Ejemplo n.º 1
0
/**
* Shows a given submission form
*
* This is the submission it is modular to allow us to write as little as
* possible.  It takes a type and formats a form for the user.  Currently the
* types is story.  If no type is provided, Story is assumed.
*
* @param    string  $type   type of submission ('story')
* @param    string  $mode   calendar mode ('personal' or empty string)
* @return   string          HTML for submission form
*
*/
function submissionform($type = 'story', $mode = '')
{
    global $_CONF, $_TABLES, $LANG12;
    $retval = '';
    COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
    $last = COM_checkSpeedlimit('submit');
    if ($last > 0) {
        $retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
    } else {
        if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) {
            $retval .= SEC_loginRequiredForm();
            return $retval;
        } else {
            $retval .= COM_startBlock($LANG12[19]) . $LANG12[9] . COM_endBlock();
            if (strlen($type) > 0 && $type !== 'story') {
                $formresult = PLG_showSubmitForm($type);
                if ($formresult == false) {
                    COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1);
                    COM_displayMessageAndAbort(79, '', 410, 'Gone');
                } else {
                    $retval .= $formresult;
                }
            } else {
                $retval .= submitstory();
            }
        }
    }
    return $retval;
}
Ejemplo n.º 2
0
/**
* Shows a given submission form
*
* This is the submission it is modular to allow us to write as little as
* possible.  It takes a type and formats a form for the user.  Currently the
* types is story.  If no type is provided, Story is assumed.
*
* @param    string  $type   type of submission ('story')
* @param    string  $mode   story mode ('personal' or empty string)
* @param    string  $topic  topic (for stories)
* @return   string          HTML for submission form
*
*/
function submissionform($type = 'story', $mode = '', $topic = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG12, $LANG_LOGIN;
    $retval = '';
    $postmode = $_CONF['postmode'];
    COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
    $last = COM_checkSpeedlimit('submit');
    if ($last > 0) {
        $retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26], false, 'error');
    } else {
        if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) {
            $display = COM_siteHeader('menu', $LANG_LOGIN[1]);
            $display .= SEC_loginRequiredForm();
            $display .= COM_siteFooter();
            echo $display;
            exit;
        } else {
            $retval .= COM_startBlock($LANG12[19], '', COM_getBlockTemplate('_submit_story', 'header')) . $LANG12[9] . COM_endBlock(COM_getBlockTemplate('_submit_story', 'footer'));
            $retval .= '<div style="border-bottom:1px solid #cccccc"></div>';
            if (strlen($type) > 0 && $type != 'story') {
                $formresult = PLG_showSubmitForm($type);
                if ($formresult == false) {
                    COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1);
                    COM_displayMessageAndAbort(79, '', 410, 'Gone');
                } else {
                    $retval .= $formresult;
                }
            } else {
                $retval .= submitstory($topic);
            }
        }
    }
    return $retval;
}
Ejemplo n.º 3
0
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return   string          HTML for poll listing
*
*/
function polllist()
{
    global $_CONF, $_TABLES, $_PO_CONF, $LANG25, $LANG_POLLS;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
    } else {
        require_once $_CONF['path_system'] . 'lib-admin.php';
        $header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true));
        $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
        $text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '', 'form_url' => $_CONF['site_url'] . '/polls/index.php');
        $query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(created) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
        $retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr);
    }
    return $retval;
}
Ejemplo n.º 4
0
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return   string          HTML for poll listing
*
*/
function POLLS_pollList()
{
    global $_CONF, $_TABLES, $_USER, $_PO_CONF, $LANG25, $LANG_LOGIN, $LANG_POLLS;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
    } else {
        USES_lib_admin();
        $header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true, 'align' => 'center'), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true, 'align' => 'center'));
        $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
        $text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '');
        $query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(date) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
        $retval .= ADMIN_list('polls', 'POLLS_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token = 'dummy');
    }
    return $retval;
}
Ejemplo n.º 5
0
/**
 * Plugin function to display a specific comment thread
 * $id      Unique idenifier for item comment belongs to
 * $cid     Comment id to display (possibly including sub-comments)
 * $title   Page/comment title
 * $order   'ASC' or 'DSC' or blank
 * $format  'threaded', 'nested', or 'flat'
 * $page    Page number of comments to display
 * $view    True to view comment (by cid), false to display (by $pid)
 */
function _mg_displaycomment($id, $commentid, $title, $order, $format, $page, $view)
{
    global $_CONF, $_USER, $_MG_CONF, $LANG_LOGIN;
    if (COM_isAnonUser() && $_MG_CONF['loginrequired']) {
        echo SEC_loginRequiredForm();
        exit;
    }
    $retval = '';
    require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
    require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-media.php';
    list($ptitle, $retval, $themeCSS, $album_id) = MG_displayMediaImage($id, 0, 0, 0);
    $retval = $themeCSS . $retval;
    if (SEC_hasRights('mediagallery.admin')) {
        $delete_option = true;
    } else {
        $delete_option = false;
    }
    $view = $view == 1 ? true : false;
    $retval .= CMT_userComments($id, $title, 'mediagallery', $order, $format, $commentid, $page, $view, $delete_option);
    return $retval;
}
Ejemplo n.º 6
0
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.           |
// |                                                                           |
// +---------------------------------------------------------------------------+
/**
 * Geeklog common function library
 */
require_once 'lib-common.php';
// configuration option:
// List stories for the current month on top of the overview page
// (if set = true)
$conf_list_current_month = false;
// name of this script
define('THIS_SCRIPT', 'directory.php');
$display = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['directoryloginrequired'] == 1)) {
    $display = COM_createHTMLDocument(SEC_loginRequiredForm(), array('pagetitle' => $LANG_DIR['title']));
    COM_output($display);
    exit;
}
$theme = isset($_USER['theme']) ? $_USER['theme'] : $_CONF['theme'];
clearstatcache();
define('TEMPLATE_EXISTS', file_exists($_CONF['path_themes'] . $theme . '/directory.thtml'));
/**
 * Helper function: Calculate last day of a given month
 *
 * @param    int $month Month
 * @param    int $year  Year
 * @return   int        Number of days in that month
 * @todo     Bug: Will fail from 2038 onwards ...
