/**
* Prepares an array of the forum news items
*
* @package News
* @return array
*/
function getNews()
{
global $modSettings;
$admin_current_news = array();
// Ready the current news.
foreach (explode("\n", $modSettings['news']) as $id => $line) {
$admin_current_news[$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext"><$1form></em>', parse_bbc($line)));
}
$admin_current_news['last'] = array('id' => 'last', 'unparsed' => '', 'parsed' => '<div id="moreNewsItems_preview"></div>');
return $admin_current_news;
}
function shd_save_reply()
{
global $txt, $modSettings, $sourcedir, $context, $scripturl;
global $user_info, $options, $smcFunc, $memberContext;
$_REQUEST['msg'] = !empty($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : 0;
// We're replying so there must be an existing ticket or sumthin's WRONG.
$ticketinfo = shd_load_ticket();
$reply = array();
$new_reply = $_REQUEST['msg'] == 0;
// So, at this point, we can see it, but no guarantee we can reply to it.
// Can we reply to any? If so, just go right along. If not, we need to do more work.
if ($new_reply) {
if (!shd_allowed_to('shd_reply_ticket_any', $ticketinfo['dept'])) {
if (shd_allowed_to('shd_reply_ticket_own', $ticketinfo['dept'])) {
if (!$ticketinfo['is_own']) {
fatal_lang_error('shd_cannot_reply_any_but_own', false);
}
} else {
fatal_lang_error('shd_cannot_reply_any', false);
}
// can't do nuthin'
}
} else {
$query = shd_db_query('', '
SELECT id_msg, id_member, body, modified_time, modified_member, modified_name
FROM {db_prefix}helpdesk_ticket_replies
WHERE id_msg = {int:msg}
AND id_ticket = {int:ticket}', array('msg' => $_REQUEST['msg'], 'ticket' => $context['ticket_id']));
if ($smcFunc['db_num_rows']($query) == 0) {
$smcFunc['db_free_result']($query);
fatal_lang_error('shd_no_ticket', false);
}
$reply = $smcFunc['db_fetch_assoc']($query);
if (!shd_allowed_to('shd_edit_reply_any', $ticketinfo['dept'])) {
if (shd_allowed_to('shd_edit_reply_own', $ticketinfo['dept'])) {
if ($reply['id_member'] != $user_info['id']) {
fatal_lang_error('shd_cannot_edit_reply_any_but_own', false);
}
} else {
fatal_lang_error('shd_cannot_edit_reply_any', false);
}
}
}
$context['ticket_form'] = array('dept' => $ticketinfo['dept'], 'form_title' => $new_reply ? $txt['shd_reply_ticket'] : $txt['shd_ticket_edit_reply'], 'form_action' => $scripturl . '?action=helpdesk;sa=savereply', 'first_msg' => $new_reply ? 0 : $ticketinfo['id_first_msg'], 'message' => shd_format_text($ticketinfo['body'], $ticketinfo['smileys_enabled'], $new_reply ? '' : 'shd_reply_' . $ticketinfo['id_first_msg']), 'subject' => $ticketinfo['subject'], 'ticket' => $context['ticket_id'], 'msg' => $_REQUEST['msg'], 'display_id' => str_pad($context['ticket_id'], $modSettings['shd_zerofill'], '0', STR_PAD_LEFT), 'urgency' => array('setting' => $ticketinfo['urgency']), 'private' => array('setting' => $ticketinfo['private'], 'can_change' => false, 'options' => array(0 => 'shd_ticket_notprivate', 1 => 'shd_ticket_private')), 'status' => $ticketinfo['status'], 'member' => array('name' => $ticketinfo['starter_name'], 'id' => $ticketinfo['starter_id'], 'link' => shd_profile_link($ticketinfo['starter_name'], $ticketinfo['starter_id'])), 'assigned' => array('id' => $ticketinfo['assigned_id'], 'name' => !empty($ticketinfo['assigned_id']) ? $ticketinfo['assigned_name'] : $txt['shd_unassigned'], 'link' => !empty($ticketinfo['assigned_id']) ? shd_profile_link($ticketinfo['assigned_name'], $ticketinfo['assigned_id']) : '<span class="error">' . $txt['shd_unassigned'] . '</span>'), 'num_replies' => $ticketinfo['num_replies'], 'do_attach' => shd_allowed_to('shd_post_attachment', $ticketinfo['dept']), 'reply' => $_POST['shd_message'], 'return_to_ticket' => isset($_REQUEST['goback']), 'disable_smileys' => !empty($_REQUEST['no_smileys']));
$context['can_solve'] = shd_allowed_to('shd_resolve_ticket_any', $ticketinfo['dept']) || shd_allowed_to('shd_resolve_ticket_own', $ticketinfo['dept']) && $ticketinfo['starter_id'] == $user_info['id'];
$context['can_silent_update'] = $new_reply && shd_allowed_to('shd_silent_update', $ticketinfo['dept']);
$context['log_action'] = $new_reply ? 'newreply' : 'editreply';
$context['log_params']['subject'] = $context['ticket_form']['subject'];
shd_posting_additional_options();
shd_load_canned_replies();
$context['can_ping'] = $new_reply && shd_allowed_to('shd_singleton_email', $context['ticket_form']['dept']);
// Ticket privacy
if (empty($modSettings['shd_privacy_display']) || $modSettings['shd_privacy_display'] == 'smart') {
$context['display_private'] = shd_allowed_to('shd_view_ticket_private_any', $ticketinfo['dept']) || shd_allowed_to('shd_alter_privacy_own', $ticketinfo['dept']) || shd_allowed_to('shd_alter_privacy_any', $ticketinfo['dept']) || $context['ticket_form']['private']['setting'];
} else {
$context['display_private'] = true;
}
loadMemberData($ticketinfo['starter_id']);
if (loadMemberContext($ticketinfo['starter_id'])) {
$context['ticket_form']['member']['avatar'] = $memberContext[$ticketinfo['starter_id']]['avatar'];
}
if (!empty($ticketinfo['modified_time'])) {
$context['ticket_form'] += array('modified' => array('name' => $ticketinfo['modified_name'], 'id' => $ticketinfo['modified_id'], 'time' => timeformat($ticketinfo['modified_time']), 'link' => shd_profile_link($ticketinfo['modified_name'], $ticketinfo['modified_id'])));
}
if (isset($_REQUEST['preview'])) {
$context['ticket_form']['preview'] = array('title' => $txt['shd_previewing_reply'] . ': ' . (empty($context['ticket_form']['subject']) ? '<em>' . $txt['no_subject'] . '</em>' : $context['ticket_form']['subject']), 'body' => shd_format_text($_POST['shd_message']));
}
shd_load_attachments();
shd_get_urgency_options($ticketinfo['is_own'], $ticketinfo['dept']);
$context['ticket_form']['urgency']['can_change'] = false;
if (!empty($ticketinfo['num_replies'])) {
shd_setup_replies($ticketinfo['id_first_msg']);
}
// A few basic checks
if ($context['ticket_form']['status'] == TICKET_STATUS_CLOSED) {
fatal_lang_error('shd_cannot_edit_closed', false);
} elseif ($context['ticket_form']['status'] == TICKET_STATUS_DELETED) {
fatal_lang_error('shd_cannon_edit_deleted', false);
}
// Have there been any new replies that we missed?
if (empty($options['no_new_reply_warning']) && isset($_REQUEST['num_replies'])) {
$_REQUEST['num_replies'] = (int) $_REQUEST['num_replies'];
$newReplies = $context['ticket_form']['num_replies'] > $_REQUEST['num_replies'] ? $context['ticket_form']['num_replies'] - $_REQUEST['num_replies'] : 0;
if (!empty($newReplies)) {
loadLanguage('Post');
if ($newReplies > 1) {
$txt['error_new_replies'] = sprintf($txt['error_new_replies'], $newReplies);
}
$context['shd_errors'][] = $newReplies == 1 ? 'new_reply' : 'new_replies';
}
}
// OK, does the user want to close this ticket? Are there any problems with that?
if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
$string = shd_check_dependencies();
if (!empty($string)) {
$context['shd_errors'][] = $string;
}
}
// Custom fields?
shd_load_custom_fields(false, $context['ticket_form']['msg'], $context['ticket_form']['dept']);
list($missing_fields, $invalid_fields) = shd_validate_custom_fields($context['ticket_form']['msg'], $context['ticket_form']['dept']);
$context['can_override_fields'] = shd_allowed_to('shd_override_cf', $context['ticket_form']['dept']);
$context['overriding_fields'] = $context['can_override_fields'] && isset($_POST['override_cf']);
// Did any custom fields fail validation?
