Beispiel #1
 * The main Page editor panel.
 * @param string|array $message The activity message
function page_edit($message = '')
    global $event, $step;
    pagetop(gTxt('edit_pages'), $message);
    extract(array_map('assert_string', gpsa(array('copy', 'save_error', 'savenew'))));
    $name = sanitizeForPage(assert_string(gps('name')));
    $newname = sanitizeForPage(assert_string(gps('newname')));
    if ($step == 'page_delete' || empty($name) && $step != 'page_new' && !$savenew) {
        $name = safe_field('page', 'txp_section', "name = 'default'");
    } elseif ((($copy || $savenew) && $newname || $newname && $newname != $name) && !$save_error) {
        $name = $newname;
    $buttons = n . tag(gTxt('page_name'), 'label', array('for' => 'new_page')) . br . fInput('text', 'newname', $name, 'input-medium', '', '', INPUT_MEDIUM, '', 'new_page', false, true);
    if ($name) {
        $buttons .= span(href(gTxt('duplicate'), '#', array('id' => 'txp_clone', 'class' => 'clone', 'title' => gTxt('page_clone'))), array('class' => 'txp-actions'));
    } else {
        $buttons .= hInput('savenew', 'savenew');
    $html = !$save_error ? fetch('user_html', 'txp_page', 'name', $name) : gps('html');
    // Format of each entry is popTagLink -> array ( gTxt() string, class/ID).
    $tagbuild_items = array('page_article' => array('page_article_hed', 'article-tags'), 'page_article_nav' => array('page_article_nav_hed', 'article-nav-tags'), 'page_nav' => array('page_nav_hed', 'nav-tags'), 'page_xml' => array('page_xml_hed', 'xml-tags'), 'page_misc' => array('page_misc_hed', 'misc-tags'), 'page_file' => array('page_file_hed', 'file-tags'));
    $tagbuild_links = '';
    foreach ($tagbuild_items as $tb => $item) {
        $tagbuild_links .= wrapRegion($item[1] . '_group', taglinks($tb), $item[1], $item[0], 'page_' . $item[1]);
    echo hed(gTxt('tab_pages'), 1, array('class' => 'txp-heading'));
    echo n . tag(n . tag(hed(gTxt('tagbuilder'), 2) . $tagbuild_links, 'div', array('id' => 'tagbuild_links', 'class' => 'txp-layout-cell txp-layout-1-4')) . n . tag(form(graf($buttons) . graf(tag(gTxt('page_code'), 'label', array('for' => 'html')) . br . '<textarea class="code" id="html" name="html" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_LARGE . '" dir="ltr">' . txpspecialchars($html) . '</textarea>') . graf(fInput('submit', '', gTxt('save'), 'publish') . eInput('page') . sInput('page_save') . hInput('name', $name)), '', '', 'post', 'edit-form', '', 'page_form'), 'div', array('id' => 'main_content', 'class' => 'txp-layout-cell txp-layout-2-4')) . n . tag(graf(sLink('page', 'page_new', gTxt('create_new_page')), ' class="action-create"') . page_list($name) . n, 'div', array('id' => 'content_switcher', 'class' => 'txp-layout-cell txp-layout-1-4')) . n, 'div', array('id' => $event . '_container', 'class' => 'txp-layout-grid'));
Beispiel #2
function plugin_save()
    extract(doSlash(gpsa(array('name', 'code'))));
    safe_update('txp_plugin', "code = '{$code}'", "name = '{$name}'");
    $message = gTxt('plugin_saved', array('{name}' => $name));
Beispiel #3
 * Renders a panel for selecting the import tool.
 * Lets users select the tool and provide required
 * configuration options.
function switch_tool()
    global $vars, $event, $step, $tools;
    pagetop(gTxt('txp_import'), '');
    echo hed(gTxt('tab_import'), 1, array('class' => 'txp-heading'));
    $content = '<section class="txp-edit">';
    $content .= hed(gTxt('txp_import'), 2);
    // Select tool.
    $content .= inputLabel('import_from', tag(type_options($tools), 'select', ' id="import_from" name="import_tool"'), 'select_tool', 'import');
    // Some data we collect.
    $content .= inputLabel('import_section', import_section_popup(''), 'import_section', 'import_section');
    $status_options = array(STATUS_LIVE => gTxt('live'), STATUS_DRAFT => gTxt('draft'), STATUS_HIDDEN => gTxt('hidden'), STATUS_PENDING => gTxt('pending'));
    $content .= inputLabel('import_status', tag(type_options($status_options), 'select', ' id="import_status"'), 'import_status', 'import_status');
    $content .= inputLabel('import_comment', fInput('text', 'import_comments_invite', gTxt('comments'), '', '', '', INPUT_REGULAR, '', 'import_comment'), 'import_invite', 'import_invite');
    // Database imports only.
    $databased = hed(gTxt('database_stuff'), 2) . inputLabel('import_database', fInput('text', 'importdb', '', '', '', '', INPUT_REGULAR, '', 'import_database'), 'import_database', 'import_database') . inputLabel('import_login', fInput('text', 'importdblogin', '', '', '', '', INPUT_REGULAR, '', 'import_login'), 'import_login', 'import_login') . inputLabel('import_password', fInput('text', 'importdbpass', '', '', '', '', INPUT_REGULAR, '', 'import_password'), 'import_password', 'import_password') . inputLabel('import_host', fInput('text', 'importdbhost', '', '', '', '', INPUT_REGULAR, '', 'import_host'), 'import_host', 'import_host');
    $content .= tag($databased, 'div', ' id="databased" style="display: none;"');
    // Movable Type (MySQL DB) specific.
    $mtblogid = inputLabel('import_blogid', fInput('text', 'import_blog_id', '', '', '', '', INPUT_REGULAR, '', 'import_blogid'), 'import_blogid', 'import_blogid');
    $content .= tag($mtblogid, 'div', ' id="mtblogid" style="display: none;"');
    // WordPress specific.
    $wponly = inputLabel('import_wpprefix', fInput('text', 'wpdbprefix', 'wp_', '', '', '', INPUT_REGULAR, '', 'import_wpprefix'), 'import_wpprefix', 'import_wpprefix') . inputLabel('import_wpdbcharset', selectInput('wpdbcharset', array('utf8' => gTxt('utf8'), 'latin1' => gTxt('latin1')), 'utf8', '', '', 'import_wpdbcharset'), 'import_wpdbcharset', 'import_wpdbcharset');
    $content .= tag($wponly, 'div', ' id="wponly" style="display: none;"');
    $content .= graf(fInput('submit', 'choose', gTxt('continue'), 'publish'));
    $content .= sInput('start_import') . eInput('import');
    $content .= '</section>';
    echo '<div id="' . $event . '_container" class="txp-container">' . form($content, '', '', 'post', '', '', 'import') . '</div>';
Beispiel #4
  * Public callback hook endpoint.
  * Can be used to manually invoke plugin import progress.
 public function endpoint()
     if (get_pref('rah_blobin_key') && get_pref('rah_blobin_key') === $rah_blobin) {
Beispiel #5
function list_list($message = "", $post = '')
    $lvars = array("page", "sort", "dir", "crit", 'method');
    global $statuses, $step;
    pagetop("Textpattern", $message);
    $total = getCount('textpattern', "1");
    $limit = $article_list_pageby ? $article_list_pageby : 25;
    $numPages = ceil($total / $limit);
    $page = !$page ? 1 : $page;
    $offset = ($page - 1) * $limit;
    if (!$sort) {
        $sort = "Posted";
    if (!$dir) {
        $dir = "desc";
    if ($dir == "desc") {
        $linkdir = "asc";
    } else {
        $linkdir = "desc";
    if ($crit) {
        $critsql = array('title_body' => "Title rlike '{$crit}' or Body rlike '{$crit}'", 'author' => "AuthorID rlike '{$crit}'", 'categories' => "Category1 rlike '{$crit}' or Category2 rlike '{$crit}'", 'section' => "Section rlike '{$crit}'", 'status' => "Status rlike '{$crit}'");
        $criteria = $critsql[$method];
        $limit = 500;
    } else {
        $criteria = 1;
    $rs = safe_rows("*, unix_timestamp(Posted) as uPosted", "textpattern", "{$criteria} order by {$sort} {$dir} limit {$offset},{$limit}");
    echo !$crit ? list_nav_form($page, $numPages, $sort, $dir) : '', list_searching_form($crit, $method);
    if ($rs) {
        echo '<form action="index.php" method="post" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">', startTable('list'), '<tr>', column_head('posted', 'Posted', 'list', 1, $linkdir), column_head('title', 'Title', 'list', 1, $linkdir), $use_sections ? column_head('section', 'Section', 'list', 1, $linkdir) : '', $use_categories ? column_head('category1', 'Category1', 'list', 1, $linkdir) . column_head('category2', 'Category2', 'list', 1, $linkdir) : '', hCell(gTxt('Author')), column_head(gTxt('status'), 'Status', 'list', 1, $linkdir), td(), '</tr>';
        foreach ($rs as $a) {
            if ($use_categories == 1) {
                $cat1 = $Category1;
                $cat2 = $Category2;
            $stat = !empty($Status) ? $statuses[$Status] : '';
            if ($use_sections == 1) {
                $sect = $Section;
            $adate = date("d M y", $uPosted + $timeoffset);
            $alink = eLink('article', 'edit', 'ID', $ID, $adate);
            $tlink = eLink('article', 'edit', 'ID', $ID, $Title);
            $modbox = fInput('checkbox', 'selected[]', $ID);
            echo "<tr>" . n, td($alink), td($tlink, 200), $use_sections ? td($sect, 75) : '', $use_categories ? td($cat1, 75) . td($cat2, 75) : '', td($AuthorID), td($stat, 45), td($modbox), '</tr>' . n;
        echo tr(tda(list_multiedit_form(), ' colspan="8" style="text-align:right;border:0px"'));
        echo "</table></form>";
        echo pageby_form('list', $article_list_pageby);
Beispiel #6
function createTxp()
    $carry = isPost('carry');
    extract(gpsa(array('name', 'pass', 'RealName', 'email')));
    define("PFX", trim($dprefix));
    include './txpsql.php';
    mysql_query("INSERT INTO " . PFX . "txp_users VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'')");
    echo fbCreate();
Beispiel #7
 function SectionController()
     $this->context = gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'));
     // @todo: sensible standard list view
     if (empty($this->context['sort'])) {
         $this->context['sort'] = 'name';
     if ($this->context['dir'] != 'desc') {
         $this->context['dir'] = 'asc';
Beispiel #8
function switch_tool()
