$sidList = implode("', '", $sidArray);
$sidList = "'{$sidList}'";
// then, find all comments by the user in those stories
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty($sidList)) {
$sql .= " HAVING sid in ({$sidList})";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$C['title'] = str_replace('$', '$', $C['title']);
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => '')));
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row', 'row', true);
}
} else {
$user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
}
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")";
if (!empty($sidList)) {
$sql .= " AND (sid in ({$sidList}))";
}
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
}
// hook to the profile icon display
$profileIcons = PLG_profileIconDisplay($user);
if (is_array($profileIcons) && count($profileIcons) > 0) {
$user_templates->set_block('profile', 'profileicon', 'pi');
for ($x = 0; $x < count($profileIcons); $x++) {
if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') {
$user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']);
$user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']);
$user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']);
$user_templates->parse('pi', 'profileicon', true);
}
}
}
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($user));
}
PLG_profileVariablesDisplay($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($user);
return $retval;
}
/**
* Send report about abusive comment
*
* @param string $cid comment id
* @param string $type type of comment ('article', 'polls', ...)
* @return string Meta refresh or HTML for error message
*
*/
function CMT_sendReport($cid, $type)
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08;
if (COM_isAnonUser()) {
$retval = SEC_loginRequiredForm();
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
return $retval;
}
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}");
$result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = {$cid} AND type = '{$type}'");
$A = DB_fetchArray($result);
$title = stripslashes($A['title']);
$comment = stripslashes($A['comment']);
// strip HTML if posted in HTML mode
if (preg_match('/<.*>/', $comment) != 0) {
$comment = strip_tags($comment);
}
$author = COM_getDisplayName($A['uid']);
if ($A['uid'] <= 1 && !empty($A['ipaddress'])) {
// add IP address for anonymous posters
$author .= ' (' . $A['ipaddress'] . ')';
}
$mailbody = sprintf($LANG03[26], $username);
$mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n";
if ($type != 'article') {
$mailbody .= "{$LANG09['5']}: {$type}\n";
}
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $comment . "\n\n";
}
$mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27];
if (COM_mail($_CONF['site_mail'], $mailsubject, $mailbody)) {
$msg = 27;
// message sent
} else {
$msg = 85;
// problem sending the email
}
COM_updateSpeedlimit('mail');
return COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}");
}
function handleunSubscribe($sid, $type)
{
global $_CONF, $_TABLES, $_USER;
$dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url'];
if ($dirty_referer == '') {
$dirty_referer = $_CONF['site_url'];
}
$referer = COM_sanitizeUrl($dirty_referer);
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
if (strcasecmp($referer, $_CONF['site_url'] . '/users.php') == 0) {
$referer = $_CONF['site_url'];
}
$hasargs = strstr($referer, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
if (COM_isAnonUser()) {
$display = COM_siteHeader();
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
$rc = PLG_unsubscribe('comment', $type, $sid);
echo COM_refresh($referer . $sep . 'msg=521' . '#comments');
exit;
}
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param int $user User ID of profile to get
* @param int $msg Message to display (if != 0)
* @return string HTML for user profile page
*
*/
function userprofile($user, $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= COM_siteHeader('menu');
$retval .= SEC_loginRequiredForm();
$retval .= COM_siteFooter();
return $retval;
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
$nrows = DB_numRows($result);
if ($nrows == 0) {
// no such user
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$display_name = COM_getDisplayName($user, $A['username'], $A['fullname']);
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
if ($_CONF['show_fullname'] == 1) {
$user_templates->set_var('username', $A['fullname']);
$user_templates->set_var('user_fullname', $A['username']);
} else {
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('user_fullname', $A['fullname']);
}
if (SEC_hasRights('user.edit')) {
global $_IMAGE_TYPE, $LANG_ADMIN;
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
$edit_link_url = '<li>' . COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?edit=x&uid={$A['uid']}") . '</li>';
$user_templates->set_var('edit_link', $edit_link_url);
}
$photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
if ($A['email'] != '') {
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->parse('email_option', 'email', true);
} else {
$user_templates->set_var('email_option', '');
}
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br($A['about']));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$nrows = DB_numRows($result);
$tids = array();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (sizeof($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => 'b')));
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
}
// list of last 10 comments by this user
$sidArray = array();
if (sizeof($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray($result);
$sidArray[] = $S['sid'];
}
}
$sidList = implode("', '", $sidArray);
$sidList = "'" . DB_escapeString($sidList) . "'";
// then, find all comments by the user in those stories
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty($sidList)) {
$sql .= " HAVING sid in ({$sidList})";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => 'b')));
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row', 'row', true);
}
} else {
$user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = '{$user}')";
if (!empty($sidList)) {
$sql .= " AND (sid in ({$sidList}))";
}
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($user));
}
PLG_profileVariablesDisplay($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($user);
return $retval;
}
/**
* Display form to email a story to someone.
