Ejemplo n.º 1
0
function cat_event_category_save($event, $table_name)
{
    global $txpcfg;
    extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title'))));
    $id = assert_int($id);
    $name = sanitizeForUrl($name);
    // make sure the name is valid
    if (!$name) {
        $message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR);
        return cat_category_list($message);
    }
    // don't allow rename to clobber an existing category
    $existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'");
    if ($existing_id and $existing_id != $id) {
        $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
        return cat_category_list($message);
    }
    $parent = $parent ? $parent : 'root';
    if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) {
        safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'");
    }
    rebuild_tree_full($event);
    if ($event == 'article') {
        safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'");
        safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'");
    } else {
        safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'");
    }
    $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
    cat_category_list($message);
}
Ejemplo n.º 2
0
function checkIfNeighbour($whichway, $sPosted)
{
    $sPosted = assert_int($sPosted);
    $dir = $whichway == 'prev' ? '<' : '>';
    $ord = $whichway == 'prev' ? 'desc' : 'asc';
    return safe_field("ID", "textpattern", "Posted {$dir} from_unixtime({$sPosted}) order by Posted {$ord} limit 1");
}
Ejemplo n.º 3
0
 /**
  * Constructor.
  *
  * @param int $id The Image id.
  */
 public function __construct($id)
 {
     $id = assert_int($id);
     $rs = safe_row("*", 'txp_image', "id = {$id} LIMIT 1");
     if ($rs) {
         extract($rs);
         $this->m_ext = $ext;
         $this->m_id = $id;
     }
     parent::__construct();
 }
Ejemplo n.º 4
0
/**
 * User editor panel.
 *
 * Accessing requires 'admin.edit' privileges.
 */
function author_edit()
{
    global $step, $txp_user;
    require_privs('admin.edit');
    pagetop(gTxt('tab_site_admin'), '');
    $vars = array('user_id', 'name', 'RealName', 'email', 'privs');
    $rs = array();
    $out = array();
    extract(gpsa($vars));
    $is_edit = $user_id && $step == 'author_edit';
    if ($is_edit) {
        $user_id = assert_int($user_id);
        $rs = safe_row('*', 'txp_users', "user_id = {$user_id}");
        extract($rs);
    }
    if ($is_edit) {
        $out[] = hed(gTxt('edit_author'), 2);
    } else {
        $out[] = hed(gTxt('add_new_author'), 2);
    }
    if ($is_edit) {
        $out[] = inputLabel('login_name', strong(txpspecialchars($name)));
    } else {
        $out[] = inputLabel('login_name', fInput('text', 'name', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), 'login_name', 'add_new_author');
    }
    $out[] = inputLabel('real_name', fInput('text', 'RealName', $RealName, '', '', '', INPUT_REGULAR, '', 'real_name'), 'real_name') . inputLabel('login_email', fInput('email', 'email', $email, '', '', '', INPUT_REGULAR, '', 'login_email'), 'email');
    if ($txp_user != $name) {
        $out[] = inputLabel('privileges', privs($privs), 'privileges', 'about_privileges');
    } else {
        $out[] = inputLabel('privileges', strong(get_priv_level($privs))) . hInput('privs', $privs);
    }
    $out[] = pluggable_ui('author_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('admin');
    if ($user_id) {
        $out[] = hInput('user_id', $user_id) . hInput('name', $name) . sInput('author_save');
    } else {
        $out[] = sInput('author_save_new');
    }
    echo form(n . tag(join('', $out) . n, 'section', array('class' => 'txp-edit')), '', '', 'post', 'edit-form', '', 'user_edit');
}
Ejemplo n.º 5
0
function author_delete()
{
    require_privs('admin.edit');
    $user_id = assert_int(ps('user_id'));
    $name = fetch('Realname', 'txp_users', 'user_id', $user_id);
    if ($name) {
        $rs = safe_delete('txp_users', "user_id = {$user_id}");
        if ($rs) {
            admin(gTxt('author_deleted', array('{name}' => $name)));
        }
    }
}
Ejemplo n.º 6
0
 /**
  * Executes the real action for @see udpateArticleId and @see newArticle
  * @param array $incoming containing the desired article fields
  * @param mixed(string|integer) $article_id the ID of the article to update
  * @return mixed integer article id on success, false otherwise
  * @access private
  */
 function _setArticle($incoming, $article_id = null)
 {
     global $txpcfg;
     $prefs = get_prefs();
     extract($prefs);
     if (!empty($incoming['Section']) && !$this->getSection($incoming['Section'])) {
         return false;
     }
     if (!empty($incoming['Category1']) && !$this->getCategory($incoming['Category1'])) {
         return false;
     }
     if (!empty($incoming['Category2']) && !$this->getCategory($incoming['Category2'])) {
         return false;
     }
     if ($article_id !== null) {
         $article_id = assert_int($article_id);
     }
     //All validation rules assumed to be passed before this point.