    global $vars, $event, $step, $tools;
    pagetop(gTxt('txp_import'), '');

<script type="text/javascript">
function showHideFields($sel)
		document.getElementById('mtblogid').style.display = ($sel=='mtdb') ? 'block': 'none';
		document.getElementById('wponly').style.display =  ($sel=='wp') ? 'block': 'none';
		document.getElementById('databased').style.display = ($sel=='wp' || $sel=='mtdb' || $sel=='b2')? 'block':'none';

    $content = startTable('edit');
    $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
    //Select tool
    $content .= tr(fLabelCell('select_tool', 'import', 'from') . td(tag(type_options($tools), 'select', " name=\"import_tool\" onchange=\"showHideFields(this.value);\""), '', 'from'), ' class="import-from"');
    //Some data we collect
    $content .= tr(fLabelCell('import_section', 'import_section', 'section') . td(import_section_popup(''), '', 'section'), ' class="import-section"');
    $status_options = array(4 => gTxt('live'), 1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'));
    $content .= tr(fLabelCell('import_status', 'import_status', 'status') . td(type_select($status_options), '', 'status'), ' class="import-status"');
    $content .= tr(fLabelCell('import_invite', 'import_invite', 'comment-invite') . td(fInput('text', 'comments_invite', gTxt('comments'), 'edit'), '', 'comment-invite'), ' class="import-comment"');
    //DataBase imports only
    $databased = tr(tdcs(hed(gTxt('database_stuff'), 3), 2)) . tr(fLabelCell('import_database', 'import_database', 'database') . td(fInput('text', 'importdb', '', 'edit'), '', 'database'), ' class="import-database"') . tr(fLabelCell('import_login', 'import_login', 'login') . td(fInput('text', 'importdblogin', '', 'edit'), '', 'login'), ' class="import-login"') . tr(fLabelCell('import_password', 'import_password', 'password') . td(fInput('text', 'importdbpass', '', 'edit'), '', 'password'), ' class="import-password"') . tr(fLabelCell('import_host', 'import_host', 'host') . td(fInput('text', 'importdbhost', '', 'edit'), '', 'host'), ' class="import-host"');
    //Ugly, but a way to present a clean screen with only required fields
    //while we keep JavaScript code at minimum
    $content .= tr(tda(tag($databased, 'table', ' id="databased" style="display: none; border: none;"'), ' colspan="2"'));
    //MT-DB Specific
    $mtblogid = tr(fLabelCell('import_blogid', 'import_blogid', 'blog-id') . td(fInput('text', 'blog_id', '', 'edit'), '', 'blog-id'), ' class="import-blog-id"');
    $content .= tr(tda(tag($mtblogid, 'table', ' id="mtblogid" style="display: none;  border: none;"'), ' colspan="2"'));
    //WordPress specific option
    $wponly = tr(fLabelCell('import_wpprefix', 'import_wpprefix', 'wp-prefix') . td(fInput('text', 'wpdbprefix', 'wp_', 'edit'), '', 'wp-prefix'), ' class="import-wp-prefix"');
    $content .= tr(tda(tag($wponly, 'table', ' id="wponly" style="display: none;  border: none;"'), ' colspan="2"'));
    $content .= endTable();
    $content .= tag(fInput('submit', 'choose', gTxt('continue'), 'publish'), 'p', ' style="text-align:center"');
    $content .= sInput('start_import') . eInput('import');
    echo '<div id="' . $event . '_container" class="txp-container txp-edit">' . form($content, '', '', 'post', '', '', 'import') . '</div>';
Beispiel #9
function switch_tool()
    global $vars, $event, $step, $tools;
    pagetop(gTxt('txp_import'), '');
    echo '<h1 class="txp-heading">' . gTxt('tab_import') . '</h1>';

<script type="text/javascript">
function showHideFields($sel)
		document.getElementById('mtblogid').style.display = ($sel=='mtdb') ? 'block': 'none';
		document.getElementById('wponly').style.display =  ($sel=='wp') ? 'block': 'none';
		document.getElementById('databased').style.display = ($sel=='wp' || $sel=='mtdb' || $sel=='b2')? 'block':'none';

    $content = '<div class="txp-edit">';
    $content .= hed(gTxt('txp_import'), 2);
    //Select tool
    $content .= inputLabel('import_from', tag(type_options($tools), 'select', ' id="import_from" name="import_tool" onchange="showHideFields(this.value);"'), 'select_tool', 'import');
    //Some data we collect
    $content .= inputLabel('import_section', import_section_popup(''), 'import_section', 'import_section');
    $status_options = array(STATUS_LIVE => gTxt('live'), STATUS_DRAFT => gTxt('draft'), STATUS_HIDDEN => gTxt('hidden'), STATUS_PENDING => gTxt('pending'));
    $content .= inputLabel('import_status', tag(type_options($status_options), 'select', ' id="import_status"'), 'import_status', 'import_status');
    $content .= inputLabel('import_comment', fInput('text', 'import_comments_invite', gTxt('comments'), '', '', '', INPUT_REGULAR, '', 'import_comment'), 'import_invite', 'import_invite');
    //DataBase imports only
    $databased = hed(gTxt('database_stuff'), 2) . inputLabel('import_database', fInput('text', 'importdb', '', '', '', '', INPUT_REGULAR, '', 'import_database'), 'import_database', 'import_database') . inputLabel('import_login', fInput('text', 'importdblogin', '', '', '', '', INPUT_REGULAR, '', 'import_login'), 'import_login', 'import_login') . inputLabel('import_password', fInput('text', 'importdbpass', '', '', '', '', INPUT_REGULAR, '', 'import_password'), 'import_password', 'import_password') . inputLabel('import_host', fInput('text', 'importdbhost', '', '', '', '', INPUT_REGULAR, '', 'import_host'), 'import_host', 'import_host');
    $content .= tag($databased, 'div', ' id="databased" style="display: none;"');
    //MT-DB Specific
    $mtblogid = inputLabel('import_blogid', fInput('text', 'import_blog_id', '', '', '', '', INPUT_REGULAR, '', 'import_blogid'), 'import_blogid', 'import_blogid');
    $content .= tag($mtblogid, 'div', ' id="mtblogid" style="display: none;"');
    //WordPress specific option
    $wponly = inputLabel('import_wpprefix', fInput('text', 'wpdbprefix', 'wp_', '', '', '', INPUT_REGULAR, '', 'import_wpprefix'), 'import_wpprefix', 'import_wpprefix') . inputLabel('import_wpdbcharset', selectInput('wpdbcharset', array('utf8' => gTxt('utf8'), 'latin1' => gTxt('latin1')), 'utf8', '', '', 'import_wpdbcharset'), 'import_wpdbcharset', 'import_wpdbcharset');
    $content .= tag($wponly, 'div', ' id="wponly" style="display: none;"');
    $content .= graf(fInput('submit', 'choose', gTxt('continue'), 'publish'));
    $content .= sInput('start_import') . eInput('import');
    $content .= '</div>';
    echo '<div id="' . $event . '_container" class="txp-container">' . form($content, '', '', 'post', '', '', 'import') . '</div>';
Beispiel #10
 * The main Page editor panel.
 * @param string|array $message The activity message
function page_edit($message = '')
    global $event, $step;
    pagetop(gTxt('edit_pages'), $message);
    extract(array_map('assert_string', gpsa(array('copy', 'save_error', 'savenew'))));
    $name = sanitizeForPage(assert_string(gps('name')));
    $newname = sanitizeForPage(assert_string(gps('newname')));
    if ($step == 'page_delete' || empty($name) && $step != 'page_new' && !$savenew) {
        $name = safe_field("page", 'txp_section', "name = 'default'");
    } elseif ((($copy || $savenew) && $newname || $newname && $newname != $name) && !$save_error) {
        $name = $newname;
    $titleblock = inputLabel('new_page', fInput('text', 'newname', $name, 'input-medium', '', '', INPUT_MEDIUM, '', 'new_page', false, true), 'page_name', array('', 'instructions_page_name'), array('class' => 'txp-form-field'));
    if ($name === '') {
        $titleblock .= hInput('savenew', 'savenew');
    } else {
        $titleblock .= hInput('name', $name);
    $titleblock .= eInput('page') . sInput('page_save');
    $html = !$save_error ? fetch('user_html', 'txp_page', 'name', $name) : gps('html');
    // Format of each entry is popTagLink -> array ( gTxt() string, class/ID).
    $tagbuild_items = array('page_article' => array('page_article_hed', 'article-tags'), 'page_article_nav' => array('page_article_nav_hed', 'article-nav-tags'), 'page_nav' => array('page_nav_hed', 'nav-tags'), 'page_xml' => array('page_xml_hed', 'xml-tags'), 'page_misc' => array('page_misc_hed', 'misc-tags'), 'page_file' => array('page_file_hed', 'file-tags'));
    $tagbuild_links = '';
    foreach ($tagbuild_items as $tb => $item) {
        $tagbuild_links .= wrapRegion($item[1] . '_group', taglinks($tb), $item[1], $item[0], 'page_' . $item[1]);
    // Pages code columm.
    echo n . tag(hed(gTxt('tab_pages'), 1, array('class' => 'txp-heading')) . form($titleblock . inputLabel('html', '<textarea class="code" id="html" name="html" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_LARGE . '" dir="ltr">' . txpspecialchars($html) . '</textarea>', 'page_code', array('', 'instructions_page_code'), array('class' => 'txp-form-field')), '', '', 'post', '', '', 'page_form'), 'div', array('class' => 'txp-layout-4col-cell-1-2-3', 'id' => 'main_content', 'role' => 'region'));
    // Pages create/switcher column.
    $buttonExtras = '';
    if ($name) {
        $buttonExtras .= href('<span class="ui-icon ui-icon-copy"></span> ' . gTxt('duplicate'), '#', array('class' => 'txp-clone', 'data-form' => 'page_form'));
    $buttons = graf(tag_void('input', array('class' => 'publish', 'type' => 'submit', 'method' => 'post', 'value' => gTxt('save'), 'form' => 'page_form')), ' class="txp-save"') . graf(sLink('page', 'page_new', '<span class="ui-icon ui-extra-icon-new-document"></span> ' . gTxt('create_new_page'), 'txp-new') . $buttonExtras, array('class' => 'txp-actions'));
    echo n . tag($buttons . page_list($name) . n, 'div', array('class' => 'txp-layout-4col-cell-4alt', 'id' => 'content_switcher', 'role' => 'region'));
    // Pages tag builder column. TODO: make this a modal?