if (!empty($invalid_fields)) {
$context['shd_errors'][] = 'invalid_fields';
$txt['error_invalid_fields'] = sprintf($txt['error_invalid_fields'], implode(', ', $invalid_fields));
}
// Any flat-out missing?
if (!empty($missing_fields) && !$context['overriding_fields']) {
$context['shd_errors'][] = 'missing_fields';
$txt['error_missing_fields'] = sprintf($txt['error_missing_fields'], implode(', ', $missing_fields));
}
if ($context['can_override_fields'] && !empty($missing_fields)) {
$context['ticket_form']['additional_opts']['override_cf'] = array('show' => true, 'checked' => false, 'text' => $txt['shd_override_cf']);
}
if (!empty($context['shd_errors']) || !empty($context['ticket_form']['preview'])) {
checkSubmitOnce('free');
// Anything else for redisplaying the form
$context['page_title'] = $txt['shd_helpdesk'];
$context['sub_template'] = 'reply_post';
// Oh, yeah, we need to look at the existing notifications pinging stuff, if appropriate, and reset that.
if ($context['can_ping'] && !empty($_POST['notify']) && is_array($_POST['notify'])) {
$items = array();
foreach ($_POST['notify'] as $item) {
if (!empty($item) && is_numeric($item)) {
$items[] = $item;
}
}
if (!empty($items)) {
$context['notification_ping_list'] = implode(',', $items);
}
}
shd_check_attachments();
// Set up the fancy editor
shd_postbox('shd_message', un_preparsecode($_POST['shd_message']), array('post_button' => $new_reply ? $txt['shd_reply_ticket'] : $txt['shd_ticket_edit_reply']));
// Build the link tree and navigation
$context['linktree'][] = array('name' => $txt['shd_reply_ticket']);
checkSubmitOnce('register');
} else {
// It all worked, w00t, so let's get ready to rumble
$attachIDs = shd_handle_attachments();
if ($new_reply) {
// So... what is the new status?
$new_status = shd_determine_status('reply', $ticketinfo['starter_id'], $user_info['id'], -1, $context['ticket_form']['dept']);
// We explicitly don't care about how many replies - but it must be non-zero. Default in function spec is -1.
// Now to add the ticket details
$posterOptions = array('id' => $user_info['id']);
$msgOptions = array('body' => $_POST['shd_message'], 'id' => $context['ticket_form']['msg'], 'smileys_enabled' => empty($context['ticket_form']['disable_smileys']), 'attachments' => $attachIDs, 'custom_fields' => !empty($context['ticket_form']['custom_fields'][$context['ticket_form']['msg']]) ? $context['ticket_form']['custom_fields'][$context['ticket_form']['msg']] : array());
$ticketOptions = array('id' => $context['ticket_form']['ticket'], 'mark_as_read' => true, 'status' => $new_status);
if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
$ticketOptions['status'] = TICKET_STATUS_CLOSED;
shd_log_action('resolve', array('ticket' => $context['ticket_id'], 'subject' => $ticketinfo['subject']));
}
shd_create_ticket_post($msgOptions, $ticketOptions, $posterOptions);
// Handle notifications
require_once $sourcedir . '/sd_source/SimpleDesk-Notifications.php';
shd_notifications_notify_newreply($msgOptions, $ticketOptions, $posterOptions);
} else {
// Only add what has actually changed
// Now to add the ticket details
$posterOptions = array();
$msgOptions = array('id' => $context['ticket_form']['msg'], 'attachments' => $attachIDs, 'custom_fields' => !empty($context['ticket_form']['custom_fields'][$context['ticket_form']['msg']]) ? $context['ticket_form']['custom_fields'][$context['ticket_form']['msg']] : array());
$ticketOptions = array('id' => $context['ticket_form']['ticket']);
if ((bool) $ticketinfo['smileys_enabled'] == $context['ticket_form']['disable_smileys']) {
// since one is enabled, one is 'now disable'...
$msgOptions['smileys_enabled'] = !$context['ticket_form']['disable_smileys'];
}
if ($reply['body'] != $context['ticket_form']['reply']) {
$msgOptions['body'] = $context['ticket_form']['reply'];
}
if (isset($msgOptions['body'])) {
$msgOptions['modified'] = array('id' => $user_info['id'], 'name' => $user_info['name'], 'time' => time());
}
if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
$ticketOptions['status'] = TICKET_STATUS_CLOSED;
shd_log_action('resolve', array('ticket' => $context['ticket_id'], 'subject' => $ticketinfo['subject']));
}
// DOOOOOOOO EEEEEEEEEEET NAO!
shd_modify_ticket_post($msgOptions, $ticketOptions, $posterOptions);
// OK, did we get any custom fields back?
foreach ($context['custom_fields_updated'] as $field) {
$action = 'cf_' . ($field['scope'] == CFIELD_TICKET ? 'tkt' : 'rpl') . (empty($field['default']) ? 'change_' : 'chgdef_') . ($field['visible'][0] ? 'user' : '') . ($field['visible'][1] ? 'staff' : '') . 'admin';
unset($field['default'], $field['scope'], $field['visible']);
$field['subject'] = $ticketinfo['subject'];
shd_log_action($action, $field);
}
}
$context['ticket_form']['msg'] = $msgOptions['id'];
shd_done_posting();
}
}
public function action_edit()
{
global $context;
$context['sub_template'] = 'dismissnotice_ajax_edit';
$id_notice = isset($_GET['idnotice']) ? (int) $_GET['idnotice'] : 0;
if (empty($id_notice)) {
return $this->action_new();
}
require_once SUBSDIR . '/Post.subs.php';
require_once SUBSDIR . '/DismissibleNotices.class.php';
$notice = new Dismissible_Notices();
$dismissnotice_data = $notice->getNoticeById($id_notice, false);
$selected_groups = (array) json_decode($dismissnotice_data['show_to']);
$context['default_groups_list'] = $this->populateGroupList($selected_groups);
$context['dismissnotice_data'] = array('added' => standardTime($dismissnotice_data['added']), 'expire' => $dismissnotice_data['expire'], 'body' => un_preparsecode($dismissnotice_data['body']), 'class' => $dismissnotice_data['class'], 'element' => $this->positionChecked('element', $dismissnotice_data['positioning']['element']), 'position' => $dismissnotice_data['positioning']['position'], 'element_name' => $dismissnotice_data['positioning']['element_name'], 'global' => $this->positionChecked('global', $dismissnotice_data['positioning']['element']), 'groups' => $selected_groups);
}
function char_template_edit()
{
global $context, $txt, $sourcedir, $smcFunc;
require_once $sourcedir . '/Subs-Post.php';
require_once $sourcedir . '/Subs-Editor.php';
$template_id = isset($_GET['template_id']) ? (int) $_GET['template_id'] : 0;
$request = $smcFunc['db_query']('', '
SELECT id_template, template_name, template
FROM {db_prefix}character_sheet_templates
WHERE id_template = {int:template}', ['template' => $template_id]);
$row = $smcFunc['db_fetch_assoc']($request);
if (empty($row)) {
redirectexit('action=admin;area=templates');
}
$context['template_id'] = $template_id;
$context['template_name'] = $row['template_name'];
// Now create the editor.
$editorOptions = ['id' => 'message', 'value' => un_preparsecode($row['template']), 'labels' => ['post_button' => $txt['save']], 'height' => '500px', 'width' => '100%', 'preview_type' => 0, 'required' => true];
create_control_richedit($editorOptions);
$context['page_title'] = $txt['char_templates_edit'];
$context['sub_template'] = 'char_template_edit';
loadTemplate('Admin-Chars');
}
function load_char_sheet_templates()
{
global $context, $smcFunc, $sourcedir;
require_once $sourcedir . '/Subs-Post.php';
$context['sheet_templates'] = [];
// Go fetch the possible templates.