     //Do content processing here
     $incoming_with_markup = $this->textile_main_fields($incoming, $use_textile);
     $incoming['Title'] = $incoming_with_markup['Title'];
     if (empty($incoming['Body_html']) && !empty($incoming['Body'])) {
         $incoming['Body_html'] = $incoming_with_markup['Body_html'];
     }
     if (empty($incoming['Excerpt_html']) && !empty($incoming['Excerpt'])) {
         $incoming['Excerpt_html'] = $incoming_with_markup['Excerpt_html'];
     }
     unset($incoming_with_markup);
     if (empty($incoming['Posted'])) {
         if ($article_id === null) {
             $when = !$article_id ? 'now()' : '';
             $incoming['Posted'] = $when;
         } else {
             # do not override post time for existing articles unless Posted is present
             unset($incoming['Posted']);
         }
     } else {
         $when = strtotime($incoming['Posted']) - tz_offset();
         $when = "from_unixtime({$when})";
     }
     if ($incoming['Title'] || $incoming['Body'] || $incoming['Excerpt']) {
         //Build SQL then and run query
         //Prevent data erase if not defined on the update action
         //but it was on the DB from a previous creation/edition time
         if ($article_id) {
             $old = safe_row('*', 'textpattern', "ID = {$article_id}");
             //Status should be defined previously. Be sure of that.
             if (!has_privs('article.publish', $this->txp_user) && $incoming['Status'] == 4 && $old['Status'] != 4) {
                 $incoming['Status'] = 3;
             }
             foreach ($old as $key => $val) {
                 if (!isset($incoming[$key])) {
                     $incoming[$key] = $val;
                 }
             }
         } else {
             //Status should be defined previously. Be sure of that.
             if (!has_privs('article.publish', $this->txp_user) && $incoming['Status'] == 4) {
                 $incoming['Status'] = 3;
             }
         }
         if (empty($incoming['Section']) && $article_id) {
             $incoming['Section'] = safe_field('Section', 'textpattern', "ID = {$article_id}");
         }
         $incoming = $this->_check_keys($incoming, array('AuthorID' => $this->txp_user, 'Annotate' => $comments_on_default, 'AnnotateInvite' => $comments_default_invite, 'textile_body' => $use_textile, 'textile_excerpt' => $use_textile, 'url_title' => stripSpace($incoming['Title'])));
         //Build the SQL query
         $sql = array();
         foreach ($incoming as $key => $val) {
             if ($key == 'Posted' && $val == 'now()') {
                 $sql[] = "{$key} = {$val}";
             } elseif ($key != 'ID' && $key != 'uid' && $key != 'feed_time' && $key != 'LastMod' && $key != 'LastModID') {
                 $sql[] = "{$key} = '" . doSlash($val) . "'";
             }
         }
         $sql[] = 'LastMod = now()';
         $sql[] = "LastModID = '" . doSlash($this->txp_user) . "'";
         if (!$article_id) {
             $sql[] = "uid = '" . doSlash(md5(uniqid(rand(), true))) . "'";
         }
         if (!$article_id) {
             if (empty($incoming['Posted'])) {
                 $sql[] = "feed_time = curdate()";
             } else {
                 $when = strtotime($incoming['Posted']) - tz_offset();
                 $when = strftime("%Y-%m-%d", $when);
                 $sql[] = "feed_time ='" . doSlash($when) . "'";
             }
         }
         $sql = join(', ', $sql);
         $rs = $article_id ? safe_update('textpattern', $sql, "ID = {$article_id}") : safe_insert('textpattern', $sql);
         $oldstatus = $article_id ? $old['Status'] : '';
         if (!$article_id && $rs) {
             $article_id = $rs;
         }
         if ($incoming['Status'] >= 4 && !$article_id || $oldstatus != 4 && $article_id) {
             safe_update("txp_prefs", "val = now()", "name = 'lastmod'");
             //@$this->_sendPings();
         }
         return $article_id;
     }
     return false;
 }
Ejemplo n.º 7
0
function mail_comment($message, $cname, $cemail, $cweb, $parentid, $discussid)
{
    global $sitename;
    $parentid = assert_int($parentid);
    $discussid = assert_int($discussid);
    $article = safe_row("Section, Posted, ID, url_title, AuthorID, Title", "textpattern", "ID = {$parentid}");
    extract($article);
    extract(safe_row("RealName, email", "txp_users", "name = '" . doSlash($AuthorID) . "'"));
    $evaluator =& get_comment_evaluator();
    $out = gTxt('greeting') . " {$RealName}," . n . n;
    $out .= str_replace('{title}', $Title, gTxt('comment_recorded')) . n;
    $out .= permlinkurl_id($parentid) . n;
    if (has_privs('discuss', $AuthorID)) {
        $out .= hu . 'textpattern/index.php?event=discuss&step=discuss_edit&discussid=' . $discussid . n;
    }