    //    echo n.tag(
    //        hed(gTxt('tagbuilder'), 2).
    //        $tagbuild_links
    //    , 'div', array(
    //        'class' => '',
    //        'id'    => 'tagbuild_links',
    //    ));
Beispiel #11
function page_save()
    extract(doSlash(gpsa(array('name', 'html', 'copy'))));
    if ($copy) {
        $newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
        if ($newname and safe_field('name', 'txp_page', "name = '{$newname}'")) {
            $message = gTxt('page_already_exists', array('{name}' => $newname));
        } elseif ($newname) {
            safe_insert('txp_page', "name = '{$newname}', user_html = '{$html}'");
            $message = gTxt('page_created', array('{name}' => $newname));
        } else {
            $message = gTxt('page_name_invalid');
    } else {
        safe_update('txp_page', "user_html = '{$html}'", "name = '{$name}'");
        $message = gTxt('page_updated', array('{name}' => $name));
Beispiel #12
function feed($type)
    global $prefs;
    extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
    if ($area != 'link') {
        $area = 'article';
    $sitename .= $section ? ' - ' . fetch_section_title($section) : '';
    $sitename .= $category ? ' - ' . fetch_category_title($category, $area) : '';
    $self_ref = pagelinkurl(array('atom' => 1, 'area' => $area == 'article' ? '' : $area, 'section' => $section, 'category' => $category, 'limit' => $limit));
    $id_ext = ($section ? '/' . $section : '') . ($category ? '/' . $category : '');
    if ($area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        $query = array();
        foreach ($frs as $f) {
            $query[] = "and Section != '" . doSlash($f) . "'";
        $query[] = $sfilter;
        $query[] = $cfilter;
        $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
        $rs = safe_rows_start("*, ID as thisid, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() {$expired}" . join(' ', $query) . "order by Posted desc limit {$limit}");
        return render_feed($rs, $area, $type, $sitename, $self_ref, $id_ext);
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='" . $category . "'" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*" . ($atom ? '' : ", unix_timestamp(date) as uDate"), "txp_link", "{$cfilter} order by date desc" . ($atom ? ", id desc" : '') . " limit {$limit}");
        return render_feed($rs, $area, $type, $sitename, $self_ref, $id_ext);
Beispiel #13
function form_save()
    global $vars, $step, $essential_forms;
    $name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
    if (!$name) {
        $step = 'form_create';
        $message = gTxt('form_name_invalid');
        return form_edit(array($message, E_ERROR));
    if (!in_array($type, array('article', 'category', 'comment', 'file', 'link', 'misc', 'section'))) {
        $step = 'form_create';
        $message = gTxt('form_type_missing');
        return form_edit(array($message, E_ERROR));
    if ($savenew) {
        $exists = safe_field('name', 'txp_form', "name = '{$name}'");
        if ($exists) {
            $step = 'form_create';
            $message = gTxt('form_already_exists', array('{name}' => $name));
            return form_edit(array($message, E_ERROR));
        safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'");
        $message = gTxt('form_created', array('{name}' => $name));
        return form_edit($message);
    safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'");
    $message = gTxt('form_updated', array('{name}' => $name));
Beispiel #14
function log_list($message = '')
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('visitor_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    $dir = $dir == 'asc' ? 'asc' : 'desc';
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
    switch ($sort) {
        case 'ip':
            $sort_sql = 'ip ' . $dir;
        case 'host':
            $sort_sql = 'host ' . $dir;
        case 'page':
            $sort_sql = 'page ' . $dir;
        case 'refer':
            $sort_sql = 'refer ' . $dir;
        case 'method':
            $sort_sql = 'method ' . $dir;
        case 'status':
            $sort_sql = 'status ' . $dir;
            $sort = 'time';
            $sort_sql = 'time ' . $dir;
    set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = 1;
    if ($search_method and $crit) {
        $crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
        $critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
        if (array_key_exists($search_method, $critsql)) {
            $criteria = $critsql[$search_method];
            $limit = 500;
        } else {
            $search_method = '';
            $crit = '';
    } else {
        $search_method = '';
        $crit = '';
    $total = safe_count('txp_log', "{$criteria}");
    echo '<div id="' . $event . '_control" class="txp-control-panel">';
    if ($total < 1) {
        if ($criteria != 1) {
            echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
        } else {
            echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo n . log_search_form($crit, $search_method) . '</div>';
    $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
    if ($rs) {
        echo n . '<div id="' . $event . '_container" class="txp-container txp-list">';
        echo n . n . '<form action="index.php" id="log_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list', '', '90%') . n . '<thead>' . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status') . hCell('', '', ' class="multi-edit"')) . n . '</thead>';
        $tfoot = n . '<tfoot>' . tr(tda(toggle_box('log_detail'), ' class="detail-toggle" colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' class="multi-edit" colspan="6" style="text-align: right; border: none;"')) . n . '</tfoot>';
        echo $tfoot;
        echo '<tbody>';
        $ctr = 1;
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = 'http://' . $log_refer;
                $log_refer = '<a href="' . htmlspecialchars($log_refer) . '" target="_blank">' . htmlspecialchars(soft_wrap($log_refer, 30)) . '</a>';
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = '<a href="' . htmlspecialchars($log_page) . '" target="_blank">' . htmlspecialchars($log_anchor) . '</a>';
                if ($log_method == 'POST') {
                    $log_page = '<strong>' . $log_page . '</strong>';
            echo tr(n . td(gTime($log_uTime), 85, 'date time') . td($log_ip, 20, 'log_detail ip') . td(soft_wrap($log_host, 30), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(htmlspecialchars($log_method), 60, 'log_detail method') . td($log_status, 60, 'log_detail status') . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
        echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="' . $event . '_navigation" class="txp-navigation">' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . pageby_form('log', $log_list_pageby) . n . '</div>' . n . '</div>';
Beispiel #15
function atom()
    global $thisarticle;
    define("t_texthtml", ' type="text/html"');
    define("t_text", ' type="text"');
    define("t_html", ' type="html"');
    define("t_xhtml", ' type="xhtml"');
    define('t_appxhtml', ' type="xhtml"');
    define("r_relalt", ' rel="alternate"');
    define("r_relself", ' rel="self"');
    $area = doSlash(gps('area'));
    extract(doSlash(gpsa(array('category', 'section', 'limit'))));
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $pub = safe_row("RealName, email", "txp_users", "privs=1");
    $out[] = tag(escape_output($sitename), 'title', t_text);
    $out[] = tag(escape_output($site_slogan), 'subtitle', t_text);
    $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />';
    $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
    $articles = array();
    //Atom feeds with mail or domain name
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
    $out[] = tag('Textpattern', 'generator', ' uri="" version="' . $version . '"');
    $out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
    $auth[] = tag($pub['RealName'], 'name');
    $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
    $auth[] = tag(hu, 'uri');
    $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        $query = array();
        foreach ($frs as $f) {
            $query[] = "and Section != '" . doSlash($f) . "'";
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                $cb = callback_event('atom_entry');
                $e = array();
                $a['posted'] = $uPosted;
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                $thisauthor = get_author_name($AuthorID);
                $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
                $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
                $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
                $escaped_title = escape_output($Title);
                $e['title'] = tag($escaped_title . $count, 'title', t_html);
                $permlink = permlinkurl($a);
                $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
                $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
                $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    $content = '';
                if (trim($content)) {
                    $e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html);
                if (trim($summary)) {
                    $e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html);
                $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uLastMod;
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='" . $category . "'" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                $e['title'] = tag(htmlspecialchars($linkname), 'title', t_html);
                $e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html);
                $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
                $url = preg_replace("/&((?U).*)=/", "&amp;\\1=", $url);
                $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
                $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
                $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
                $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
    if (!empty($articles)) {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if ($imsd >= $last) {
            txp_status_header("304 Not Modified");
        header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last));
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
        } else {
            $canaim = false;
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id])) {
                    $cutarticles = true;
                    $cut_etag = true;
                if ($dates[$id] < $imsd) {
                    $cutarticles = true;
                    $cut_time = true;
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            header("HTTP/1.1 304 Not Modified");
        if ($etag) {
            header('ETag: "' . $etag . '"');
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            // says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        $out = array_merge($out, $articles);
        header('Content-type: application/atom+xml; charset=utf-8');
        return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="">' . join(n, $out) . '</feed>';
Beispiel #16
 * The main panel listing all log hits.
