Beispiel #1
0
/**
 * Prepares an array of the forum news items
 *
 * @package News
 * @return array
 */
function getNews()
{
    global $modSettings;
    $admin_current_news = array();
    // Ready the current news.
    foreach (explode("\n", $modSettings['news']) as $id => $line) {
        $admin_current_news[$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext">&lt;$1form&gt;</em>', parse_bbc($line)));
    }
    $admin_current_news['last'] = array('id' => 'last', 'unparsed' => '', 'parsed' => '<div id="moreNewsItems_preview"></div>');
    return $admin_current_news;
}
Beispiel #2
0
function shd_save_reply()
{
    global $txt, $modSettings, $sourcedir, $context, $scripturl;
    global $user_info, $options, $smcFunc, $memberContext;
    $_REQUEST['msg'] = !empty($_REQUEST['msg']) ? (int) $_REQUEST['msg'] : 0;
    // We're replying so there must be an existing ticket or sumthin's WRONG.
    $ticketinfo = shd_load_ticket();
    $reply = array();
    $new_reply = $_REQUEST['msg'] == 0;
    // So, at this point, we can see it, but no guarantee we can reply to it.
    // Can we reply to any? If so, just go right along. If not, we need to do more work.
    if ($new_reply) {
        if (!shd_allowed_to('shd_reply_ticket_any', $ticketinfo['dept'])) {
            if (shd_allowed_to('shd_reply_ticket_own', $ticketinfo['dept'])) {
                if (!$ticketinfo['is_own']) {
                    fatal_lang_error('shd_cannot_reply_any_but_own', false);
                }
            } else {
                fatal_lang_error('shd_cannot_reply_any', false);
            }
            // can't do nuthin'
        }
    } else {
        $query = shd_db_query('', '
			SELECT id_msg, id_member, body, modified_time, modified_member, modified_name
			FROM {db_prefix}helpdesk_ticket_replies
			WHERE id_msg = {int:msg}
				AND id_ticket = {int:ticket}', array('msg' => $_REQUEST['msg'], 'ticket' => $context['ticket_id']));
        if ($smcFunc['db_num_rows']($query) == 0) {
            $smcFunc['db_free_result']($query);
            fatal_lang_error('shd_no_ticket', false);
        }
        $reply = $smcFunc['db_fetch_assoc']($query);
        if (!shd_allowed_to('shd_edit_reply_any', $ticketinfo['dept'])) {
            if (shd_allowed_to('shd_edit_reply_own', $ticketinfo['dept'])) {
                if ($reply['id_member'] != $user_info['id']) {
                    fatal_lang_error('shd_cannot_edit_reply_any_but_own', false);
                }
            } else {
                fatal_lang_error('shd_cannot_edit_reply_any', false);
            }
        }
    }
    $context['ticket_form'] = array('dept' => $ticketinfo['dept'], 'form_title' => $new_reply ? $txt['shd_reply_ticket'] : $txt['shd_ticket_edit_reply'], 'form_action' => $scripturl . '?action=helpdesk;sa=savereply', 'first_msg' => $new_reply ? 0 : $ticketinfo['id_first_msg'], 'message' => shd_format_text($ticketinfo['body'], $ticketinfo['smileys_enabled'], $new_reply ? '' : 'shd_reply_' . $ticketinfo['id_first_msg']), 'subject' => $ticketinfo['subject'], 'ticket' => $context['ticket_id'], 'msg' => $_REQUEST['msg'], 'display_id' => str_pad($context['ticket_id'], $modSettings['shd_zerofill'], '0', STR_PAD_LEFT), 'urgency' => array('setting' => $ticketinfo['urgency']), 'private' => array('setting' => $ticketinfo['private'], 'can_change' => false, 'options' => array(0 => 'shd_ticket_notprivate', 1 => 'shd_ticket_private')), 'status' => $ticketinfo['status'], 'member' => array('name' => $ticketinfo['starter_name'], 'id' => $ticketinfo['starter_id'], 'link' => shd_profile_link($ticketinfo['starter_name'], $ticketinfo['starter_id'])), 'assigned' => array('id' => $ticketinfo['assigned_id'], 'name' => !empty($ticketinfo['assigned_id']) ? $ticketinfo['assigned_name'] : $txt['shd_unassigned'], 'link' => !empty($ticketinfo['assigned_id']) ? shd_profile_link($ticketinfo['assigned_name'], $ticketinfo['assigned_id']) : '<span class="error">' . $txt['shd_unassigned'] . '</span>'), 'num_replies' => $ticketinfo['num_replies'], 'do_attach' => shd_allowed_to('shd_post_attachment', $ticketinfo['dept']), 'reply' => $_POST['shd_message'], 'return_to_ticket' => isset($_REQUEST['goback']), 'disable_smileys' => !empty($_REQUEST['no_smileys']));
    $context['can_solve'] = shd_allowed_to('shd_resolve_ticket_any', $ticketinfo['dept']) || shd_allowed_to('shd_resolve_ticket_own', $ticketinfo['dept']) && $ticketinfo['starter_id'] == $user_info['id'];
    $context['can_silent_update'] = $new_reply && shd_allowed_to('shd_silent_update', $ticketinfo['dept']);
    $context['log_action'] = $new_reply ? 'newreply' : 'editreply';
    $context['log_params']['subject'] = $context['ticket_form']['subject'];
    shd_posting_additional_options();
    shd_load_canned_replies();
    $context['can_ping'] = $new_reply && shd_allowed_to('shd_singleton_email', $context['ticket_form']['dept']);
    // Ticket privacy
    if (empty($modSettings['shd_privacy_display']) || $modSettings['shd_privacy_display'] == 'smart') {
        $context['display_private'] = shd_allowed_to('shd_view_ticket_private_any', $ticketinfo['dept']) || shd_allowed_to('shd_alter_privacy_own', $ticketinfo['dept']) || shd_allowed_to('shd_alter_privacy_any', $ticketinfo['dept']) || $context['ticket_form']['private']['setting'];
    } else {
        $context['display_private'] = true;
    }
    loadMemberData($ticketinfo['starter_id']);
    if (loadMemberContext($ticketinfo['starter_id'])) {
        $context['ticket_form']['member']['avatar'] = $memberContext[$ticketinfo['starter_id']]['avatar'];
    }
    if (!empty($ticketinfo['modified_time'])) {
        $context['ticket_form'] += array('modified' => array('name' => $ticketinfo['modified_name'], 'id' => $ticketinfo['modified_id'], 'time' => timeformat($ticketinfo['modified_time']), 'link' => shd_profile_link($ticketinfo['modified_name'], $ticketinfo['modified_id'])));
    }
    if (isset($_REQUEST['preview'])) {
        $context['ticket_form']['preview'] = array('title' => $txt['shd_previewing_reply'] . ': ' . (empty($context['ticket_form']['subject']) ? '<em>' . $txt['no_subject'] . '</em>' : $context['ticket_form']['subject']), 'body' => shd_format_text($_POST['shd_message']));
    }
    shd_load_attachments();
    shd_get_urgency_options($ticketinfo['is_own'], $ticketinfo['dept']);
    $context['ticket_form']['urgency']['can_change'] = false;
    if (!empty($ticketinfo['num_replies'])) {
        shd_setup_replies($ticketinfo['id_first_msg']);
    }
    // A few basic checks
    if ($context['ticket_form']['status'] == TICKET_STATUS_CLOSED) {
        fatal_lang_error('shd_cannot_edit_closed', false);
    } elseif ($context['ticket_form']['status'] == TICKET_STATUS_DELETED) {
        fatal_lang_error('shd_cannon_edit_deleted', false);
    }
    // Have there been any new replies that we missed?
    if (empty($options['no_new_reply_warning']) && isset($_REQUEST['num_replies'])) {
        $_REQUEST['num_replies'] = (int) $_REQUEST['num_replies'];
        $newReplies = $context['ticket_form']['num_replies'] > $_REQUEST['num_replies'] ? $context['ticket_form']['num_replies'] - $_REQUEST['num_replies'] : 0;
        if (!empty($newReplies)) {
            loadLanguage('Post');
            if ($newReplies > 1) {
                $txt['error_new_replies'] = sprintf($txt['error_new_replies'], $newReplies);
            }
            $context['shd_errors'][] = $newReplies == 1 ? 'new_reply' : 'new_replies';
        }
    }
    // OK, does the user want to close this ticket? Are there any problems with that?
    if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
        $string = shd_check_dependencies();
        if (!empty($string)) {
            $context['shd_errors'][] = $string;
        }
    }
    // Custom fields?
    shd_load_custom_fields(false, $context['ticket_form']['msg'], $context['ticket_form']['dept']);
    list($missing_fields, $invalid_fields) = shd_validate_custom_fields($context['ticket_form']['msg'], $context['ticket_form']['dept']);
    $context['can_override_fields'] = shd_allowed_to('shd_override_cf', $context['ticket_form']['dept']);
    $context['overriding_fields'] = $context['can_override_fields'] && isset($_POST['override_cf']);
    // Did any custom fields fail validation?
    if (!empty($invalid_fields)) {
        $context['shd_errors'][] = 'invalid_fields';
        $txt['error_invalid_fields'] = sprintf($txt['error_invalid_fields'], implode(', ', $invalid_fields));
    }
    // Any flat-out missing?