$request = $smcFunc['db_query']('', '
SELECT id_template, template_name, template
FROM {db_prefix}character_sheet_templates
ORDER BY position ASC');
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$context['sheet_templates'][$row['id_template']] = array('name' => $row['template_name'], 'body' => un_preparsecode($row['template']));
}
$smcFunc['db_free_result']($request);
}
function list_getNews()
{
global $modSettings;
$admin_current_news = array();
// Ready the current news.
foreach (explode("\n", $modSettings['news']) as $id => $line) {
$admin_current_news[$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext"><$1form></em>', parse_bbc($line)));
}
$admin_current_news['last'] = array('id' => 'last', 'unparsed' => '<div id="moreNewsItems"></div>
<noscript><textarea rows="3" cols="65" name="news[]" style="' . (isBrowser('is_ie8') ? 'width: 635px; max-width: 85%; min-width: 85%' : 'width: 85%') . ';"></textarea></noscript>', 'parsed' => '<div id="moreNewsItems_preview"></div>');
return $admin_current_news;
}
/**
* Prepares a post subject for the post form
*
* - Will add the approriate Re: to the post subject if its a reply to an existing post
* - If quoting a post, or editing a post, this function also prepares the message body
* - if editing is true, returns $message|$message[errors], else returns array($subject, $message)
*
* @package Posts
* @param boolean $editing
* @param int|null|false $topic
* @param string $first_subject
*/
function getFormMsgSubject($editing, $topic, $first_subject = '')
{
global $modSettings, $context;
$db = database();
if ($editing) {
require_once SUBSDIR . '/Messages.subs.php';
// Get the existing message.
$message = messageDetails((int) $_REQUEST['msg'], $topic);
// The message they were trying to edit was most likely deleted.
if ($message === false) {
fatal_lang_error('no_message', false);
}
$errors = checkMessagePermissions($message['message']);
prepareMessageContext($message);
if (!empty($errors)) {
$message['errors'] = $errors;
}
return $message;
} else {
// Posting a quoted reply?
if (!empty($topic) && !empty($_REQUEST['quote']) || !empty($modSettings['enableFollowup']) && !empty($_REQUEST['followup'])) {
$msg_id = !empty($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : (int) $_REQUEST['followup'];
// Make sure they _can_ quote this post, and if so get it.
$request = $db->query('', '
SELECT m.subject, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
WHERE m.id_msg = {int:id_msg}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : '
AND m.approved = {int:is_approved}') . '
LIMIT 1', array('id_msg' => $msg_id, 'is_approved' => 1));
if ($db->num_rows($request) == 0) {
fatal_lang_error('quoted_post_deleted', false);
}
list($form_subject, $mname, $mdate, $form_message) = $db->fetch_row($request);
$db->free_result($request);
// Add 'Re: ' to the front of the quoted subject.
if (trim($context['response_prefix']) != '' && Util::strpos($form_subject, trim($context['response_prefix'])) !== 0) {
$form_subject = $context['response_prefix'] . $form_subject;
}
// Censor the message and subject.
censorText($form_message);
censorText($form_subject);
$form_message = un_preparsecode($form_message);
// Remove any nested quotes, if necessary.
if (!empty($modSettings['removeNestedQuotes'])) {
$form_message = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $form_message);
}
// Add a quote string on the front and end.
$form_message = '[quote author=' . $mname . ' link=msg=' . (int) $msg_id . ' date=' . $mdate . ']' . "\n" . rtrim($form_message) . "\n" . '[/quote]';
} elseif (!empty($topic) && empty($_REQUEST['quote'])) {
// Get the first message's subject.
$form_subject = $first_subject;
// Add 'Re: ' to the front of the subject.
if (trim($context['response_prefix']) != '' && $form_subject != '' && Util::strpos($form_subject, trim($context['response_prefix'])) !== 0) {
$form_subject = $context['response_prefix'] . $form_subject;
}
// Censor the subject.
censorText($form_subject);
$form_message = '';
} else {
$form_subject = isset($_GET['subject']) ? $_GET['subject'] : '';
$form_message = '';
}
return array($form_subject, $form_message);
}
}
function QuoteFast()
{
global $modSettings, $user_info, $txt, $settings, $context;
global $sourcedir, $smcFunc;
loadLanguage('Post');
if (!isset($_REQUEST['xml'])) {
loadTemplate('Post');
}
include_once $sourcedir . '/Subs-Post.php';
$moderate_boards = boardsAllowedTo('moderate_board');
// Where we going if we need to?
$context['post_box_name'] = isset($_GET['pb']) ? $_GET['pb'] : '';
$request = $smcFunc['db_query']('', '
SELECT IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body, m.id_topic, m.subject,
m.id_board, m.id_member, m.approved
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
WHERE m.id_msg = {int:id_msg}' . (isset($_REQUEST['modify']) || !empty($moderate_boards) && $moderate_boards[0] == 0 ? '' : '
AND (t.locked = {int:not_locked}' . (empty($moderate_boards) ? '' : ' OR b.id_board IN ({array_int:moderation_board_list})') . ')') . '
LIMIT 1', array('current_member' => $user_info['id'], 'moderation_board_list' => $moderate_boards, 'id_msg' => (int) $_REQUEST['quote'], 'not_locked' => 0));
$context['close_window'] = $smcFunc['db_num_rows']($request) == 0;
$row = $smcFunc['db_fetch_assoc']($request);
$smcFunc['db_free_result']($request);
$context['sub_template'] = 'quotefast';
if (!empty($row)) {
$can_view_post = $row['approved'] || $row['id_member'] != 0 && $row['id_member'] == $user_info['id'] || allowedTo('approve_posts', $row['id_board']);
}
if (!empty($can_view_post)) {
// Remove special formatting we don't want anymore.
$row['body'] = un_preparsecode($row['body']);
// Censor the message!
censorText($row['body']);
$row['body'] = preg_replace('~<br ?/?' . '>~i', "\n", $row['body']);
// Want to modify a single message by double clicking it?
if (isset($_REQUEST['modify'])) {
censorText($row['subject']);
$context['sub_template'] = 'modifyfast';
$context['message'] = array('id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'));
return;
}
// Remove any nested quotes.
if (!empty($modSettings['removeNestedQuotes'])) {
$row['body'] = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $row['body']);
}
// Make the body HTML if need be.
if (!empty($_REQUEST['mode'])) {
require_once $sourcedir . '/Subs-Editor.php';
$row['body'] = strtr($row['body'], array('<' => '#smlt#', '>' => '#smgt#', '&' => '#smamp#'));
$row['body'] = bbc_to_html($row['body']);
$lb = '<br />';
} else {
$lb = "\n";
}
// Add a quote string on the front and end.
$context['quote']['xml'] = '[quote author=' . $row['poster_name'] . ' link=topic=' . $row['id_topic'] . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $row['poster_time'] . ']' . $lb . $row['body'] . $lb . '[/quote]';
$context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
$context['quote']['xml'] = strtr($context['quote']['xml'], array(' ' => ' ', '<' => '<', '>' => '>'));
$context['quote']['mozilla'] = strtr($smcFunc['htmlspecialchars']($context['quote']['text']), array('"' => '"'));
} elseif (isset($_REQUEST['modify'])) {
$context['sub_template'] = 'modifyfast';
$context['message'] = array('id' => 0, 'body' => '', 'subject' => '');
} else {
$context['quote'] = array('xml' => '', 'mozilla' => '', 'text' => '');
}
}
/**
* Edits an existing or adds a new article to the system
* Handles the previewing of an article
*/
public function action_sportal_admin_article_edit()
{
global $context, $options, $txt;
$this->_is_new = empty($_REQUEST['article_id']);
$article_errors = Error_Context::context('article', 0);
// Going to use editor and post functions
require_once SUBSDIR . '/Post.subs.php';
require_once SUBSDIR . '/Editor.subs.php';
// Convert this to BBC?
if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') {
$convert = $_REQUEST['content'];
require_once SUBSDIR . '/Html2BBC.class.php';
$bbc_converter = new Convert_BBC($convert);
$convert = $bbc_converter->get_bbc();
$convert = un_htmlspecialchars($convert);
$_POST['content'] = $convert;
}
// Saving the work?
if (!empty($_POST['submit']) && !$article_errors->hasErrors()) {
checkSession();
$this->_sportal_admin_article_edit_save();
}
// Just taking a look before you save?
if (!empty($_POST['preview']) || $article_errors->hasErrors()) {
$context['article'] = $this->_sportal_admin_article_preview();
// Fix any bbc errors they have created
if ($context['article']['type'] == 'bbc') {
preparsecode($context['article']['body']);
}
loadTemplate('PortalArticles');
// Showing errors or a preview?