 * @param string|array $message The activity message
function log_list($message = '')
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('tab_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    } else {
        if (!in_array($sort, array('ip', 'host', 'page', 'refer', 'method', 'status'))) {
            $sort = 'time';
        set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    } else {
        $dir = $dir == 'asc' ? "asc" : "desc";
        set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL {$expire_logs_after} DAY)");
    switch ($sort) {
        case 'ip':
            $sort_sql = "ip {$dir}";
        case 'host':
            $sort_sql = "host {$dir}";
        case 'page':
            $sort_sql = "page {$dir}";
        case 'refer':
            $sort_sql = "refer {$dir}";
        case 'method':
            $sort_sql = "method {$dir}";
        case 'status':
            $sort_sql = "status {$dir}";
            $sort = 'time';
            $sort_sql = "time {$dir}";
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $search = new Filter($event, array('ip' => array('column' => 'txp_log.ip', 'label' => gTxt('IP')), 'host' => array('column' => '', 'label' => gTxt('host')), 'page' => array('column' => '', 'label' => gTxt('page')), 'refer' => array('column' => 'txp_log.refer', 'label' => gTxt('referrer')), 'method' => array('column' => 'txp_log.method', 'label' => gTxt('method')), 'status' => array('column' => 'txp_log.status', 'label' => gTxt('status'), 'type' => 'integer')));
    list($criteria, $crit, $search_method) = $search->getFilter(array('status' => array('can_list' => true)));
    $search_render_options = array('placeholder' => 'search_logs');
    $total = safe_count('txp_log', "{$criteria}");
    echo n . tag(hed(gTxt('tab_logs'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
    $searchBlock = n . tag($search->renderForm('log_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control'));
    $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container'));
    if ($total < 1) {
        if ($criteria != 1) {
            echo $searchBlock . $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information'));
        } else {
            echo $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_refers_recorded'), array('class' => 'alert-block information'));
        echo n . tag_end('div');
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo $searchBlock . $contentBlockStart;
    $rs = safe_rows_start("*, UNIX_TIMESTAMP(time) AS uTime", 'txp_log', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
    if ($rs) {
        echo n . tag(toggle_box('log_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'log_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'txp-list-col-time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'txp-list-col-ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'txp-list-col-host log_detail') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'txp-list-col-page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'txp-list-col-refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'txp-list-col-method log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status log_detail')) . n . tag_end('thead') . n . tag_start('tbody');
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' target="_blank"');
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = href(txpspecialchars($log_anchor), txpspecialchars($log_page), ' target="_blank"');
                if ($log_method == 'POST') {
                    $log_page = strong($log_page);
            echo tr(td(fInput('checkbox', 'selected[]', $log_id), '', 'txp-list-col-multi-edit') . hCell(gTime($log_uTime), '', ' class="txp-list-col-time" scope="row"') . td(href(txpspecialchars($log_ip), '' . rawurlencode($log_ip), array('rel' => 'external', 'target' => '_blank')), '', 'txp-list-col-ip') . td(txpspecialchars($log_host), '', 'txp-list-col-host log_detail') . td($log_page, '', 'txp-list-col-page') . td($log_refer, '', 'txp-list-col-refer') . td(txpspecialchars($log_method), '', 'txp-list-col-method log_detail') . td($log_status, '', 'txp-list-col-status log_detail'));
        echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . log_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('log', $log_list_pageby) . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div');
    echo n . tag_end('div');
Beispiel #17
function tag_file_download_description()
    global $step, $endform, $tag_name;
    $atts = gpsa(array('class', 'escape', 'wraptag'));
    $out = form(startTable('tagbuilder') . tr(tdcs(hed(gTxt('tag_' . $tag_name), 3), 2)) . tagRow('escape', escape_pop($escape)) . tagRow('wraptag', input_tag('wraptag', $wraptag)) . tagRow('class', fInput('text', 'class', $class, 'edit', '', '', 25)) . $endform);
    if ($step == 'build') {
        $out .= tdb(tb($tag_name, $atts));
    return $out;
function customers_list($event = '', $step = '', $message = '')
    global $statuses, $comments_disabled_after, $step, $txp_user;
    pagetop("Customers", $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'qty', 'search_method')));
    $sesutats = array_flip($statuses);
    $dir = $dir == 'desc' ? 'desc' : 'asc';
    switch ($sort) {
        case 'RealName':
            $sort_sql = 'RealName ' . $dir;
        case 'orders':
            $sort_sql = 'orders ' . $dir;
            $dir = 'desc';
            $sort_sql = 'user_id ' . $dir;
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = "privs = 0";
    if ($search_method and $crit) {
        $crit_escaped = doSlash($crit);
        $critsql = array('id' => "ID = '{$crit_escaped}'", 'title_body' => "Title rlike '{$crit_escaped}' or Body rlike '{$crit_escaped}'", 'section' => "Section rlike '{$crit_escaped}'", 'categories' => "Category1 rlike '{$crit_escaped}' or Category2 rlike '{$crit_escaped}'", 'status' => "Status = '" . @$sesutats[gTxt($crit_escaped)] . "'", 'author' => "AuthorID rlike '{$crit_escaped}'");
        if (array_key_exists($search_method, $critsql)) {
            $criteria = $critsql[$search_method];
            $limit = 500;
        } else {
            $search_method = '';
            $crit = '';
    } else {
        $search_method = '';
        $crit = '';
    $total = safe_count('txp_users', "{$criteria}");
    if (isset($qty)) {
        $customers_list_pageby = $qty;
    } else {
        $customers_list_pageby = 15;
    $limit = max(@$customers_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    $rs = safe_rows_start('*', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
    $customersOnPage = $offset + $limit;
    if ($rs) {
        echo n . n . '<form name="longform" method="post" action="index.php" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . n . startTable('list', '', '', '', '700') . n . tr(n . tda("Displaying {$offset} - {$customersOnPage} of {$total} customers", ' colspan="2" style="border: none; padding-bottom: 15px;"') . n . tda('<a href="?event=customers&step=edit_customer" class="navlink">Add a new customer</a> <a href="?event=customers&step=export_customer" class="navlink">Export customers</a>', ' colspan="2" style="text-align: right; border: none; padding-bottom: 15px;"')) . n . tr(n . column_head('Customer', 'RealName', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Phone', 'shipping_phone', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Email', 'email', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Orders', 'order_num', 'customers', true, $switch_dir, $crit, $search_method));
        include_once txpath . '/publish/taghandlers.php';
        while ($a = nextRow($rs)) {
            $order_num = safe_count("orders", "user_id = {$user_id}");
            $RealName = eLink('customers', 'edit_customer', 'user_id', $user_id, $RealName);
            $Orders = eLink('order', 'edit', 'customer', $name, $order_num);
            echo n . n . tr(n . td($RealName, "25%") . td($billing_phone, "25%") . td($email, "25%") . td($Orders, "25%"));
        echo n . endTable() . n . '</form>' . n . nav_form('customers', $page, $numPages, $sort, $dir, $crit, $search_method) . n . pageby_form('customers', $customers_list_pageby);
Beispiel #19
function link_save()
    global $txpcfg, $vars;
    $varray = gpsa($vars);
    if (!$linksort) {
        $linksort = $linkname;
    $id = assert_int($id);
    $rs = safe_update("txp_link", "category    = '{$category}',\n\t\t\turl         = '" . trim($url) . "',\n\t\t\tlinkname    = '{$linkname}',\n\t\t\tlinksort    = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
    if ($rs) {
        $message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
Beispiel #20
function tag_file_download_link()
    global $step, $endform, $name;
    $invars = gpsa(array('filename', 'id'));
    $out = form(startTable('list') . tr(tdcs(hed(gTxt('tag_file_download_link'), 3), 2)) . tagRow('id', fInput('text', 'id', $id, 'edit', '', '', 4)) . tagRow('filename', fInput('text', 'filename', $filename, 'edit', '', '', 15)) . $endform);
    $out .= tdb(tb('file_download_link', $invars, gTxt('text_or_tag')));
    return $out;
Beispiel #21
function article_edit($message = '', $concurrent = FALSE)
    global $vars, $txp_user, $comments_disabled_after, $txpcfg, $prefs;
    extract(gpsa(array('view', 'from_view', 'step')));
    if (!empty($GLOBALS['ID'])) {
        // newly-saved article
        $ID = $GLOBALS['ID'];
        $step = 'edit';
    } else {
        $ID = gps('ID');
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    // switch to 'text' view upon page load and after article post
    if (!$view || gps('save') || gps('publish')) {
        $view = 'text';
    if (!$step) {
        $step = "create";
    if ($step == "edit" && $view == "text" && !empty($ID) && $from_view != 'preview' && $from_view != 'html' && !$concurrent) {
        $pull = true;
        //-- it's an existing article - off we go to the db
        $ID = assert_int($ID);
        $rs = safe_row("*, unix_timestamp(Posted) as sPosted,\n\t\t\t\tunix_timestamp(Expires) as sExpires,\n\t\t\t\tunix_timestamp(LastMod) as sLastMod", "textpattern", "ID={$ID}");
        $reset_time = $publish_now = $Status < 4;
    } else {
        $pull = false;
        //-- assume they came from post
        if ($from_view == 'preview' or $from_view == 'html') {
            $store_out = array();
            $store = unserialize(base64_decode(ps('store')));
            foreach ($vars as $var) {
                if (isset($store[$var])) {
                    $store_out[$var] = $store[$var];
        } else {
            $store_out = gpsa($vars);
            if ($concurrent) {
                $store_out['sLastMod'] = safe_field('unix_timestamp(LastMod) as sLastMod', 'textpattern', 'ID=' . $ID);
    $GLOBALS['step'] = $step;
    if ($step == 'create') {
        $textile_body = $use_textile;
        $textile_excerpt = $use_textile;
    if ($step != 'create') {
        // Previous record?
        $prev_id = checkIfNeighbour('prev', $sPosted);
        // Next record?