 *                      "The last day of any given month can be expressed as the "0" day
 *                      of the next month", http://www.php.net/manual/en/function.mktime.php
Ejemplo n.º 7
0
/**
* Displays the contact form
*
* @param    int     $uid        User ID of article author
* @param    bool    $cc         Whether to send a copy of the message to the author
* @param    string  $subject    Subject of email
* @param    string  $message    Text of message to send
* @return   string              HTML for the contact form
*
*/
function CONTACT_contactform($uid, $cc = false, $subject = '', $message = '')
{
    global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG08, $LANG_CONTACT_1;
    $retval = '';
    if (COM_isAnonUser() && $_CONTACT_CONF['contactloginrequired'] == 1) {
        $retval .= SEC_loginRequiredForm();
    } else {
        $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
        $P = DB_fetchArray($result);
        if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
            $isAdmin = true;
        } else {
            $isAdmin = false;
        }
        $displayname = COM_getDisplayName($uid);
        if ($P['emailfromadmin'] == 1 && $isAdmin || $P['emailfromuser'] == 1 && !$isAdmin) {
            if ($cc) {
                $cc = ' checked="checked"';
            }
            $retval = '';
            $mail_template = COM_newTemplate($_CONF['path'] . 'plugins/contact/templates');
            $mail_template->set_file('form', 'contactuserform.thtml');
            $mail_template->set_var('contact_form', $LANG_CONTACT_1['contact_form']);
            $mail_template->set_var('form_message', $_CONTACT_CONF['message']);
            $mail_template->set_var('lang_username', $LANG_CONTACT_1['name']);
            $mail_template->set_var('add_your_name', $LANG_CONTACT_1['add_your_name']);
            if (COM_isAnonUser()) {
                $sender = '';
                if (isset($_POST['author'])) {
                    $sender = strip_tags($_POST['author']);
                    $sender = substr($sender, 0, strcspn($sender, "\r\n"));
                    $sender = htmlspecialchars(trim($sender), ENT_QUOTES);
                }
                $mail_template->set_var('username', $sender);
            } else {
                $mail_template->set_var('username', COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']));
            }
            $mail_template->set_var('lang_useremail', $LANG_CONTACT_1['email']);
            $mail_template->set_var('add_valid_address', $LANG_CONTACT_1['add_valid_address']);
            if (COM_isAnonUser()) {
                $email = '';
                if (isset($_POST['authoremail'])) {
                    $email = strip_tags($_POST['authoremail']);
                    $email = substr($email, 0, strcspn($email, "\r\n"));
                    $email = htmlspecialchars(trim($email), ENT_QUOTES);
                }
                $mail_template->set_var('useremail', $email);
            } else {
                $mail_template->set_var('useremail', $_USER['email']);
            }
            $mail_template->set_var('cc', $cc);
            $mail_template->set_var('lang_cc', $LANG08[36]);
            $mail_template->set_var('lang_cc_description', $LANG08[37]);
            $mail_template->set_var('lang_message', $LANG_CONTACT_1['message']);
            $mail_template->set_var('message', htmlspecialchars($message));
            $mail_template->set_var('lang_submit', $LANG08[16]);
            $mail_template->set_var('uid', $uid);
            PLG_templateSetVars('contact', $mail_template);
            $mail_template->parse('output', 'form');
            $retval .= $mail_template->finish($mail_template->get_var('output'));
        } else {
            $retval = COM_startBlock($LANG08[10] . ' ' . $displayname, '', COM_getBlockTemplate('_msg_block', 'header'));
            $retval .= $LANG08[35];
            $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        }
    }
    return $retval;
}
Ejemplo n.º 8
0
/**
* Send report about abusive comment
*
* @param    string  $cid    comment id
* @param    string  $type   type of comment ('article', 'poll', ...)
* @return   string          Meta refresh or HTML for error message
*
*/
function CMT_sendReport($cid, $type)
{
    global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09, $LANG_LOGIN;
    if (COM_isAnonUser()) {
        $retval = COM_siteHeader('menu', $LANG_LOGIN[1]);
        $retval .= SEC_loginRequiredForm();
        $retval .= COM_siteFooter();
        return $retval;
    }
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}");
    $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid . " AND type = '" . DB_escapeString($type) . "'");
    $A = DB_fetchArray($result);
    $title = $A['title'];
    $comment = $A['comment'];
    // strip HTML if posted in HTML mode
    if (preg_match('/<.*>/', $comment) != 0) {
        $comment = strip_tags($comment);
    }
    $author = COM_getDisplayName($A['uid']);
    if ($A['uid'] <= 1 && !empty($A['ipaddress'])) {
        // add IP address for anonymous posters
        $author .= ' (' . $A['ipaddress'] . ')';
    }
    $mailbody = sprintf($LANG03[26], $username);
    $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n";
    if ($type != 'article' && $type != 'poll') {
        $mailbody .= "{$LANG09['5']}: {$type}\n";
    }
    if ($_CONF['emailstorieslength'] > 0) {
        if ($_CONF['emailstorieslength'] > 1) {
            $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...';
        }
        $mailbody .= $comment . "\n\n";
    }
    $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
    $mailbody .= "\n------------------------------\n";
    $mailbody .= "\n{$LANG08['34']}\n";
    $mailbody .= "\n------------------------------\n";
    $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27];
    $to = array();
    $to = COM_formatEmailAddress('', $_CONF['site_mail']);
    COM_mail($to, $mailsubject, $mailbody);
    COM_updateSpeedlimit('mail');
    return COM_refresh($_CONF['site_url'] . '/index.php?msg=27');
}
Ejemplo n.º 9
0
 /**
  * Kicks off the appropriate search(es)
  *
  * Initiates the search engine and returns HTML formatted
  * results. It also provides support to plugins using a
  * search API. Backwards compatibility has been incorporated
  * in this function to allow legacy support to plugins using
  * the old API calls defined versions prior to Geeklog 1.5.1
  *
  * @return string HTML output for search results
  *
  */
 public function doSearch()
 {
     global $_CONF, $LANG01, $LANG09, $LANG31;
     // Verify current user can perform requested search
     if (!$this->_isSearchAllowed()) {
         return SEC_loginRequiredForm();
     }
     // When full text searches are enabled, make sure the min. query length
     // is 3 characters. Otherwise, make sure at least one of query string,
     // author, or topic is not empty.