*
* @param string $sid ID of article to email
* @param bool $cc Whether to send a copy of the message to the author
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @param string $msg Error message code
* @return string HTML for email story form
*
*/
function mailstoryform($sid, $cc = false, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG08;
require_once $_CONF['path_system'] . 'lib-story.php';
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
COM_redirect($_CONF['site_url'] . '/index.php');
}
if ($msg > 0) {
$retval .= COM_showMessage($msg);
}
if (empty($from) && empty($fromemail)) {
if (!COM_isAnonUser()) {
$from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
$fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
}
}
$cc = $cc ? ' checked="checked"' : '';
$mail_template = COM_newTemplate($_CONF['path_layout'] . 'profiles');
$mail_template->set_file('form', 'contactauthorform.thtml');
$mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
$mail_template->set_var('lang_title', $LANG08[31]);
$mail_template->set_var('story_title', $story->displayElements('title'));
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
$mail_template->set_var('story_url', $url);
$link = COM_createLink($story->displayElements('title'), $url);
$mail_template->set_var('story_link', $link);
$mail_template->set_var('lang_fromname', $LANG08[20]);
$mail_template->set_var('name', $from);
$mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
$mail_template->set_var('email', $fromemail);
$mail_template->set_var('lang_toname', $LANG08[18]);
$mail_template->set_var('toname', $to);
$mail_template->set_var('lang_toemailaddress', $LANG08[19]);
$mail_template->set_var('toemail', $toemail);
if (!$_CONF['mail_cc_enabled']) {
$mail_template->set_var('cc_enabled', ' style="display: none"');
} else {
$mail_template->set_var('cc', $cc);
$mail_template->set_var('lang_cc', $LANG08[36]);
$mail_template->set_var('lang_cc_description', $LANG08[37]);
}
$mail_template->set_var('lang_shortmessage', $LANG08[27]);
$mail_template->set_var('shortmsg', htmlspecialchars($shortmsg));
$mail_template->set_var('lang_warning', $LANG08[22]);
$mail_template->set_var('lang_sendmessage', $LANG08[16]);
$mail_template->set_var('story_id', $sid);
$mail_template->set_var('end_block', COM_endBlock());
PLG_templateSetVars('emailstory', $mail_template);
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
return $retval;
}
/**
* Shows a profile for a user
* This grabs the user profile for a given user and displays it
*
* @param int $uid User ID of profile to get
* @param boolean $preview whether being called as preview from My Account
* @param int $msg Message to display (if != 0)
* @param string $plugin optional plugin name for message
* @return string HTML for user profile page
*/
function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '')
{
global $_CONF, $_TABLES, $_USER, $_IMAGE_TYPE, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN, $LANG_ADMIN;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LOGIN[1]));
return $retval;
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$uid}");
$numRows = DB_numRows($result);
if ($numRows == 0) {
// no such user
COM_handle404();
}
$A = DB_fetchArray($result);
if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
}
if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) {
COM_handle404();
}
$display_name = COM_getDisplayName($uid, $A['username'], $A['fullname']);
$display_name = htmlspecialchars($display_name);
if (!$preview) {
if ($msg > 0) {
$retval .= COM_showMessage($msg, $plugin);
}
}
// format date/time to user preference
$currentTime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $currentTime[0];
$user_templates = COM_newTemplate($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
if ($_CONF['show_fullname'] == 1) {
if (empty($A['fullname'])) {
$userName = $A['username'];
$fullName = '';
} else {
$userName = $A['fullname'];
$fullName = $A['username'];
}
} else {
$userName = $A['username'];
$fullName = $A['fullname'];
}
$userName = htmlspecialchars($userName);
$fullName = htmlspecialchars($fullName);
if ($A['status'] == USER_ACCOUNT_DISABLED) {
$userName = sprintf('<s title="%s">%s</s>', $LANG28[42], $userName);
if (!empty($fullName)) {
$fullName = sprintf('<s title="%s">%s</s>', $LANG28[42], $fullName);
}
}
$user_templates->set_var('username', $userName);
$user_templates->set_var('user_fullname', $fullName);
if ($preview) {
$user_templates->set_var('edit_icon', '');
$user_templates->set_var('edit_link', '');
$user_templates->set_var('user_edit', '');
} elseif (!COM_isAnonUser() && $_USER['uid'] == $uid) {
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[48] . '" title="' . $LANG01[48] . '"' . XHTML . '>';