        $next_id = checkIfNeighbour('next', $sPosted);
    $page_title = $Title ? $Title : gTxt('write');
    pagetop($page_title, $message);
    echo n . n . '<form name="article" method="post" action="index.php">';
    if (!empty($store_out)) {
        echo hInput('store', base64_encode(serialize($store_out)));
    echo hInput('ID', $ID) . eInput('article') . sInput($step) . '<input type="hidden" name="view" />' . startTable('edit') . '<tr>' . n . '<td id="article-col-1">';
    if ($view == 'text') {
        //-- markup help --------------
        echo side_help($textile_body, $textile_excerpt) . '<h3 class="plain"><a href="#advanced" onclick="toggleDisplay(\'advanced\'); return false;">' . gTxt('advanced_options') . '</a></h3>', '<div id="advanced" class="toggle" style="display:none">', n . graf('<label for="markup-body">' . gTxt('article_markup') . '</label>' . br . pref_text('textile_body', $textile_body, 'markup-body')), n . graf('<label for="markup-excerpt">' . gTxt('excerpt_markup') . '</label>' . br . pref_text('textile_excerpt', $textile_excerpt, 'markup-excerpt')), $allow_form_override ? graf('<label for="override-form">' . gTxt('override_default_form') . '</label>' . sp . popHelp('override_form') . br . form_pop($override_form, 'override-form')) : '', $custom_1_set ? custField(1, $custom_1_set, $custom_1) : '', $custom_2_set ? custField(2, $custom_2_set, $custom_2) : '', $custom_3_set ? custField(3, $custom_3_set, $custom_3) : '', $custom_4_set ? custField(4, $custom_4_set, $custom_4) : '', $custom_5_set ? custField(5, $custom_5_set, $custom_5) : '', $custom_6_set ? custField(6, $custom_6_set, $custom_6) : '', $custom_7_set ? custField(7, $custom_7_set, $custom_7) : '', $custom_8_set ? custField(8, $custom_8_set, $custom_8) : '', $custom_9_set ? custField(9, $custom_9_set, $custom_9) : '', $custom_10_set ? custField(10, $custom_10_set, $custom_10) : '', n . graf('<label for="keywords">' . gTxt('keywords') . '</label>' . sp . popHelp('keywords') . br . n . '<textarea id="keywords" name="Keywords" cols="18" rows="5">' . htmlspecialchars(str_replace(',', ', ', $Keywords)) . '</textarea>'), n . graf('<label for="article-image">' . gTxt('article_image') . '</label>' . sp . popHelp('article_image') . br . fInput('text', 'Image', $Image, 'edit', '', '', 22, '', 'article-image')), n . graf('<label for="url-title">' . gTxt('url_title') . '</label>' . sp . popHelp('url_title') . br . fInput('text', 'url_title', $url_title, 'edit', '', '', 22, '', 'url-title')), '</div>

			<h3 class="plain"><a href="#recent" onclick="toggleDisplay(\'recent\'); return false;">' . gTxt('recent_articles') . '</a>' . '</h3>' . '<div id="recent" class="toggle" style="display:none">';
        $recents = safe_rows_start("Title, ID", 'textpattern', "1=1 order by LastMod desc limit 10");
        if ($recents) {
            echo '<ul class="plain-list">';
            while ($recent = nextRow($recents)) {
                if (!$recent['Title']) {
                    $recent['Title'] = gTxt('untitled') . sp . $recent['ID'];
                echo n . t . '<li><a href="?event=article' . a . 'step=edit' . a . 'ID=' . $recent['ID'] . '">' . escape_title($recent['Title']) . '</a></li>';
            echo '</ul>';
        echo '</div>';
    } else {
        echo sp;
    echo '</td>' . n . '<td id="article-main">';
    //-- title input --------------
    if ($view == 'preview') {
        echo hed(gTxt('preview'), 2) . hed($Title, 1);
    } elseif ($view == 'html') {
        echo hed('XHTML', 2) . hed($Title, 1);
    } elseif ($view == 'text') {
        echo n . '<p><label for="title">' . gTxt('title') . '</label>' . sp . popHelp('title') . br . '<input type="text" id="title" name="Title" value="' . escape_title($Title) . '" class="edit" size="40" tabindex="1" />';
        if ($step != 'create') {
            include_once txpath . '/publish/taghandlers.php';
            $url = permlinkurl_id($ID);
            if ($Status != 4 and $Status != 5) {
                $url .= (strpos($url, '?') === FALSE ? '?' : '&amp;') . 'txpreview=' . intval($ID) . '.' . time();
            echo sp . sp . '<a href="' . $url . '" class="article-view">' . gTxt('view') . '</a>';
        echo '</p>';
    //-- body --------------------
    if ($view == 'preview') {
        if ($textile_body == USE_TEXTILE) {
            echo $textile->TextileThis($Body);
        } else {
            if ($textile_body == CONVERT_LINEBREAKS) {
                echo nl2br($Body);
            } else {
                if ($textile_body == LEAVE_TEXT_UNTOUCHED) {
                    echo $Body;
    } elseif ($view == 'html') {
        if ($textile_body == USE_TEXTILE) {
            $bod = $textile->TextileThis($Body);
        } else {
            if ($textile_body == CONVERT_LINEBREAKS) {
                $bod = nl2br($Body);
            } else {
                if ($textile_body == LEAVE_TEXT_UNTOUCHED) {
                    $bod = $Body;
        echo tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($bod)), 'code');
    } else {
        echo n . graf('<label for="body">' . gTxt('body') . '</label>' . sp . popHelp('body') . br . '<textarea id="body" name="Body" cols="55" rows="31" tabindex="2">' . htmlspecialchars($Body) . '</textarea>');
    //-- excerpt --------------------
    if ($articles_use_excerpts) {
        if ($view == 'text') {
            echo n . graf('<label for="excerpt">' . gTxt('excerpt') . '</label>' . sp . popHelp('excerpt') . br . '<textarea id="excerpt" name="Excerpt" cols="55" rows="5" tabindex="3">' . htmlspecialchars($Excerpt) . '</textarea>');
        } else {
            echo n . '<hr width="50%" />';
            echo $textile_excerpt == USE_TEXTILE ? $view == 'preview' ? graf($textile->textileThis($Excerpt)) : tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($textile->TextileThis($Excerpt))), 'code') : graf($Excerpt);
    //-- author --------------
    if ($view == "text" && $step != "create") {
        echo '<p class="small">' . gTxt('posted_by') . ': ' . htmlspecialchars($AuthorID) . ' &#183; ' . safe_strftime('%d %b %Y &#183; %X', $sPosted);
        if ($sPosted != $sLastMod) {
            echo br . gTxt('modified_by') . ': ' . htmlspecialchars($LastModID) . ' &#183; ' . safe_strftime('%d %b %Y &#183; %X', $sLastMod);
        echo '</p>';
    echo hInput('from_view', $view), '</td>';
    echo '<td id="article-tabs">';
    //-- layer tabs -------------------
    echo $use_textile == USE_TEXTILE || $textile_body == USE_TEXTILE ? '<ul>' . (tab('text', $view) . tab('html', $view) . tab('preview', $view)) . '</ul>' : '&#160;';
    echo '</td>';
    echo '<td id="article-col-2">';
    if ($view == 'text') {
        if ($step != 'create') {
            echo n . graf(href(gtxt('create_new'), 'index.php?event=article'));
        //-- prev/next article links --
        if ($step != 'create' and ($prev_id or $next_id)) {
            echo '<p>', $prev_id ? prevnext_link('&#8249;' . gTxt('prev'), 'article', 'edit', $prev_id, gTxt('prev')) : '', $next_id ? prevnext_link(gTxt('next') . '&#8250;', 'article', 'edit', $next_id, gTxt('next')) : '', '</p>';
        //-- status radios --------------
        echo n . n . '<fieldset id="write-status">' . n . '<legend>' . gTxt('status') . '</legend>' . n . status_radio($Status) . n . '</fieldset>';
        //-- category selects -----------
        echo n . n . '<fieldset id="write-sort">' . n . '<legend>' . gTxt('sort_display') . '</legend>' . n . graf('<label for="category-1">' . gTxt('category1') . '</label> ' . '<span class="small">[' . eLink('category', '', '', '', gTxt('edit')) . ']</span>' . br . n . category_popup('Category1', $Category1, 'category-1')) . n . graf('<label for="category-2">' . gTxt('category2') . '</label>' . br . n . category_popup('Category2', $Category2, 'category-2'));
        //-- section select --------------
        if (!$from_view && !$pull) {
            $Section = getDefaultSection();
        echo n . graf('<label for="section">' . gTxt('section') . '</label> ' . '<span class="small">[' . eLink('section', '', '', '', gTxt('edit')) . ']</span>' . br . section_popup($Section, 'section')) . n . '</fieldset>' . n . n . '<h3 class="plain"><a href="#more" onclick="toggleDisplay(\'more\'); return false;">' . gTxt('more') . '</a></h3>', '<div id="more" class="toggle" style="display:none">';
        //-- comments stuff --------------
        if ($step == "create") {
            //Avoiding invite disappear when previewing
            $AnnotateInvite = !empty($store_out['AnnotateInvite']) ? $store_out['AnnotateInvite'] : $comments_default_invite;
            if ($comments_on_default == 1) {
                $Annotate = 1;
        if ($use_comments == 1) {
            echo n . n . '<fieldset id="write-comments">' . n . '<legend>' . gTxt('comments') . '</legend>';
            $comments_expired = false;
            if ($step != 'create' && $comments_disabled_after) {
                $lifespan = $comments_disabled_after * 86400;
                $time_since = time() - $sPosted;
                if ($time_since > $lifespan) {
                    $comments_expired = true;
            if ($comments_expired) {
                echo n . n . graf(gTxt('expired'));
            } else {
                echo n . n . graf(onoffRadio('Annotate', $Annotate)) . n . n . graf('<label for="comment-invite">' . gTxt('comment_invitation') . '</label>' . br . fInput('text', 'AnnotateInvite', $AnnotateInvite, 'edit', '', '', '', '', 'comment-invite'));
            echo n . n . '</fieldset>';
        if ($step == "create" and empty($GLOBALS['ID'])) {
            //-- timestamp -------------------
            //Avoiding modified date to disappear
            $persist_timestamp = !empty($store_out['year']) ? safe_strtotime($store_out['year'] . '-' . $store_out['month'] . '-' . $store_out['day'] . ' ' . $store_out['hour'] . ':' . $store_out['minute'] . ':' . $store_out['second']) : time();