     if (empty($this->_query) && empty($this->_author) && empty($this->_topic) || $_CONF['search_use_fulltext'] && strlen($this->_query) < 3) {
         $retval = '<p>' . $LANG09[41] . '</p>' . LB;
         $retval .= $this->showForm();
         return $retval;
     }
     // Build the URL strings
     $this->_searchURL = $_CONF['site_url'] . '/search.php?query=' . urlencode($this->_query) . (!empty($this->_keyType) ? '&amp;keyType=' . $this->_keyType : '') . (!empty($this->_dateStart) ? '&amp;datestart=' . $this->_dateStart : '') . (!empty($this->_dateEnd) ? '&amp;dateend=' . $this->_dateEnd : '') . (!empty($this->_topic) ? '&amp;topic=' . $this->_topic : '') . (!empty($this->_author) ? '&amp;author=' . $this->_author : '') . ($this->_titlesOnly ? '&amp;title=true' : '');
     $url = "{$this->_searchURL}&amp;type={$this->_type}&amp;mode=";
     $obj = new ListFactory($url . 'search', $_CONF['search_limits'], $_CONF['num_search_results']);
     $obj->setField('ID', 'id', false);
     $obj->setField('URL', 'url', false);
     $show_num = $_CONF['search_show_num'];
     $show_type = $_CONF['search_show_type'];
     $show_user = $_CONF['contributedbyline'];
     $show_hits = !$_CONF['hideviewscount'];
     $style = isset($_CONF['search_style']) ? $_CONF['search_style'] : 'google';
     if ($style == 'table') {
         $obj->setStyle('table');
         //             Title        Name            Display     Sort   Format
         $obj->setField($LANG09[62], LF_ROW_NUMBER, $show_num, false, '<b>%d.</b>');
         $obj->setField($LANG09[5], LF_SOURCE_TITLE, $show_type, true, '<b>%s</b>');
         $obj->setField($LANG09[16], 'title', true, true);
         $obj->setField($LANG09[63], 'description', true, false);
         $obj->setField($LANG09[17], 'date', true, true);
         $obj->setField($LANG09[18], 'uid', $show_user, true);
         $obj->setField($LANG09[50], 'hits', $show_hits, true);
         $this->_wordlength = 7;
     } else {
         if ($style == 'google') {
             $sort_uid = $this->_author == '' ? true : false;
             $sort_date = empty($this->_dateStart) || empty($this->_dateEnd) || $this->_dateStart != $this->_dateEnd ? true : false;
             $sort_type = $this->_type == 'all' ? true : false;
             $obj->setStyle('inline');
             $obj->setField('', LF_ROW_NUMBER, $show_num, false, '<b>%d.</b>');
             $obj->setField($LANG09[16], 'title', true, true, '%s<br' . XHTML . '>');
             $obj->setField('', 'description', true, false, '%s<br' . XHTML . '>');
             $obj->setField('', '_html', true, false, '<span class="searchresult-byline">');
             $obj->setField($LANG09[18], 'uid', $show_user, $sort_uid, $LANG01[104] . ' %s ');
             $obj->setField($LANG09[17], 'date', true, $sort_date, $LANG01[36] . ' %s');
             $obj->setField($LANG09[5], LF_SOURCE_TITLE, $show_type, $sort_type, ' - %s');
             $obj->setField($LANG09[50], 'hits', $show_hits, true, ' - %s ' . $LANG09[50]);
             $obj->setField('', '_html', true, false, '</span>');
             $this->_wordlength = 50;
         }
     }
     // get default sort order
     $default_sort = explode('|', $_CONF['search_def_sort']);
     $obj->setDefaultSort($default_sort[0], $default_sort[1]);
     // set this only now, for compatibility with PHP 4
     $obj->setRowFunction(array($this, 'searchFormatCallback'));
     // Start search timer
     $searchtimer = new timerobject();
     $searchtimer->setPrecision(4);
     $searchtimer->startTimer();
     // Have plugins do their searches
     $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 1;
     $result_plugins = PLG_doSearch($this->_query, $this->_dateStart, $this->_dateEnd, $this->_topic, $this->_type, $this->_author, $this->_keyType, $page, 5);
     // Add core searches
     $result_plugins = array_merge($result_plugins, $this->_searchStories());
     // Loop through all plugins separating the new API from the old
     $new_api = 0;
     $old_api = 0;
     $num_results = 0;
     foreach ($result_plugins as $result) {
         if (is_a($result, 'SearchCriteria')) {
             $debug_info = $result->getName() . ' using APIv2';
             if ($this->_type != 'all' && $this->_type != $result->getName()) {
                 if ($this->_verbose) {
                     $new_api++;
                     COM_errorLog($debug_info . '. Skipped as type is not ' . $this->_type);
                 }
                 continue;
             }
             $api_results = $result->getResults();
             if (!empty($api_results)) {
                 $obj->addResultArray($api_results);
             }
             $api_callback_func = $result->getCallback();
             if (!empty($api_callback_func)) {
                 $debug_info .= ' with Callback Function.';
                 $obj->setCallback($result->getLabel(), $result->getName(), $api_callback_func, $result->getRank(), $result->getTotal());
             } else {
                 if ($result->getSQL() != '' || $result->getFTSQL() != '') {
                     if ($_CONF['search_use_fulltext'] == true && $result->getFTSQL() != '') {
                         $sql = $result->getFTSQL();
                     } else {
                         $sql = $result->getSQL();
                     }
                     $sql = $this->_convertsql($sql);
                     $debug_info .= ' with SQL = ' . print_r($sql, 1);
                     $obj->setQuery($result->getLabel(), $result->getName(), $sql, $result->getRank());
                 }
             }
             $this->_url_rewrite[$result->getName()] = $result->UrlRewriteEnable();
             $this->_append_query[$result->getName()] = $result->AppendQueryEnable();
             if ($this->_verbose) {
                 $new_api++;
                 COM_errorLog($debug_info);
             }
         } else {
             if (is_a($result, 'Plugin') && $result->num_searchresults != 0) {
                 // Some backwards compatibility
                 if ($this->_verbose) {
                     $old_api++;
                     $debug_info = $result->plugin_name . ' using APIv1 with backwards compatibility.';
                     $debug_info .= ' Count: ' . $result->num_searchresults;
                     $debug_info .= ' Headings: ' . implode(',', $result->searchheading);
                     COM_errorLog($debug_info);
                 }
                 // Find the column heading names that closely match what we are looking for
                 // There may be issues here on different languages, but this _should_ capture most of the data
                 $col_title = $this->_findColumn($result->searchheading, array($LANG09[16], $LANG31[4], 'Question', 'Site Page'));
                 //Title,Subject
                 $col_desc = $this->_findColumn($result->searchheading, array($LANG09[63], 'Answer'));
                 $col_date = $this->_findColumn($result->searchheading, array($LANG09[17]));
                 //'Date','Date Added','Last Updated','Date & Time'
                 $col_user = $this->_findColumn($result->searchheading, array($LANG09[18], 'Submited by'));
                 $col_hits = $this->_findColumn($result->searchheading, array($LANG09[50], $LANG09[23], 'Downloads', 'Clicks'));
                 //'Hits','Views'
                 $label = str_replace($LANG09[59], '', $result->searchlabel);
                 $num_results += $result->num_itemssearched;
                 // Extract the results
                 for ($i = 0; $i < 5; $i++) {
                     // If the plugin does not repect the $perpage perameter force it here.