$edit_link_url = COM_createLink($edit_icon, $_CONF['site_url'] . '/usersettings.php');
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_link_url);
} elseif (SEC_hasRights('user.edit')) {
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
$edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}");
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_link_url);
}
if (isset($A['photo']) && empty($A['photo'])) {
$A['photo'] = '(none)';
// user does not have a photo
}
$photo = USER_getPhoto($uid, $A['photo'], $A['email'], -1);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $uid);
$user_templates->set_var('uid', $uid);
if ($A['email'] != '') {
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->parse('email_option', 'email', true);
} else {
$user_templates->set_var('email_option', '');
}
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', COM_nl2br(stripslashes($A['about'])));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', COM_nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$tids = TOPIC_getList(0, true, false);
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (count($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND') . "\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1\n ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$numRows = DB_numRows($result);
} else {
$numRows = 0;
}
if ($numRows > 0) {
for ($i = 0; $i < $numRows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
$storyTime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storyTime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$story_row = $LANG01[37];
if ($_CONF['supported_version_theme'] == '1.8.1') {
$story_row = '<tr><td>' . $story_row . '</td></tr>';
}
$user_templates->set_var('story_row', $story_row);
}
// list of last 10 comments by this user
$new_plugin_comments = PLG_getWhatsNewComment('', 10, $uid);
if (!empty($new_plugin_comments)) {
// Sort array by element lastdate newest to oldest
foreach ($new_plugin_comments as $k => $v) {
$b[$k] = strtolower($v['unixdate']);
}
arsort($b);
foreach ($b as $key => $val) {
$temp[] = $new_plugin_comments[$key];
}
$new_plugin_comments = $temp;
$i = 0;
foreach ($new_plugin_comments as $C) {
$i = $i + 1;
$user_templates->set_var('cssid', $i % 2);
$user_templates->set_var('row_number', $i . '.');
$C['title'] = str_replace('$', '$', $C['title']);
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
$commentTime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commentTime[0]);
$user_templates->parse('comment_row', 'row', true);
if ($i == 10) {
break;
}
}
} else {
$comment_row = $LANG01[29];
if ($_CONF['supported_version_theme'] == '1.8.1') {
$comment_row = '<tr><td>' . $comment_row . '</td></tr>';
}
$user_templates->set_var('comment_row', $comment_row);
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$uid})";
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($uid));
}
PLG_profileVariablesDisplay($uid, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($uid);
if (!$preview) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[1] . ' ' . $display_name));
}
return $retval;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = array();
$sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
$sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($output['template_id'] != '') {
$retval = '';
$mode = '';
$xmlObject = simplexml_load_string($output['sp_content']);
// create array of XML data
$tag = array();
foreach ($xmlObject->variable as $variable) {
$key = $variable["name"] . '';
$value = $variable->data;
$tag[$key] = $value;
}
// Loop through variables to replace any autotags first
foreach ($tag as &$value) {
$value = PLG_replaceTags($value);
}
$args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
$svc_msg = array();
if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
$retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
$output['sp_content'] = $retval['sp_content'];
}
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
} else {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['deny_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['created']));
$output['updated'] = date('c', strtotime($output['modified']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['page_title'] = $output['sp_page_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY modified DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['created']));
$output_item['updated'] = date('c', strtotime($output_item['modified']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['page_title'] = $output_item['sp_page_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Display form to email a story to someone.
