function gen_comment_feeds() { global $dbtable_prefix; require_once _BASEPATH_ . '/includes/access_levels.inc.php'; $short_blog_chars = 400; if (allow_at_level('read_blogs')) { // if non-members are allowed to read blogs... require_once _BASEPATH_ . '/includes/classes/rss_writer.class.php'; $rss_writer_object = new rss_writer_class(); $rss_writer_object->specification = '1.0'; $rss_writer_object->about = _BASEURL_ . '/rss/latest-comments.xml'; // $rss_writer_object->rssnamespaces['dc']='http://purl.org/dc/elements/1.1/'; $properties = array(); $properties['description'] = 'Latest blog comments on ' . _SITENAME_; $properties['link'] = _BASEURL_; $properties['title'] = 'Latest Blog Comments'; // $properties['dc:date']=mktime(gmdate('H'),gmdate('i'),gmdate('s'),gmdate('m'),gmdate('d'),gmdate('Y')); $rss_writer_object->addchannel($properties); $query = "SELECT a.`comment_id`,a.`fk_user_id`,c.`alt_url` as `profile_url`,a.`_user`,a.`comment`,b.`post_id`,b.`title`,b.`alt_url` as `post_url` FROM `{$dbtable_prefix}comments_blog` a LEFT JOIN `{$dbtable_prefix}user_profiles` c ON a.`fk_user_id`=c.`fk_user_id`,`{$dbtable_prefix}blog_posts` b WHERE a.`fk_parent_id`=b.`post_id` AND a.`status`=" . STAT_APPROVED . " AND b.`is_public`=1 AND b.`status`=" . STAT_APPROVED . " ORDER BY a.`date_posted` DESC LIMIT 10"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow = mysql_fetch_assoc($res)) { $properties = array(); if (strlen($rsrow['comment']) < $short_blog_chars) { $properties['description'] = $rsrow['comment']; } else { $properties['description'] = substr($rsrow['comment'], 0, strrpos(substr($rsrow['comment'], 0, $short_blog_chars), ' ')); } $properties['description'] = sanitize_and_format($properties['description'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); if (empty($rsrow['post_url'])) { $properties['link'] = _BASEURL_ . '/blog_post_view.php?pid=' . $rsrow['post_id'] . '#comm' . $rsrow['comment_id']; } else { $properties['link'] = $rsrow['post_url'] . '#comm' . $rsrow['comment_id']; } $rsrow['title'] = sanitize_and_format($rsrow['title'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); $properties['title'] = sprintf('%1$s on "%2$s"', $rsrow['_user'], $rsrow['title']); // $properties['dc:date']=$rsrow['date_posted']; $rss_writer_object->additem($properties); } if ($rss_writer_object->writerss($towrite)) { require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; $fileop = new fileop(); $fileop->file_put_contents(_BASEPATH_ . '/rss/latest-comments.xml', $towrite); } else { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $rss_writer_object->error; } } return true; }
function _finish_display() { $myreturn = ''; if ($this->tpl->get_var_silent('widget.content') != '') { $widget['title'] = $GLOBALS['_lang'][207]; if (allow_at_level('read_blogs')) { $widget['title'] .= ' <a rel="external" href="' . _BASEURL_ . '/rss/latest-comments.xml" title="' . $GLOBALS['_lang'][251] . '"><img src="' . _BASEURL_ . '/images/rss-icon.gif" /></a>'; } $widget['id'] = 'latest_blog_comments'; $this->tpl->set_file('temp', 'static/menu_widget.html'); $this->tpl->set_var('widget', $widget); $myreturn = $this->tpl->process('temp', 'temp', TPL_OPTIONAL); $this->tpl->drop_var('temp'); $this->tpl->drop_var('widget'); } return $myreturn; }
function search_results($search, $my_membership = 1) { global $dbtable_prefix; global $_pfields; $myreturn = array(); $input['acclevel_code'] = 'search_advanced'; // default access level is the one for advanced search!!!! $search_fields = array(); $continue = false; // for searches not based on search_fields $select = "a.`fk_user_id`"; $from = "`{$dbtable_prefix}user_profiles` a"; $where = ' a.`status`=' . STAT_APPROVED . ' AND a.`del`=0'; $orderby = "ORDER BY a.`score` DESC"; if (isset($search['min_user_id'])) { $where .= " AND a.`fk_user_id`>" . $search['min_user_id']; } // if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { // $where.=" AND a.`fk_user_id`<>'".$_SESSION[_LICENSE_KEY_]['user']['user_id']."'"; // } // define here all search types // you can either add fields to be read into $search_fields or build the query directly if (isset($search['st'])) { switch ($search['st']) { case 'basic': $input['acclevel_code'] = 'search_basic'; $search_fields = $GLOBALS['basic_search_fields']; if (isset($search['wphoto'])) { $where .= " AND a.`_photo`!