    if (!empty($missing_fields) && !$context['overriding_fields']) {
        $context['shd_errors'][] = 'missing_fields';
        $txt['error_missing_fields'] = sprintf($txt['error_missing_fields'], implode(', ', $missing_fields));
    }
    if ($context['can_override_fields'] && !empty($missing_fields)) {
        $context['ticket_form']['additional_opts']['override_cf'] = array('show' => true, 'checked' => false, 'text' => $txt['shd_override_cf']);
    }
    if (!empty($context['shd_errors']) || !empty($context['ticket_form']['preview'])) {
        checkSubmitOnce('free');
        // Anything else for redisplaying the form
        $context['page_title'] = $txt['shd_helpdesk'];
        $context['sub_template'] = 'reply_post';
        // Oh, yeah, we need to look at the existing notifications pinging stuff, if appropriate, and reset that.
        if ($context['can_ping'] && !empty($_POST['notify']) && is_array($_POST['notify'])) {
            $items = array();
            foreach ($_POST['notify'] as $item) {
                if (!empty($item) && is_numeric($item)) {
                    $items[] = $item;
                }
            }
            if (!empty($items)) {
                $context['notification_ping_list'] = implode(',', $items);
            }
        }
        shd_check_attachments();
        // Set up the fancy editor
        shd_postbox('shd_message', un_preparsecode($_POST['shd_message']), array('post_button' => $new_reply ? $txt['shd_reply_ticket'] : $txt['shd_ticket_edit_reply']));
        // Build the link tree and navigation
        $context['linktree'][] = array('name' => $txt['shd_reply_ticket']);
        checkSubmitOnce('register');
    } else {
        // It all worked, w00t, so let's get ready to rumble
        $attachIDs = shd_handle_attachments();
        if ($new_reply) {
            // So... what is the new status?
            $new_status = shd_determine_status('reply', $ticketinfo['starter_id'], $user_info['id'], -1, $context['ticket_form']['dept']);
            // We explicitly don't care about how many replies - but it must be non-zero. Default in function spec is -1.
            // Now to add the ticket details
            $posterOptions = array('id' => $user_info['id']);
            $msgOptions = array('body' => $_POST['shd_message'], 'id' => $context['ticket_form']['msg'], 'smileys_enabled' => empty($context['ticket_form']['disable_smileys']), 'attachments' => $attachIDs, 'custom_fields' => !empty($context['ticket_form']['custom_fields'][$context['ticket_form']['msg']]) ? $context['ticket_form']['custom_fields'][$context['ticket_form']['msg']] : array());
            $ticketOptions = array('id' => $context['ticket_form']['ticket'], 'mark_as_read' => true, 'status' => $new_status);
            if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
                $ticketOptions['status'] = TICKET_STATUS_CLOSED;
                shd_log_action('resolve', array('ticket' => $context['ticket_id'], 'subject' => $ticketinfo['subject']));
            }
            shd_create_ticket_post($msgOptions, $ticketOptions, $posterOptions);
            // Handle notifications
            require_once $sourcedir . '/sd_source/SimpleDesk-Notifications.php';
            shd_notifications_notify_newreply($msgOptions, $ticketOptions, $posterOptions);
        } else {
            // Only add what has actually changed
            // Now to add the ticket details
            $posterOptions = array();
            $msgOptions = array('id' => $context['ticket_form']['msg'], 'attachments' => $attachIDs, 'custom_fields' => !empty($context['ticket_form']['custom_fields'][$context['ticket_form']['msg']]) ? $context['ticket_form']['custom_fields'][$context['ticket_form']['msg']] : array());
            $ticketOptions = array('id' => $context['ticket_form']['ticket']);
            if ((bool) $ticketinfo['smileys_enabled'] == $context['ticket_form']['disable_smileys']) {
                // since one is enabled, one is 'now disable'...
                $msgOptions['smileys_enabled'] = !$context['ticket_form']['disable_smileys'];
            }
            if ($reply['body'] != $context['ticket_form']['reply']) {
                $msgOptions['body'] = $context['ticket_form']['reply'];
            }
            if (isset($msgOptions['body'])) {
                $msgOptions['modified'] = array('id' => $user_info['id'], 'name' => $user_info['name'], 'time' => time());
            }
            if (!empty($context['can_solve']) && !empty($_POST['resolve_ticket'])) {
                $ticketOptions['status'] = TICKET_STATUS_CLOSED;
                shd_log_action('resolve', array('ticket' => $context['ticket_id'], 'subject' => $ticketinfo['subject']));
            }
            // DOOOOOOOO EEEEEEEEEEET NAO!
            shd_modify_ticket_post($msgOptions, $ticketOptions, $posterOptions);
            // OK, did we get any custom fields back?
            foreach ($context['custom_fields_updated'] as $field) {
                $action = 'cf_' . ($field['scope'] == CFIELD_TICKET ? 'tkt' : 'rpl') . (empty($field['default']) ? 'change_' : 'chgdef_') . ($field['visible'][0] ? 'user' : '') . ($field['visible'][1] ? 'staff' : '') . 'admin';
                unset($field['default'], $field['scope'], $field['visible']);
                $field['subject'] = $ticketinfo['subject'];
                shd_log_action($action, $field);
            }
        }
        $context['ticket_form']['msg'] = $msgOptions['id'];
        shd_done_posting();
    }
}
 public function action_edit()
 {
     global $context;
     $context['sub_template'] = 'dismissnotice_ajax_edit';
     $id_notice = isset($_GET['idnotice']) ? (int) $_GET['idnotice'] : 0;
     if (empty($id_notice)) {
         return $this->action_new();
     }
     require_once SUBSDIR . '/Post.subs.php';
     require_once SUBSDIR . '/DismissibleNotices.class.php';
     $notice = new Dismissible_Notices();
     $dismissnotice_data = $notice->getNoticeById($id_notice, false);
     $selected_groups = (array) json_decode($dismissnotice_data['show_to']);
     $context['default_groups_list'] = $this->populateGroupList($selected_groups);
     $context['dismissnotice_data'] = array('added' => standardTime($dismissnotice_data['added']), 'expire' => $dismissnotice_data['expire'], 'body' => un_preparsecode($dismissnotice_data['body']), 'class' => $dismissnotice_data['class'], 'element' => $this->positionChecked('element', $dismissnotice_data['positioning']['element']), 'position' => $dismissnotice_data['positioning']['position'], 'element_name' => $dismissnotice_data['positioning']['element_name'], 'global' => $this->positionChecked('global', $dismissnotice_data['positioning']['element']), 'groups' => $selected_groups);
 }
Beispiel #4
0
function char_template_edit()
{
    global $context, $txt, $sourcedir, $smcFunc;
    require_once $sourcedir . '/Subs-Post.php';
    require_once $sourcedir . '/Subs-Editor.php';
    $template_id = isset($_GET['template_id']) ? (int) $_GET['template_id'] : 0;
    $request = $smcFunc['db_query']('', '
		SELECT id_template, template_name, template
		FROM {db_prefix}character_sheet_templates
		WHERE id_template = {int:template}', ['template' => $template_id]);
    $row = $smcFunc['db_fetch_assoc']($request);
    if (empty($row)) {
        redirectexit('action=admin;area=templates');
    }
    $context['template_id'] = $template_id;
    $context['template_name'] = $row['template_name'];
    // Now create the editor.
    $editorOptions = ['id' => 'message', 'value' => un_preparsecode($row['template']), 'labels' => ['post_button' => $txt['save']], 'height' => '500px', 'width' => '100%', 'preview_type' => 0, 'required' => true];
    create_control_richedit($editorOptions);
    $context['page_title'] = $txt['char_templates_edit'];
    $context['sub_template'] = 'char_template_edit';
    loadTemplate('Admin-Chars');
}
function load_char_sheet_templates()
{
    global $context, $smcFunc, $sourcedir;
    require_once $sourcedir . '/Subs-Post.php';
    $context['sheet_templates'] = [];
    // Go fetch the possible templates.
    $request = $smcFunc['db_query']('', '
		SELECT id_template, template_name, template
		FROM {db_prefix}character_sheet_templates
		ORDER BY position ASC');
    while ($row = $smcFunc['db_fetch_assoc']($request)) {
        $context['sheet_templates'][$row['id_template']] = array('name' => $row['template_name'], 'body' => un_preparsecode($row['template']));
    }
    $smcFunc['db_free_result']($request);
}
Beispiel #6
0
function list_getNews()
{
    global $modSettings;
    $admin_current_news = array();
    // Ready the current news.
    foreach (explode("\n", $modSettings['news']) as $id => $line) {
        $admin_current_news[$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext">&lt;$1form&gt;</em>', parse_bbc($line)));
    }
    $admin_current_news['last'] = array('id' => 'last', 'unparsed' => '<div id="moreNewsItems"></div>
		<noscript><textarea rows="3" cols="65" name="news[]" style="' . (isBrowser('is_ie8') ? 'width: 635px; max-width: 85%; min-width: 85%' : 'width: 85%') . ';"></textarea></noscript>', 'parsed' => '<div id="moreNewsItems_preview"></div>');
    return $admin_current_news;
}
Beispiel #7
0
/**
 * Prepares a post subject for the post form
 *
 * - Will add the approriate Re: to the post subject if its a reply to an existing post
 * - If quoting a post, or editing a post, this function also prepares the message body
 * - if editing is true, returns $message|$message[errors], else returns array($subject, $message)
 *
 * @package Posts
 * @param boolean $editing
 * @param int|null|false $topic
 * @param string $first_subject
 */
function getFormMsgSubject($editing, $topic, $first_subject = '')
{
    global $modSettings, $context;
    $db = database();
    if ($editing) {
        require_once SUBSDIR . '/Messages.subs.php';
        // Get the existing message.