*
* @param string $sid ID of article to email
* @return string HTML for email story form
*
*/
function mailstoryform($sid, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG_LOGIN;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
$display = COM_siteHeader('menu', $LANG_LOGIN[1]);
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND'));
$A = DB_fetchArray($result);
if ($A['count'] == 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if ($msg > 0) {
$retval .= COM_showMessage($msg, '', '', 0, 'info');
}
if (empty($from) && empty($fromemail)) {
if (!COM_isAnonUser()) {
$from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
$fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
}
}
$postmode = $_CONF['mailuser_postmode'];
$mail_template = new Template($_CONF['path_layout'] . 'profiles');
$mail_template->set_file('form', 'contactauthorform.thtml');
if ($postmode == 'html') {
$mail_template->set_var('show_htmleditor', true);
} else {
$mail_template->unset_var('show_htmleditor');
}
$mail_template->set_var('lang_postmode', $LANG03[2]);
$mail_template->set_var('postmode', $postmode);
$mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
$mail_template->set_var('lang_fromname', $LANG08[20]);
$mail_template->set_var('name', $from);
$mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
$mail_template->set_var('email', $fromemail);
$mail_template->set_var('lang_toname', $LANG08[18]);
$mail_template->set_var('toname', $to);
$mail_template->set_var('lang_toemailaddress', $LANG08[19]);
$mail_template->set_var('toemail', $toemail);
$mail_template->set_var('lang_shortmessage', $LANG08[27]);
$mail_template->set_var('shortmsg', @htmlspecialchars($shortmsg, ENT_COMPAT, COM_getEncodingt()));
$mail_template->set_var('lang_warning', $LANG08[22]);
$mail_template->set_var('lang_sendmessage', $LANG08[16]);
$mail_template->set_var('story_id', $sid);
PLG_templateSetVars('emailstory', $mail_template);
$mail_template->set_var('end_block', COM_endBlock());
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
return $retval;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
// Topic Permissions
$topic_perms = COM_getTopicSQL('', 0, 'ta');
if ($topic_perms != "") {
$topic_perms = " AND (" . $topic_perms . "";
if (COM_onFrontpage()) {
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
} else {
// $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
}
}
$topic_perms .= " GROUP BY sp_id";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
$page = $output['sp_id'];
// reset page id so case mimics id perfectly since this affects the cache file and canonical link
// WE ASSUME $output doesn't have any confidential fields
// Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
if (!isset($args['template'])) {
$output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
}
if ($failflg) {
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output = COM_createHTMLDocument($output, array('rightblock' => true));
}
} else {
if ($mode !== 'autotag') {
COM_handle404();
}
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['created']));
$output['updated'] = date('c', strtotime($output['modified']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['page_title'] = $output['sp_page_title'];
$output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY modified DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count++;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['created']));
$output_item['updated'] = date('c', strtotime($output_item['modified']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['page_title'] = $output_item['sp_page_title'];
//$output_item['category'] = array($output_item['sp_tid']);
$output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
//$output_item['content'] = $output_item['sp_content'];
$output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
function FF_bookmarks()
{
global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92;
$retval = '';
$pageTitle = $LANG_GF01['BOOKMARKS'];
if (COM_isAnonUser()) {
$retval .= SEC_loginRequiredForm();
return array($pageTitle, $retval);
}
$T = new Template($_CONF['path'] . 'plugins/forum/templates/');
$T->set_file('list', 'lists.thtml');
USES_lib_admin();
$header_arr = array(array('text' => '#', 'field' => 'bookmark', 'sort' => false), array('text' => $LANG_GF01['FORUM'], 'field' => 'forum_name', 'sort' => true), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject', 'sort' => true), array('text' => $LANG_GF01['AUTHOR'], 'field' => 'name', 'sort' => true), array('text' => $LANG_GF01['REPLIES'], 'field' => 'replies', 'sort' => true), array('text' => $LANG_GF01['VIEWS'], 'field' => 'views', 'sort' => true), array('text' => $LANG_GF01['DATE'], 'field' => 'date', 'sort' => true, 'nowrap' => true));