    $out .= gTxt('status') . ": " . $evaluator->get_result('text') . '. ' . implode(',', $evaluator->get_result_message()) . n;
    $out .= n;
    $out .= gTxt('comment_name') . ": {$cname}" . n;
    $out .= gTxt('comment_email') . ": {$cemail}" . n;
    $out .= gTxt('comment_web') . ": {$cweb}" . n;
    $out .= gTxt('comment_comment') . ": {$message}";
    $subject = strtr(gTxt('comment_received'), array('{site}' => $sitename, '{title}' => $Title));
    $success = txpMail($email, $subject, $out, $cemail);
}
Ejemplo n.º 8
0
function author_edit()
{
    global $step, $txp_user;
    require_privs('admin.edit');
    pagetop(gTxt('tab_site_admin'), '');
    $vars = array('user_id', 'name', 'RealName', 'email', 'privs');
    $rs = array();
    extract(gpsa($vars));
    $is_edit = $user_id && $step == 'author_edit';
    if ($is_edit) {
        $user_id = assert_int($user_id);
        $rs = safe_row('*', 'txp_users', "user_id = {$user_id}");
        extract($rs);
    }
    $caption = gTxt($is_edit ? 'edit_author' : 'add_new_author');
    echo form('<div class="txp-edit">' . n . hed($caption, 2) . n . inputLabel('login_name', $is_edit ? strong($name) : fInput('text', 'name', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), $is_edit ? '' : 'login_name', $is_edit ? '' : 'add_new_author') . n . inputLabel('real_name', fInput('text', 'RealName', $RealName, '', '', '', INPUT_REGULAR, '', 'real_name'), 'real_name') . n . inputLabel('login_email', fInput('text', 'email', $email, '', '', '', INPUT_REGULAR, '', 'login_email'), 'email') . n . inputLabel('privileges', $txp_user != $name ? privs($privs) : hInput('privs', $privs) . strong(get_priv_level($privs)), $is_edit ? '' : 'privileges', 'about_privileges') . n . pluggable_ui('author_ui', 'extend_detail_form', '', $rs) . n . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('admin') . ($user_id ? hInput('user_id', $user_id) . sInput('author_save') : sInput('author_save_new')) . '</div>', '', '', 'post', 'edit-form', '', 'user_edit');
}
Ejemplo n.º 9
0
function doArticle($atts, $thing = NULL)
{
    global $pretext, $prefs, $thisarticle;
    extract($prefs);
    extract($pretext);
    extract(gpsa(array('parentid', 'preview')));
    $theAtts = lAtts(array('allowoverride' => '1', 'form' => 'default', 'status' => '4', 'pgonly' => 0), $atts, 0);
    extract($theAtts);
    filterAtts($atts);
    // save *all* atts to get hold of the current article filter criteria
    if ($pgonly) {
        return '';
    }
    // no output required
    // if a form is specified, $thing is for doArticles() - hence ignore $thing here.
    if (!empty($atts['form'])) {
        $thing = '';
    }
    if ($status) {
        $status = in_array(strtolower($status), array('sticky', '5')) ? 5 : 4;
    }
    if (empty($thisarticle) or $thisarticle['thisid'] != $id) {
        $id = assert_int($id);
        $thisarticle = NULL;
        $q_status = $status ? 'and Status = ' . intval($status) : 'and Status in (4,5)';
        $rs = safe_row("*, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod", "textpattern", 'ID = ' . $id . " {$q_status} limit 1");
        if ($rs) {
            extract($rs);
            populateArticleData($rs);
        }
    }
    if (!empty($thisarticle) and ($thisarticle['status'] == $status or gps('txpreview'))) {
        extract($thisarticle);
        $thisarticle['is_first'] = 1;
        $thisarticle['is_last'] = 1;
        if ($allowoverride and $override_form) {
            $article = parse_form($override_form);
        } else {
            $article = $thing ? parse($thing) : parse_form($form);
        }
        if ($use_comments and $comments_auto_append) {
            $article .= parse_form('comments_display');
        }
        unset($GLOBALS['thisarticle']);
        return $article;
    }
}
Ejemplo n.º 10
0
    safe_alter('textpattern', "add `uid` varchar(32) not null");
    safe_alter('textpattern', "add `feed_time` DATE not null DEFAULT '0000-00-00'");
    $rs = safe_rows_start('ID,Posted', 'textpattern', '1');
    if ($rs) {
        while ($a = nextRow($rs)) {
            assert_int($a['ID']);
            $feed_time = substr($a['Posted'], 0, 10);
            safe_update('textpattern', "uid='" . md5(uniqid(rand(), true)) . "', feed_time='" . doSlash($feed_time) . "'", "ID={$a['ID']}");
        }
    }
}
// 1.0: populate comments_count field
$rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid');
if ($rs) {
    while ($a = nextRow($rs)) {
        assert_int($a['parentid']);
        safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']);
    }
}
// 1.0: Human-friendly title for sections and categories, to solve i18n problems
if (!in_array('title', $txpsect)) {
    safe_alter("txp_section", "add `title` varchar(255) not null default ''");
}
if (!in_array('title', $txpcat)) {