if ($article_errors->hasErrors()) {
$context['article_errors'] = array('errors' => $article_errors->prepareErrors(), 'type' => $article_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $txt['sp_form_errors_detected']);
} else {
$context['preview'] = true;
}
} elseif ($this->_is_new) {
$context['article'] = array('id' => 0, 'article_id' => 'article' . mt_rand(1, 5000), 'category' => array('id' => 0), 'title' => $txt['sp_articles_default_title'], 'body' => '', 'type' => 'bbc', 'permissions' => 3, 'status' => 1);
} else {
$_REQUEST['article_id'] = (int) $_REQUEST['article_id'];
$context['article'] = sportal_get_articles($_REQUEST['article_id']);
}
if ($context['article']['type'] === 'bbc') {
$context['article']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['article']['body']));
}
// On to the editor
if ($context['article']['type'] !== 'bbc') {
// Override user prefs for wizzy mode if they don't need it
$temp_editor = !empty($options['wysiwyg_default']);
$options['wysiwyg_default'] = false;
}
// Fire up the editor with the values
$editor_options = array('id' => 'content', 'value' => $context['article']['body'], 'width' => '100%', 'height' => '225px', 'preview_type' => 2);
create_control_richedit($editor_options);
$context['post_box_name'] = $editor_options['id'];
// Restore their settings
if (isset($temp_editor)) {
$options['wysiwyg_default'] = $temp_editor;
}
// Set the editor box to the right mode based on type (bbc, html, php)
addInlineJavascript('
$(window).load(function() {
diewithfire = window.setTimeout(function() {sp_update_editor("' . $context['article']['type'] . '", "");}, 200);
});
');
// Final bits for the template, category's and permission settings
$context['article']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
if (empty($context['article']['permission_profiles'])) {
fatal_lang_error('error_sp_no_permission_profiles', false);
}
$context['article']['categories'] = sportal_get_categories();
if (empty($context['article']['categories'])) {
fatal_lang_error('error_sp_no_category', false);
}
// Page out values
$context['is_new'] = $this->_is_new;
$context['article']['body'] = sportal_parse_content($context['article']['body'], $context['article']['type'], 'return');
$context['page_title'] = $this->_is_new ? $txt['sp_admin_articles_add'] : $txt['sp_admin_articles_edit'];
$context['sub_template'] = 'articles_edit';
}
/**
* Get a draft contents, other draft details.
*
* @param int $id_member
* @param int $id_board
* @param int $id_topic
* @param int $id_msg = 0
*/
function getDraft($id_member, $id_board, $id_topic, $id_msg = 0)
{
global $context;
$id_cond = empty($_REQUEST['draft_id']) ? '1=1' : ' id_draft = {int:draft} ';
$id_sel = $id_msg ? ' AND id_msg = {int:message} ' : ' AND id_board = {int:board} AND id_topic = {int:topic} ';
$query = smf_db_query('
SELECT id_draft, id_board, id_topic, subject, body, icon, smileys, is_locked, is_sticky
FROM {db_prefix}drafts WHERE ' . $id_cond . '
AND id_member = {int:member}
' . $id_sel . '
LIMIT 1', array('draft' => isset($_REQUEST['draft_id']) ? $_REQUEST['draft_id'] : 0, 'member' => $id_member, 'board' => $id_board, 'topic' => $id_topic, 'message' => $id_msg));
if ($row = mysql_fetch_assoc($query)) {
$context['subject'] = $row['subject'];
$context['message'] = un_preparsecode($row['body']);
$context['use_smileys'] = !empty($row['smileys']);
$context['icon'] = $row['icon'];
$context['draft_locked'] = $context['locked'];
$context['locked'] = !empty($row['is_locked']);
$context['sticky'] = !empty($row['is_sticky']);
if ($id_msg) {
$context['draft_id'] = $row['id_draft'];
}
} else {
$context['draft_locked'] = $context['locked'];
}
mysql_free_result($query);
}
/**
* Interface for adding/editing a page
*/
public function action_sportal_admin_page_edit()
{
global $txt, $context, $options;
$context['SPortal']['is_new'] = empty($_REQUEST['page_id']);
$pages_errors = Error_Context::context('pages', 0);
// Some help will be needed
require_once SUBSDIR . '/Editor.subs.php';
require_once SUBSDIR . '/Post.subs.php';
// Convert this to BBC?
if (!empty($_REQUEST['content_mode']) && $_POST['type'] === 'bbc') {
require_once SUBSDIR . 'Html2BBC.class.php';
$bbc_converter = new Convert_BBC($_REQUEST['content']);
$_REQUEST['content'] = $bbc_converter->get_bbc();
$_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']);
$_POST['content'] = $_REQUEST['content'];
}
// Load in the blocks that can be used on a page
$this->blocks = getBlockInfo();
$context['page_blocks'] = $this->_sportal_admin_page_load_blocks();
// Saving the work?
if (!empty($_POST['submit']) && !$pages_errors->hasErrors()) {
checkSession();
$this->_sportal_admin_page_edit_save();
}
// Doing a quick look before you save or you messed up?
if (!empty($_POST['preview']) || $pages_errors->hasErrors()) {
$context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permissions' => $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']));
// Fix up bbc errors before we go to the preview
if ($context['SPortal']['page']['type'] == 'bbc') {
preparsecode($context['SPortal']['page']['body']);
}
loadTemplate('PortalPages');
// Showing errors or a preview?
if ($pages_errors->hasErrors()) {
$context['pages_errors'] = array('errors' => $pages_errors->prepareErrors(), 'type' => $pages_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $txt['sp_form_errors_detected']);
} else {
$context['SPortal']['preview'] = true;
}
} elseif ($context['SPortal']['is_new']) {
$context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permissions' => 3, 'style' => '', 'status' => 1);
} else {
$_REQUEST['page_id'] = (int) $_REQUEST['page_id'];
$context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']);
}
if ($context['SPortal']['page']['type'] === 'bbc') {
$context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['SPortal']['page']['body']));
}
// Set up the editor, values, initial state, etc
if ($context['SPortal']['page']['type'] !== 'bbc') {
// No wizzy mode if they don't need it
$temp_editor = !empty($options['wysiwyg_default']);
$options['wysiwyg_default'] = false;
}
$editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '100%', 'height' => '225px', 'preview_type' => 2);
create_control_richedit($editorOptions);
$context['post_box_name'] = $editorOptions['id'];
if (isset($temp_editor)) {
$options['wysiwyg_default'] = $temp_editor;
}
// Set the editor box as needed (editor or textbox, etc)
addInlineJavascript('
$(window).load(function() {
diewithfire = window.setTimeout(function() {sp_update_editor("' . $context['SPortal']['page']['type'] . '", "");}, 200);
});
');
// Permissions
$context['SPortal']['page']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
if (empty($context['SPortal']['page']['permission_profiles'])) {
fatal_lang_error('error_sp_no_permission_profiles', false);
}
// And for the template
$context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview']));
$context['SPortal']['page']['body'] = sportal_parse_content($context['SPortal']['page']['body'], $context['SPortal']['page']['type'], 'return');
$context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit'];
$context['sub_template'] = 'pages_edit';
}
/**
* Loads a post an inserts it into the current editing text box.
* Used to quick edit a post as well as to quote a post and place it in the quick reply box
* Can be used to quick edit just the subject from the topic listing
*
* uses the Post language file.
* uses special (sadly browser dependent) javascript to parse entities for internationalization reasons.
* accessed with ?action=quotefast and ?action=quotefast;modify
*/
public function action_quotefast()
{
global $modSettings, $user_info, $context;
$db = database();
loadLanguage('Post');
require_once SUBSDIR . '/Post.subs.php';
$moderate_boards = boardsAllowedTo('moderate_board');
// Where we going if we need to?
$context['post_box_name'] = isset($_GET['pb']) ? $_GET['pb'] : '';
$request = $db->query('', '
SELECT IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body, m.id_topic, m.subject,
m.id_board, m.id_member, m.approved
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
WHERE m.id_msg = {int:id_msg}' . (isset($_REQUEST['modify']) || !empty($moderate_boards) && $moderate_boards[0] == 0 ? '' : '
AND (t.locked = {int:not_locked}' . (empty($moderate_boards) ? '' : ' OR b.id_board IN ({array_int:moderation_board_list})') . ')') . '
LIMIT 1', array('current_member' => $user_info['id'], 'moderation_board_list' => $moderate_boards, 'id_msg' => (int) $_REQUEST['quote'], 'not_locked' => 0));
$row = $db->fetch_assoc($request);
$db->free_result($request);
$context['sub_template'] = 'quotefast';
if (!empty($row)) {
$can_view_post = $row['approved'] || $row['id_member'] != 0 && $row['id_member'] == $user_info['id'] || allowedTo('approve_posts', $row['id_board']);
}
if (!empty($can_view_post)) {
// Remove special formatting we don't want anymore.
