function gen_comment_feeds()
{
global $dbtable_prefix;
require_once _BASEPATH_ . '/includes/access_levels.inc.php';
$short_blog_chars = 400;
if (allow_at_level('read_blogs')) {
// if non-members are allowed to read blogs...
require_once _BASEPATH_ . '/includes/classes/rss_writer.class.php';
$rss_writer_object = new rss_writer_class();
$rss_writer_object->specification = '1.0';
$rss_writer_object->about = _BASEURL_ . '/rss/latest-comments.xml';
// $rss_writer_object->rssnamespaces['dc']='http://purl.org/dc/elements/1.1/';
$properties = array();
$properties['description'] = 'Latest blog comments on ' . _SITENAME_;
$properties['link'] = _BASEURL_;
$properties['title'] = 'Latest Blog Comments';
// $properties['dc:date']=mktime(gmdate('H'),gmdate('i'),gmdate('s'),gmdate('m'),gmdate('d'),gmdate('Y'));
$rss_writer_object->addchannel($properties);
$query = "SELECT a.`comment_id`,a.`fk_user_id`,c.`alt_url` as `profile_url`,a.`_user`,a.`comment`,b.`post_id`,b.`title`,b.`alt_url` as `post_url` FROM `{$dbtable_prefix}comments_blog` a LEFT JOIN `{$dbtable_prefix}user_profiles` c ON a.`fk_user_id`=c.`fk_user_id`,`{$dbtable_prefix}blog_posts` b WHERE a.`fk_parent_id`=b.`post_id` AND a.`status`=" . STAT_APPROVED . " AND b.`is_public`=1 AND b.`status`=" . STAT_APPROVED . " ORDER BY a.`date_posted` DESC LIMIT 10";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow = mysql_fetch_assoc($res)) {
$properties = array();
if (strlen($rsrow['comment']) < $short_blog_chars) {
$properties['description'] = $rsrow['comment'];
} else {
$properties['description'] = substr($rsrow['comment'], 0, strrpos(substr($rsrow['comment'], 0, $short_blog_chars), ' '));
}
$properties['description'] = sanitize_and_format($properties['description'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]);
if (empty($rsrow['post_url'])) {
$properties['link'] = _BASEURL_ . '/blog_post_view.php?pid=' . $rsrow['post_id'] . '#comm' . $rsrow['comment_id'];
} else {
$properties['link'] = $rsrow['post_url'] . '#comm' . $rsrow['comment_id'];
}
$rsrow['title'] = sanitize_and_format($rsrow['title'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]);
$properties['title'] = sprintf('%1$s on "%2$s"', $rsrow['_user'], $rsrow['title']);
// $properties['dc:date']=$rsrow['date_posted'];
$rss_writer_object->additem($properties);
}
if ($rss_writer_object->writerss($towrite)) {
require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
$fileop = new fileop();
$fileop->file_put_contents(_BASEPATH_ . '/rss/latest-comments.xml', $towrite);
} else {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $rss_writer_object->error;
}
}
return true;
}
function _finish_display()
{
$myreturn = '';
if ($this->tpl->get_var_silent('widget.content') != '') {
$widget['title'] = $GLOBALS['_lang'][207];
if (allow_at_level('read_blogs')) {
$widget['title'] .= ' <a rel="external" href="' . _BASEURL_ . '/rss/latest-comments.xml" title="' . $GLOBALS['_lang'][251] . '"><img src="' . _BASEURL_ . '/images/rss-icon.gif" /></a>';
}
$widget['id'] = 'latest_blog_comments';
$this->tpl->set_file('temp', 'static/menu_widget.html');
$this->tpl->set_var('widget', $widget);
$myreturn = $this->tpl->process('temp', 'temp', TPL_OPTIONAL);
$this->tpl->drop_var('temp');
$this->tpl->drop_var('widget');
}
return $myreturn;
}
function search_results($search, $my_membership = 1)
{
global $dbtable_prefix;
global $_pfields;
$myreturn = array();
$input['acclevel_code'] = 'search_advanced';
// default access level is the one for advanced search!!!!