                     $j = $i + $page * 5 - 5;
                     if ($j >= count($result->searchresults)) {
                         break;
                     }
                     $old_row = $result->searchresults[$j];
                     if ($col_date != -1) {
                         // Convert the date back to a timestamp
                         $date = $old_row[$col_date];
                         $date = substr($date, 0, strpos($date, '@'));
                         $date = $date == '' ? $old_row[$col_date] : strtotime($date);
                     }
                     $api_results = array(LF_SOURCE_NAME => $result->plugin_name, LF_SOURCE_TITLE => $label, 'title' => $col_title == -1 ? '<i>' . $LANG09[70] . '</i>' : $old_row[$col_title], 'description' => $col_desc == -1 ? '<i>' . $LANG09[70] . '</i>' : $old_row[$col_desc], 'date' => $col_date == -1 ? '&nbsp;' : $date, 'uid' => $col_user == -1 ? '&nbsp;' : $old_row[$col_user], 'hits' => $col_hits == -1 ? '0' : str_replace(',', '', $old_row[$col_hits]));
                     preg_match('/href="([^"]+)"/i', $api_results['title'], $links);
                     $api_results['url'] = empty($links) ? '#' : $links[1];
                     $obj->addResult($api_results);
                 }
             }
         }
     }
     // Find out how many plugins are on the old/new system
     if ($this->_verbose) {
         COM_errorLog('Search Plugins using APIv1: ' . $old_api . ' APIv2: ' . $new_api);
     }
     // Execute the queries
     $results = $obj->ExecuteQueries();
     // Searches are done, stop timer
     $searchtime = $searchtimer->stopTimer();
     $escquery = htmlspecialchars($this->_query);
     $escquery = str_replace(array('{', '}'), array('&#123;', '&#125;'), $escquery);
     if ($this->_keyType == 'any') {
         $searchQuery = str_replace(' ', "</b>' " . $LANG09[57] . " '<b>", $escquery);
         $searchQuery = "<b>'{$searchQuery}'</b>";
     } else {
         if ($this->_keyType == 'all') {
             $searchQuery = str_replace(' ', "</b>' " . $LANG09[56] . " '<b>", $escquery);
             $searchQuery = "<b>'{$searchQuery}'</b>";
         } else {
             $searchQuery = $LANG09[55] . " '<b>{$escquery}</b>'";
         }
     }
     // Clean the query string so that sprintf works as expected
     $searchQuery = str_replace('%', '%%', $searchQuery);
     $retval = "{$LANG09[25]} {$searchQuery}. ";
     if (count($results) == 0) {
         $retval .= sprintf($LANG09[24], 0);
         $retval = '<p>' . $retval . '</p>' . LB;
         $retval .= '<p>' . $LANG09[13] . '</p>' . LB;
         $retval .= $this->showForm();
     } else {
         $retval .= $LANG09[64] . " ({$searchtime} {$LANG09[27]}). ";
         $retval .= str_replace('%', '%%', COM_createLink($LANG09[61], $url . 'refine'));
         $retval = '<p>' . $retval . '</p>' . LB;
         $retval = $obj->getFormattedOutput($results, $LANG09[11], $retval, '', $_CONF['search_show_sort'], $_CONF['search_show_limit']);
     }
     return $retval;
 }
Ejemplo n.º 10
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
            if ($mode !== 'autotag') {
                $_CONF['pagetitle'] = $output['sp_title'];
            }
        } else {
            // an error occured (page not found, access denied, ...)
            if (empty($page)) {
                $failflg = 0;
            } else {
                $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
            }
            if ($failflg) {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= SEC_loginRequiredForm();
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter();
                }
            } else {
                if ($mode !== 'autotag') {
                    COM_404();
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['sp_date']));
            $output['updated'] = date('c', strtotime($output['sp_date']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['category'] = array($output['sp_tid']);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY sp_date DESC";
        $sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['sp_date']));
                $output_item['updated'] = date('c', strtotime($output_item['sp_date']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['category'] = array($output_item['sp_tid']);
                $output_item['content'] = $output_item['sp_content'];
                $output_item['content_type'] = 'html';
                $output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Ejemplo n.º 11
0
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @return   string          HTML for user profile page
*
*/
function userprofile()
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN;
    // @param    int     $user   User ID of profile to get
    // @param    int     $msg    Message to display (if != 0)
    // @param    string  $plugin optional plugin name for message
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        return $retval;
    }
    if (isset($_GET['uid'])) {
        $user = COM_applyFilter($_GET['uid'], true);
        if (!is_numeric($user) || $user < 2) {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
    } else {
        if (isset($_GET['username'])) {
            $username = $_GET['username'];
            if (!USER_validateUsername($username, 1)) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
            if (empty($username) || $username == '') {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
            $username = DB_escapeString($username);
            $user = DB_getItem($_TABLES['users'], 'uid', "username = '******'");
            if ($user < 2) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
        } else {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
    }
    $msg = 0;
    if (isset($_GET['msg'])) {
        $msg = COM_applyFilter($_GET['msg'], true);
    }
    $plugin = '';
    if ($msg > 0 && isset($_GET['plugin'])) {
        $plugin = COM_applyFilter($_GET['plugin']);
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        // no such user
        echo COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
        COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
    }
    $display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt());
    if ($msg > 0) {
        $retval .= COM_showMessage($msg, $plugin, '', 0, 'info');
    }
    // format date/time to user preference
    $curtime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $curtime[0];
    $user_templates = new Template($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('layout_url', $_CONF['layout_url']);
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    $user_templates->set_var('tooltip', COM_getTooltipStyle());
    if ($_CONF['show_fullname'] == 1) {
        if (empty($A['fullname'])) {
            $username = $A['username'];
            $fullname = '';
        } else {
            $username = $A['fullname'];
            $fullname = $A['username'];
        }
    } else {
        $username = $A['username'];
        $fullname = '';
    }
    $username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt());
    $fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt());
    if ($A['status'] == USER_ACCOUNT_DISABLED) {
        $username = sprintf('%s - %s', $username, $LANG28[42]);
        if (!empty($fullname)) {
            $fullname = sprintf('% - %s', $fullname, $LANG28[42]);
        }
    }
    $user_templates->set_var('username', $username);
    $user_templates->set_var('user_fullname', $fullname);
    if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) {
        global $_IMAGE_TYPE, $LANG_ADMIN;
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
        if ($_USER['uid'] == $A['uid']) {
            $edit_url = "{$_CONF['site_url']}/usersettings.php";
        } else {
            $edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&amp;uid={$A['uid']}";
        }
        $edit_link_url = COM_createLink($edit_icon, $edit_url);
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_url);
    } else {
        $user_templates->set_var('user_edit', '');
    }
    if (isset($A['photo']) && empty($A['photo'])) {
        $A['photo'] = '(none)';
        // user does not have a photo
    }
    $lastlogin = $A['lastlogin'];
    $lasttime = COM_getUserDateTimeFormat($lastlogin);
    $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    if ($_CONF['lastlogin'] && $A['showonline']) {
        $user_templates->set_var('lang_lastlogin', $LANG28[35]);
        if (!empty($lastlogin)) {
            $user_templates->set_var('user_lastlogin', $lasttime[0]);
        } else {
            $user_templates->set_var('user_lastlogin', $LANG28[36]);
        }
    }
    if ($A['showonline']) {
        if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) {
            $user_templates->set_var('online', 'online');
        }
    }
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $user);
    if ($A['email'] == '' || $A['emailfromuser'] == 0) {
        $user_templates->set_var('email_option', '');
    } else {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_online', $LANG04[160]);
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', nl2br($A['about']));
    $user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml'));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    }
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name);
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name);
    }
    $user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name);
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
    $nrows = DB_numRows($result);
    $tids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $T = DB_fetchArray($result);
        $tids[] = $T['tid'];
    }
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (sizeof($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
    } else {
        $nrows = 0;
    }
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => '')));
            $storytime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storytime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
    }
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        // list of last 10 comments by this user
        $sidArray = array();
        if (sizeof($tids) > 0) {
            // first, get a list of all stories the current visitor has access to
            $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
            $result = DB_query($sql);
            $numsids = DB_numRows($result);
            for ($i = 1; $i <= $numsids; $i++) {
                $S = DB_fetchArray($result);
                $sidArray[] = $S['sid'];
            }
        }
        $sidList = implode("', '", $sidArray);
        $sidList = "'{$sidList}'";
        // then, find all comments by the user in those stories
        $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
        // SQL NOTE:  Using a HAVING clause is usually faster than a where if the
        // field is part of the select
        // if (!empty ($sidList)) {
        //     $sql .= " AND (sid in ($sidList))";
        // }
        if (!empty($sidList)) {
            $sql .= " HAVING sid in ({$sidList})";
        }
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            for ($i = 0; $i < $nrows; $i++) {
                $C = DB_fetchArray($result);
                $user_templates->set_var('cssid', $i % 2 + 1);
                $user_templates->set_var('row_number', $i + 1 . '.');
                $C['title'] = str_replace('$', '&#36;', $C['title']);
                $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
                $user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => '')));
                $commenttime = COM_getUserDateTimeFormat($C['unixdate']);
                $user_templates->set_var('comment_date', $commenttime[0]);
                $user_templates->parse('comment_row', 'row', true);
            }
        } else {
            $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
        }
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('lang_number_comments', $LANG04[85]);
        $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")";
        if (!empty($sidList)) {
            $sql .= " AND (sid in ({$sidList}))";
        }
        $result = DB_query($sql);
        $N = DB_fetchArray($result);
        $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
        $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    }
    // hook to the profile icon display
    $profileIcons = PLG_profileIconDisplay($user);
    if (is_array($profileIcons) && count($profileIcons) > 0) {
        $user_templates->set_block('profile', 'profileicon', 'pi');
        for ($x = 0; $x < count($profileIcons); $x++) {
            if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') {
                $user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']);
                $user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']);
                $user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']);
                $user_templates->parse('pi', 'profileicon', true);
            }
        }
    }
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($user));
    }
    PLG_profileVariablesDisplay($user, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($user);
    return $retval;
}
Ejemplo n.º 12
0
/**
* Send report about abusive comment
*
* @param    string  $cid    comment id
* @param    string  $type   type of comment ('article', 'polls', ...)