=''"; } break; case 'adv': $input['acclevel_code'] = 'search_advanced'; // for advanced search we get all fields foreach ($_pfields as $field_id => $field) { if (!empty($field->config['searchable'])) { $search_fields[] = $field_id; } } if (isset($search['wphoto'])) { $where .= " AND a.`_photo`!=''"; } break; case 'user': $input['acclevel_code'] = 'search_advanced'; $continue = true; $input['user'] = sanitize_and_format_gpc($search, 'user', TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], ''); if (strlen($input['user']) <= 3) { // $topass['message']['text']=$GLOBALS['_lang'][8]; // $topass['message']['type']=MESSAGE_ERROR; $where = ''; // force no results returned. } else { $where .= " AND a.`_user` LIKE '" . $input['user'] . "%'"; } break; case 'net': $input['acclevel_code'] = 'search_basic'; $continue = true; $input['fk_user_id'] = sanitize_and_format_gpc($search, 'uid', TYPE_INT, 0, 0); $input['fk_net_id'] = sanitize_and_format_gpc($search, 'nid', TYPE_INT, 0, 0); $select = "b.`fk_user_id_other`"; $from = "`{$dbtable_prefix}user_networks` b," . $from; $where = "b.`fk_user_id`=" . $input['fk_user_id'] . " AND b.`fk_net_id`=" . $input['fk_net_id'] . " AND b.`nconn_status`=1 AND b.`fk_user_id_other`=a.`fk_user_id` AND " . $where; break; case 'new': $input['acclevel_code'] = 'search_basic'; $continue = true; $orderby = "ORDER BY a.`date_added` DESC"; break; case 'online': $input['acclevel_code'] = 'search_basic'; $continue = true; $from = "`{$dbtable_prefix}online` b," . $from; $where .= " AND b.`fk_user_id` IS NOT NULL AND b.`fk_user_id`=a.`fk_user_id`"; $orderby = "GROUP BY b.`fk_user_id` " . $orderby; break; case 'vote': case 'views': case 'comm': // TODO break; default: break; } } if (allow_at_level($input['acclevel_code'], $my_membership)) { for ($i = 0; isset($search_fields[$i]); ++$i) { $field = $_pfields[$search_fields[$i]]->search(); $field->set_value($search); $where .= $field->query_search(); $input = array_merge($input, $field->get_value(true)); } if (!empty($where)) { // if $where is empty then a condition above prevents us from searching. $query = "SELECT {$select} FROM {$from} WHERE {$where} {$orderby}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } for ($i = 0; $i < mysql_num_rows($res); ++$i) { $myreturn[] = mysql_result($res, $i, 0); } } } return $myreturn; }
/** * Creates the tpl loop to show comments and the textarea where new comments could be written. Handles the cases when user is * not logged in or not allowed to post comments. * * @access public * @param string $type the identifier for the item where comments are displayed. Can be one of 'user','photo','blog','video' * @param int $parent_id the ID in the parent table of the item where these comments are posted. * @param array $config reference to the $config array in the calling script. It needs 'use_captcha','bbcode_comments','smilies_comm' * @param array $output reference to the $output array in the calling script. It injects additional variables in $output to be * used by the template system. * */ function create_comments_loop($type, $parent_id, &$output, $params = array()) { global $dbtable_prefix, $__field2format, $_list_of_online_members, $page_last_modified_time; $myreturn = array(); switch ($type) { case 'user': $table = "{$dbtable_prefix}comments_profile"; $allow_comments = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['user_id'] == $parent_id ? $_SESSION[_LICENSE_KEY_]['user']['prefs']['profile_comments'] : get_user_settings($parent_id, 'def_user_prefs', 'profile_comments'); break; case 'blog': $table = "{$dbtable_prefix}comments_blog"; $allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1; break; case 'photo': $table = "{$dbtable_prefix}comments_photo"; $allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1; break; case 'video': $table = "{$dbtable_prefix}comments_video"; $allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1; break; } $config = get_site_option(array('use_captcha', 'bbcode_comments', 'smilies_comm'), 'core'); $edit_comment = sanitize_and_format_gpc($_GET, 'edit_comment', TYPE_INT, 0, 0); $query = "SELECT a.`comment_id`,a.`comment`,a.`fk_user_id`,a.`_user` as `user`,UNIX_TIMESTAMP(a.`date_posted`) as `date_posted`,b.`_photo` as `photo` FROM `{$table}` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`fk_user_id`=b.`fk_user_id` WHERE a.`fk_parent_id`={$parent_id} AND a.`status`=" . STAT_APPROVED . " ORDER BY a.`comment_id` ASC"; if (isset($params['offset']) && isset($params['limit'])) { $query .