    safe_alter("txp_category", "add `title` varchar(255) not null default ''");
}
if (safe_count('txp_section', "title=''") > 0) {
    safe_update('txp_section', 'title=name', "title=''");
}
if (safe_count('txp_category', "title=''") > 0) {
    safe_update('txp_category', 'title=name', "title=''");
Ejemplo n.º 11
0
function rebuild_tree($parent, $left, $type)
{
    $left = assert_int($left);
    $right = $left + 1;
    $parent = doSlash($parent);
    $type = doSlash($type);
    $result = safe_column("name", "txp_category", "parent='{$parent}' and type='{$type}' order by name");
    foreach ($result as $row) {
        $right = rebuild_tree($row, $right, $type);
    }
    safe_update("txp_category", "lft={$left}, rgt={$right}", "name='{$parent}' and type='{$type}'");
    return $right + 1;
}
Ejemplo n.º 12
0
 function replace_post()
 {
     $id = assert_int(gps('id'));
     $rs = safe_row("*", "txp_image", "id = {$id}");
     if ($rs) {
         $meta = array('category' => $rs['category'], 'caption' => $rs['caption'], 'alt' => $rs['alt']);
     } else {
         $meta = '';
     }
     $img_result = image_data($_FILES['thefile'], $meta, $id);
     if (is_array($img_result)) {
         list($message, $id) = $img_result;
         $this->_message($message);
     } else {
         $this->_error($img_result);
     }
     $this->_set_view('edit', $id);
 }
Ejemplo n.º 13
0
function link_save()
{
    global $txpcfg, $vars, $txp_user;
    $varray = gpsa($vars);
    extract(doSlash($varray));
    $id = assert_int($id);
    if ($linkname === '' && $url === '' && $description === '') {
        link_edit();
        return;
    }
    $author = fetch('author', 'txp_link', 'id', $id);
    if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) {
        link_edit(gTxt('restricted_area'));
        return;
    }
    if (!$linksort) {
        $linksort = $linkname;
    }
    $rs = safe_update("txp_link", "category    = '{$category}',\n\t\t\turl         = '" . trim($url) . "',\n\t\t\tlinkname    = '{$linkname}',\n\t\t\tlinksort    = '{$linksort}',\n\t\t\tdescription = '{$description}',\n\t\t\tauthor \t\t= '" . doSlash($txp_user) . "'", "id = {$id}");
    if ($rs) {
        update_lastmod();
        $message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
        link_edit($message);
    }
}
Ejemplo n.º 14
0
function file_delete($ids = array())
{
    global $file_base_path, $txp_user;
    $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
    if (!has_privs('file.delete')) {
        if (has_privs('file.delete.own')) {
            $ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
        } else {
            $ids = array();
        }
    }
    if (!empty($ids)) {
        $fail = array();
        $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $filepath = build_file_path($file_base_path, $filename);
                // Notify plugins of pending deletion, pass file's id and path.
                callback_event('file_deleted', '', false, $id, $filepath);
                $rsd = safe_delete('txp_file', "id = {$id}");
                $ul = false;
                if ($rsd && is_file($filepath)) {
                    $ul = unlink($filepath);
                }
                if (!$rsd or !$ul) {
                    $fail[] = $id;
                }
            }
            if ($fail) {
                file_list(array(messenger(gTxt('file_delete_failed'), join(', ', $fail)), E_ERROR));
                return;
            } else {
                update_lastmod('file_deleted', $ids);
                file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids))));
                return;
            }
        } else {
            file_list(array(messenger(gTxt('file_not_found'), join(', ', $ids), ''), E_ERROR));
            return;
        }
    }
    file_list();
}
Ejemplo n.º 15
0
function file_delete($ids = array())
{
    global $file_base_path;
    $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
    $fail = array();
    $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
    if ($rs) {
        while ($a = nextRow($rs)) {
            extract($a);
            $filepath = build_file_path($file_base_path, $filename);
            $rsd = safe_delete('txp_file', "id = {$id}");
            $ul = false;
            if ($rsd && is_file($filepath)) {
                $ul = unlink($filepath);
            }
            if (!$rsd or !$ul) {
                $fail[] = $id;
            }
        }
        if ($fail) {
            file_list(messenger(gTxt('file_delete_failed'), join(', ', $fail), ''));
        } else {
            file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids))));
        }
    } else {
        file_list(messenger(gTxt('file_not_found'), join(', ', $ids), ''));
    }
}
Ejemplo n.º 16
0
/**
 * Gets the ID of the next or the previous article.