* @return   string          Meta refresh or HTML for error message
*
*/
function CMT_sendReport($cid, $type)
{
    global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08;
    if (COM_isAnonUser()) {
        $retval = SEC_loginRequiredForm();
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
        return $retval;
    }
    COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
    if (COM_checkSpeedlimit('mail') > 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}");
    $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = {$cid} AND type = '{$type}'");
    $A = DB_fetchArray($result);
    $title = stripslashes($A['title']);
    $comment = stripslashes($A['comment']);
    // strip HTML if posted in HTML mode
    if (preg_match('/<.*>/', $comment) != 0) {
        $comment = strip_tags($comment);
    }
    $author = COM_getDisplayName($A['uid']);
    if ($A['uid'] <= 1 && !empty($A['ipaddress'])) {
        // add IP address for anonymous posters
        $author .= ' (' . $A['ipaddress'] . ')';
    }
    $mailbody = sprintf($LANG03[26], $username);
    $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n";
    if ($type != 'article') {
        $mailbody .= "{$LANG09['5']}: {$type}\n";
    }
    if ($_CONF['emailstorieslength'] > 0) {
        if ($_CONF['emailstorieslength'] > 1) {
            $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...';
        }
        $mailbody .= $comment . "\n\n";
    }
    $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
    $mailbody .= "\n------------------------------\n";
    $mailbody .= "\n{$LANG08['34']}\n";
    $mailbody .= "\n------------------------------\n";
    $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27];
    if (COM_mail($_CONF['site_mail'], $mailsubject, $mailbody)) {
        $msg = 27;
        // message sent
    } else {
        $msg = 85;
        // problem sending the email
    }
    COM_updateSpeedlimit('mail');
    return COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}");
}
Ejemplo n.º 13
0
function handleunSubscribe($sid, $type)
{
    global $_CONF, $_TABLES, $_USER;
    $dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url'];
    if ($dirty_referer == '') {
        $dirty_referer = $_CONF['site_url'];
    }
    $referer = COM_sanitizeUrl($dirty_referer);
    $sLength = strlen($_CONF['site_url']);
    if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
        $referer = $_CONF['site_url'];
    }
    if (strcasecmp($referer, $_CONF['site_url'] . '/users.php') == 0) {
        $referer = $_CONF['site_url'];
    }
    $hasargs = strstr($referer, '?');
    if ($hasargs) {
        $sep = '&amp;';
    } else {
        $sep = '?';
    }
    if (COM_isAnonUser()) {
        $display = COM_siteHeader();
        $display .= SEC_loginRequiredForm();
        $display .= COM_siteFooter();
        echo $display;
        exit;
    }
    $rc = PLG_unsubscribe('comment', $type, $sid);
    echo COM_refresh($referer . $sep . 'msg=521' . '#comments');
    exit;
}
Ejemplo n.º 14
0
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param    int     $user   User ID of profile to get
* @param    int     $msg    Message to display (if != 0)
* @return   string          HTML for user profile page
*
*/
function userprofile($user, $msg = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= COM_siteHeader('menu');
        $retval .= SEC_loginRequiredForm();
        $retval .= COM_siteFooter();
        return $retval;
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        // no such user
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    $display_name = COM_getDisplayName($user, $A['username'], $A['fullname']);
    // format date/time to user preference
    $curtime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $curtime[0];
    $user_templates = new Template($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    if ($_CONF['show_fullname'] == 1) {
        $user_templates->set_var('username', $A['fullname']);
        $user_templates->set_var('user_fullname', $A['username']);
    } else {
        $user_templates->set_var('username', $A['username']);
        $user_templates->set_var('user_fullname', $A['fullname']);
    }
    if (SEC_hasRights('user.edit')) {
        global $_IMAGE_TYPE, $LANG_ADMIN;
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
        $edit_link_url = '<li>' . COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?edit=x&amp;uid={$A['uid']}") . '</li>';
        $user_templates->set_var('edit_link', $edit_link_url);
    }
    $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $user);
    if ($A['email'] != '') {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    } else {
        $user_templates->set_var('email_option', '');
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', nl2br($A['about']));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82]);
    $user_templates->set_var('headline_last10comments', $LANG04[10]);
    $user_templates->set_var('headline_postingstats', $LANG04[83]);
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
    $nrows = DB_numRows($result);
    $tids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $T = DB_fetchArray($result);
        $tids[] = $T['tid'];
    }
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (sizeof($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
    } else {
        $nrows = 0;
    }
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => 'b')));
            $storytime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storytime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
    }
    // list of last 10 comments by this user
    $sidArray = array();
    if (sizeof($tids) > 0) {
        // first, get a list of all stories the current visitor has access to
        $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $result = DB_query($sql);
        $numsids = DB_numRows($result);
        for ($i = 1; $i <= $numsids; $i++) {
            $S = DB_fetchArray($result);
            $sidArray[] = $S['sid'];
        }
    }
    $sidList = implode("', '", $sidArray);
    $sidList = "'" . DB_escapeString($sidList) . "'";
    // then, find all comments by the user in those stories
    $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
    // SQL NOTE:  Using a HAVING clause is usually faster than a where if the
    // field is part of the select
    // if (!empty ($sidList)) {
    //     $sql .= " AND (sid in ($sidList))";
    // }
    if (!empty($sidList)) {
        $sql .= " HAVING sid in ({$sidList})";
    }
    $sql .= " ORDER BY unixdate DESC LIMIT 10";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => 'b')));
            $commenttime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('comment_date', $commenttime[0]);
            $user_templates->parse('comment_row', 'row', true);
        }
    } else {
        $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_number_comments', $LANG04[85]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = '{$user}')";
    if (!empty($sidList)) {
        $sql .= " AND (sid in ({$sidList}))";
    }
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($user));
    }
    PLG_profileVariablesDisplay($user, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($user);
    return $retval;
}
Ejemplo n.º 15
0
/**
* Display form to email a story to someone.