            echo n . n . '<fieldset id="write-timestamp">' . n . '<legend>' . gTxt('timestamp') . '</legend>' . n . graf(checkbox('publish_now', '1', $publish_now, '', 'publish_now') . '<label for="publish_now">' . gTxt('set_to_now') . '</label>') . n . graf(gTxt('or_publish_at') . sp . popHelp('timestamp')) . n . graf(gtxt('date') . sp . tsi('year', '%Y', $persist_timestamp) . ' / ' . tsi('month', '%m', $persist_timestamp) . ' / ' . tsi('day', '%d', $persist_timestamp)) . n . graf(gTxt('time') . sp . tsi('hour', '%H', $persist_timestamp) . ' : ' . tsi('minute', '%M', $persist_timestamp) . ' : ' . tsi('second', '%S', $persist_timestamp)) . n . '</fieldset>';
            //-- expires -------------------
            $persist_timestamp = !empty($store_out['exp_year']) ? safe_strtotime($store_out['exp_year'] . '-' . $store_out['exp_month'] . '-' . $store_out['exp_day'] . ' ' . $store_out['exp_hour'] . ':' . $store_out['exp_minute'] . ':' . $store_out['second']) : NULLDATETIME;
            echo n . n . '<fieldset id="write-expires">' . n . '<legend>' . gTxt('expires') . '</legend>' . n . graf(gtxt('date') . sp . tsi('exp_year', '%Y', $persist_timestamp) . ' / ' . tsi('exp_month', '%m', $persist_timestamp) . ' / ' . tsi('exp_day', '%d', $persist_timestamp)) . n . graf(gTxt('time') . sp . tsi('exp_hour', '%H', $persist_timestamp) . ' : ' . tsi('exp_minute', '%M', $persist_timestamp) . ' : ' . tsi('exp_second', '%S', $persist_timestamp)) . n . '</fieldset>' . n . n . '</div>';
            //-- publish button --------------
            echo has_privs('article.publish') ? fInput('submit', 'publish', gTxt('publish'), "publish", '', '', '', 4) : fInput('submit', 'publish', gTxt('save'), "publish", '', '', '', 4);
        } else {
            //-- timestamp -------------------
            if (!empty($year)) {
                $sPosted = safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
            echo n . n . '<fieldset id="write-timestamp">' . n . '<legend>' . gTxt('timestamp') . '</legend>' . n . graf(checkbox('reset_time', '1', $reset_time, '', 'reset_time') . '<label for="reset_time">' . gTxt('reset_time') . '</label>') . n . graf(gTxt('published_at') . sp . popHelp('timestamp')) . n . graf(gtxt('date') . sp . tsi('year', '%Y', $sPosted) . ' / ' . tsi('month', '%m', $sPosted) . ' / ' . tsi('day', '%d', $sPosted)) . n . graf(gTxt('time') . sp . tsi('hour', '%H', $sPosted) . ' : ' . tsi('minute', '%M', $sPosted) . ' : ' . tsi('second', '%S', $sPosted)) . n . hInput('sPosted', $sPosted), n . hInput('sLastMod', $sLastMod), n . hInput('AuthorID', $AuthorID), n . hInput('LastModID', $LastModID), n . '</fieldset>';
            //-- expires -------------------
            if (!empty($exp_year)) {
                if (empty($exp_month)) {
                    $exp_month = 1;
                if (empty($exp_day)) {
                    $exp_day = 1;
                if (empty($exp_hour)) {
                    $exp_hour = 0;
                if (empty($exp_minute)) {
                    $exp_minute = 0;
                if (empty($exp_second)) {
                    $exp_second = 0;
                $sExpires = safe_strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second);
            echo n . n . '<fieldset id="write-expires">' . n . '<legend>' . gTxt('expires') . '</legend>' . n . graf(gtxt('date') . sp . tsi('exp_year', '%Y', $sExpires) . ' / ' . tsi('exp_month', '%m', $sExpires) . ' / ' . tsi('exp_day', '%d', $sExpires)) . n . graf(gTxt('time') . sp . tsi('exp_hour', '%H', $sExpires) . ' : ' . tsi('exp_minute', '%M', $sExpires) . ' : ' . tsi('exp_second', '%S', $sExpires)) . n . hInput('sExpires', $sExpires) . n . '</fieldset>' . n . n . '</div>';
            //-- save button --------------
            if ($Status >= 4 and has_privs('article.edit.published') or $Status >= 4 and $AuthorID == $txp_user and has_privs('article.edit.own.published') or $Status < 4 and has_privs('article.edit') or $Status < 4 and $AuthorID == $txp_user and has_privs('article.edit.own')) {
                echo fInput('submit', 'save', gTxt('save'), "publish", '', '', '', 4);
    echo '</td></tr></table></form>';
Beispiel #22
function rss()
    global $prefs, $thisarticle;
    extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
    $area = gps('area');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag(hu, 'link');
    $out[] = tag(doSpecial($site_slogan), 'description');
    $articles = array();
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : '5';
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . $f . "'";
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                $a['posted'] = $uPosted;
                $Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt'];
                $Body = !trim($Body) ? $thisarticle['body'] : $Body;
                $Body = str_replace('href="/', 'href="' . hu, $Body);
                $Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body);
                $Body = safe_hed($Body);
                $Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('&lt;', '&gt;', '&#039;', '&quot;'), $Body);
                // encode bare ampersands
                $Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&amp;', $Body);
                $uTitle = $url_title ? $url_title : stripSpace($Title);
                $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
                if ($show_comment_count_in_feed) {
                    $dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
                    $count = $dc > 0 ? ' [' . $dc . ']' : '';
                } else {
                    $count = '';
                $Title = doSpecial($Title) . $count;
                $permlink = permlinkurl($a);
                $item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($permlink, 'link');
                $articles[$ID] = tag($item, 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uPosted;
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='{$category}'" : '1';
        $limit = $limit ? $limit : 15;
        $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link');
                $articles[$id] = tag($item, 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
    //turn on compression if we aren't using it already
    if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
    header("Last-Modified: {$last}");
    $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
    header("Expires: {$expires}");
    $hims = serverset('HTTP_IF_MODIFIED_SINCE');
    if ($hims == $last) {
        header("HTTP/1.1 304 Not Modified");
    $imsd = @strtotime($hims);
    if (is_callable('apache_request_headers')) {
        $headers = apache_request_headers();
        if (isset($headers["A-IM"])) {
            $canaim = strpos($headers["A-IM"], "feed");
        } else {
            $canaim = false;
    } else {
        $canaim = false;
    $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
    $cutarticles = false;
    if ($canaim !== false) {
        foreach ($articles as $id => $thing) {
            if (strpos($hinm, $etags[$id]) !== false) {
                $cutarticles = true;
                $cut_etag = true;
            if ($dates[$id] < $imsd) {
                $cutarticles = true;
                $cut_time = true;
    if (isset($cut_etag) && isset($cut_time)) {
        header("Vary: If-None-Match, If-Modified-Since");
    } else {
        if (isset($cut_etag)) {
            header("Vary: If-None-Match");
        } else {
            if (isset($cut_time)) {
                header("Vary: If-Modified-Since");
    $etag = @join("-", $etags);
    if (strstr($hinm, $etag)) {
        header("HTTP/1.1 304 Not Modified");
    if ($cutarticles) {
        //header("HTTP/1.1 226 IM Used");
        //This should be used as opposed to 200, but Apache doesn't like it.
        // says that the status code should be 200.
        header("Cache-Control: no-store, im");
        header("IM: feed");
    $out = array_merge($out, $articles);
    header("Content-Type: application/rss+xml; charset=utf-8");
    if ($etag) {
        header('ETag: "' . $etag . '"');
    return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
Beispiel #23
function article_edit($message = "")
    global $txpcfg, $txp_user, $vars;
    extract(gpsa(array('view', 'from_view', 'step')));
    if (!empty($GLOBALS['ID'])) {
        // newly-saved article
        $ID = intval($GLOBALS['ID']);
        $step = 'edit';
    } else {
        $ID = gps('ID');
    include_once $txpcfg['txpath'] . '/lib/classTextile.php';
    $textile = new Textile();
    if (!$view) {
        $view = "text";
    if (!$step) {
        $step = "create";
    if ($step == "edit" && $view == "text" && !empty($ID) && $from_view != "preview" && $from_view != 'html') {
        $pull = true;
        //-- it's an existing article - off we go to the db
        $rs = safe_row("*, unix_timestamp(Posted) as sPosted,\n\t\t\t\tunix_timestamp(LastMod) as sLastMod", "textpattern", "ID={$ID}");
        if ($AnnotateInvite != $comments_default_invite) {
            $AnnotateInvite = $AnnotateInvite;
        } else {
            $AnnotateInvite = $comments_default_invite;
    } else {
        $pull = false;
        //-- assume they came from post
        if (!$from_view or $from_view == 'text') {
        } elseif ($from_view == 'preview' or $from_view == 'html') {
            // coming from either html or preview
            if (isset($_POST['store'])) {
                $store = unserialize(base64_decode($_POST['store']));
        foreach ($vars as $var) {
            if (isset(${$var})) {
                $store_out[$var] = ${$var};
    $GLOBALS['step'] = $step;
    if ($step == 'create') {
        $textile_body = 1;
        $textile_excerpt = 1;
    if ($step != 'create') {
        // Previous record?
        $prev_id = checkIfNeighbour('prev', $sPosted);
        // Next record?