$row['body'] = un_preparsecode($row['body']);
// Censor the message!
censorText($row['body']);
$row['body'] = preg_replace('~<br ?/?' . '>~i', "\n", $row['body']);
// Want to modify a single message by double clicking it?
if (isset($_REQUEST['modify'])) {
censorText($row['subject']);
$context['sub_template'] = 'modifyfast';
$context['message'] = array('id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'));
return;
}
// Remove any nested quotes.
if (!empty($modSettings['removeNestedQuotes'])) {
$row['body'] = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $row['body']);
}
// Add a quote string on the front and end.
$context['quote']['xml'] = '[quote author=' . $row['poster_name'] . ' link=msg=' . (int) $_REQUEST['quote'] . ' date=' . $row['poster_time'] . "]\n" . $row['body'] . "\n[/quote]";
$context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
$context['quote']['xml'] = strtr($context['quote']['xml'], array(' ' => ' ', '<' => '<', '>' => '>'));
$context['quote']['mozilla'] = strtr(Util::htmlspecialchars($context['quote']['text']), array('"' => '"'));
} elseif (isset($_REQUEST['modify'])) {
$context['sub_template'] = 'modifyfast';
$context['message'] = array('id' => 0, 'body' => '', 'subject' => '');
} else {
$context['quote'] = array('xml' => '', 'mozilla' => '', 'text' => '');
}
}
function shd_frontpage_options($return_config)
{
global $context, $modSettings, $txt, $sourcedir, $smcFunc;
// Since this is potentially dangerous, real admins only, thanks.
isAllowedTo('admin_forum');
$config_vars = array(array('select', 'shdp_frontpage_appear', array('always' => $txt['shdp_frontpage_appear_always'], 'firstload' => $txt['shdp_frontpage_appear_firstload'], 'firstdefault' => $txt['shdp_frontpage_appear_firstdefault'])), '', array('select', 'shdp_frontpage_type', array('php' => $txt['shdp_frontpage_type_php'], 'bbcode' => $txt['shdp_frontpage_type_bbcode'])), array('large_text', 'shdp_frontpage_content', 'size' => 30));
$context['settings_title'] = $txt['shdp_frontpage'];
$context['settings_icon'] = 'frontpage.png';
// Are we actually going to display this, or bouncing it back just for admin search?
if (!$return_config) {
require_once $sourcedir . '/Subs-Post.php';
require_once $sourcedir . '/Subs-Editor.php';
loadTemplate('sd_plugins_template/SDPluginFrontPage');
$context['sub_template'] = 'shd_frontpage_admin';
$context['shdp_frontpage_content'] = !empty($modSettings['shdp_frontpage_content']) ? un_preparsecode($modSettings['shdp_frontpage_content']) : '';
if (isset($_GET['save'])) {
$_POST['shdp_frontpage_content'] = isset($_POST['shdp_frontpage_content']) ? $_POST['shdp_frontpage_content'] : '';
if (!empty($_POST['shdp_frontpage_type']) && $_POST['shdp_frontpage_type'] == 'php') {
$context['shdp_frontpage_content'] = $smcFunc['htmlspecialchars']($_POST['shdp_frontpage_content'], ENT_QUOTES);
} else {
$_POST['shdp_frontpage_content'] = $smcFunc['htmlspecialchars']($_POST['shdp_frontpage_content'], ENT_QUOTES);
preparsecode($_POST['shdp_frontpage_content']);
$context['shdp_frontpage_content'] = un_preparsecode($_POST['shdp_frontpage_content']);
// So it's a known safe version.
}
}
$modSettings['disable_wysiwyg'] = true;
$editorOptions = array('id' => 'shdp_frontpage_content', 'value' => $context['shdp_frontpage_content'], 'labels' => array('post_button' => $txt['save']), 'preview_type' => 0, 'width' => '70%', 'disable_smiley_box' => false);
create_control_richedit($editorOptions);
$context['post_box_name'] = $editorOptions['id'];
}
return $config_vars;
}
function method_save_raw_post()
{
global $mobdb, $mobsettings, $user_info, $context, $sourcedir, $func, $smcFunc;
if ($user_info['is_guest']) {
createErrorResponse(8);
}
require_once $sourcedir . '/Subs-Post.php';
// What is this post?
$id_msg = (int) $context['mob_request']['params'][0][0];
if (empty($id_msg)) {
createErrorResponse(6);
}
$subject = utf8ToAscii(trim(base64_decode($context['mob_request']['params'][1][0])));
$body = utf8ToAscii(trim(base64_decode($context['mob_request']['params'][2][0])));
######## Added by Sean##############
$subject = addslashes__recursive($subject);
$body = addslashes__recursive($body);
// Set up the inputs for the form.
$body = $func['htmlspecialchars']($body, ENT_QUOTES);
preparsecode($body);
$subject = strtr($func['htmlspecialchars']($subject), array("\r" => '', "\n" => '', "\t" => ''));
##################################################################
if (empty($body)) {
createErrorResponse('incorrect_params', '', 'xmlrpc');
}
// Get the board and body
$mobdb->query('
SELECT b.ID_BOARD AS id_board, m.ID_MEMBER AS id_member, t.isSticky, t.locked, t.ID_TOPIC, m.posterTime AS poster_time, t.ID_MEMBER_STARTED
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
WHERE m.ID_MSG = {int:msg}', array('msg' => $id_msg));
if ($mobdb->num_rows() == 0) {
createErrorResponse(6);
}
list($id_board, $id_member_posted, $sticky, $locked, $id_topic, $post_time, $id_member_start) = $mobdb->fetch_row();
$mobdb->free_result();
$is_started = $user_info['id'] == $id_member_start && !$user_info['is_guest'];
$can_edit = (!$locked || allowedTo('moderate_board', $id_board)) && (allowedTo('modify_any', $id_board) || allowedTo('modify_replies', $id_board) && $is_started || allowedTo('modify_own', $id_board) && $id_member_posted == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $post_time + $modSettings['edit_disable_time'] * 60 > time()));
if (!$can_edit) {
createErrorResponse(6);
}
//$subject = strtr(htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => ''));
//$body = htmlspecialchars($body);
$body = un_preparsecode($body);
censorText($subject);
censorText($body);
// Save it!
$msgOptions = array('body' => $body, 'id' => $id_msg);
if ($subject) {
$msgOptions['subject'] = $subject;
}
$topicOptions = array('id' => $id_topic, 'sticky_mode' => $sticky, 'locked_mode' => $locked);
$posterOptions = array();
modifyPost($msgOptions, $topicOptions, $posterOptions);
outputRPCResult(true);
}
function EditNews()
{
global $txt, $modSettings, $context, $sourcedir, $user_info;
global $smcFunc;
require_once $sourcedir . '/Subs-Post.php';
// The 'remove selected' button was pressed.
if (!empty($_POST['delete_selection']) && !empty($_POST['remove'])) {
checkSession();
// Store the news temporarily in this array.