*
* @param    string  $sid        ID of article to email
* @param    bool    $cc         Whether to send a copy of the message to the author
* @param    string  $to         name of person / friend to email
* @param    string  $toemail    friend's email address
* @param    string  $from       name of person sending the email
* @param    string  $fromemail  sender's email address
* @param    string  $shortmsg   short intro text to send with the story
* @param    string  $msg        Error message code
* @return   string              HTML for email story form
*
*/
function mailstoryform($sid, $cc = false, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG08;
    require_once $_CONF['path_system'] . 'lib-story.php';
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        return $retval;
    }
    $story = new Story();
    $result = $story->loadFromDatabase($sid, 'view');
    if ($result != STORY_LOADED_OK) {
        COM_redirect($_CONF['site_url'] . '/index.php');
    }
    if ($msg > 0) {
        $retval .= COM_showMessage($msg);
    }
    if (empty($from) && empty($fromemail)) {
        if (!COM_isAnonUser()) {
            $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
            $fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
        }
    }
    $cc = $cc ? ' checked="checked"' : '';
    $mail_template = COM_newTemplate($_CONF['path_layout'] . 'profiles');
    $mail_template->set_file('form', 'contactauthorform.thtml');
    $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
    $mail_template->set_var('lang_title', $LANG08[31]);
    $mail_template->set_var('story_title', $story->displayElements('title'));
    $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    $mail_template->set_var('story_url', $url);
    $link = COM_createLink($story->displayElements('title'), $url);
    $mail_template->set_var('story_link', $link);
    $mail_template->set_var('lang_fromname', $LANG08[20]);
    $mail_template->set_var('name', $from);
    $mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
    $mail_template->set_var('email', $fromemail);
    $mail_template->set_var('lang_toname', $LANG08[18]);
    $mail_template->set_var('toname', $to);
    $mail_template->set_var('lang_toemailaddress', $LANG08[19]);
    $mail_template->set_var('toemail', $toemail);
    if (!$_CONF['mail_cc_enabled']) {
        $mail_template->set_var('cc_enabled', ' style="display: none"');
    } else {
        $mail_template->set_var('cc', $cc);
        $mail_template->set_var('lang_cc', $LANG08[36]);
        $mail_template->set_var('lang_cc_description', $LANG08[37]);
    }
    $mail_template->set_var('lang_shortmessage', $LANG08[27]);
    $mail_template->set_var('shortmsg', htmlspecialchars($shortmsg));
    $mail_template->set_var('lang_warning', $LANG08[22]);
    $mail_template->set_var('lang_sendmessage', $LANG08[16]);
    $mail_template->set_var('story_id', $sid);
    $mail_template->set_var('end_block', COM_endBlock());
    PLG_templateSetVars('emailstory', $mail_template);
    $mail_template->parse('output', 'form');
    $retval .= $mail_template->finish($mail_template->get_var('output'));
    return $retval;
}
Ejemplo n.º 16
0
/**
 * Shows a profile for a user
 * This grabs the user profile for a given user and displays it
 *
 * @param    int     $uid     User ID of profile to get
 * @param    boolean $preview whether being called as preview from My Account
 * @param    int     $msg     Message to display (if != 0)
 * @param    string  $plugin  optional plugin name for message
 * @return   string              HTML for user profile page
 */
function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '')
{
    global $_CONF, $_TABLES, $_USER, $_IMAGE_TYPE, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN, $LANG_ADMIN;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LOGIN[1]));
        return $retval;
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$uid}");
    $numRows = DB_numRows($result);
    if ($numRows == 0) {
        // no such user
        COM_handle404();
    }
    $A = DB_fetchArray($result);
    if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
        COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
    }
    if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) {
        COM_handle404();
    }
    $display_name = COM_getDisplayName($uid, $A['username'], $A['fullname']);
    $display_name = htmlspecialchars($display_name);
    if (!$preview) {
        if ($msg > 0) {
            $retval .= COM_showMessage($msg, $plugin);
        }
    }
    // format date/time to user preference
    $currentTime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $currentTime[0];
    $user_templates = COM_newTemplate($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    if ($_CONF['show_fullname'] == 1) {
        if (empty($A['fullname'])) {
            $userName = $A['username'];
            $fullName = '';
        } else {
            $userName = $A['fullname'];
            $fullName = $A['username'];
        }
    } else {
        $userName = $A['username'];
        $fullName = $A['fullname'];
    }
    $userName = htmlspecialchars($userName);
    $fullName = htmlspecialchars($fullName);
    if ($A['status'] == USER_ACCOUNT_DISABLED) {
        $userName = sprintf('<s title="%s">%s</s>', $LANG28[42], $userName);
        if (!empty($fullName)) {
            $fullName = sprintf('<s title="%s">%s</s>', $LANG28[42], $fullName);
        }
    }
    $user_templates->set_var('username', $userName);
    $user_templates->set_var('user_fullname', $fullName);
    if ($preview) {
        $user_templates->set_var('edit_icon', '');
        $user_templates->set_var('edit_link', '');
        $user_templates->set_var('user_edit', '');
    } elseif (!COM_isAnonUser() && $_USER['uid'] == $uid) {
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[48] . '" title="' . $LANG01[48] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, $_CONF['site_url'] . '/usersettings.php');
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_link_url);
    } elseif (SEC_hasRights('user.edit')) {
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&amp;uid={$A['uid']}");
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_link_url);
    }
    if (isset($A['photo']) && empty($A['photo'])) {
        $A['photo'] = '(none)';
        // user does not have a photo
    }
    $photo = USER_getPhoto($uid, $A['photo'], $A['email'], -1);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $uid);
    $user_templates->set_var('uid', $uid);
    if ($A['email'] != '') {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    } else {
        $user_templates->set_var('email_option', '');
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', COM_nl2br(stripslashes($A['about'])));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', COM_nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82]);
    $user_templates->set_var('headline_last10comments', $LANG04[10]);
    $user_templates->set_var('headline_postingstats', $LANG04[83]);
    $tids = TOPIC_getList(0, true, false);
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (count($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate\n            FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND') . "\n            AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1\n            ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
    } else {
        $numRows = 0;
    }
    if ($numRows > 0) {
        for ($i = 0; $i < $numRows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
            $storyTime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storyTime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $story_row = $LANG01[37];
        if ($_CONF['supported_version_theme'] == '1.8.1') {
            $story_row = '<tr><td>' . $story_row . '</td></tr>';
        }
        $user_templates->set_var('story_row', $story_row);
    }
    // list of last 10 comments by this user
    $new_plugin_comments = PLG_getWhatsNewComment('', 10, $uid);
    if (!empty($new_plugin_comments)) {