        $next_id = checkIfNeighbour('next', $sPosted);
    pagetop($Title, $message);
    echo '<form action="index.php" method="post" name="article">';
    if (!empty($store_out)) {
        echo hInput('store', base64_encode(serialize($store_out)));
    echo hInput('ID', $ID), eInput('article'), sInput($step);
    echo '<input type="hidden" name="view" />', startTable('edit');
    echo '<tr><td>&nbsp;</td><td colspan="3">', $view == 'preview' ? hed(ucfirst(gTxt('preview')), 2) . graf($Title) : '', $view == 'html' ? hed('XHTML', 2) . graf($Title) : '', $view == 'text' ? br . '<input type="text" name="Title" value="' . cleanfInput($Title) . '" class="edit" size="40" tabindex="1" />' : '', '</td></tr>';
    //-- article input --------------
    echo '<tr>
  		<td valign="top">', $view == 'text' && $use_textile == 2 ? '<p><a href="#" onclick="toggleDisplay(\'textile_help\');">' . gTxt('textile_help') . '</a></p>
		<div id="textile_help" style="display:none;">' . sidehelp() . '</div>' : sp;
    if ($view == 'text') {
        echo '<p><a href="#" onclick="toggleDisplay(\'advanced\');">' . gTxt('advanced_options') . '</a></p>', '<div id="advanced" style="display:none;">', graf(gTxt('use_textile') . br . tag(checkbox2('textile_body', $textile_body) . gTxt('article'), 'label') . br . tag(checkbox2('textile_excerpt', $textile_excerpt) . gTxt('excerpt'), 'label')), $allow_form_override ? graf(gTxt('override_default_form') . br . form_pop($override_form) . popHelp('override_form')) : '', $custom_1_set ? custField(1, $custom_1_set, $custom_1) : '', $custom_2_set ? custField(2, $custom_2_set, $custom_2) : '', $custom_3_set ? custField(3, $custom_3_set, $custom_3) : '', $custom_4_set ? custField(4, $custom_4_set, $custom_4) : '', $custom_5_set ? custField(5, $custom_5_set, $custom_5) : '', $custom_6_set ? custField(6, $custom_6_set, $custom_6) : '', $custom_7_set ? custField(7, $custom_7_set, $custom_7) : '', $custom_8_set ? custField(8, $custom_8_set, $custom_8) : '', $custom_9_set ? custField(9, $custom_9_set, $custom_9) : '', $custom_10_set ? custField(10, $custom_10_set, $custom_10) : '', graf(gTxt('keywords') . popHelp('keywords') . br . '<textarea name="Keywords" style="width:100px;height:80px" rows="1" cols="1">' . $Keywords . '</textarea>'), graf(gTxt('article_image') . popHelp('article_image') . br . fInput('text', 'Image', $Image, 'edit')), graf(gTxt('url_title') . popHelp('url_title') . br . fInput('text', 'url_title', $url_title, 'edit')) . '</div>
			<p><a href="#" onclick="toggleDisplay(\'recent\');">' . gTxt('recent_articles') . '</a>' . '</p>' . '<div id="recent" style="display:none;">';
        $recents = safe_rows_start("Title, ID", 'textpattern', "1 order by LastMod desc limit 10");
        if ($recents) {
            echo '<p>';
            while ($recent = nextRow($recents)) {
                if (!$Title) {
                    $Title = gTxt('untitled') . sp . $ID;
                echo '<a href="?event=article' . a . 'step=edit' . a . 'ID=' . $ID . '">' . $Title . '</a>' . br . n;
            echo '</p>';
        echo '</div>';
    } else {
        echo sp;
    echo '</td>
    	<td valign="top" style="width:400px">';
    if ($view == "preview") {
        if ($use_textile == 2) {
            echo $textile->TextileThis($Body);
        } else {
            if ($use_textile == 1) {
                echo nl2br($Body);
            } else {
                if ($use_textile == 0) {
                    echo $Body;
    } elseif ($view == "html") {
        if ($use_textile == 2) {
            $bod = $textile->TextileThis($Body);
        } else {
            if ($use_textile == 1) {
                $bod = nl2br($Body);
            } else {
                if ($use_textile == 0) {
                    $bod = $Body;
        echo tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($bod)), 'code');
    } else {
        echo '<textarea style="width:400px;height:420px" rows="1" cols="1" name="Body" tabindex="2">', htmlspecialchars($Body), '</textarea>';
    //-- excerpt --------------------
    if ($articles_use_excerpts) {
        if ($view == 'text') {
            $Excerpt = str_replace("&amp;", "&", htmlspecialchars($Excerpt));
            echo graf(gTxt('excerpt') . popHelp('excerpt') . br . '<textarea style="width:400px;height:50px" rows="1" cols="1" name="Excerpt" tabindex="3">' . $Excerpt . '</textarea>');
        } else {
            echo '<hr width="50%" />';
            echo $textile_excerpt ? $view == 'preview' ? graf($textile->textileThis($Excerpt), 1) : tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($textile->TextileThis($Excerpt), 1)), 'code') : graf($Excerpt);
    //-- author --------------
    if ($view == "text" && $step != "create") {
        echo "<p><small>" . gTxt('posted_by') . " {$AuthorID}: ", date("H:i, d M y", $sPosted + tz_offset());
        if ($sPosted != $sLastMod) {
            echo br . gTxt('modified_by') . " {$LastModID}: ", date("H:i, d M y", $sLastMod + tz_offset());
        echo '</small></p>';
    echo hInput('from_view', $view), '</td>';
    echo '<td valign="top" align="left" width="20">';
    //-- layer tabs -------------------
    echo $use_textile == 2 ? tab('text', $view) . tab('html', $view) . tab('preview', $view) : '&#160;';
    echo '</td>';
<td width="200" valign="top" style="padding-left:10px" align="left" id="articleside">
    //-- prev/next article links --
    if ($view == 'text') {
        if ($step != 'create' and ($prev_id or $next_id)) {
            echo '<p>', $prev_id ? prevnext_link('&#8249;' . gTxt('prev'), 'article', 'edit', $prev_id, gTxt('prev')) : '', $next_id ? prevnext_link(gTxt('next') . '&#8250;', 'article', 'edit', $next_id, gTxt('next')) : '', '</p>';
    //-- status radios --------------
    echo $view == 'text' ? n . graf(status_radio($Status)) . n : '';
    //-- category selects -----------
    echo $view == 'text' ? graf(gTxt('categorize') . ' [' . eLink('category', '', '', '', gTxt('edit')) . ']' . br . category_popup('Category1', $Category1) . category_popup('Category2', $Category2)) : '';
    //-- section select --------------
    if (!$from_view && !$pull) {
        $Section = getDefaultSection();
    echo $view == 'text' ? graf(gTxt('section') . ' [' . eLink('section', '', '', '', gTxt('edit')) . ']' . br . section_popup($Section)) : '';
    //-- comments stuff --------------
    if ($step == "create") {
        //Avoiding invite disappear when previewing
        $AnnotateInvite = !empty($store_out['AnnotateInvite']) ? $store_out['AnnotateInvite'] : $comments_default_invite;
        if ($comments_on_default == 1) {
            $Annotate = 1;
    echo $use_comments == 1 && $view == 'text' ? graf(gTxt('comments') . onoffRadio("Annotate", $Annotate) . '<br />' . gTxt('comment_invitation') . '<br />' . fInput('text', 'AnnotateInvite', $AnnotateInvite, 'edit')) : '';
    //-- timestamp -------------------
    if ($step == "create" and empty($GLOBALS['ID'])) {
        if ($view == 'text') {
            //Avoiding modified date to disappear
            $persist_timestamp = !empty($store_out['year']) ? mktime($store_out['hour'], $store_out['minute'], '00', $store_out['month'], $store_out['day'], $store_out['year']) : time();
            echo graf(tag(checkbox('publish_now', '1') . gTxt('set_to_now'), 'label')), '<p>', gTxt('or_publish_at'), popHelp("timestamp"), br, tsi('year', 'Y', $persist_timestamp), tsi('month', 'm', $persist_timestamp), tsi('day', 'd', $persist_timestamp), sp, tsi('hour', 'H', $persist_timestamp), ':', tsi('minute', 'i', $persist_timestamp), '</p>';
        //-- publish button --------------
        if ($view == 'text') {
            echo has_privs('article.publish') ? fInput('submit', 'publish', gTxt('publish'), "publish") : fInput('submit', 'publish', gTxt('save'), "publish");
    } else {
        if ($view == 'text') {
            echo '<p>', gTxt('published_at'), popHelp("timestamp"), br, tsi('year', 'Y', $sPosted, 5), tsi('month', 'm', $sPosted, 6), tsi('day', 'd', $sPosted, 7), sp, tsi('hour', 'H', $sPosted, 8), ':', tsi('minute', 'i', $sPosted, 9), '</p>', hInput('sPosted', $sPosted), hInput('sLastMod', $sLastMod), hInput('AuthorID', $AuthorID), hInput('LastModID', $LastModID), graf(checkbox('reset_time', '1', 0) . gTxt('reset_time'));
        //-- save button --------------
        if ($view == 'text') {
            if ($Status >= 4 and has_privs('article.edit.published') or $Status >= 4 and $AuthorID == $txp_user and has_privs('article.edit.own.published') or $Status < 4 and has_privs('article.edit') or $Status < 4 and $AuthorID == $txp_user and has_privs('article.edit.own')) {
                echo fInput('submit', 'save', gTxt('save'), "publish");
    echo '</td></tr></table></form>';
Beispiel #24
function section_edit()
    global $event, $step, $txp_user, $all_pages, $all_styles;
    $name = gps('name');
    $is_edit = $name && $step == 'section_edit';
    if ($is_edit) {
        $name = assert_string($name);
        $rs = safe_row('*', 'txp_section', "name = '" . doSlash($name) . "'");
    } else {
        $rs = array_flip(getThings('describe `' . PFX . 'txp_section`'));
    if ($rs) {
        if (!has_privs('section.edit')) {
        extract($rs, EXTR_PREFIX_ALL, 'sec');
        extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
        $is_default_section = $is_edit && $sec_name == 'default';
        $caption = gTxt($is_default_section ? 'edit_default_section' : ($is_edit ? 'edit_section' : 'create_section'));
        if (!$is_edit) {
            // Pulling out the radio items from the default entry might seem pointless since they can't be directly
            // edited, but they will take on either:
            //  a) the default (SQL) values as defined at table creation time, or
            //  b) the values set when a multi-edit was performed that included the default section (because the values are silently updated then)
            $default = doSlash(safe_row('page, css, on_frontpage, in_rss, searchable', 'txp_section', "name = 'default'"));
            $sec_name = $sec_title = '';
            $sec_page = $default['page'];
            $sec_css = $default['css'];
            $sec_on_frontpage = $default['on_frontpage'];
            $sec_in_rss = $default['in_rss'];
            $sec_searchable = $default['searchable'];
        echo '<div id="' . $event . '_container" class="txp-container">';
        echo form('<div class="txp-edit">' . hed($caption, 2) . ($is_default_section ? hInput('name', 'default') : inputLabel('section_name', fInput('text', 'name', $sec_name, '', '', '', INPUT_REGULAR, '', 'section_name'), 'section_name')) . ($is_default_section ? '' : inputLabel('section_title', fInput('text', 'title', $sec_title, '', '', '', INPUT_REGULAR, '', 'section_title'), 'section_longtitle')) . inputLabel('section_page', selectInput('section_page', $all_pages, $sec_page, '', '', 'section_page'), 'uses_page', 'section_uses_page') . inputLabel('section_css', selectInput('css', $all_styles, $sec_css, '', '', 'section_css'), 'uses_style', 'section_uses_css') . ($is_default_section ? '' : inputLabel('on_front_page', yesnoradio('on_frontpage', $sec_on_frontpage, '', $sec_name), '', 'section_on_frontpage')) . ($is_default_section ? '' : inputLabel('syndicate', yesnoradio('in_rss', $sec_in_rss, '', $sec_name), '', 'section_syndicate')) . ($is_default_section ? '' : inputLabel('include_in_search', yesnoradio('searchable', $sec_searchable, '', $sec_name), '', 'section_searchable')) . pluggable_ui('section_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('section') . sInput('section_save') . hInput('old_name', $sec_name) . hInput('search_method', $search_method) . hInput('crit', $crit) . hInput('page', $page) . hInput('sort', $sort) . hInput('dir', $dir) . '</div>', '', '', 'post', 'edit-form', '', 'section_details');
        echo '</div>';
Beispiel #25
 * Writes a new language string to the database.
 * The language is taken from a 'lang_code' HTTP POST or GET parameter.
 * The '$value' argument takes a string as an array. This array consists of keys
 * 'name', 'event', 'data', 'uLastmod'.
 * @param array $value  The string
 * @param int   $key    Not used
function install_lang_key(&$value, $key)
    extract(gpsa(array('lang_code', 'updating')));
    $exists = safe_field("name", 'txp_lang', "name = '" . doSlash($value['name']) . "' AND lang = '" . doSlash($lang_code) . "'");
    $q = "name = '" . doSlash($value['name']) . "',\n        event = '" . doSlash($value['event']) . "',\n        data = '" . doSlash($value['data']) . "',\n        lastmod = '" . doSlash(strftime('%Y%m%d%H%M%S', $value['uLastmod'])) . "'";
    if ($exists !== false) {
        $value['ok'] = safe_update('txp_lang', $q, "owner = '" . doSlash(TEXTPATTERN_LANG_OWNER_SYSTEM) . "' AND lang = '" . doSlash($lang_code) . "' AND name = '" . doSlash($value['name']) . "'");
    } else {
        $value['ok'] = safe_insert('txp_lang', "{$q}, lang = '" . doSlash($lang_code) . "'");
Beispiel #26
 * User editor panel.