$temp_news = explode("\n", $modSettings['news']);
// Remove the items that were selected.
foreach ($temp_news as $i => $news) {
if (in_array($i, $_POST['remove'])) {
unset($temp_news[$i]);
}
}
// Update the database.
updateSettings(array('news' => implode("\n", $temp_news)));
logAction('news');
} elseif (!empty($_POST['save_items'])) {
checkSession();
foreach ($_POST['news'] as $i => $news) {
if (trim($news) == '') {
unset($_POST['news'][$i]);
} else {
$_POST['news'][$i] = $smcFunc['htmlspecialchars']($_POST['news'][$i], ENT_QUOTES);
preparsecode($_POST['news'][$i]);
}
}
// Send the new news to the database.
updateSettings(array('news' => implode("\n", $_POST['news'])));
// Log this into the moderation log.
logAction('news');
}
// Ready the current news.
foreach (explode("\n", $modSettings['news']) as $id => $line) {
$context['admin_current_news'][$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext"><$1form></em>', parse_bbc($line)));
}
$context['sub_template'] = 'edit_news';
$context['page_title'] = $txt['admin_edit_news'];
}
function QuoteFast()
{
global $db_prefix, $modSettings, $user_info, $txt, $settings, $context;
global $sourcedir, $func;
loadLanguage('Post');
if (!isset($_REQUEST['xml'])) {
loadTemplate('Post');
}
checkSession('get');
include_once $sourcedir . '/Subs-Post.php';
$moderate_boards = boardsAllowedTo('moderate_board');
$request = db_query("\n\t\tSELECT IFNULL(mem.realName, m.posterName) AS posterName, m.posterTime, m.body, m.ID_TOPIC, m.subject, t.locked\n\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}boards AS b, {$db_prefix}topics AS t)\n\t\t\tLEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = m.ID_MEMBER)\n\t\tWHERE m.ID_MSG = " . (int) $_REQUEST['quote'] . "\n\t\t\tAND b.ID_BOARD = m.ID_BOARD\n\t\t\tAND t.ID_TOPIC = m.ID_TOPIC\n\t\t\tAND {$user_info['query_see_board']}" . (!isset($_REQUEST['modify']) || !empty($moderate_boards) && $moderate_boards[0] == 0 ? '' : '
AND (t.locked = 0' . (empty($moderate_boards) ? '' : ' OR b.ID_BOARD IN (' . implode(', ', $moderate_boards) . ')') . ')') . "\n\t\tLIMIT 1", __FILE__, __LINE__);
$context['close_window'] = mysql_num_rows($request) == 0;
$context['sub_template'] = 'quotefast';
if (mysql_num_rows($request) != 0) {
$row = mysql_fetch_assoc($request);
mysql_free_result($request);
// Remove special formatting we don't want anymore.
$row['body'] = un_preparsecode($row['body']);
// Censor the message!
censorText($row['body']);
$row['body'] = preg_replace('~<br(?: /)?' . '>~i', "\n", $row['body']);
// Want to modify a single message by double clicking it?
if (isset($_REQUEST['modify'])) {
censorText($row['subject']);
$context['sub_template'] = 'modifyfast';
$context['message'] = array('id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'));
return;
}
// Remove any nested quotes.
if (!empty($modSettings['removeNestedQuotes'])) {
$row['body'] = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $row['body']);
}
// Add a quote string on the front and end.
$context['quote']['xml'] = '[quote author=' . $row['posterName'] . ' link=topic=' . $row['ID_TOPIC'] . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $row['posterTime'] . ']' . "\n" . $row['body'] . "\n" . '[/quote]';
$context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
$context['quote']['xml'] = strtr($context['quote']['xml'], array(' ' => ' ', '<' => '<', '>' => '>'));
$context['quote']['mozilla'] = strtr($func['htmlspecialchars']($context['quote']['text']), array('"' => '"'));
} elseif (isset($_REQUEST['modify'])) {
$context['sub_template'] = 'modifyfast';
$context['message'] = array('id' => 0, 'body' => '', 'subject' => '');
} else {
$context['quote'] = array('xml' => '', 'mozilla' => '', 'text' => '');
}
}
/**
* Display a chosen article
*
* - Update the stats, like #views etc
*/
public function action_sportal_article()
{
global $context, $scripturl, $user_info;
$article_id = !empty($_REQUEST['article']) ? $_REQUEST['article'] : 0;
if (is_int($article_id)) {
$article_id = (int) $article_id;
} else {
$article_id = Util::htmlspecialchars($article_id, ENT_QUOTES);
}
// Fetch and render the article
$context['article'] = sportal_get_articles($article_id, true, true);
if (empty($context['article']['id'])) {
fatal_lang_error('error_sp_article_not_found', false);
}
$context['article']['body'] = sportal_parse_content($context['article']['body'], $context['article']['type'], 'return');
// Set up for the comment pagination
$total_comments = sportal_get_article_comment_count($context['article']['id']);
$per_page = min($total_comments, !empty($modSettings['sp_articles_comments_per_page']) ? $modSettings['sp_articles_comments_per_page'] : 20);
$start = !empty($_REQUEST['comments']) ? (int) $_REQUEST['comments'] : 0;
if ($total_comments > $per_page) {
$context['page_index'] = constructPageIndex($scripturl . '?article=' . $context['article']['article_id'] . ';comments=%1$d', $start, $total_comments, $per_page, true);
}
// Load in all the comments for the article
$context['article']['comments'] = sportal_get_comments($context['article']['id'], $per_page, $start);
// Prepare the final template details
$context['article']['date'] = htmlTime($context['article']['date']);
$context['article']['can_comment'] = $context['user']['is_logged'];
$context['article']['can_moderate'] = allowedTo('sp_admin') || allowedTo('sp_manage_articles');
// Commenting, new or an update perhaps
if ($context['article']['can_comment'] && !empty($_POST['body'])) {
checkSession();
sp_prevent_flood('spacp', false);
require_once SUBSDIR . '/Post.subs.php';
// Prep the body / comment
$body = Util::htmlspecialchars(trim($_POST['body']));
preparsecode($body);
// Update or add a new comment
if (!empty($body) && trim(strip_tags(parse_bbc($body, false), '<img>')) !== '') {
if (!empty($_POST['comment'])) {
list($comment_id, $author_id, ) = sportal_fetch_article_comment((int) $_POST['comment']);
if (empty($comment_id) || !$context['article']['can_moderate'] && $user_info['id'] != $author_id) {
fatal_lang_error('error_sp_cannot_comment_modify', false);
}
sportal_modify_article_comment($comment_id, $body);
} else {
sportal_create_article_comment($context['article']['id'], $body);
}
}
// Set a anchor
$anchor = '#comment' . (!empty($comment_id) ? $comment_id : ($total_comments > 0 ? $total_comments - 1 : 1));
redirectexit('article=' . $context['article']['article_id'] . $anchor);
}
// Prepare to edit an existing comment
if ($context['article']['can_comment'] && !empty($_GET['modify'])) {
checkSession('get');
list($comment_id, $author_id, $body) = sportal_fetch_article_comment((int) $_GET['modify']);
if (empty($comment_id) || !$context['article']['can_moderate'] && $user_info['id'] != $author_id) {
fatal_lang_error('error_sp_cannot_comment_modify', false);
}
require_once SUBSDIR . '/Post.subs.php';
$context['article']['comment'] = array('id' => $comment_id, 'body' => str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($body)));
}
// Want to delete a comment?
if ($context['article']['can_comment'] && !empty($_GET['delete'])) {
checkSession('get');
if (sportal_delete_article_comment((int) $_GET['delete']) === false) {
fatal_lang_error('error_sp_cannot_comment_delete', false);
}
redirectexit('article=' . $context['article']['article_id']);
}
// Increase the article view counter
if (empty($_SESSION['last_viewed_article']) || $_SESSION['last_viewed_article'] != $context['article']['id']) {
sportal_increase_viewcount('article', $context['article']['id']);
$_SESSION['last_viewed_article'] = $context['article']['id'];
}
// Build the breadcrumbs
$context['linktree'] = array_merge($context['linktree'], array(array('url' => $scripturl . '?category=' . $context['article']['category']['category_id'], 'name' => $context['article']['category']['name']), array('url' => $scripturl . '?article=' . $context['article']['article_id'], 'name' => $context['article']['title'])));
// Off to the template we go
$context['page_title'] = $context['article']['title'];
$context['sub_template'] = 'view_article';
}
/**
* Collects a canned reply from the database and serves it via XML for insertion.
*
* Operations:
* - Session check; failing in a regular fashion (as opposed to normal return since we're using ;xml in the URL; the SMF handler can deal with that)
* - Checks for a department number in the URL, validates access to that department then queries for the requested template.
* - Call un_preparsecode to remove extraneous sanity encoding.