 *
 * @param  string $whichway Either '&lt;' or '&gt;'
 * @param  int    Unix timestamp
 * @return int
 */
function checkIfNeighbour($whichway, $sPosted)
{
    $sPosted = assert_int($sPosted);
    $dir = $whichway == 'prev' ? '<' : '>';
    $ord = $whichway == 'prev' ? "DESC" : "ASC";
    return safe_field("ID", 'textpattern', "Posted {$dir} FROM_UNIXTIME({$sPosted}) ORDER BY Posted {$ord} LIMIT 1");
}
Ejemplo n.º 17
0
function link_save()
{
    global $vars, $txp_user;
    $varray = array_map('assert_string', gpsa($vars));
    extract(doSlash($varray));
    if ($id) {
        $id = $varray['id'] = assert_int($id);
    }
    if ($linkname === '' && $url === '' && $description === '') {
        link_list(array(gTxt('link_empty'), E_ERROR));
        return;
    }
    $author = fetch('author', 'txp_link', 'id', $id);
    if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) {
        link_list(gTxt('restricted_area'));
        return;
    }
    if (!$linksort) {
        $linksort = $linkname;
    }
    $constraints = array('category' => new CategoryConstraint($varray['category'], array('type' => 'link')));
    callback_event_ref('link_ui', 'validate_save', 0, $varray, $constraints);
    $validator = new Validator($constraints);
    if ($validator->validate()) {
        if ($id) {
            $ok = safe_update('txp_link', "category   = '{$category}',\n\t\t\t\t\turl         = '" . trim($url) . "',\n\t\t\t\t\tlinkname    = '{$linkname}',\n\t\t\t\t\tlinksort    = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor      = '" . doSlash($txp_user) . "'", "id = {$id}");
        } else {
            $ok = safe_insert('txp_link', "category   = '{$category}',\n\t\t\t\t\tdate        = now(),\n\t\t\t\t\turl         = '" . trim($url) . "',\n\t\t\t\t\tlinkname    = '{$linkname}',\n\t\t\t\t\tlinksort    = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor      = '" . doSlash($txp_user) . "'");
            if ($ok) {
                $GLOBALS['ID'] = $_POST['id'] = $ok;
            }
        }
        if ($ok) {
            // update lastmod due to link feeds
            update_lastmod();
            $message = gTxt($id ? 'link_updated' : 'link_created', array('{name}' => doStrip($linkname)));
        } else {
            $message = array(gTxt('link_save_failed'), E_ERROR);
        }
    } else {
        $message = array(gTxt('link_save_failed'), E_ERROR);
    }
    link_list($message);
}
Ejemplo n.º 18
0
function list_multi_edit()
{
    global $txp_user;
    $selected = ps('selected');
    if (!$selected) {
        return list_list();
    }
    $method = ps('edit_method');
    $changed = false;
    $ids = array();
    if ($method == 'delete') {
        if (!has_privs('article.delete')) {
            $allowed = array();
            if (has_privs('article.delete.own')) {
                foreach ($selected as $id) {
                    $id = assert_int($id);
                    $author = safe_field('AuthorID', 'textpattern', "ID = {$id}");
                    if ($author == $txp_user) {
                        $allowed[] = $id;
                    }
                }
            }
            $selected = $allowed;
        }
        foreach ($selected as $id) {
            $id = assert_int($id);
            if (safe_delete('textpattern', "ID = {$id}")) {
                $ids[] = $id;
            }
        }
        $changed = join(', ', $ids);
        if ($changed) {
            safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})");
        }
    } else {
        $selected = array_map('assert_int', $selected);
        $selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')');
        $allowed = array();
        foreach ($selected as $item) {
            if ($item['Status'] >= 4 and has_privs('article.edit.published') or $item['Status'] >= 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < 4 and has_privs('article.edit') or $item['Status'] < 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) {
                $allowed[] = $item['ID'];
            }
        }
        $selected = $allowed;
        unset($allowed);
        switch ($method) {
            // change author
            case 'changeauthor':
                $key = 'AuthorID';
                $val = has_privs('article.edit') ? ps('AuthorID') : '';
                // do not allow to be set to an empty value
                if (!$val) {
                    $selected = array();
                }
                break;
                // change category1
            // change category1
            case 'changecategory1':
                $key = 'Category1';
                $val = ps('Category1');
                break;
                // change category2
            // change category2
            case 'changecategory2':
                $key = 'Category2';
                $val = ps('Category2');
                break;
                // change comments
            // change comments
            case 'changecomments':
                $key = 'Annotate';
                $val = (int) ps('Annotate');
                break;
                // change section
            // change section
            case 'changesection':
                $key = 'Section';
                $val = ps('Section');
                // do not allow to be set to an empty value
                if (!$val) {
                    $selected = array();
                }
                break;
                // change status
            // change status
            case 'changestatus':
                $key = 'Status';
                $val = ps('Status');
                if (!has_privs('article.publish') && $val >= 4) {
                    $val = 3;
                }
                // do not allow to be set to an empty value
                if (!$val) {
                    $selected = array();
                }
                break;
            default:
                $key = '';
                $val = '';
                break;
        }
        if ($selected and $key) {
            foreach ($selected as $id) {
                if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) {
                    $ids[] = $id;
                }
            }
            $changed = join(', ', $ids);
        }
    }
    if ($changed) {
        update_lastmod();
        return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified'));
    }
    return list_list();
}
Ejemplo n.º 19
0
function link_save()
{
    global $txpcfg, $vars;
    $varray = gpsa($vars);
    extract(doSlash($varray));
    if (!$linksort) {
        $linksort = $linkname;