        // Sort array by element lastdate newest to oldest
        foreach ($new_plugin_comments as $k => $v) {
            $b[$k] = strtolower($v['unixdate']);
        }
        arsort($b);
        foreach ($b as $key => $val) {
            $temp[] = $new_plugin_comments[$key];
        }
        $new_plugin_comments = $temp;
        $i = 0;
        foreach ($new_plugin_comments as $C) {
            $i = $i + 1;
            $user_templates->set_var('cssid', $i % 2);
            $user_templates->set_var('row_number', $i . '.');
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
            $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
            $commentTime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('comment_date', $commentTime[0]);
            $user_templates->parse('comment_row', 'row', true);
            if ($i == 10) {
                break;
            }
        }
    } else {
        $comment_row = $LANG01[29];
        if ($_CONF['supported_version_theme'] == '1.8.1') {
            $comment_row = '<tr><td>' . $comment_row . '</td></tr>';
        }
        $user_templates->set_var('comment_row', $comment_row);
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_number_comments', $LANG04[85]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$uid})";
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($uid));
    }
    PLG_profileVariablesDisplay($uid, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($uid);
    if (!$preview) {
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[1] . ' ' . $display_name));
    }
    return $retval;
}
Ejemplo n.º 17
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = array();
        $sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
        $sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
            if ($output['template_id'] != '') {
                $retval = '';
                $mode = '';
                $xmlObject = simplexml_load_string($output['sp_content']);
                // create array of XML data
                $tag = array();
                foreach ($xmlObject->variable as $variable) {
                    $key = $variable["name"] . '';
                    $value = $variable->data;
                    $tag[$key] = $value;
                }
                // Loop through variables to replace any autotags first
                foreach ($tag as &$value) {
                    $value = PLG_replaceTags($value);
                }
                $args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
                $svc_msg = array();
                if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
                    $retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
                    $output['sp_content'] = $retval['sp_content'];
                }
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
                    $create_page = true;
                }
            }
            if (!$create_page) {
                if (empty($page)) {
                    $failflg = 0;
                } else {
                    $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
                }
                if ($failflg) {
                    if ($mode !== 'autotag') {
                        $output = COM_siteHeader('menu');
                    }
                    $output .= SEC_loginRequiredForm();
                    if ($mode !== 'autotag') {
                        $output .= COM_siteFooter(true);
                    }
                } else {
                    if ($mode !== 'autotag') {
                        $output = COM_siteHeader('menu');
                    }
                    $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
                    $output .= $LANG_STATIC['deny_msg'];
                    $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                    if ($mode !== 'autotag') {
                        $output .= COM_siteFooter(true);
                    }
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['created']));
            $output['updated'] = date('c', strtotime($output['modified']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['page_title'] = $output['sp_page_title'];
            $output['category'] = array($output['sp_tid']);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' WHERE ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY modified DESC";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['created']));
                $output_item['updated'] = date('c', strtotime($output_item['modified']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['page_title'] = $output_item['sp_page_title'];
                $output_item['category'] = array($output_item['sp_tid']);
                $output_item['content'] = $output_item['sp_content'];
                $output_item['content_type'] = 'html';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Ejemplo n.º 18
0
/**
* Display form to email a story to someone.
*
* @param    string  $sid    ID of article to email
* @return   string          HTML for email story form
*
*/
function mailstoryform($sid, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG_LOGIN;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
        $display = COM_siteHeader('menu', $LANG_LOGIN[1]);
        $display .= SEC_loginRequiredForm();
        $display .= COM_siteFooter();
        echo $display;
        exit;
    }
    $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND'));
    $A = DB_fetchArray($result);
    if ($A['count'] == 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    if ($msg > 0) {
        $retval .= COM_showMessage($msg, '', '', 0, 'info');
    }
    if (empty($from) && empty($fromemail)) {
        if (!COM_isAnonUser()) {
            $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
            $fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
        }
    }
    $postmode = $_CONF['mailuser_postmode'];
    $mail_template = new Template($_CONF['path_layout'] . 'profiles');
    $mail_template->set_file('form', 'contactauthorform.thtml');
    if ($postmode == 'html') {
        $mail_template->set_var('show_htmleditor', true);
    } else {
        $mail_template->unset_var('show_htmleditor');
    }
    $mail_template->set_var('lang_postmode', $LANG03[2]);
    $mail_template->set_var('postmode', $postmode);
    $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
    $mail_template->set_var('lang_fromname', $LANG08[20]);
    $mail_template->set_var('name', $from);
    $mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
    $mail_template->set_var('email', $fromemail);
    $mail_template->set_var('lang_toname', $LANG08[18]);
    $mail_template->set_var('toname', $to);
    $mail_template->set_var('lang_toemailaddress', $LANG08[19]);
    $mail_template->set_var('toemail', $toemail);
    $mail_template->set_var('lang_shortmessage', $LANG08[27]);
    $mail_template->set_var('shortmsg', @htmlspecialchars($shortmsg, ENT_COMPAT, COM_getEncodingt()));
    $mail_template->set_var('lang_warning', $LANG08[22]);
    $mail_template->set_var('lang_sendmessage', $LANG08[16]);
    $mail_template->set_var('story_id', $sid);
    PLG_templateSetVars('emailstory', $mail_template);
    $mail_template->set_var('end_block', COM_endBlock());
    $mail_template->parse('output', 'form');
    $retval .= $mail_template->finish($mail_template->get_var('output'));
    return $retval;
}
Ejemplo n.º 19
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        // Topic Permissions
        $topic_perms = COM_getTopicSQL('', 0, 'ta');
        if ($topic_perms != "") {
            $topic_perms = " AND (" . $topic_perms . "";
            if (COM_onFrontpage()) {
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            } else {
                // $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            }
        }
        $topic_perms .= " GROUP BY sp_id";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            $page = $output['sp_id'];