* - Convert to SMF style BBC-to-HTML if using WYSIWYG
* - Do other XML sanitising
* - Return via $context['ajax_raw'] for {@link shd_ajax()} to output
*/
function shd_ajax_canned()
{
global $modSettings, $user_info, $txt, $settings, $context;
global $sourcedir, $smcFunc;
loadLanguage('Post');
checkSession('get');
include_once $sourcedir . '/Subs-Post.php';
$_REQUEST['reply'] = !empty($_REQUEST['reply']) ? (int) $_REQUEST['reply'] : 0;
$message = '';
if (!empty($_REQUEST['reply']) && !empty($context['ticket_id'])) {
$query = shd_db_query('', '
SELECT hdt.id_member_started, hdt.id_dept, hdcr.body, hdcr.vis_user, hdcr.vis_staff
FROM {db_prefix}helpdesk_tickets AS hdt
INNER JOIN {db_prefix}helpdesk_cannedreplies_depts AS hdcrd ON (hdt.id_dept = hdcrd.id_dept)
INNER JOIN {db_prefix}helpdesk_cannedreplies AS hdcr ON (hdcrd.id_reply = hdcr.id_reply)
WHERE hdt.id_ticket = {int:ticket}
AND hdcr.id_reply = {int:reply}
AND hdcr.active = 1
AND {query_see_ticket}', array('ticket' => $context['ticket_id'], 'reply' => $_REQUEST['reply']));
if ($smcFunc['db_num_rows']($query) == 0) {
$smcFunc['db_free_result']($query);
return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
}
$row = $smcFunc['db_fetch_assoc']($query);
$smcFunc['db_free_result']($query);
// Check ability to reply to this ticket. No ability to reply at all, no canned reply.
if (!shd_allowed_to('shd_reply_ticket_own', $row['id_dept']) && !shd_allowed_to('shd_reply_ticket_any', $row['id_dept'])) {
return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
}
// Now check for can-reply-to-own (reply to any will pass this check correctly anyway)
if (!shd_allowed_to('shd_reply_ticket_any', $row['id_dept']) && shd_allowed_to('shd_reply_ticket_own', $row['id_dept']) && $row['id_member_started'] != $user_info['id']) {
return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
}
// Now verify the per-reply visibility. Only applies to non admins anyway...
if (!shd_allowed_to('admin_helpdesk', $row['id_dept']) && !$user_info['is_admin']) {
if (shd_allowed_to('shd_staff', $row['id_dept']) && empty($row['vis_staff'])) {
return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
} elseif (!shd_allowed_to('shd_staff', $row['id_dept']) && empty($row['vis_user'])) {
return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
}
}
$message = un_preparsecode($row['body']);
// Censor the message!
censorText($message);
$message = preg_replace('~<br ?/?' . '>~i', "\n", $row['body']);
// Make the body HTML if need be.
if (!empty($_REQUEST['mode'])) {
require_once $sourcedir . '/Subs-Editor.php';
$message = strtr($message, array('<' => '#smlt#', '>' => '#smgt#', '&' => '#smamp#'));
$message = bbc_to_html($message);
$lb = '<br />';
} else {
$lb = "\n";
}
}
$message = strtr($message, array(' ' => ' ', '<' => '<', '>' => '>'));
$context['ajax_raw'] = '<quote>' . $message . '</quote>';
}
function shd_admin_canned_editreply()
{
global $context, $smcFunc, $txt, $sourcedir, $scripturl;
require_once $sourcedir . '/Subs-Editor.php';
require_once $sourcedir . '/Subs-Post.php';
$context['page_title'] = $txt['shd_admin_cannedreplies_editreply'];
$context['sub_template'] = 'shd_edit_canned_reply';
$_REQUEST['reply'] = isset($_REQUEST['reply']) ? (int) $_REQUEST['reply'] : 0;
$query = $smcFunc['db_query']('', '
SELECT hdcr.title, hdcr.body, hdcr.vis_user, hdcr.vis_staff, hdcr.active, hdcr.id_cat
FROM {db_prefix}helpdesk_cannedreplies AS hdcr
WHERE id_reply = {int:reply}', array('reply' => $_REQUEST['reply']));
if ($smcFunc['db_num_rows']($query) == 0) {
$smcFunc['db_free_result']($query);
fatal_lang_error('shd_admin_cannedreplies_thereplyisalie', false);
}
$row = $smcFunc['db_fetch_assoc']($query);
$smcFunc['db_free_result']($query);
$context['canned_reply'] = array('id' => $_REQUEST['reply'], 'title' => $row['title'], 'body' => un_preparsecode($row['body']), 'active' => !empty($row['active']), 'vis_user' => !empty($row['vis_user']), 'vis_staff' => !empty($row['vis_staff']), 'cat' => $row['id_cat'], 'depts_selected' => array(), 'depts_available' => array());
// Now we need to get the possible departments.
$query = $smcFunc['db_query']('', '
SELECT id_dept, dept_name
FROM {db_prefix}helpdesk_depts
ORDER BY dept_order');
while ($row = $smcFunc['db_fetch_assoc']($query)) {
$context['canned_reply']['depts_available'][$row['id_dept']] = $row['dept_name'];
}
$smcFunc['db_free_result']($query);
// Now any departments this reply is attached to.
$query = $smcFunc['db_query']('', '
SELECT hdcrd.id_dept
FROM {db_prefix}helpdesk_cannedreplies_depts AS hdcrd
WHERE hdcrd.id_reply = {int:reply}', array('reply' => $_REQUEST['reply']));
while ($row = $smcFunc['db_fetch_assoc']($query)) {
$context['canned_reply']['depts_selected'][] = $row['id_dept'];
}
$smcFunc['db_free_result']($query);
checkSubmitOnce('register');
$editorOptions = array('id' => 'shd_canned_reply', 'value' => $context['canned_reply']['body'], 'labels' => array('post_button' => $txt['shd_admin_cannedreplies_editreply']), 'preview_type' => 0, 'width' => '70%', 'disable_smiley_box' => false);
create_control_richedit($editorOptions);
$context['post_box_name'] = $editorOptions['id'];
}
function sportal_admin_page_edit()
{
global $txt, $context, $modSettings, $smcFunc, $sourcedir, $options;
require_once $sourcedir . '/Subs-Editor.php';
require_once $sourcedir . '/Subs-Post.php';
$context['SPortal']['is_new'] = empty($_REQUEST['page_id']);
if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') {
$_REQUEST['content'] = html_to_bbc($_REQUEST['content']);
$_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']);
$_POST['content'] = $_REQUEST['content'];
}
$context['sides'] = array(5 => $txt['sp-positionHeader'], 1 => $txt['sp-positionLeft'], 2 => $txt['sp-positionTop'], 3 => $txt['sp-positionBottom'], 4 => $txt['sp-positionRight'], 6 => $txt['sp-positionFooter']);
$blocks = getBlockInfo();
$context['page_blocks'] = array();
foreach ($blocks as $block) {
$shown = false;
$tests = array('all', 'allpages', 'sforum');
if (!$context['SPortal']['is_new']) {
$tests[] = 'p' . (int) $_REQUEST['page_id'];
}
foreach (array('display', 'display_custom') as $field) {
if (substr($block[$field], 0, 4) === '$php') {
continue 2;
}
$block[$field] = explode(',', $block[$field]);
if (!$context['SPortal']['is_new'] && in_array('-p' . (int) $_REQUEST['page_id'], $block[$field])) {
continue;
}
foreach ($tests as $test) {
if (in_array($test, $block[$field])) {
$shown = true;
break;
}
}
}
$context['page_blocks'][$block['column']][] = array('id' => $block['id'], 'label' => $block['label'], 'shown' => $shown);
}
if (!empty($_POST['submit'])) {
checkSession();
if (!isset($_POST['title']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES)) === '') {
fatal_lang_error('sp_error_page_name_empty', false);
}
if (!isset($_POST['namespace']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES)) === '') {
fatal_lang_error('sp_error_page_namespace_empty', false);
}
$result = $smcFunc['db_query']('', '
SELECT id_page
FROM {db_prefix}sp_pages
WHERE namespace = {string:namespace}
AND id_page != {int:current}
LIMIT 1', array('limit' => 1, 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'current' => (int) $_POST['page_id']));
list($has_duplicate) = $smcFunc['db_fetch_row']($result);
$smcFunc['db_free_result']($result);
if (!empty($has_duplicate)) {
fatal_lang_error('sp_error_page_namespace_duplicate', false);
}
if (preg_match('~[^A-Za-z0-9_]+~', $_POST['namespace']) != 0) {
fatal_lang_error('sp_error_page_namespace_invalid_chars', false);
}
if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
fatal_lang_error('sp_error_page_namespace_numeric', false);
}
if ($_POST['type'] == 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
$error = sp_validate_php($_POST['content']);
if ($error) {
fatal_lang_error('error_sp_php_' . $error, false);
}
}
$permission_set = 0;
$groups_allowed = $groups_denied = '';
if (!empty($_POST['permission_set'])) {
$permission_set = (int) $_POST['permission_set'];
} elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
$groups_allowed = $groups_denied = array();
foreach ($_POST['membergroups'] as $id => $value) {
if ($value == 1) {
$groups_allowed[] = (int) $id;
} elseif ($value == -1) {