    }
    $id = assert_int($id);
    $rs = safe_update("txp_link", "category    = '{$category}',\n\t\t\turl         = '" . trim($url) . "',\n\t\t\tlinkname    = '{$linkname}',\n\t\t\tlinksort    = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
    if ($rs) {
        update_lastmod();
        $message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
        link_edit($message);
    }
}
Ejemplo n.º 20
0
function log_list($message = '')
{
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('tab_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    }
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    }
    $dir = $dir == 'asc' ? 'asc' : 'desc';
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
    switch ($sort) {
        case 'ip':
            $sort_sql = 'ip ' . $dir;
            break;
        case 'host':
            $sort_sql = 'host ' . $dir;
            break;
        case 'page':
            $sort_sql = 'page ' . $dir;
            break;
        case 'refer':
            $sort_sql = 'refer ' . $dir;
            break;
        case 'method':
            $sort_sql = 'method ' . $dir;
            break;
        case 'status':
            $sort_sql = 'status ' . $dir;
            break;
        default:
            $sort = 'time';
            $sort_sql = 'time ' . $dir;
            break;
    }
    set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = 1;
    if ($search_method and $crit != '') {
        $verbatim = preg_match('/^"(.*)"$/', $crit, $m);
        $crit_escaped = doSlash($verbatim ? $m[1] : str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
        $critsql = $verbatim ? array('ip' => "ip = '{$crit_escaped}'", 'host' => "host = '{$crit_escaped}'", 'page' => "page = '{$crit_escaped}'", 'refer' => "refer = '{$crit_escaped}'", 'method' => "method = '{$crit_escaped}'", 'status' => "status = '{$crit_escaped}'") : array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
        if (array_key_exists($search_method, $critsql)) {
            $criteria = $critsql[$search_method];
            $limit = 500;
        } else {
            $search_method = '';
            $crit = '';
        }
    } else {
        $search_method = '';
        $crit = '';
    }
    $criteria .= callback_event('admin_criteria', 'log_list', 0, $criteria);
    $total = safe_count('txp_log', "{$criteria}");
    echo '<h1 class="txp-heading">' . gTxt('tab_logs') . '</h1>';
    echo '<div id="' . $event . '_control" class="txp-control-panel">';
    if ($total < 1) {
        if ($criteria != 1) {
            echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
        } else {
            echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
        }
        return;
    }
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo n . log_search_form($crit, $search_method) . '</div>';
    $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
    if ($rs) {
        echo n . '<div id="' . $event . '_container" class="txp-container">';
        echo n . n . '<form action="index.php" id="log_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') . n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . n . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . n . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . n . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . n . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . n . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . n . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status')) . n . '</thead>';
        echo '<tbody>';
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = 'http://' . $log_refer;
                $log_refer = '<a href="' . txpspecialchars($log_refer) . '" target="_blank">' . txpspecialchars(soft_wrap($log_refer, 30)) . '</a>';
            }
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = '<a href="' . txpspecialchars($log_page) . '" target="_blank">' . txpspecialchars($log_anchor) . '</a>';
                if ($log_method == 'POST') {
                    $log_page = '<strong>' . $log_page . '</strong>';
                }
            }
            echo tr(n . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit') . td(gTime($log_uTime), '', 'date time') . td(txpspecialchars($log_ip), '', 'log_detail ip') . td(txpspecialchars(soft_wrap($log_host, 30)), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(txpspecialchars($log_method), '', 'log_detail method') . td($log_status, '', 'log_detail status'));
        }
        echo '</tbody>', n, endTable(), n, '</div>', n, log_multiedit_form($page, $sort, $dir, $crit, $search_method), n, tInput(), n, '</form>', n, graf(toggle_box('log_detail'), ' class="detail-toggle"'), n, '<div id="' . $event . '_navigation" class="txp-navigation">', n, nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit), n, pageby_form('log', $log_list_pageby), n, '</div>', n, '</div>';
    }
}
Ejemplo n.º 21
0
function author_form()
{
    global $step, $txp_user;
    $vars = array('user_id', 'name', 'RealName', 'email', 'privs');
    extract(gpsa($vars));
    if ($user_id && $step == 'author_edit') {
        $user_id = assert_int($user_id);
        extract(safe_row('*', 'txp_users', "user_id = {$user_id}"));
    }
    if ($step == 'author_save' or $step == 'author_save_new') {
        foreach ($vars as $var) {
            ${$var} = '';
        }
    }
    $caption = gTxt($step == 'author_edit' ? 'edit_author' : 'add_new_author');
    return form(hed($caption, 3, ' style="text-align: center;"') . startTable('edit') . tr(fLabelCell('login_name') . ($user_id && $step == 'author_edit' ? td(strong($name)) : fInputCell('name', $name))) . tr(fLabelCell('real_name') . fInputCell('RealName', $RealName)) . tr(fLabelCell('email') . fInputCell('email', $email)) . tr(fLabelCell('privileges') . td(($txp_user != $name ? privs($privs) : hInput('privs', $privs) . strong(get_priv_level($privs))) . sp . popHelp('about_privileges'))) . tr(td() . td(fInput('submit', '', gTxt('save'), 'publish') . ($user_id ? '' : sp . popHelp('add_new_author')))) . endTable() . eInput('admin') . ($user_id ? hInput('user_id', $user_id) . sInput('author_save') : sInput('author_save_new')));
}
Ejemplo n.º 22
0
 function txp_thumb($id)
 {
     $id = assert_int($id);
     $rs = safe_row('*', 'txp_image', 'id = ' . $id . ' limit 1');
     if ($rs) {
         extract($rs);
         $this->m_ext = $ext;
         $this->m_id = $id;
     }
     $this->wet_thumb();
     // construct base class instance
 }
Ejemplo n.º 23
0
/**
 * The main panel listing all log hits.