        $message = messageDetails((int) $_REQUEST['msg'], $topic);
        // The message they were trying to edit was most likely deleted.
        if ($message === false) {
            fatal_lang_error('no_message', false);
        }
        $errors = checkMessagePermissions($message['message']);
        prepareMessageContext($message);
        if (!empty($errors)) {
            $message['errors'] = $errors;
        }
        return $message;
    } else {
        // Posting a quoted reply?
        if (!empty($topic) && !empty($_REQUEST['quote']) || !empty($modSettings['enableFollowup']) && !empty($_REQUEST['followup'])) {
            $msg_id = !empty($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : (int) $_REQUEST['followup'];
            // Make sure they _can_ quote this post, and if so get it.
            $request = $db->query('', '
				SELECT m.subject, IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body
				FROM {db_prefix}messages AS m
					INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
					LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
				WHERE m.id_msg = {int:id_msg}' . (!$modSettings['postmod_active'] || allowedTo('approve_posts') ? '' : '
					AND m.approved = {int:is_approved}') . '
				LIMIT 1', array('id_msg' => $msg_id, 'is_approved' => 1));
            if ($db->num_rows($request) == 0) {
                fatal_lang_error('quoted_post_deleted', false);
            }
            list($form_subject, $mname, $mdate, $form_message) = $db->fetch_row($request);
            $db->free_result($request);
            // Add 'Re: ' to the front of the quoted subject.
            if (trim($context['response_prefix']) != '' && Util::strpos($form_subject, trim($context['response_prefix'])) !== 0) {
                $form_subject = $context['response_prefix'] . $form_subject;
            }
            // Censor the message and subject.
            censorText($form_message);
            censorText($form_subject);
            $form_message = un_preparsecode($form_message);
            // Remove any nested quotes, if necessary.
            if (!empty($modSettings['removeNestedQuotes'])) {
                $form_message = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $form_message);
            }
            // Add a quote string on the front and end.
            $form_message = '[quote author=' . $mname . ' link=msg=' . (int) $msg_id . ' date=' . $mdate . ']' . "\n" . rtrim($form_message) . "\n" . '[/quote]';
        } elseif (!empty($topic) && empty($_REQUEST['quote'])) {
            // Get the first message's subject.
            $form_subject = $first_subject;
            // Add 'Re: ' to the front of the subject.
            if (trim($context['response_prefix']) != '' && $form_subject != '' && Util::strpos($form_subject, trim($context['response_prefix'])) !== 0) {
                $form_subject = $context['response_prefix'] . $form_subject;
            }
            // Censor the subject.
            censorText($form_subject);
            $form_message = '';
        } else {
            $form_subject = isset($_GET['subject']) ? $_GET['subject'] : '';
            $form_message = '';
        }
        return array($form_subject, $form_message);
    }
}
Beispiel #8
0
function QuoteFast()
{
    global $modSettings, $user_info, $txt, $settings, $context;
    global $sourcedir, $smcFunc;
    loadLanguage('Post');
    if (!isset($_REQUEST['xml'])) {
        loadTemplate('Post');
    }
    include_once $sourcedir . '/Subs-Post.php';
    $moderate_boards = boardsAllowedTo('moderate_board');
    // Where we going if we need to?
    $context['post_box_name'] = isset($_GET['pb']) ? $_GET['pb'] : '';
    $request = $smcFunc['db_query']('', '
		SELECT IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body, m.id_topic, m.subject,
			m.id_board, m.id_member, m.approved
		FROM {db_prefix}messages AS m
			INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
			INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
			LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
		WHERE m.id_msg = {int:id_msg}' . (isset($_REQUEST['modify']) || !empty($moderate_boards) && $moderate_boards[0] == 0 ? '' : '
			AND (t.locked = {int:not_locked}' . (empty($moderate_boards) ? '' : ' OR b.id_board IN ({array_int:moderation_board_list})') . ')') . '
		LIMIT 1', array('current_member' => $user_info['id'], 'moderation_board_list' => $moderate_boards, 'id_msg' => (int) $_REQUEST['quote'], 'not_locked' => 0));
    $context['close_window'] = $smcFunc['db_num_rows']($request) == 0;
    $row = $smcFunc['db_fetch_assoc']($request);
    $smcFunc['db_free_result']($request);
    $context['sub_template'] = 'quotefast';
    if (!empty($row)) {
        $can_view_post = $row['approved'] || $row['id_member'] != 0 && $row['id_member'] == $user_info['id'] || allowedTo('approve_posts', $row['id_board']);
    }
    if (!empty($can_view_post)) {
        // Remove special formatting we don't want anymore.
        $row['body'] = un_preparsecode($row['body']);
        // Censor the message!
        censorText($row['body']);
        $row['body'] = preg_replace('~<br ?/?' . '>~i', "\n", $row['body']);
        // Want to modify a single message by double clicking it?
        if (isset($_REQUEST['modify'])) {
            censorText($row['subject']);
            $context['sub_template'] = 'modifyfast';
            $context['message'] = array('id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'));
            return;
        }
        // Remove any nested quotes.
        if (!empty($modSettings['removeNestedQuotes'])) {
            $row['body'] = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $row['body']);
        }
        // Make the body HTML if need be.
        if (!empty($_REQUEST['mode'])) {
            require_once $sourcedir . '/Subs-Editor.php';
            $row['body'] = strtr($row['body'], array('&lt;' => '#smlt#', '&gt;' => '#smgt#', '&amp;' => '#smamp#'));
            $row['body'] = bbc_to_html($row['body']);
            $lb = '<br />';
        } else {
            $lb = "\n";
        }
        // Add a quote string on the front and end.
        $context['quote']['xml'] = '[quote author=' . $row['poster_name'] . ' link=topic=' . $row['id_topic'] . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $row['poster_time'] . ']' . $lb . $row['body'] . $lb . '[/quote]';
        $context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
        $context['quote']['xml'] = strtr($context['quote']['xml'], array('&nbsp;' => '&#160;', '<' => '&lt;', '>' => '&gt;'));
        $context['quote']['mozilla'] = strtr($smcFunc['htmlspecialchars']($context['quote']['text']), array('&quot;' => '"'));
    } elseif (isset($_REQUEST['modify'])) {
        $context['sub_template'] = 'modifyfast';
        $context['message'] = array('id' => 0, 'body' => '', 'subject' => '');
    } else {
        $context['quote'] = array('xml' => '', 'mozilla' => '', 'text' => '');
    }
}
    /**
     * Edits an existing or adds a new article to the system
     * Handles the previewing of an article
     */
    public function action_sportal_admin_article_edit()
    {
        global $context, $options, $txt;
        $this->_is_new = empty($_REQUEST['article_id']);
        $article_errors = Error_Context::context('article', 0);
        // Going to use editor and post functions
        require_once SUBSDIR . '/Post.subs.php';
        require_once SUBSDIR . '/Editor.subs.php';
        // Convert this to BBC?
        if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') {
            $convert = $_REQUEST['content'];
            require_once SUBSDIR . '/Html2BBC.class.php';
            $bbc_converter = new Convert_BBC($convert);
            $convert = $bbc_converter->get_bbc();
            $convert = un_htmlspecialchars($convert);
            $_POST['content'] = $convert;
        }
        // Saving the work?
        if (!empty($_POST['submit']) && !$article_errors->hasErrors()) {
            checkSession();
            $this->_sportal_admin_article_edit_save();
        }
        // Just taking a look before you save?
        if (!empty($_POST['preview']) || $article_errors->hasErrors()) {
            $context['article'] = $this->_sportal_admin_article_preview();
            // Fix any bbc errors they have created
            if ($context['article']['type'] == 'bbc') {
                preparsecode($context['article']['body']);
            }
            loadTemplate('PortalArticles');
            // Showing errors or a preview?
            if ($article_errors->hasErrors()) {
                $context['article_errors'] = array('errors' => $article_errors->prepareErrors(), 'type' => $article_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $txt['sp_form_errors_detected']);
            } else {
                $context['preview'] = true;
            }
        } elseif ($this->_is_new) {
            $context['article'] = array('id' => 0, 'article_id' => 'article' . mt_rand(1, 5000), 'category' => array('id' => 0), 'title' => $txt['sp_articles_default_title'], 'body' => '', 'type' => 'bbc', 'permissions' => 3, 'status' => 1);
        } else {
            $_REQUEST['article_id'] = (int) $_REQUEST['article_id'];
            $context['article'] = sportal_get_articles($_REQUEST['article_id']);
        }
        if ($context['article']['type'] === 'bbc') {
            $context['article']['body'] = str_replace(array('"', '<', '>', '&nbsp;'), array('&quot;', '&lt;', '&gt;', ' '), un_preparsecode($context['article']['body']));
        }
        // On to the editor
        if ($context['article']['type'] !== 'bbc') {
            // Override user prefs for wizzy mode if they don't need it
            $temp_editor = !empty($options['wysiwyg_default']);
            $options['wysiwyg_default'] = false;
        }
        // Fire up the editor with the values
        $editor_options = array('id' => 'content', 'value' => $context['article']['body'], 'width' => '100%', 'height' => '225px', 'preview_type' => 2);
        create_control_richedit($editor_options);
        $context['post_box_name'] = $editor_options['id'];
        // Restore their settings
        if (isset($temp_editor)) {
            $options['wysiwyg_default'] = $temp_editor;
        }
        // Set the editor box to the right mode based on type (bbc, html, php)
        addInlineJavascript('
			$(window).load(function() {
				diewithfire = window.setTimeout(function() {sp_update_editor("' . $context['article']['type'] . '", "");}, 200);
			});
		');
        // Final bits for the template, category's and permission settings
        $context['article']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
        if (empty($context['article']['permission_profiles'])) {
            fatal_lang_error('error_sp_no_permission_profiles', false);
        }
        $context['article']['categories'] = sportal_get_categories();
        if (empty($context['article']['categories'])) {
            fatal_lang_error('error_sp_no_category', false);
        }
        // Page out values
        $context['is_new'] = $this->_is_new;
        $context['article']['body'] = sportal_parse_content($context['article']['body'], $context['article']['type'], 'return');
        $context['page_title'] = $this->_is_new ? $txt['sp_admin_articles_add'] : $txt['sp_admin_articles_edit'];
        $context['sub_template'] = 'articles_edit';
    }
Beispiel #10
0
/**
 * Get a draft contents, other draft details.