$groups_denied[] = (int) $id;
}
}
$groups_allowed = implode(',', $groups_allowed);
$groups_denied = implode(',', $groups_denied);
}
if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
foreach ($_POST['blocks'] as $id => $block) {
$_POST['blocks'][$id] = (int) $block;
}
} else {
$_POST['blocks'] = array();
}
$fields = array('namespace' => 'string', 'title' => 'string', 'body' => 'string', 'type' => 'string', 'permission_set' => 'int', 'groups_allowed' => 'string', 'groups_denied' => 'string', 'style' => 'string', 'status' => 'int');
$page_info = array('id' => (int) $_POST['page_id'], 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
if ($page_info['type'] == 'bbc') {
preparsecode($page_info['body']);
}
if ($context['SPortal']['is_new']) {
unset($page_info['id']);
$smcFunc['db_insert']('', '{db_prefix}sp_pages', $fields, $page_info, array('id_page'));
$page_info['id'] = $smcFunc['db_insert_id']('{db_prefix}sp_pages', 'id_page');
} else {
$update_fields = array();
foreach ($fields as $name => $type) {
$update_fields[] = $name . ' = {' . $type . ':' . $name . '}';
}
$smcFunc['db_query']('', '
UPDATE {db_prefix}sp_pages
SET ' . implode(', ', $update_fields) . '
WHERE id_page = {int:id}', $page_info);
}
$to_show = array();
$not_to_show = array();
$changes = array();
foreach ($context['page_blocks'] as $page_blocks) {
foreach ($page_blocks as $block) {
if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
$not_to_show[] = $block['id'];
} elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
$to_show[] = $block['id'];
}
}
}
foreach ($to_show as $id) {
if (empty($blocks[$id]['display']) && empty($blocks[$id]['display_custom']) || $blocks[$id]['display'] == 'sportal') {
$changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
} elseif (in_array($blocks[$id]['display'], array('allaction', 'allboard'))) {
$changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . ',p' . $page_info['id']);
} elseif (in_array('-p' . $page_info['id'], explode(',', $blocks[$id]['display_custom']))) {
$changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
} elseif (empty($blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_merge(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($not_to_show as $id) {
if (count(array_intersect(array($blocks[$id]['display'], $blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
$changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . $blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
} elseif (empty($blocks[$id]['display_custom'])) {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
} else {
$changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id']))));
}
}
foreach ($changes as $id => $data) {
$smcFunc['db_query']('', '
UPDATE {db_prefix}sp_blocks
SET
display = {string:display},
display_custom = {string:display_custom}
WHERE id_block = {int:id}', array('id' => $id, 'display' => $data['display'], 'display_custom' => $data['display_custom']));
}
redirectexit('action=admin;area=portalpages');
}
if (!empty($_POST['preview'])) {
$permission_set = 0;
$groups_allowed = $groups_denied = array();
if (!empty($_POST['permission_set'])) {
$permission_set = (int) $_POST['permission_set'];
} elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
foreach ($_POST['membergroups'] as $id => $value) {
if ($value == 1) {
$groups_allowed[] = (int) $id;
} elseif ($value == -1) {
$groups_denied[] = (int) $id;
}
}
}
$context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']));
if ($context['SPortal']['page']['type'] == 'bbc') {
preparsecode($context['SPortal']['page']['body']);
}
loadTemplate('PortalPages');
$context['SPortal']['preview'] = true;
} elseif ($context['SPortal']['is_new']) {
$context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permission_set' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'style' => '', 'status' => 1);
} else {
$_REQUEST['page_id'] = (int) $_REQUEST['page_id'];
$context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']);
}
if ($context['SPortal']['page']['type'] == 'bbc') {
$context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', ' '), array('"', '<', '>', ' '), un_preparsecode($context['SPortal']['page']['body']));
}
if ($context['SPortal']['page']['type'] != 'bbc') {
$temp_editor = !empty($options['wysiwyg_default']);
$options['wysiwyg_default'] = false;
}
$editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '95%', 'height' => '200px', 'preview_type' => 0);
create_control_richedit($editorOptions);
$context['post_box_name'] = $editorOptions['id'];
if (isset($temp_editor)) {
$options['wysiwyg_default'] = $temp_editor;
}
$context['SPortal']['page']['groups'] = sp_load_membergroups();
$context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview']));
$context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit'];
$context['sub_template'] = 'pages_edit';
}
/**
* edit news items.
* todo: this needs LOTS of UX improvements, AJAX inline editing and stuff like that
* for now, a basic UI is ok to test the feature
*/
function EditNewsItem()
{
global $txt, $context, $sourcedir, $scripturl;
require_once $sourcedir . '/lib/Subs-Post.php';
$id_item = isset($_REQUEST['itemid']) ? (int) $_REQUEST['itemid'] : '0';
if (isset($_GET['save'])) {
checkSession();
$_POST['body'] = commonAPI::htmlspecialchars($_POST['body'], ENT_QUOTES);
if (stripos($_POST['body'], '[more]') !== false) {
list($teaser, $body) = explode('[more]', $_POST['body']);
} else {
$teaser = '';
$body =& $_POST['body'];
}
preparsecode($teaser);
preparsecode($body);
$_POST['showboards'] = isset($_POST['showboards']) ? normalizeCommaDelimitedList($_POST['showboards']) : '';
$_POST['showtopics'] = isset($_POST['showtopics']) ? normalizeCommaDelimitedList($_POST['showtopics']) : '';
$_POST['showgroups'] = isset($_POST['showgroups']) ? normalizeCommaDelimitedList($_POST['showgroups']) : '';
$_POST['showindex'] = isset($_POST['showindex']) ? 1 : 0;
if (isset($_POST['id']) && !empty($_POST['id'])) {
// modify existing
smf_db_query('
UPDATE {db_prefix}news SET body = {string:body}, teaser = {string:teaser}, groups = {string:groups}, boards = {string:boards},
topics = {string:topics}, on_index = {int:onindex}, can_dismiss = {int:can_dismiss} WHERE id_news = {int:idnews}', array('body' => $body, 'teaser' => $teaser, 'topics' => $_POST['showtopics'], 'boards' => $_POST['showboards'], 'groups' => $_POST['showgroups'], 'idnews' => $_POST['id'], 'onindex' => $_POST['showindex'], 'can_dismiss' => $_POST['mandatory'] ? 0 : 1));
$redirect_id = $_POST['id'];
} else {
// add new
smf_db_insert('insert', '{db_prefix}news', array('body' => 'string', 'boards' => 'string', 'topics' => 'string', 'groups' => 'string', 'on_index' => 'int', 'can_dismiss' => 'int'), array($_POST['body'], $_POST['showboards'], $_POST['showtopics'], $_POST['showgroups'], $_POST['showindex'], $_POST['mandatory'] ? 0 : 1), array('id_news'));
$redirect_id = smf_db_insert_id('{db_prefix}news', 'id_news');
}
CacheAPI::putCache('newsitems', null, 360);
redirectexit($scripturl . '?action=admin;area=news;sa=editnewsitem;itemid=' . $redirect_id);
}
if ($id_item) {
$result = smf_db_query('SELECT * FROM {db_prefix}news WHERE id_news = {int:id_item}', array('id_item' => $id_item));
$row = mysql_fetch_assoc($result);
if ($row) {
$context['news_item'] = array('id' => $row['id_news'], 'teaser' => $row['teaser'], 'body' => $row['body'], 'boards' => $row['boards'], 'topics' => $row['topics'], 'on_index' => $row['on_index'], 'groups' => $row['groups'], 'can_dismiss' => $row['can_dismiss']);
if (!empty($context['news_item']['teaser'])) {
$context['news_item']['body'] = $context['news_item']['teaser'] . '[more]' . $context['news_item']['body'];
}
$context['news_item']['body'] = un_preparsecode($context['news_item']['body']);
}
mysql_free_result($result);
} else {
$context['news_item']['id'] = $context['news_item']['on_index'] = 0;
$context['news_item']['body'] = $context['news_item']['boards'] = $context['news_item']['topics'] = $context['news_item']['groups'] = '';
$context['news_item']['can_dismiss'] = 1;
}
$context['sub_template'] = 'edit_news_item';
$context['page_title'] = $txt['admin_edit_news'];
$context['submit_url'] = $scripturl . '?action=admin;area=news;sa=editnewsitem;save';
}