$search_fields = array();
$continue = false;
// for searches not based on search_fields
$select = "a.`fk_user_id`";
$from = "`{$dbtable_prefix}user_profiles` a";
$where = ' a.`status`=' . STAT_APPROVED . ' AND a.`del`=0';
$orderby = "ORDER BY a.`score` DESC";
if (isset($search['min_user_id'])) {
$where .= " AND a.`fk_user_id`>" . $search['min_user_id'];
}
// if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
// $where.=" AND a.`fk_user_id`<>'".$_SESSION[_LICENSE_KEY_]['user']['user_id']."'";
// }
// define here all search types
// you can either add fields to be read into $search_fields or build the query directly
if (isset($search['st'])) {
switch ($search['st']) {
case 'basic':
$input['acclevel_code'] = 'search_basic';
$search_fields = $GLOBALS['basic_search_fields'];
if (isset($search['wphoto'])) {
$where .= " AND a.`_photo`!=''";
}
break;
case 'adv':
$input['acclevel_code'] = 'search_advanced';
// for advanced search we get all fields
foreach ($_pfields as $field_id => $field) {
if (!empty($field->config['searchable'])) {
$search_fields[] = $field_id;
}
}
if (isset($search['wphoto'])) {
$where .= " AND a.`_photo`!=''";
}
break;
case 'user':
$input['acclevel_code'] = 'search_advanced';
$continue = true;
$input['user'] = sanitize_and_format_gpc($search, 'user', TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], '');
if (strlen($input['user']) <= 3) {
// $topass['message']['text']=$GLOBALS['_lang'][8];
// $topass['message']['type']=MESSAGE_ERROR;
$where = '';
// force no results returned.
} else {
$where .= " AND a.`_user` LIKE '" . $input['user'] . "%'";
}
break;
case 'net':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$input['fk_user_id'] = sanitize_and_format_gpc($search, 'uid', TYPE_INT, 0, 0);
$input['fk_net_id'] = sanitize_and_format_gpc($search, 'nid', TYPE_INT, 0, 0);
$select = "b.`fk_user_id_other`";
$from = "`{$dbtable_prefix}user_networks` b," . $from;
$where = "b.`fk_user_id`=" . $input['fk_user_id'] . " AND b.`fk_net_id`=" . $input['fk_net_id'] . " AND b.`nconn_status`=1 AND b.`fk_user_id_other`=a.`fk_user_id` AND " . $where;
break;
case 'new':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$orderby = "ORDER BY a.`date_added` DESC";
break;
case 'online':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$from = "`{$dbtable_prefix}online` b," . $from;
$where .= " AND b.`fk_user_id` IS NOT NULL AND b.`fk_user_id`=a.`fk_user_id`";
$orderby = "GROUP BY b.`fk_user_id` " . $orderby;
break;
case 'vote':
case 'views':
case 'comm':
// TODO
break;
default:
break;
}
}
if (allow_at_level($input['acclevel_code'], $my_membership)) {
for ($i = 0; isset($search_fields[$i]); ++$i) {
$field = $_pfields[$search_fields[$i]]->search();
$field->set_value($search);
$where .= $field->query_search();
$input = array_merge($input, $field->get_value(true));
}
if (!empty($where)) {
// if $where is empty then a condition above prevents us from searching.
$query = "SELECT {$select} FROM {$from} WHERE {$where} {$orderby}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
for ($i = 0; $i < mysql_num_rows($res); ++$i) {
$myreturn[] = mysql_result($res, $i, 0);
}
}
}
return $myreturn;
}
/**
* Creates the tpl loop to show comments and the textarea where new comments could be written. Handles the cases when user is
* not logged in or not allowed to post comments.
*
* @access public
* @param string $type the identifier for the item where comments are displayed. Can be one of 'user','photo','blog','video'
* @param int $parent_id the ID in the parent table of the item where these comments are posted.
* @param array $config reference to the $config array in the calling script. It needs 'use_captcha','bbcode_comments','smilies_comm'
* @param array $output reference to the $output array in the calling script. It injects additional variables in $output to be
* used by the template system.