= " LIMIT " . $params['offset'] . ',' . $params['limit']; $count_query = "SELECT count(*) FROM `{$table}` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`fk_user_id`=b.`fk_user_id` WHERE a.`fk_parent_id`={$parent_id} AND a.`status`=" . STAT_APPROVED; if (!($res = @mysql_query($count_query))) { trigger_error(mysql_error(), E_USER_ERROR); } $totalrows = mysql_result($res, 0, 0); } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow = mysql_fetch_assoc($res)) { if ($rsrow['date_posted'] > $page_last_modified_time) { $page_last_modified_time = $rsrow['date_posted']; } // if someone has asked to edit his/her comment if ($edit_comment == $rsrow['comment_id']) { $output['comment_id'] = $rsrow['comment_id']; $output['comment'] = sanitize_and_format($rsrow['comment'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } $rsrow['date_posted'] = strftime($_SESSION[_LICENSE_KEY_]['user']['prefs']['datetime_format'], $rsrow['date_posted'] + $_SESSION[_LICENSE_KEY_]['user']['prefs']['time_offset']); $rsrow['comment'] = sanitize_and_format($rsrow['comment'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); if (!empty($config['bbcode_comments'])) { $rsrow['comment'] = bbcode2html($rsrow['comment']); } if (!empty($config['smilies_comm'])) { $rsrow['comment'] = text2smilies($rsrow['comment']); } // allow showing the edit links to rightfull owners if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $rsrow['fk_user_id'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) { $rsrow['editme'] = true; } if (empty($rsrow['fk_user_id'])) { // for the link to member profile unset($rsrow['fk_user_id']); } else { if (isset($_list_of_online_members[$rsrow['fk_user_id']])) { $rsrow['is_online'] = 'is_online'; $rsrow['user_online_status'] = $GLOBALS['_lang'][102]; } else { $rsrow['user_online_status'] = $GLOBALS['_lang'][103]; } } if (empty($rsrow['photo']) || !is_file(_PHOTOPATH_ . '/t1/' . $rsrow['photo'])) { $rsrow['photo'] = 'no_photo.gif'; } $myreturn[] = $rsrow; } if (!empty($myreturn)) { $output['show_comments'] = true; if (isset($totalrows)) { $output['pager'] = pager($totalrows, $params['offset'], $params['limit']); $output['num_comments'] = $totalrows; } else { $output['num_comments'] = count($myreturn); } } if ($allow_comments) { // may I post comments please? if (allow_at_level('write_comments', $_SESSION[_LICENSE_KEY_]['user']['membership'])) { $output['allow_comments'] = true; if (empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { if (!empty($config['use_captcha'])) { require _BASEPATH_ . '/includes/classes/sco_captcha.class.php'; $c = new sco_captcha(_BASEPATH_ . '/includes/fonts', 4); $_SESSION['captcha_word'] = $c->gen_rnd_string(4); $output['rand'] = make_seed(); $output['use_captcha'] = true; } } // would you let me use bbcode? if (!empty($config['bbcode_comments'])) { $output['bbcode_comments'] = true; } // if we came back after an error get what was previously posted if (isset($_SESSION['topass']['input'])) { $output = array_merge($output, $_SESSION['topass']['input']); unset($_SESSION['topass']['input']); } } else { unset($output['allow_comments']); } } else { unset($output['allow_comments']); } if (!empty($edit_comment)) { $_SERVER['QUERY_STRING'] = str_replace('&edit_comment=' . $edit_comment, '', $_SERVER['QUERY_STRING']); } return $myreturn; }
/****************************************************************************** Etano =============================================================================== File: ajax/save_user_tpl.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once dirname(__FILE__) . '/../includes/common.inc.php'; require_once dirname(__FILE__) . '/../includes/user_functions.inc.php'; $output = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && allow_at_level('saved_messages', $_SESSION[_LICENSE_KEY_]['user']['membership'])) { if (!empty($_POST['subject']) && !empty($_POST['message_body'])) { $subject = sanitize_and_format($_POST['subject'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE | FORMAT_HTML2TEXT_FULL); $message_body = sanitize_and_format($_POST['message_body'], TYPE_STRING, $__field2format[FIELD_TEXTAREA] | FORMAT_RUDECODE | FORMAT_HTML2TEXT_FULL); $query = "INSERT INTO `{$dbtable_prefix}user_mtpls` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`subject`='{$subject}',`message_body`='{$message_body}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $output = 1; } } else { $output = 2; } } echo $output;