 * 
 * @param int $id_member
 * @param int $id_board
 * @param int $id_topic
 * @param int $id_msg = 0
 */
function getDraft($id_member, $id_board, $id_topic, $id_msg = 0)
{
    global $context;
    $id_cond = empty($_REQUEST['draft_id']) ? '1=1' : ' id_draft = {int:draft} ';
    $id_sel = $id_msg ? ' AND id_msg = {int:message} ' : ' AND id_board = {int:board} AND id_topic = {int:topic} ';
    $query = smf_db_query('
		SELECT id_draft, id_board, id_topic, subject, body, icon, smileys, is_locked, is_sticky
		FROM {db_prefix}drafts	WHERE ' . $id_cond . '
			AND id_member = {int:member}
			' . $id_sel . '
		LIMIT 1', array('draft' => isset($_REQUEST['draft_id']) ? $_REQUEST['draft_id'] : 0, 'member' => $id_member, 'board' => $id_board, 'topic' => $id_topic, 'message' => $id_msg));
    if ($row = mysql_fetch_assoc($query)) {
        $context['subject'] = $row['subject'];
        $context['message'] = un_preparsecode($row['body']);
        $context['use_smileys'] = !empty($row['smileys']);
        $context['icon'] = $row['icon'];
        $context['draft_locked'] = $context['locked'];
        $context['locked'] = !empty($row['is_locked']);
        $context['sticky'] = !empty($row['is_sticky']);
        if ($id_msg) {
            $context['draft_id'] = $row['id_draft'];
        }
    } else {
        $context['draft_locked'] = $context['locked'];
    }
    mysql_free_result($query);
}
    /**
     * Interface for adding/editing a page
     */
    public function action_sportal_admin_page_edit()
    {
        global $txt, $context, $options;
        $context['SPortal']['is_new'] = empty($_REQUEST['page_id']);
        $pages_errors = Error_Context::context('pages', 0);
        // Some help will be needed
        require_once SUBSDIR . '/Editor.subs.php';
        require_once SUBSDIR . '/Post.subs.php';
        // Convert this to BBC?
        if (!empty($_REQUEST['content_mode']) && $_POST['type'] === 'bbc') {
            require_once SUBSDIR . 'Html2BBC.class.php';
            $bbc_converter = new Convert_BBC($_REQUEST['content']);
            $_REQUEST['content'] = $bbc_converter->get_bbc();
            $_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']);
            $_POST['content'] = $_REQUEST['content'];
        }
        // Load in the blocks that can be used on a page
        $this->blocks = getBlockInfo();
        $context['page_blocks'] = $this->_sportal_admin_page_load_blocks();
        // Saving the work?
        if (!empty($_POST['submit']) && !$pages_errors->hasErrors()) {
            checkSession();
            $this->_sportal_admin_page_edit_save();
        }
        // Doing a quick look before you save or you messed up?
        if (!empty($_POST['preview']) || $pages_errors->hasErrors()) {
            $context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => Util::htmlspecialchars($_POST['title'], ENT_QUOTES), 'body' => Util::htmlspecialchars($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permissions' => $_POST['permissions'], 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']));
            // Fix up bbc errors before we go to the preview
            if ($context['SPortal']['page']['type'] == 'bbc') {
                preparsecode($context['SPortal']['page']['body']);
            }
            loadTemplate('PortalPages');
            // Showing errors or a preview?
            if ($pages_errors->hasErrors()) {
                $context['pages_errors'] = array('errors' => $pages_errors->prepareErrors(), 'type' => $pages_errors->getErrorType() == 0 ? 'minor' : 'serious', 'title' => $txt['sp_form_errors_detected']);
            } else {
                $context['SPortal']['preview'] = true;
            }
        } elseif ($context['SPortal']['is_new']) {
            $context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permissions' => 3, 'style' => '', 'status' => 1);
        } else {
            $_REQUEST['page_id'] = (int) $_REQUEST['page_id'];
            $context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']);
        }
        if ($context['SPortal']['page']['type'] === 'bbc') {
            $context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', '&nbsp;'), array('&quot;', '&lt;', '&gt;', ' '), un_preparsecode($context['SPortal']['page']['body']));
        }
        // Set up the editor, values, initial state, etc
        if ($context['SPortal']['page']['type'] !== 'bbc') {
            // No wizzy mode if they don't need it
            $temp_editor = !empty($options['wysiwyg_default']);
            $options['wysiwyg_default'] = false;
        }
        $editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '100%', 'height' => '225px', 'preview_type' => 2);
        create_control_richedit($editorOptions);
        $context['post_box_name'] = $editorOptions['id'];
        if (isset($temp_editor)) {
            $options['wysiwyg_default'] = $temp_editor;
        }
        // Set the editor box as needed (editor or textbox, etc)
        addInlineJavascript('
			$(window).load(function() {
				diewithfire = window.setTimeout(function() {sp_update_editor("' . $context['SPortal']['page']['type'] . '", "");}, 200);
			});
		');
        // Permissions
        $context['SPortal']['page']['permission_profiles'] = sportal_get_profiles(null, 1, 'name');
        if (empty($context['SPortal']['page']['permission_profiles'])) {
            fatal_lang_error('error_sp_no_permission_profiles', false);
        }
        // And for the template
        $context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview']));
        $context['SPortal']['page']['body'] = sportal_parse_content($context['SPortal']['page']['body'], $context['SPortal']['page']['type'], 'return');
        $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit'];
        $context['sub_template'] = 'pages_edit';
    }
Beispiel #12
0
    /**
     * Loads a post an inserts it into the current editing text box.
     * Used to quick edit a post as well as to quote a post and place it in the quick reply box
     * Can be used to quick edit just the subject from the topic listing
     *
     * uses the Post language file.
     * uses special (sadly browser dependent) javascript to parse entities for internationalization reasons.
     * accessed with ?action=quotefast and ?action=quotefast;modify
     */
    public function action_quotefast()
    {
        global $modSettings, $user_info, $context;
        $db = database();
        loadLanguage('Post');
        require_once SUBSDIR . '/Post.subs.php';
        $moderate_boards = boardsAllowedTo('moderate_board');
        // Where we going if we need to?
        $context['post_box_name'] = isset($_GET['pb']) ? $_GET['pb'] : '';
        $request = $db->query('', '
			SELECT IFNULL(mem.real_name, m.poster_name) AS poster_name, m.poster_time, m.body, m.id_topic, m.subject,
				m.id_board, m.id_member, m.approved
			FROM {db_prefix}messages AS m
				INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic)
				INNER JOIN {db_prefix}boards AS b ON (b.id_board = m.id_board AND {query_see_board})
				LEFT JOIN {db_prefix}members AS mem ON (mem.id_member = m.id_member)
			WHERE m.id_msg = {int:id_msg}' . (isset($_REQUEST['modify']) || !empty($moderate_boards) && $moderate_boards[0] == 0 ? '' : '
				AND (t.locked = {int:not_locked}' . (empty($moderate_boards) ? '' : ' OR b.id_board IN ({array_int:moderation_board_list})') . ')') . '
			LIMIT 1', array('current_member' => $user_info['id'], 'moderation_board_list' => $moderate_boards, 'id_msg' => (int) $_REQUEST['quote'], 'not_locked' => 0));
        $row = $db->fetch_assoc($request);
        $db->free_result($request);
        $context['sub_template'] = 'quotefast';
        if (!empty($row)) {
            $can_view_post = $row['approved'] || $row['id_member'] != 0 && $row['id_member'] == $user_info['id'] || allowedTo('approve_posts', $row['id_board']);
        }
        if (!empty($can_view_post)) {
            // Remove special formatting we don't want anymore.
            $row['body'] = un_preparsecode($row['body']);
            // Censor the message!
            censorText($row['body']);
            $row['body'] = preg_replace('~<br ?/?' . '>~i', "\n", $row['body']);
            // Want to modify a single message by double clicking it?
            if (isset($_REQUEST['modify'])) {
                censorText($row['subject']);
                $context['sub_template'] = 'modifyfast';
                $context['message'] = array('id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'));
                return;
            }
            // Remove any nested quotes.
            if (!empty($modSettings['removeNestedQuotes'])) {
                $row['body'] = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $row['body']);
            }
            // Add a quote string on the front and end.