*
*/
function create_comments_loop($type, $parent_id, &$output, $params = array())
{
global $dbtable_prefix, $__field2format, $_list_of_online_members, $page_last_modified_time;
$myreturn = array();
switch ($type) {
case 'user':
$table = "{$dbtable_prefix}comments_profile";
$allow_comments = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['user_id'] == $parent_id ? $_SESSION[_LICENSE_KEY_]['user']['prefs']['profile_comments'] : get_user_settings($parent_id, 'def_user_prefs', 'profile_comments');
break;
case 'blog':
$table = "{$dbtable_prefix}comments_blog";
$allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1;
break;
case 'photo':
$table = "{$dbtable_prefix}comments_photo";
$allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1;
break;
case 'video':
$table = "{$dbtable_prefix}comments_video";
$allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1;
break;
}
$config = get_site_option(array('use_captcha', 'bbcode_comments', 'smilies_comm'), 'core');
$edit_comment = sanitize_and_format_gpc($_GET, 'edit_comment', TYPE_INT, 0, 0);
$query = "SELECT a.`comment_id`,a.`comment`,a.`fk_user_id`,a.`_user` as `user`,UNIX_TIMESTAMP(a.`date_posted`) as `date_posted`,b.`_photo` as `photo` FROM `{$table}` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`fk_user_id`=b.`fk_user_id` WHERE a.`fk_parent_id`={$parent_id} AND a.`status`=" . STAT_APPROVED . " ORDER BY a.`comment_id` ASC";
if (isset($params['offset']) && isset($params['limit'])) {
$query .= " LIMIT " . $params['offset'] . ',' . $params['limit'];
$count_query = "SELECT count(*) FROM `{$table}` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`fk_user_id`=b.`fk_user_id` WHERE a.`fk_parent_id`={$parent_id} AND a.`status`=" . STAT_APPROVED;
if (!($res = @mysql_query($count_query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$totalrows = mysql_result($res, 0, 0);
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow = mysql_fetch_assoc($res)) {
if ($rsrow['date_posted'] > $page_last_modified_time) {
$page_last_modified_time = $rsrow['date_posted'];
}
// if someone has asked to edit his/her comment
if ($edit_comment == $rsrow['comment_id']) {
$output['comment_id'] = $rsrow['comment_id'];
$output['comment'] = sanitize_and_format($rsrow['comment'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
}
$rsrow['date_posted'] = strftime($_SESSION[_LICENSE_KEY_]['user']['prefs']['datetime_format'], $rsrow['date_posted'] + $_SESSION[_LICENSE_KEY_]['user']['prefs']['time_offset']);
$rsrow['comment'] = sanitize_and_format($rsrow['comment'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
if (!empty($config['bbcode_comments'])) {
$rsrow['comment'] = bbcode2html($rsrow['comment']);
}
if (!empty($config['smilies_comm'])) {
$rsrow['comment'] = text2smilies($rsrow['comment']);
}
// allow showing the edit links to rightfull owners
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $rsrow['fk_user_id'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) {
$rsrow['editme'] = true;
}
if (empty($rsrow['fk_user_id'])) {
// for the link to member profile
unset($rsrow['fk_user_id']);
} else {
if (isset($_list_of_online_members[$rsrow['fk_user_id']])) {
$rsrow['is_online'] = 'is_online';
$rsrow['user_online_status'] = $GLOBALS['_lang'][102];
} else {
$rsrow['user_online_status'] = $GLOBALS['_lang'][103];
}
}
if (empty($rsrow['photo']) || !is_file(_PHOTOPATH_ . '/t1/' . $rsrow['photo'])) {
$rsrow['photo'] = 'no_photo.gif';
}
$myreturn[] = $rsrow;
}
if (!empty($myreturn)) {
$output['show_comments'] = true;
if (isset($totalrows)) {
$output['pager'] = pager($totalrows, $params['offset'], $params['limit']);
$output['num_comments'] = $totalrows;
} else {
$output['num_comments'] = count($myreturn);
}
}
if ($allow_comments) {
// may I post comments please?
if (allow_at_level('write_comments', $_SESSION[_LICENSE_KEY_]['user']['membership'])) {
$output['allow_comments'] = true;
if (empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
if (!empty($config['use_captcha'])) {
require _BASEPATH_ . '/includes/classes/sco_captcha.class.php';
$c = new sco_captcha(_BASEPATH_ . '/includes/fonts', 4);
$_SESSION['captcha_word'] = $c->gen_rnd_string(4);
$output['rand'] = make_seed();
$output['use_captcha'] = true;
}
}
// would you let me use bbcode?
if (!empty($config['bbcode_comments'])) {
$output['bbcode_comments'] = true;
}
// if we came back after an error get what was previously posted
if (isset($_SESSION['topass']['input'])) {
$output = array_merge($output, $_SESSION['topass']['input']);
unset($_SESSION['topass']['input']);
}
} else {
unset($output['allow_comments']);
}
} else {
unset($output['allow_comments']);
}
if (!empty($edit_comment)) {
$_SERVER['QUERY_STRING'] = str_replace('&edit_comment=' . $edit_comment, '', $_SERVER['QUERY_STRING']);
}
return $myreturn;
}
/******************************************************************************
Etano
===============================================================================
File: ajax/save_user_tpl.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once dirname(__FILE__) . '/../includes/common.inc.php';
require_once dirname(__FILE__) . '/../includes/user_functions.inc.php';
$output = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && allow_at_level('saved_messages', $_SESSION[_LICENSE_KEY_]['user']['membership'])) {
if (!empty($_POST['subject']) && !empty($_POST['message_body'])) {
$subject = sanitize_and_format($_POST['subject'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE | FORMAT_HTML2TEXT_FULL);
$message_body = sanitize_and_format($_POST['message_body'], TYPE_STRING, $__field2format[FIELD_TEXTAREA] | FORMAT_RUDECODE | FORMAT_HTML2TEXT_FULL);
$query = "INSERT INTO `{$dbtable_prefix}user_mtpls` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`subject`='{$subject}',`message_body`='{$message_body}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$output = 1;
}
} else {
$output = 2;
}
}
echo $output;