if ($_FF_CONF['usermenu'] == 'navbar') {
$T->set_var('navbar', FF_NavbarMenu($LANG_GF01['BOOKMARKS']));
}
$T->set_var('block_start', COM_startBlock($LANG_GF01['BOOKMARKS'], '', COM_getBlockTemplate('_admin_block', 'header')));
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_url'] . '/forum/list.php?op=bookmarks', 'help_url' => '');
$defsort_arr = array('field' => 'date', 'direction' => 'DESC');
$sql = "SELECT * FROM {$_TABLES['ff_bookmarks']} AS bookmarks LEFT JOIN {$_TABLES['ff_topic']} AS topics ON bookmarks.topic_id=topics.id LEFT JOIN {$_TABLES['ff_forums']} AS forums ON topics.forum=forums.forum_id WHERE topics.id != '' AND bookmarks.uid=" . $_USER['uid'];
$query_arr = array('table' => 'ff_bookmarks', 'sql' => $sql, 'query_fields' => array('topics.date', 'topics.subject', 'topics.comment', 'topics.name', 'topics.replies', 'topics.views', 'id', 'forum', 'forum_name'), 'default_filter' => '');
$T->set_var('list_data', ADMIN_list('bookmarks', '_ff_getListField_forum', $header_arr, $text_arr, $query_arr, $defsort_arr));
$T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$T->parse('output', 'list');
$retval = $T->finish($T->get_var('output'));
return array($pageTitle, $retval);
}
}
USES_forum_functions();
USES_forum_format();
require_once $_CONF['path_system'] . 'classes/timer.class.php';
$forum = isset($_REQUEST['forum']) ? COM_applyFilter($_REQUEST['forum'], true) : 0;
$show = isset($_REQUEST['show']) ? COM_applyFilter($_REQUEST['show'], true) : 0;
$page = isset($_REQUEST['page']) ? COM_applyFilter($_REQUEST['page'], true) : 0;
$order = isset($_REQUEST['order']) ? COM_applyFilter($_REQUEST['order'], true) : 0;
$sort = isset($_REQUEST['sort']) ? COM_applyFilter($_REQUEST['sort'], true) : 0;
$cat_id = isset($_REQUEST['cat_id']) ? COM_applyFilter($_REQUEST['cat_id'], true) : 0;
$forum_id = isset($_REQUEST['forum_id']) ? COM_applyFilter($_REQUEST['forum_id'], true) : 0;
$op = isset($_REQUEST['op']) ? COM_applyFilter($_REQUEST['op']) : '';
//Check is anonymous users can access
if ($_FF_CONF['registration_required'] && COM_isAnonUser()) {
$display = COM_siteHeader();
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
/*
* Initialize vars
*/
$canPost = 0;
$display = '';
$pageBody = '';
$todaysdate = date("l, F d, Y");
forum_chkUsercanAccess();
// Check to see if request to mark all topics read was requested
if (!COM_isAnonUser() && $op == 'markallread') {
$now = time();
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
/**
* Login form
* @package paypal
*/
/**
* require core geeklog code
*/
require_once '../lib-common.php';
// take user back to the homepage if the plugin is not active
if (!in_array('paypal', $_PLUGINS)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
/* Ensure sufficient privs to read this page */
paypal_access_check();
//Main
$display = PAYPAL_siteHeader($_PAY_CONF['seo_shop_title']);
if (SEC_hasRights('paypal.user', 'paypal.admin')) {
$display .= paypal_user_menu();
} else {
$display .= paypal_viewer_menu();
}
if (!empty($_REQUEST['msg'])) {
$display .= COM_showMessageText(stripslashes($_REQUEST['msg']), $LANG_PAYPAL_1['message']);
}
$display .= '<div id="login">' . SEC_loginRequiredForm() . '</div>';
$display .= PAYPAL_siteFooter();
COM_output($display);
/**
* Shows an error message to anonymous users
*
* This is called when anonymous users attempt to access search
* functionality that has been locked down by the glFusion admin.
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* @access private
* @return string HTML output for error message
*
*/
function _getAccessDeniedMessage()
{
return SEC_loginRequiredForm();
}
* @copyright Copyright (c) 2008 - 2010 Mark R. Evans mark AT glfusion DOT org
* @package evlist
* @version 1.3.0
* @license http://opensource.org/licenses/gpl-2.0.php
* GNU Public License v2 or later
* @filesource
*/
/** Import core glFusion libraries */
require_once '../lib-common.php';
if (!in_array('evlist', $_PLUGINS)) {
COM_404();
}
// allow_anon_view is set by functions.inc if global login_required is on
if (COM_isAnonUser() && $_EV_CONF['allow_anon_view'] != '1') {
$content = COM_siteHeader();
$content .= SEC_loginRequiredForm();
$content .= COM_siteFooter();
echo $content;
exit;
}
USES_evlist_functions();
USES_evlist_views();
//var_dump($_GET);die;
/*
* MAIN
*/
COM_setArgNames(array('view', 'range', 'cat'));
if (isset($_GET['view'])) {
$view = COM_applyFilter($_GET['view']);
} elseif (isset($_POST['view'])) {
$view = COM_applyFilter($_POST['view']);