            $context['quote']['xml'] = '[quote author=' . $row['poster_name'] . ' link=msg=' . (int) $_REQUEST['quote'] . ' date=' . $row['poster_time'] . "]\n" . $row['body'] . "\n[/quote]";
            $context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
            $context['quote']['xml'] = strtr($context['quote']['xml'], array('&nbsp;' => '&#160;', '<' => '&lt;', '>' => '&gt;'));
            $context['quote']['mozilla'] = strtr(Util::htmlspecialchars($context['quote']['text']), array('&quot;' => '"'));
        } elseif (isset($_REQUEST['modify'])) {
            $context['sub_template'] = 'modifyfast';
            $context['message'] = array('id' => 0, 'body' => '', 'subject' => '');
        } else {
            $context['quote'] = array('xml' => '', 'mozilla' => '', 'text' => '');
        }
    }
function shd_frontpage_options($return_config)
{
    global $context, $modSettings, $txt, $sourcedir, $smcFunc;
    // Since this is potentially dangerous, real admins only, thanks.
    isAllowedTo('admin_forum');
    $config_vars = array(array('select', 'shdp_frontpage_appear', array('always' => $txt['shdp_frontpage_appear_always'], 'firstload' => $txt['shdp_frontpage_appear_firstload'], 'firstdefault' => $txt['shdp_frontpage_appear_firstdefault'])), '', array('select', 'shdp_frontpage_type', array('php' => $txt['shdp_frontpage_type_php'], 'bbcode' => $txt['shdp_frontpage_type_bbcode'])), array('large_text', 'shdp_frontpage_content', 'size' => 30));
    $context['settings_title'] = $txt['shdp_frontpage'];
    $context['settings_icon'] = 'frontpage.png';
    // Are we actually going to display this, or bouncing it back just for admin search?
    if (!$return_config) {
        require_once $sourcedir . '/Subs-Post.php';
        require_once $sourcedir . '/Subs-Editor.php';
        loadTemplate('sd_plugins_template/SDPluginFrontPage');
        $context['sub_template'] = 'shd_frontpage_admin';
        $context['shdp_frontpage_content'] = !empty($modSettings['shdp_frontpage_content']) ? un_preparsecode($modSettings['shdp_frontpage_content']) : '';
        if (isset($_GET['save'])) {
            $_POST['shdp_frontpage_content'] = isset($_POST['shdp_frontpage_content']) ? $_POST['shdp_frontpage_content'] : '';
            if (!empty($_POST['shdp_frontpage_type']) && $_POST['shdp_frontpage_type'] == 'php') {
                $context['shdp_frontpage_content'] = $smcFunc['htmlspecialchars']($_POST['shdp_frontpage_content'], ENT_QUOTES);
            } else {
                $_POST['shdp_frontpage_content'] = $smcFunc['htmlspecialchars']($_POST['shdp_frontpage_content'], ENT_QUOTES);
                preparsecode($_POST['shdp_frontpage_content']);
                $context['shdp_frontpage_content'] = un_preparsecode($_POST['shdp_frontpage_content']);
                // So it's a known safe version.
            }
        }
        $modSettings['disable_wysiwyg'] = true;
        $editorOptions = array('id' => 'shdp_frontpage_content', 'value' => $context['shdp_frontpage_content'], 'labels' => array('post_button' => $txt['save']), 'preview_type' => 0, 'width' => '70%', 'disable_smiley_box' => false);
        create_control_richedit($editorOptions);
        $context['post_box_name'] = $editorOptions['id'];
    }
    return $config_vars;
}
function method_save_raw_post()
{
    global $mobdb, $mobsettings, $user_info, $context, $sourcedir, $func, $smcFunc;
    if ($user_info['is_guest']) {
        createErrorResponse(8);
    }
    require_once $sourcedir . '/Subs-Post.php';
    // What is this post?
    $id_msg = (int) $context['mob_request']['params'][0][0];
    if (empty($id_msg)) {
        createErrorResponse(6);
    }
    $subject = utf8ToAscii(trim(base64_decode($context['mob_request']['params'][1][0])));
    $body = utf8ToAscii(trim(base64_decode($context['mob_request']['params'][2][0])));
    ######## Added by Sean##############
    $subject = addslashes__recursive($subject);
    $body = addslashes__recursive($body);
    // Set up the inputs for the form.
    $body = $func['htmlspecialchars']($body, ENT_QUOTES);
    preparsecode($body);
    $subject = strtr($func['htmlspecialchars']($subject), array("\r" => '', "\n" => '', "\t" => ''));
    ##################################################################
    if (empty($body)) {
        createErrorResponse('incorrect_params', '', 'xmlrpc');
    }
    // Get the board and body
    $mobdb->query('
        SELECT b.ID_BOARD AS id_board, m.ID_MEMBER AS id_member, t.isSticky, t.locked, t.ID_TOPIC, m.posterTime AS poster_time, t.ID_MEMBER_STARTED
        FROM {db_prefix}messages AS m
            INNER JOIN {db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC)
            INNER JOIN {db_prefix}boards AS b ON (b.ID_BOARD = t.ID_BOARD)
        WHERE m.ID_MSG = {int:msg}', array('msg' => $id_msg));
    if ($mobdb->num_rows() == 0) {
        createErrorResponse(6);
    }
    list($id_board, $id_member_posted, $sticky, $locked, $id_topic, $post_time, $id_member_start) = $mobdb->fetch_row();
    $mobdb->free_result();
    $is_started = $user_info['id'] == $id_member_start && !$user_info['is_guest'];
    $can_edit = (!$locked || allowedTo('moderate_board', $id_board)) && (allowedTo('modify_any', $id_board) || allowedTo('modify_replies', $id_board) && $is_started || allowedTo('modify_own', $id_board) && $id_member_posted == $user_info['id'] && (empty($modSettings['edit_disable_time']) || $post_time + $modSettings['edit_disable_time'] * 60 > time()));
    if (!$can_edit) {
        createErrorResponse(6);
    }
    //$subject = strtr(htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => ''));
    //$body = htmlspecialchars($body);
    $body = un_preparsecode($body);
    censorText($subject);
    censorText($body);
    // Save it!
    $msgOptions = array('body' => $body, 'id' => $id_msg);
    if ($subject) {
        $msgOptions['subject'] = $subject;
    }
    $topicOptions = array('id' => $id_topic, 'sticky_mode' => $sticky, 'locked_mode' => $locked);
    $posterOptions = array();
    modifyPost($msgOptions, $topicOptions, $posterOptions);
    outputRPCResult(true);
}
Beispiel #15
0
function EditNews()
{
    global $txt, $modSettings, $context, $sourcedir, $user_info;
    global $smcFunc;
    require_once $sourcedir . '/Subs-Post.php';
    // The 'remove selected' button was pressed.
    if (!empty($_POST['delete_selection']) && !empty($_POST['remove'])) {
        checkSession();
        // Store the news temporarily in this array.
        $temp_news = explode("\n", $modSettings['news']);
        // Remove the items that were selected.
        foreach ($temp_news as $i => $news) {
            if (in_array($i, $_POST['remove'])) {
                unset($temp_news[$i]);
            }
        }
        // Update the database.
        updateSettings(array('news' => implode("\n", $temp_news)));
        logAction('news');
    } elseif (!empty($_POST['save_items'])) {
        checkSession();
        foreach ($_POST['news'] as $i => $news) {
            if (trim($news) == '') {
                unset($_POST['news'][$i]);
            } else {
                $_POST['news'][$i] = $smcFunc['htmlspecialchars']($_POST['news'][$i], ENT_QUOTES);
                preparsecode($_POST['news'][$i]);
            }
        }
        // Send the new news to the database.
        updateSettings(array('news' => implode("\n", $_POST['news'])));
        // Log this into the moderation log.
        logAction('news');
    }
    // Ready the current news.
    foreach (explode("\n", $modSettings['news']) as $id => $line) {
        $context['admin_current_news'][$id] = array('id' => $id, 'unparsed' => un_preparsecode($line), 'parsed' => preg_replace('~<([/]?)form[^>]*?[>]*>~i', '<em class="smalltext">&lt;$1form&gt;</em>', parse_bbc($line)));
    }
    $context['sub_template'] = 'edit_news';
    $context['page_title'] = $txt['admin_edit_news'];
}
Beispiel #16
0
function QuoteFast()
{
    global $db_prefix, $modSettings, $user_info, $txt, $settings, $context;
    global $sourcedir, $func;
    loadLanguage('Post');
    if (!isset($_REQUEST['xml'])) {
        loadTemplate('Post');
    }
    checkSession('get');
    include_once $sourcedir . '/Subs-Post.php';
    $moderate_boards = boardsAllowedTo('moderate_board');
    $request = db_query("\n\t\tSELECT IFNULL(mem.realName, m.posterName) AS posterName, m.posterTime, m.body, m.ID_TOPIC, m.subject, t.locked\n\t\tFROM ({$db_prefix}messages AS m, {$db_prefix}boards AS b, {$db_prefix}topics AS t)\n\t\t\tLEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = m.ID_MEMBER)\n\t\tWHERE m.ID_MSG = " . (int) $_REQUEST['quote'] . "\n\t\t\tAND b.ID_BOARD = m.ID_BOARD\n\t\t\tAND t.ID_TOPIC = m.ID_TOPIC\n\t\t\tAND {$user_info['query_see_board']}" . (!isset($_REQUEST['modify']) || !empty($moderate_boards) && $moderate_boards[0] == 0 ? '' : '
 			AND (t.locked = 0' . (empty($moderate_boards) ? '' : ' OR b.ID_BOARD IN (' . implode(', ', $moderate_boards) . ')') . ')') . "\n\t\tLIMIT 1", __FILE__, __LINE__);
    $context['close_window'] = mysql_num_rows($request) == 0;
    $context['sub_template'] = 'quotefast';
    if (mysql_num_rows($request) != 0) {
        $row = mysql_fetch_assoc($request);
        mysql_free_result($request);
        // Remove special formatting we don't want anymore.