 * Accessing requires 'admin.edit' privileges.
function author_edit()
    global $step, $txp_user;
    pagetop(gTxt('tab_site_admin'), '');
    $vars = array('user_id', 'name', 'RealName', 'email', 'privs');
    $rs = array();
    $out = array();
    $is_edit = $user_id && $step == 'author_edit';
    if ($is_edit) {
        $user_id = assert_int($user_id);
        $rs = safe_row('*', 'txp_users', "user_id = {$user_id}");
    if ($is_edit) {
        $out[] = hed(gTxt('edit_author'), 2);
    } else {
        $out[] = hed(gTxt('add_new_author'), 2);
    if ($is_edit) {
        $out[] = inputLabel('login_name', strong(txpspecialchars($name)));
    } else {
        $out[] = inputLabel('login_name', fInput('text', 'name', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), 'login_name', 'add_new_author');
    $out[] = inputLabel('real_name', fInput('text', 'RealName', $RealName, '', '', '', INPUT_REGULAR, '', 'real_name'), 'real_name') . inputLabel('login_email', fInput('email', 'email', $email, '', '', '', INPUT_REGULAR, '', 'login_email'), 'email');
    if ($txp_user != $name) {
        $out[] = inputLabel('privileges', privs($privs), 'privileges', 'about_privileges');
    } else {
        $out[] = inputLabel('privileges', strong(get_priv_level($privs))) . hInput('privs', $privs);
    $out[] = pluggable_ui('author_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('admin');
    if ($user_id) {
        $out[] = hInput('user_id', $user_id) . hInput('name', $name) . sInput('author_save');
    } else {
        $out[] = sInput('author_save_new');
    echo form(n . tag(join('', $out) . n, 'section', array('class' => 'txp-edit')), '', '', 'post', 'edit-form', '', 'user_edit');
Beispiel #27
function css_save()
    extract(gpsa(array('name', 'css', 'savenew', 'newname', 'copy')));
    $css = doSlash(base64_encode($css));
    if ($savenew or $copy) {
        $newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
        if ($newname and safe_field('name', 'txp_css', "name = '{$newname}'")) {
            $message = gTxt('css_already_exists', array('{name}' => $newname));
        } elseif ($newname) {
            safe_insert('txp_css', "name = '" . $newname . "', css = '{$css}'");
            // update site last mod time
            $message = gTxt('css_created', array('{name}' => $newname));
        } else {
            $message = gTxt('css_name_required');
    } else {
        safe_update('txp_css', "css = '{$css}'", "name = '" . doSlash($name) . "'");
        // update site last mod time
        $message = gTxt('css_updated', array('{name}' => $name));
Beispiel #28
function rss()
    global $prefs, $thisarticle;
    extract(doSlash(gpsa(array('limit', 'area'))));
    // build filter criteria from a comma-separated list of sections and categories
    $feed_filter_limit = get_pref('feed_filter_limit', 10);
    $section = gps('section');
    $category = gps('category');
    if (!is_scalar($section) || !is_scalar($category)) {
        txp_die('Not Found', 404);
    $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
    $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
    $st = array();
    foreach ($section as $s) {
        $st[] = fetch_section_title($s);
    $ct = array();
    foreach ($category as $c) {
        $ct[] = fetch_category_title($c);
    $sitename .= $section ? ' - ' . join(' - ', $st) : '';
    $sitename .= $category ? ' - ' . join(' - ', $ct) : '';
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    // feed header
    $out[] = tag('' . $version, 'generator');
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag(hu, 'link');
    $out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />';
    $out[] = tag(doSpecial($site_slogan), 'description');
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
    $out[] = callback_event('rss_head');
    // feed items
    $articles = array();
    $section = doSlash($section);
    $category = doSlash($category);
    if (!$area or $area == 'article') {
        $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
        $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . doSlash($f) . "'";
        $query[] = $sfilter;
        $query[] = $cfilter;
        $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
        $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                $cb = callback_event('rss_entry');
                $a['posted'] = $uPosted;
                $permlink = permlinkurl($a);
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    $content = '';
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                $Title = escape_title(strip_tags($Title)) . $count;
                $thisauthor = get_author_name($AuthorID);
                $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
                $articles[$ID] = tag($item, 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uPosted;
    } elseif ($area == 'link') {
        $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
                $articles[$id] = tag($item, 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
    if (!$articles) {
        if ($section) {
            if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
                txp_die(gTxt('404_not_found'), '404');
        } elseif ($category) {
            switch ($area) {
                case 'link':
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                case 'article':
                    if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
    } else {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            // make sure notices/warnings/errors don't fudge up the feed
            // when compression is used
            $buf = '';
            while ($b = @ob_get_clean()) {
                $buf .= $b;
            echo $buf;
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
        } else {
            $canaim = false;
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id]) !== false) {
                    $cutarticles = true;
                    $cut_etag = true;
                if ($dates[$id] < $imsd) {
                    $cutarticles = true;
                    $cut_time = true;
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            txp_status_header('304 Not Modified');
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            // says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
    $out = array_merge($out, $articles);
    header("Content-Type: application/rss+xml; charset=utf-8");
    if (isset($etag)) {
        header('ETag: "' . $etag . '"');
    return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="" xmlns:content="" xmlns:atom="">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
Beispiel #29
function author_form()
    global $step, $txp_user;
    $vars = array('user_id', 'name', 'RealName', 'email', 'privs');
    if ($user_id && $step == 'author_edit') {
        $user_id = assert_int($user_id);
        extract(safe_row('*', 'txp_users', "user_id = {$user_id}"));
    if ($step == 'author_save' or $step == 'author_save_new') {
        foreach ($vars as $var) {
            ${$var} = '';
    $caption = gTxt($step == 'author_edit' ? 'edit_author' : 'add_new_author');
    return form(hed($caption, 3, ' style="text-align: center;"') . startTable('edit') . tr(fLabelCell('login_name') . ($user_id && $step == 'author_edit' ? td(strong($name)) : fInputCell('name', $name))) . tr(fLabelCell('real_name') . fInputCell('RealName', $RealName)) . tr(fLabelCell('email') . fInputCell('email', $email)) . tr(fLabelCell('privileges') . td(($txp_user != $name ? privs($privs) : hInput('privs', $privs) . strong(get_priv_level($privs))) . sp . popHelp('about_privileges'))) . tr(td() . td(fInput('submit', '', gTxt('save'), 'publish') . ($user_id ? '' : sp . popHelp('add_new_author')))) . endTable() . eInput('admin') . ($user_id ? hInput('user_id', $user_id) . sInput('author_save') : sInput('author_save_new')));
function ign_userList()
    global $myprivs, $ign_user, $ign_user_db, $prefs, $ign_privs;
    $allow_edit = in_array($myprivs, explode(',', $ign_privs['edit_users'])) ? true : false;
    if (version_compare($prefs['version'], '4.0.4') < 0) {
    //pagination code
    $total = safe_count($ign_user_db, '1');
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method', 'last_access')));
    $limit = 25;
    $dir = $dir == 'desc' ? 'desc' : 'asc';
    switch ($sort) {
        case 'name':
            $sort_by = 'name';
        case 'email':
            $sort_by = 'email';
        case 'privs':
            $sort_by = 'privs';
        case 'last_access':
            $sort_by = 'last_access';
        case 'realname':
            $sort_by = 'realname';
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = 1;
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    //build search here
    //TODO: Implement search on user name / real name
    $rs = safe_rows_start("*", $ign_user_db, "{$criteria} order by {$sort_by} {$dir} limit {$offset}, {$limit}");
    $out[] = hed(ign_gTxt('users'), 3, ' align="center"');
    $out[] = startTable('list');
    $out[] = tr(hCell(href(gTxt('real_name'), "index.php?event=ign_user_mgmt&step=list&page={$page}&dir={$switch_dir}&sort=real_name")) . hCell(href(gTxt('login_name'), "index.php?event=ign_user_mgmt&step=list&page={$page}&dir={$switch_dir}&sort=name")) . hCell(href(ucfirst(gTxt('email')), "index.php?event=ign_user_mgmt&step=list&page={$page}&dir={$switch_dir}&sort=email")) . hCell(href(gTxt('privileges'), "index.php?event=ign_user_mgmt&step=list&page={$page}&dir={$switch_dir}&sort=privs")) . td() . td() . hCell(href(gTxt('last_access'), "index.php?event=ign_user_mgmt&step=list&page={$page}&dir={$switch_dir}&sort=last_access")));
    if ($rs) {
        while ($a = nextRow($rs)) {
            if ($name == $ign_user) {
                $deletelink = '';
            } else {
                $deletelink = dLink('ign_user_mgmt', 'ign_user_delete', 'user_id', $user_id);
            $savelink = fInput("submit", 'save', gTxt('save'), 'smallerbox');
            $emailhref = '<a href="mailto:' . $email . '">' . $email . '</a>';
            $RealNameInput = fInput('text', 'RealName', $RealName, 'edit');
            $emailInput = fInput('text', 'email', $email, 'edit');
            $row[] = '<form action="index.php" method="post">';
            $row[] = $allow_edit ? td($RealNameInput) : td($RealName);
            $row[] = td($name);
            $row[] = $allow_edit ? td($emailInput) : td($emailhref);
            $row[] = $allow_edit ? td(ign_privList($privs) . popHelp("about_privileges")) : td(ign_getPrivLevel($privs) . popHelp("about_privileges"));
            $row[] = $allow_edit ? td($savelink) : '';
            $row[] = $allow_edit ? hInput("user_id", $user_id) . eInput("ign_user_mgmt") . sInput('ign_userSave') : td();
            $row[] = '</form>';
            $row[] = $allow_edit ? td($deletelink, 10) : td();
            //clean up last_access
            if ($last_access == 0) {
                $last_access = 'Never';
            $row[] = td($last_access);
            $out[] = tr(join('', $row));
        $out[] = endTable();
        $out[] = nav_form('ign_user_mgmt', $page, $numPages, $sort, 'asc', '1', '1');
        return join('', $out);