            // reset page id so case mimics id perfectly since this affects the cache file and canonical link
            // WE ASSUME $output doesn't have any confidential fields
            // Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
            if (!isset($args['template'])) {
                $output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
                    $create_page = true;
                }
            }
            if (!$create_page) {
                if (empty($page)) {
                    $failflg = 0;
                } else {
                    $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
                }
                if ($failflg) {
                    $output .= SEC_loginRequiredForm();
                    if ($mode !== 'autotag') {
                        $output = COM_createHTMLDocument($output, array('rightblock' => true));
                    }
                } else {
                    if ($mode !== 'autotag') {
                        COM_handle404();
                    }
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['created']));
            $output['updated'] = date('c', strtotime($output['modified']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['page_title'] = $output['sp_page_title'];
            $output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' WHERE ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY modified DESC";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count++;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['created']));
                $output_item['updated'] = date('c', strtotime($output_item['modified']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['page_title'] = $output_item['sp_page_title'];
                //$output_item['category']     = array($output_item['sp_tid']);
                $output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
                //$output_item['content']      = $output_item['sp_content'];
                $output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
                $output_item['content_type'] = 'html';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Ejemplo n.º 20
0
function FF_bookmarks()
{
    global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92;
    $retval = '';
    $pageTitle = $LANG_GF01['BOOKMARKS'];
    if (COM_isAnonUser()) {
        $retval .= SEC_loginRequiredForm();
        return array($pageTitle, $retval);
    }
    $T = new Template($_CONF['path'] . 'plugins/forum/templates/');
    $T->set_file('list', 'lists.thtml');
    USES_lib_admin();
    $header_arr = array(array('text' => '#', 'field' => 'bookmark', 'sort' => false), array('text' => $LANG_GF01['FORUM'], 'field' => 'forum_name', 'sort' => true), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject', 'sort' => true), array('text' => $LANG_GF01['AUTHOR'], 'field' => 'name', 'sort' => true), array('text' => $LANG_GF01['REPLIES'], 'field' => 'replies', 'sort' => true), array('text' => $LANG_GF01['VIEWS'], 'field' => 'views', 'sort' => true), array('text' => $LANG_GF01['DATE'], 'field' => 'date', 'sort' => true, 'nowrap' => true));
    if ($_FF_CONF['usermenu'] == 'navbar') {
        $T->set_var('navbar', FF_NavbarMenu($LANG_GF01['BOOKMARKS']));
    }
    $T->set_var('block_start', COM_startBlock($LANG_GF01['BOOKMARKS'], '', COM_getBlockTemplate('_admin_block', 'header')));
    $text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_url'] . '/forum/list.php?op=bookmarks', 'help_url' => '');
    $defsort_arr = array('field' => 'date', 'direction' => 'DESC');
    $sql = "SELECT * FROM {$_TABLES['ff_bookmarks']} AS bookmarks LEFT JOIN {$_TABLES['ff_topic']} AS topics ON bookmarks.topic_id=topics.id LEFT JOIN {$_TABLES['ff_forums']} AS forums ON topics.forum=forums.forum_id WHERE topics.id != '' AND bookmarks.uid=" . $_USER['uid'];
    $query_arr = array('table' => 'ff_bookmarks', 'sql' => $sql, 'query_fields' => array('topics.date', 'topics.subject', 'topics.comment', 'topics.name', 'topics.replies', 'topics.views', 'id', 'forum', 'forum_name'), 'default_filter' => '');
    $T->set_var('list_data', ADMIN_list('bookmarks', '_ff_getListField_forum', $header_arr, $text_arr, $query_arr, $defsort_arr));
    $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $T->parse('output', 'list');
    $retval = $T->finish($T->get_var('output'));
    return array($pageTitle, $retval);
}
Ejemplo n.º 21
0
}
USES_forum_functions();
USES_forum_format();
require_once $_CONF['path_system'] . 'classes/timer.class.php';
$forum = isset($_REQUEST['forum']) ? COM_applyFilter($_REQUEST['forum'], true) : 0;
$show = isset($_REQUEST['show']) ? COM_applyFilter($_REQUEST['show'], true) : 0;
$page = isset($_REQUEST['page']) ? COM_applyFilter($_REQUEST['page'], true) : 0;
$order = isset($_REQUEST['order']) ? COM_applyFilter($_REQUEST['order'], true) : 0;
$sort = isset($_REQUEST['sort']) ? COM_applyFilter($_REQUEST['sort'], true) : 0;
$cat_id = isset($_REQUEST['cat_id']) ? COM_applyFilter($_REQUEST['cat_id'], true) : 0;
$forum_id = isset($_REQUEST['forum_id']) ? COM_applyFilter($_REQUEST['forum_id'], true) : 0;
$op = isset($_REQUEST['op']) ? COM_applyFilter($_REQUEST['op']) : '';
//Check is anonymous users can access
if ($_FF_CONF['registration_required'] && COM_isAnonUser()) {
    $display = COM_siteHeader();
    $display .= SEC_loginRequiredForm();
    $display .= COM_siteFooter();
    echo $display;
    exit;
}
/*
 * Initialize vars
 */
$canPost = 0;
$display = '';
$pageBody = '';
$todaysdate = date("l, F d, Y");
forum_chkUsercanAccess();
// Check to see if request to mark all topics read was requested
if (!COM_isAnonUser() && $op == 'markallread') {
    $now = time();
Ejemplo n.º 22
0
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.          |
// |                                                                          |
// +--------------------------------------------------------------------------+
/**
 * Login form
 * @package paypal
 */
/**
 * require core geeklog code
 */
require_once '../lib-common.php';
// take user back to the homepage if the plugin is not active
if (!in_array('paypal', $_PLUGINS)) {
    echo COM_refresh($_CONF['site_url'] . '/index.php');
    exit;
}
/* Ensure sufficient privs to read this page */
paypal_access_check();
//Main
$display = PAYPAL_siteHeader($_PAY_CONF['seo_shop_title']);
if (SEC_hasRights('paypal.user', 'paypal.admin')) {
    $display .= paypal_user_menu();
} else {
    $display .= paypal_viewer_menu();
}
if (!empty($_REQUEST['msg'])) {
    $display .= COM_showMessageText(stripslashes($_REQUEST['msg']), $LANG_PAYPAL_1['message']);
}
$display .= '<div id="login">' . SEC_loginRequiredForm() . '</div>';
$display .= PAYPAL_siteFooter();
COM_output($display);
Ejemplo n.º 23
0
 /**
  * Shows an error message to anonymous users
  *
  * This is called when anonymous users attempt to access search
  * functionality that has been locked down by the glFusion admin.
  *
  * @author Tony Bibbs <tony AT geeklog DOT net>
  * @access private
  * @return string HTML output for error message
  *
  */
 function _getAccessDeniedMessage()
 {
     return SEC_loginRequiredForm();
 }
Ejemplo n.º 24
0
*   @copyright  Copyright (c) 2008 - 2010 Mark R. Evans mark AT glfusion DOT org
*   @package    evlist
*   @version    1.3.0
*   @license    http://opensource.org/licenses/gpl-2.0.php
*               GNU Public License v2 or later
*   @filesource
*/
/** Import core glFusion libraries */
require_once '../lib-common.php';
if (!in_array('evlist', $_PLUGINS)) {
    COM_404();
}
// allow_anon_view is set by functions.inc if global login_required is on
if (COM_isAnonUser() && $_EV_CONF['allow_anon_view'] != '1') {
    $content = COM_siteHeader();
    $content .= SEC_loginRequiredForm();
    $content .= COM_siteFooter();
    echo $content;
    exit;
}
USES_evlist_functions();
USES_evlist_views();
//var_dump($_GET);die;
/*
*   MAIN 
*/
COM_setArgNames(array('view', 'range', 'cat'));
if (isset($_GET['view'])) {
    $view = COM_applyFilter($_GET['view']);
} elseif (isset($_POST['view'])) {
    $view = COM_applyFilter($_POST['view']);