        $row['body'] = un_preparsecode($row['body']);
        // Censor the message!
        censorText($row['body']);
        $row['body'] = preg_replace('~<br(?: /)?' . '>~i', "\n", $row['body']);
        // Want to modify a single message by double clicking it?
        if (isset($_REQUEST['modify'])) {
            censorText($row['subject']);
            $context['sub_template'] = 'modifyfast';
            $context['message'] = array('id' => $_REQUEST['quote'], 'body' => $row['body'], 'subject' => addcslashes($row['subject'], '"'));
            return;
        }
        // Remove any nested quotes.
        if (!empty($modSettings['removeNestedQuotes'])) {
            $row['body'] = preg_replace(array('~\\n?\\[quote.*?\\].+?\\[/quote\\]\\n?~is', '~^\\n~', '~\\[/quote\\]~'), '', $row['body']);
        }
        // Add a quote string on the front and end.
        $context['quote']['xml'] = '[quote author=' . $row['posterName'] . ' link=topic=' . $row['ID_TOPIC'] . '.msg' . (int) $_REQUEST['quote'] . '#msg' . (int) $_REQUEST['quote'] . ' date=' . $row['posterTime'] . ']' . "\n" . $row['body'] . "\n" . '[/quote]';
        $context['quote']['text'] = strtr(un_htmlspecialchars($context['quote']['xml']), array('\'' => '\\\'', '\\' => '\\\\', "\n" => '\\n', '</script>' => '</\' + \'script>'));
        $context['quote']['xml'] = strtr($context['quote']['xml'], array('&nbsp;' => '&#160;', '<' => '&lt;', '>' => '&gt;'));
        $context['quote']['mozilla'] = strtr($func['htmlspecialchars']($context['quote']['text']), array('&quot;' => '"'));
    } elseif (isset($_REQUEST['modify'])) {
        $context['sub_template'] = 'modifyfast';
        $context['message'] = array('id' => 0, 'body' => '', 'subject' => '');
    } else {
        $context['quote'] = array('xml' => '', 'mozilla' => '', 'text' => '');
    }
}
 /**
  * Display a chosen article
  *
  * - Update the stats, like #views etc
  */
 public function action_sportal_article()
 {
     global $context, $scripturl, $user_info;
     $article_id = !empty($_REQUEST['article']) ? $_REQUEST['article'] : 0;
     if (is_int($article_id)) {
         $article_id = (int) $article_id;
     } else {
         $article_id = Util::htmlspecialchars($article_id, ENT_QUOTES);
     }
     // Fetch and render the article
     $context['article'] = sportal_get_articles($article_id, true, true);
     if (empty($context['article']['id'])) {
         fatal_lang_error('error_sp_article_not_found', false);
     }
     $context['article']['body'] = sportal_parse_content($context['article']['body'], $context['article']['type'], 'return');
     // Set up for the comment pagination
     $total_comments = sportal_get_article_comment_count($context['article']['id']);
     $per_page = min($total_comments, !empty($modSettings['sp_articles_comments_per_page']) ? $modSettings['sp_articles_comments_per_page'] : 20);
     $start = !empty($_REQUEST['comments']) ? (int) $_REQUEST['comments'] : 0;
     if ($total_comments > $per_page) {
         $context['page_index'] = constructPageIndex($scripturl . '?article=' . $context['article']['article_id'] . ';comments=%1$d', $start, $total_comments, $per_page, true);
     }
     // Load in all the comments for the article
     $context['article']['comments'] = sportal_get_comments($context['article']['id'], $per_page, $start);
     // Prepare the final template details
     $context['article']['date'] = htmlTime($context['article']['date']);
     $context['article']['can_comment'] = $context['user']['is_logged'];
     $context['article']['can_moderate'] = allowedTo('sp_admin') || allowedTo('sp_manage_articles');
     // Commenting, new or an update perhaps
     if ($context['article']['can_comment'] && !empty($_POST['body'])) {
         checkSession();
         sp_prevent_flood('spacp', false);
         require_once SUBSDIR . '/Post.subs.php';
         // Prep the body / comment
         $body = Util::htmlspecialchars(trim($_POST['body']));
         preparsecode($body);
         // Update or add a new comment
         if (!empty($body) && trim(strip_tags(parse_bbc($body, false), '<img>')) !== '') {
             if (!empty($_POST['comment'])) {
                 list($comment_id, $author_id, ) = sportal_fetch_article_comment((int) $_POST['comment']);
                 if (empty($comment_id) || !$context['article']['can_moderate'] && $user_info['id'] != $author_id) {
                     fatal_lang_error('error_sp_cannot_comment_modify', false);
                 }
                 sportal_modify_article_comment($comment_id, $body);
             } else {
                 sportal_create_article_comment($context['article']['id'], $body);
             }
         }
         // Set a anchor
         $anchor = '#comment' . (!empty($comment_id) ? $comment_id : ($total_comments > 0 ? $total_comments - 1 : 1));
         redirectexit('article=' . $context['article']['article_id'] . $anchor);
     }
     // Prepare to edit an existing comment
     if ($context['article']['can_comment'] && !empty($_GET['modify'])) {
         checkSession('get');
         list($comment_id, $author_id, $body) = sportal_fetch_article_comment((int) $_GET['modify']);
         if (empty($comment_id) || !$context['article']['can_moderate'] && $user_info['id'] != $author_id) {
             fatal_lang_error('error_sp_cannot_comment_modify', false);
         }
         require_once SUBSDIR . '/Post.subs.php';
         $context['article']['comment'] = array('id' => $comment_id, 'body' => str_replace(array('"', '<', '>', '&nbsp;'), array('&quot;', '&lt;', '&gt;', ' '), un_preparsecode($body)));
     }
     // Want to delete a comment?
     if ($context['article']['can_comment'] && !empty($_GET['delete'])) {
         checkSession('get');
         if (sportal_delete_article_comment((int) $_GET['delete']) === false) {
             fatal_lang_error('error_sp_cannot_comment_delete', false);
         }
         redirectexit('article=' . $context['article']['article_id']);
     }
     // Increase the article view counter
     if (empty($_SESSION['last_viewed_article']) || $_SESSION['last_viewed_article'] != $context['article']['id']) {
         sportal_increase_viewcount('article', $context['article']['id']);
         $_SESSION['last_viewed_article'] = $context['article']['id'];
     }
     // Build the breadcrumbs
     $context['linktree'] = array_merge($context['linktree'], array(array('url' => $scripturl . '?category=' . $context['article']['category']['category_id'], 'name' => $context['article']['category']['name']), array('url' => $scripturl . '?article=' . $context['article']['article_id'], 'name' => $context['article']['title'])));
     // Off to the template we go
     $context['page_title'] = $context['article']['title'];
     $context['sub_template'] = 'view_article';
 }
/**
 *	Collects a canned reply from the database and serves it via XML for insertion.
 *
 *	Operations:
 *	- Session check; failing in a regular fashion (as opposed to normal return since we're using ;xml in the URL; the SMF handler can deal with that)
 *	- Checks for a department number in the URL, validates access to that department then queries for the requested template.
 *	- Call un_preparsecode to remove extraneous sanity encoding.
 *	- Convert to SMF style BBC-to-HTML if using WYSIWYG
 *	- Do other XML sanitising
 *	- Return via $context['ajax_raw'] for {@link shd_ajax()} to output
*/
function shd_ajax_canned()
{
    global $modSettings, $user_info, $txt, $settings, $context;
    global $sourcedir, $smcFunc;
    loadLanguage('Post');
    checkSession('get');
    include_once $sourcedir . '/Subs-Post.php';
    $_REQUEST['reply'] = !empty($_REQUEST['reply']) ? (int) $_REQUEST['reply'] : 0;
    $message = '';
    if (!empty($_REQUEST['reply']) && !empty($context['ticket_id'])) {
        $query = shd_db_query('', '
			SELECT hdt.id_member_started, hdt.id_dept, hdcr.body, hdcr.vis_user, hdcr.vis_staff
			FROM {db_prefix}helpdesk_tickets AS hdt
				INNER JOIN {db_prefix}helpdesk_cannedreplies_depts AS hdcrd ON (hdt.id_dept = hdcrd.id_dept)
				INNER JOIN {db_prefix}helpdesk_cannedreplies AS hdcr ON (hdcrd.id_reply = hdcr.id_reply)
			WHERE hdt.id_ticket = {int:ticket}
				AND hdcr.id_reply = {int:reply}
				AND hdcr.active = 1
				AND {query_see_ticket}', array('ticket' => $context['ticket_id'], 'reply' => $_REQUEST['reply']));
        if ($smcFunc['db_num_rows']($query) == 0) {
            $smcFunc['db_free_result']($query);
            return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
        }
        $row = $smcFunc['db_fetch_assoc']($query);
        $smcFunc['db_free_result']($query);
        // Check ability to reply to this ticket. No ability to reply at all, no canned reply.
        if (!shd_allowed_to('shd_reply_ticket_own', $row['id_dept']) && !shd_allowed_to('shd_reply_ticket_any', $row['id_dept'])) {
            return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
        }
        // Now check for can-reply-to-own (reply to any will pass this check correctly anyway)
        if (!shd_allowed_to('shd_reply_ticket_any', $row['id_dept']) && shd_allowed_to('shd_reply_ticket_own', $row['id_dept']) && $row['id_member_started'] != $user_info['id']) {
            return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
        }
        // Now verify the per-reply visibility. Only applies to non admins anyway...