 *
 * @param string|array $message The activity message
 */
function log_list($message = '')
{
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('tab_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    } else {
        if (!in_array($sort, array('ip', 'host', 'page', 'refer', 'method', 'status'))) {
            $sort = 'time';
        }
        set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    }
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    } else {
        $dir = $dir == 'asc' ? "asc" : "desc";
        set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    }
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL {$expire_logs_after} DAY)");
    switch ($sort) {
        case 'ip':
            $sort_sql = "ip {$dir}";
            break;
        case 'host':
            $sort_sql = "host {$dir}";
            break;
        case 'page':
            $sort_sql = "page {$dir}";
            break;
        case 'refer':
            $sort_sql = "refer {$dir}";
            break;
        case 'method':
            $sort_sql = "method {$dir}";
            break;
        case 'status':
            $sort_sql = "status {$dir}";
            break;
        default:
            $sort = 'time';
            $sort_sql = "time {$dir}";
            break;
    }
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $search = new Filter($event, array('ip' => array('column' => 'txp_log.ip', 'label' => gTxt('IP')), 'host' => array('column' => 'txp_log.host', 'label' => gTxt('host')), 'page' => array('column' => 'txp_log.page', 'label' => gTxt('page')), 'refer' => array('column' => 'txp_log.refer', 'label' => gTxt('referrer')), 'method' => array('column' => 'txp_log.method', 'label' => gTxt('method')), 'status' => array('column' => 'txp_log.status', 'label' => gTxt('status'), 'type' => 'integer')));
    list($criteria, $crit, $search_method) = $search->getFilter(array('status' => array('can_list' => true)));
    $search_render_options = array('placeholder' => 'search_logs');
    $total = safe_count('txp_log', "{$criteria}");
    echo n . tag(hed(gTxt('tab_logs'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
    $searchBlock = n . tag($search->renderForm('log_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control'));
    $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container'));
    if ($total < 1) {
        if ($criteria != 1) {
            echo $searchBlock . $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information'));
        } else {
            echo $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_refers_recorded'), array('class' => 'alert-block information'));
        }
        echo n . tag_end('div');
        return;
    }
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo $searchBlock . $contentBlockStart;
    $rs = safe_rows_start("*, UNIX_TIMESTAMP(time) AS uTime", 'txp_log', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
    if ($rs) {
        echo n . tag(toggle_box('log_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'log_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'txp-list-col-time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'txp-list-col-ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'txp-list-col-host log_detail') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'txp-list-col-page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'txp-list-col-refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'txp-list-col-method log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status log_detail')) . n . tag_end('thead') . n . tag_start('tbody');
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' target="_blank"');
            }
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = href(txpspecialchars($log_anchor), txpspecialchars($log_page), ' target="_blank"');
                if ($log_method == 'POST') {
                    $log_page = strong($log_page);
                }
            }
            echo tr(td(fInput('checkbox', 'selected[]', $log_id), '', 'txp-list-col-multi-edit') . hCell(gTime($log_uTime), '', ' class="txp-list-col-time" scope="row"') . td(href(txpspecialchars($log_ip), 'https://whois.domaintools.com/' . rawurlencode($log_ip), array('rel' => 'external', 'target' => '_blank')), '', 'txp-list-col-ip') . td(txpspecialchars($log_host), '', 'txp-list-col-host log_detail') . td($log_page, '', 'txp-list-col-page') . td($log_refer, '', 'txp-list-col-refer') . td(txpspecialchars($log_method), '', 'txp-list-col-method log_detail') . td($log_status, '', 'txp-list-col-status log_detail'));
        }
        echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . log_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('log', $log_list_pageby) . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div');
    }
    echo n . tag_end('div');
}
Ejemplo n.º 24
0
function doArticle($atts, $thing = null)
{
    global $pretext, $prefs, $thisarticle;
    extract($prefs);
    extract($pretext);
    extract(gpsa(array('parentid', 'preview')));
    $theAtts = lAtts(array('allowoverride' => '1', 'form' => 'default', 'status' => STATUS_LIVE, 'pgonly' => 0), $atts, 0);
    extract($theAtts);
    // Save *all* atts to get hold of the current article filter criteria.
    filterAtts($atts);
    // No output required.
    if ($pgonly) {
        return '';
    }
    // If a form is specified, $thing is for doArticles() - hence ignore
    // $thing here.