        if (!shd_allowed_to('admin_helpdesk', $row['id_dept']) && !$user_info['is_admin']) {
            if (shd_allowed_to('shd_staff', $row['id_dept']) && empty($row['vis_staff'])) {
                return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
            } elseif (!shd_allowed_to('shd_staff', $row['id_dept']) && empty($row['vis_user'])) {
                return $context['ajax_raw'] = '<quote>' . $message . '</quote>';
            }
        }
        $message = un_preparsecode($row['body']);
        // Censor the message!
        censorText($message);
        $message = preg_replace('~<br ?/?' . '>~i', "\n", $row['body']);
        // Make the body HTML if need be.
        if (!empty($_REQUEST['mode'])) {
            require_once $sourcedir . '/Subs-Editor.php';
            $message = strtr($message, array('&lt;' => '#smlt#', '&gt;' => '#smgt#', '&amp;' => '#smamp#'));
            $message = bbc_to_html($message);
            $lb = '<br />';
        } else {
            $lb = "\n";
        }
    }
    $message = strtr($message, array('&nbsp;' => '&#160;', '<' => '&lt;', '>' => '&gt;'));
    $context['ajax_raw'] = '<quote>' . $message . '</quote>';
}
function shd_admin_canned_editreply()
{
    global $context, $smcFunc, $txt, $sourcedir, $scripturl;
    require_once $sourcedir . '/Subs-Editor.php';
    require_once $sourcedir . '/Subs-Post.php';
    $context['page_title'] = $txt['shd_admin_cannedreplies_editreply'];
    $context['sub_template'] = 'shd_edit_canned_reply';
    $_REQUEST['reply'] = isset($_REQUEST['reply']) ? (int) $_REQUEST['reply'] : 0;
    $query = $smcFunc['db_query']('', '
		SELECT hdcr.title, hdcr.body, hdcr.vis_user, hdcr.vis_staff, hdcr.active, hdcr.id_cat
		FROM {db_prefix}helpdesk_cannedreplies AS hdcr
		WHERE id_reply = {int:reply}', array('reply' => $_REQUEST['reply']));
    if ($smcFunc['db_num_rows']($query) == 0) {
        $smcFunc['db_free_result']($query);
        fatal_lang_error('shd_admin_cannedreplies_thereplyisalie', false);
    }
    $row = $smcFunc['db_fetch_assoc']($query);
    $smcFunc['db_free_result']($query);
    $context['canned_reply'] = array('id' => $_REQUEST['reply'], 'title' => $row['title'], 'body' => un_preparsecode($row['body']), 'active' => !empty($row['active']), 'vis_user' => !empty($row['vis_user']), 'vis_staff' => !empty($row['vis_staff']), 'cat' => $row['id_cat'], 'depts_selected' => array(), 'depts_available' => array());
    // Now we need to get the possible departments.
    $query = $smcFunc['db_query']('', '
		SELECT id_dept, dept_name
		FROM {db_prefix}helpdesk_depts
		ORDER BY dept_order');
    while ($row = $smcFunc['db_fetch_assoc']($query)) {
        $context['canned_reply']['depts_available'][$row['id_dept']] = $row['dept_name'];
    }
    $smcFunc['db_free_result']($query);
    // Now any departments this reply is attached to.
    $query = $smcFunc['db_query']('', '
		SELECT hdcrd.id_dept
		FROM {db_prefix}helpdesk_cannedreplies_depts AS hdcrd
		WHERE hdcrd.id_reply = {int:reply}', array('reply' => $_REQUEST['reply']));
    while ($row = $smcFunc['db_fetch_assoc']($query)) {
        $context['canned_reply']['depts_selected'][] = $row['id_dept'];
    }
    $smcFunc['db_free_result']($query);
    checkSubmitOnce('register');
    $editorOptions = array('id' => 'shd_canned_reply', 'value' => $context['canned_reply']['body'], 'labels' => array('post_button' => $txt['shd_admin_cannedreplies_editreply']), 'preview_type' => 0, 'width' => '70%', 'disable_smiley_box' => false);
    create_control_richedit($editorOptions);
    $context['post_box_name'] = $editorOptions['id'];
}
function sportal_admin_page_edit()
{
    global $txt, $context, $modSettings, $smcFunc, $sourcedir, $options;
    require_once $sourcedir . '/Subs-Editor.php';
    require_once $sourcedir . '/Subs-Post.php';
    $context['SPortal']['is_new'] = empty($_REQUEST['page_id']);
    if (!empty($_REQUEST['content_mode']) && $_POST['type'] == 'bbc') {
        $_REQUEST['content'] = html_to_bbc($_REQUEST['content']);
        $_REQUEST['content'] = un_htmlspecialchars($_REQUEST['content']);
        $_POST['content'] = $_REQUEST['content'];
    }
    $context['sides'] = array(5 => $txt['sp-positionHeader'], 1 => $txt['sp-positionLeft'], 2 => $txt['sp-positionTop'], 3 => $txt['sp-positionBottom'], 4 => $txt['sp-positionRight'], 6 => $txt['sp-positionFooter']);
    $blocks = getBlockInfo();
    $context['page_blocks'] = array();
    foreach ($blocks as $block) {
        $shown = false;
        $tests = array('all', 'allpages', 'sforum');
        if (!$context['SPortal']['is_new']) {
            $tests[] = 'p' . (int) $_REQUEST['page_id'];
        }
        foreach (array('display', 'display_custom') as $field) {
            if (substr($block[$field], 0, 4) === '$php') {
                continue 2;
            }
            $block[$field] = explode(',', $block[$field]);
            if (!$context['SPortal']['is_new'] && in_array('-p' . (int) $_REQUEST['page_id'], $block[$field])) {
                continue;
            }
            foreach ($tests as $test) {
                if (in_array($test, $block[$field])) {
                    $shown = true;
                    break;
                }
            }
        }
        $context['page_blocks'][$block['column']][] = array('id' => $block['id'], 'label' => $block['label'], 'shown' => $shown);
    }
    if (!empty($_POST['submit'])) {
        checkSession();
        if (!isset($_POST['title']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES)) === '') {
            fatal_lang_error('sp_error_page_name_empty', false);
        }
        if (!isset($_POST['namespace']) || $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES)) === '') {
            fatal_lang_error('sp_error_page_namespace_empty', false);
        }
        $result = $smcFunc['db_query']('', '
			SELECT id_page
			FROM {db_prefix}sp_pages
			WHERE namespace = {string:namespace}
				AND id_page != {int:current}
			LIMIT 1', array('limit' => 1, 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'current' => (int) $_POST['page_id']));
        list($has_duplicate) = $smcFunc['db_fetch_row']($result);
        $smcFunc['db_free_result']($result);
        if (!empty($has_duplicate)) {
            fatal_lang_error('sp_error_page_namespace_duplicate', false);
        }
        if (preg_match('~[^A-Za-z0-9_]+~', $_POST['namespace']) != 0) {
            fatal_lang_error('sp_error_page_namespace_invalid_chars', false);
        }
        if (preg_replace('~[0-9]+~', '', $_POST['namespace']) === '') {
            fatal_lang_error('sp_error_page_namespace_numeric', false);
        }
        if ($_POST['type'] == 'php' && !empty($_POST['content']) && empty($modSettings['sp_disable_php_validation'])) {
            $error = sp_validate_php($_POST['content']);
            if ($error) {
                fatal_lang_error('error_sp_php_' . $error, false);
            }
        }
        $permission_set = 0;
        $groups_allowed = $groups_denied = '';
        if (!empty($_POST['permission_set'])) {
            $permission_set = (int) $_POST['permission_set'];
        } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
            $groups_allowed = $groups_denied = array();
            foreach ($_POST['membergroups'] as $id => $value) {
                if ($value == 1) {
                    $groups_allowed[] = (int) $id;
                } elseif ($value == -1) {
                    $groups_denied[] = (int) $id;
                }
            }
            $groups_allowed = implode(',', $groups_allowed);
            $groups_denied = implode(',', $groups_denied);
        }
        if (!empty($_POST['blocks']) && is_array($_POST['blocks'])) {
            foreach ($_POST['blocks'] as $id => $block) {
                $_POST['blocks'][$id] = (int) $block;
            }
        } else {
            $_POST['blocks'] = array();
        }
        $fields = array('namespace' => 'string', 'title' => 'string', 'body' => 'string', 'type' => 'string', 'permission_set' => 'int', 'groups_allowed' => 'string', 'groups_denied' => 'string', 'style' => 'string', 'status' => 'int');
        $page_info = array('id' => (int) $_POST['page_id'], 'namespace' => $smcFunc['htmlspecialchars']($_POST['namespace'], ENT_QUOTES), 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']) ? 1 : 0);
        if ($page_info['type'] == 'bbc') {
            preparsecode($page_info['body']);
        }
        if ($context['SPortal']['is_new']) {
            unset($page_info['id']);
            $smcFunc['db_insert']('', '{db_prefix}sp_pages', $fields, $page_info, array('id_page'));
            $page_info['id'] = $smcFunc['db_insert_id']('{db_prefix}sp_pages', 'id_page');
        } else {
            $update_fields = array();
            foreach ($fields as $name => $type) {
                $update_fields[] = $name . ' = {' . $type . ':' . $name . '}';
            }
            $smcFunc['db_query']('', '
				UPDATE {db_prefix}sp_pages
				SET ' . implode(', ', $update_fields) . '
				WHERE id_page = {int:id}', $page_info);
        }
        $to_show = array();
        $not_to_show = array();
        $changes = array();
        foreach ($context['page_blocks'] as $page_blocks) {
            foreach ($page_blocks as $block) {
                if ($block['shown'] && !in_array($block['id'], $_POST['blocks'])) {
                    $not_to_show[] = $block['id'];
                } elseif (!$block['shown'] && in_array($block['id'], $_POST['blocks'])) {
                    $to_show[] = $block['id'];
                }
            }
        }
        foreach ($to_show as $id) {
            if (empty($blocks[$id]['display']) && empty($blocks[$id]['display_custom']) || $blocks[$id]['display'] == 'sportal') {
                $changes[$id] = array('display' => 'portal,p' . $page_info['id'], 'display_custom' => '');
            } elseif (in_array($blocks[$id]['display'], array('allaction', 'allboard'))) {
                $changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . ',p' . $page_info['id']);
            } elseif (in_array('-p' . $page_info['id'], explode(',', $blocks[$id]['display_custom']))) {
                $changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('-p' . $page_info['id']))));
            } elseif (empty($blocks[$id]['display_custom'])) {
                $changes[$id] = array('display' => implode(',', array_merge(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
            } else {
                $changes[$id] = array('display' => $blocks[$id]['display'], 'display_custom' => implode(',', array_merge(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id']))));
            }
        }
        foreach ($not_to_show as $id) {
            if (count(array_intersect(array($blocks[$id]['display'], $blocks[$id]['display_custom']), array('sforum', 'allpages', 'all'))) > 0) {
                $changes[$id] = array('display' => '', 'display_custom' => $blocks[$id]['display'] . $blocks[$id]['display_custom'] . ',-p' . $page_info['id']);
            } elseif (empty($blocks[$id]['display_custom'])) {
                $changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => '');
            } else {
                $changes[$id] = array('display' => implode(',', array_diff(explode(',', $blocks[$id]['display']), array('p' . $page_info['id']))), 'display_custom' => implode(',', array_diff(explode(',', $blocks[$id]['display_custom']), array('p' . $page_info['id']))));
            }
        }
        foreach ($changes as $id => $data) {
            $smcFunc['db_query']('', '
				UPDATE {db_prefix}sp_blocks
				SET
					display = {string:display},
					display_custom = {string:display_custom}
				WHERE id_block = {int:id}', array('id' => $id, 'display' => $data['display'], 'display_custom' => $data['display_custom']));
        }
        redirectexit('action=admin;area=portalpages');
    }
    if (!empty($_POST['preview'])) {
        $permission_set = 0;
        $groups_allowed = $groups_denied = array();
        if (!empty($_POST['permission_set'])) {
            $permission_set = (int) $_POST['permission_set'];
        } elseif (!empty($_POST['membergroups']) && is_array($_POST['membergroups'])) {
            foreach ($_POST['membergroups'] as $id => $value) {
                if ($value == 1) {
                    $groups_allowed[] = (int) $id;
                } elseif ($value == -1) {
                    $groups_denied[] = (int) $id;
                }
            }
        }
        $context['SPortal']['page'] = array('id' => $_POST['page_id'], 'page_id' => $_POST['namespace'], 'title' => $smcFunc['htmlspecialchars']($_POST['title'], ENT_QUOTES), 'body' => $smcFunc['htmlspecialchars']($_POST['content'], ENT_QUOTES), 'type' => $_POST['type'], 'permission_set' => $permission_set, 'groups_allowed' => $groups_allowed, 'groups_denied' => $groups_denied, 'style' => sportal_parse_style('implode'), 'status' => !empty($_POST['status']));
        if ($context['SPortal']['page']['type'] == 'bbc') {
            preparsecode($context['SPortal']['page']['body']);
        }
        loadTemplate('PortalPages');
        $context['SPortal']['preview'] = true;
    } elseif ($context['SPortal']['is_new']) {
        $context['SPortal']['page'] = array('id' => 0, 'page_id' => 'page' . mt_rand(1, 5000), 'title' => $txt['sp_pages_default_title'], 'body' => '', 'type' => 'bbc', 'permission_set' => 3, 'groups_allowed' => array(), 'groups_denied' => array(), 'style' => '', 'status' => 1);
    } else {
        $_REQUEST['page_id'] = (int) $_REQUEST['page_id'];
        $context['SPortal']['page'] = sportal_get_pages($_REQUEST['page_id']);
    }
    if ($context['SPortal']['page']['type'] == 'bbc') {
        $context['SPortal']['page']['body'] = str_replace(array('"', '<', '>', '&nbsp;'), array('&quot;', '&lt;', '&gt;', ' '), un_preparsecode($context['SPortal']['page']['body']));
    }
    if ($context['SPortal']['page']['type'] != 'bbc') {
        $temp_editor = !empty($options['wysiwyg_default']);
        $options['wysiwyg_default'] = false;
    }
    $editorOptions = array('id' => 'content', 'value' => $context['SPortal']['page']['body'], 'width' => '95%', 'height' => '200px', 'preview_type' => 0);
    create_control_richedit($editorOptions);
    $context['post_box_name'] = $editorOptions['id'];
    if (isset($temp_editor)) {
        $options['wysiwyg_default'] = $temp_editor;
    }
    $context['SPortal']['page']['groups'] = sp_load_membergroups();
    $context['SPortal']['page']['style'] = sportal_parse_style('explode', $context['SPortal']['page']['style'], !empty($context['SPortal']['preview']));
    $context['page_title'] = $context['SPortal']['is_new'] ? $txt['sp_admin_pages_add'] : $txt['sp_admin_pages_edit'];
    $context['sub_template'] = 'pages_edit';
}
Beispiel #21
0
/**
 * edit news items.
 * todo: this needs LOTS of UX improvements, AJAX inline editing and stuff like that
 * for now, a basic UI is ok to test the feature
 */
function EditNewsItem()
{
    global $txt, $context, $sourcedir, $scripturl;
    require_once $sourcedir . '/lib/Subs-Post.php';
    $id_item = isset($_REQUEST['itemid']) ? (int) $_REQUEST['itemid'] : '0';
    if (isset($_GET['save'])) {
        checkSession();
        $_POST['body'] = commonAPI::htmlspecialchars($_POST['body'], ENT_QUOTES);
        if (stripos($_POST['body'], '[more]') !== false) {
            list($teaser, $body) = explode('[more]', $_POST['body']);
        } else {
            $teaser = '';
            $body =& $_POST['body'];
        }
        preparsecode($teaser);
        preparsecode($body);
        $_POST['showboards'] = isset($_POST['showboards']) ? normalizeCommaDelimitedList($_POST['showboards']) : '';
        $_POST['showtopics'] = isset($_POST['showtopics']) ? normalizeCommaDelimitedList($_POST['showtopics']) : '';
        $_POST['showgroups'] = isset($_POST['showgroups']) ? normalizeCommaDelimitedList($_POST['showgroups']) : '';
        $_POST['showindex'] = isset($_POST['showindex']) ? 1 : 0;
        if (isset($_POST['id']) && !empty($_POST['id'])) {
            // modify existing
            smf_db_query('
				UPDATE {db_prefix}news SET body = {string:body}, teaser = {string:teaser}, groups = {string:groups}, boards = {string:boards},
					topics = {string:topics}, on_index = {int:onindex}, can_dismiss = {int:can_dismiss} WHERE id_news = {int:idnews}', array('body' => $body, 'teaser' => $teaser, 'topics' => $_POST['showtopics'], 'boards' => $_POST['showboards'], 'groups' => $_POST['showgroups'], 'idnews' => $_POST['id'], 'onindex' => $_POST['showindex'], 'can_dismiss' => $_POST['mandatory'] ? 0 : 1));
            $redirect_id = $_POST['id'];
        } else {
            // add new
            smf_db_insert('insert', '{db_prefix}news', array('body' => 'string', 'boards' => 'string', 'topics' => 'string', 'groups' => 'string', 'on_index' => 'int', 'can_dismiss' => 'int'), array($_POST['body'], $_POST['showboards'], $_POST['showtopics'], $_POST['showgroups'], $_POST['showindex'], $_POST['mandatory'] ? 0 : 1), array('id_news'));
            $redirect_id = smf_db_insert_id('{db_prefix}news', 'id_news');
        }
        CacheAPI::putCache('newsitems', null, 360);
        redirectexit($scripturl . '?action=admin;area=news;sa=editnewsitem;itemid=' . $redirect_id);
    }
    if ($id_item) {
        $result = smf_db_query('SELECT * FROM {db_prefix}news WHERE id_news = {int:id_item}', array('id_item' => $id_item));
        $row = mysql_fetch_assoc($result);
        if ($row) {
            $context['news_item'] = array('id' => $row['id_news'], 'teaser' => $row['teaser'], 'body' => $row['body'], 'boards' => $row['boards'], 'topics' => $row['topics'], 'on_index' => $row['on_index'], 'groups' => $row['groups'], 'can_dismiss' => $row['can_dismiss']);
            if (!empty($context['news_item']['teaser'])) {
                $context['news_item']['body'] = $context['news_item']['teaser'] . '[more]' . $context['news_item']['body'];
            }
            $context['news_item']['body'] = un_preparsecode($context['news_item']['body']);
        }
        mysql_free_result($result);
    } else {
        $context['news_item']['id'] = $context['news_item']['on_index'] = 0;
        $context['news_item']['body'] = $context['news_item']['boards'] = $context['news_item']['topics'] = $context['news_item']['groups'] = '';
        $context['news_item']['can_dismiss'] = 1;
    }
    $context['sub_template'] = 'edit_news_item';
    $context['page_title'] = $txt['admin_edit_news'];
    $context['submit_url'] = $scripturl . '?action=admin;area=news;sa=editnewsitem;save';
}