    if (!empty($atts['form'])) {
        $thing = '';
    }
    if ($status) {
        $status = in_array(strtolower($status), array('sticky', STATUS_STICKY)) ? STATUS_STICKY : STATUS_LIVE;
    }
    if (empty($thisarticle) or $thisarticle['thisid'] != $id) {
        $id = assert_int($id);
        $thisarticle = null;
        $q_status = $status ? "AND Status = " . intval($status) : "AND Status IN (" . STATUS_LIVE . "," . STATUS_STICKY . ")";
        $rs = safe_row("*, UNIX_TIMESTAMP(Posted) AS uPosted, UNIX_TIMESTAMP(Expires) AS uExpires, UNIX_TIMESTAMP(LastMod) AS uLastMod", 'textpattern', "ID = {$id} {$q_status} LIMIT 1");
        if ($rs) {
            extract($rs);
            populateArticleData($rs);
        }
    }
    if (!empty($thisarticle) and ($thisarticle['status'] == $status or gps('txpreview'))) {
        extract($thisarticle);
        $thisarticle['is_first'] = 1;
        $thisarticle['is_last'] = 1;
        if ($allowoverride and $override_form) {
            $article = parse_form($override_form);
        } else {
            $article = $thing ? parse($thing) : parse_form($form);
        }
        if ($use_comments and $comments_auto_append) {
            $article .= parse_form('comments_display');
        }
        unset($GLOBALS['thisarticle']);
        return $article;
    }
}
Ejemplo n.º 25
0
function log_list($message = '')
{
    global $event, $log_list_pageby, $expire_logs_after;
    pagetop(gTxt('visitor_logs'), $message);
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('log_sort_column', 'time');
    }
    if ($dir === '') {
        $dir = get_pref('log_sort_dir', 'desc');
    }
    $dir = $dir == 'asc' ? 'asc' : 'desc';
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
    switch ($sort) {
        case 'ip':
            $sort_sql = 'ip ' . $dir;
            break;
        case 'host':
            $sort_sql = 'host ' . $dir;
            break;
        case 'page':
            $sort_sql = 'page ' . $dir;
            break;
        case 'refer':
            $sort_sql = 'refer ' . $dir;
            break;
        case 'method':
            $sort_sql = 'method ' . $dir;
            break;
        case 'status':
            $sort_sql = 'status ' . $dir;
            break;
        default:
            $sort = 'time';
            $sort_sql = 'time ' . $dir;
            break;
    }
    set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
    set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = 1;
    if ($search_method and $crit) {
        $crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
        $critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
        if (array_key_exists($search_method, $critsql)) {
            $criteria = $critsql[$search_method];
            $limit = 500;
        } else {
            $search_method = '';
            $crit = '';
        }
    } else {
        $search_method = '';
        $crit = '';
    }
    $total = safe_count('txp_log', "{$criteria}");
    echo '<div id="' . $event . '_control" class="txp-control-panel">';
    if ($total < 1) {
        if ($criteria != 1) {
            echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
        } else {
            echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
        }
        return;
    }
    $limit = max($log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo n . log_search_form($crit, $search_method) . '</div>';
    $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
    if ($rs) {
        echo n . '<div id="' . $event . '_container" class="txp-container txp-list">';
        echo n . n . '<form action="index.php" id="log_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list', '', '90%') . n . '<thead>' . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status') . hCell('', '', ' class="multi-edit"')) . n . '</thead>';
        $tfoot = n . '<tfoot>' . tr(tda(toggle_box('log_detail'), ' class="detail-toggle" colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' class="multi-edit" colspan="6" style="text-align: right; border: none;"')) . n . '</tfoot>';
        echo $tfoot;
        echo '<tbody>';
        $ctr = 1;
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = 'http://' . $log_refer;
                $log_refer = '<a href="' . htmlspecialchars($log_refer) . '" target="_blank">' . htmlspecialchars(soft_wrap($log_refer, 30)) . '</a>';
            }
            if ($log_page) {
                $log_anchor = preg_replace('/\\/$/', '', $log_page);
                $log_anchor = soft_wrap(substr($log_anchor, 1), 30);
                $log_page = '<a href="' . htmlspecialchars($log_page) . '" target="_blank">' . htmlspecialchars($log_anchor) . '</a>';
                if ($log_method == 'POST') {
                    $log_page = '<strong>' . $log_page . '</strong>';
                }
            }
            echo tr(n . td(gTime($log_uTime), 85, 'date time') . td($log_ip, 20, 'log_detail ip') . td(soft_wrap($log_host, 30), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(htmlspecialchars($log_method), 60, 'log_detail method') . td($log_status, 60, 'log_detail status') . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
            $ctr++;
        }
        echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="' . $event . '_navigation" class="txp-navigation">' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . pageby_form('log', $log_list_pageby) . n . '</div>' . n . '</div>';
    }
}
Ejemplo n.º 26
0
function file_delete($ids = array())
{
    global $file_base_path, $txp_user;
    $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
    $message = '';
    if (!has_privs('file.delete')) {
        if (has_privs('file.delete.own')) {
            $ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
        } else {
            $ids = array();
        }
    }
    if (!empty($ids)) {
        $fail = array();
        $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $filepath = build_file_path($file_base_path, $filename);
                $rsd = safe_delete('txp_file', "id = {$id}");
                $ul = false;
                if ($rsd && is_file($filepath)) {
                    $ul = unlink($filepath);
                }
                if (!$rsd or !$ul) {
                    $fail[] = $id;
                }
            }
            if ($fail) {
                $message = messenger(gTxt('file_delete_failed'), join(', ', $fail), '');
            } else {
                update_lastmod();
                $message = gTxt('file_deleted', array('{name}' => join(', ', $ids)));
            }
        } else {
            $message = messenger(gTxt('file_not_found'), join(', ', $ids), '');
        }
    }
    file_list($message);
}
Ejemplo n.º 27
0
function update_comments_count($id)
{
    $id = assert_int($id);
    $thecount = safe_field('count(*)', 'txp_discuss', 'parentid=' . $id . ' and visible=' . VISIBLE);
    $thecount = assert_int($thecount);
    $updated = safe_update('textpattern', 'comments_count=' . $thecount, 'ID=' . $id);
    return $updated ? true : false;
}
Ejemplo n.º 28
0
function link_save()
{
    global $txpcfg, $vars;
    $varray = gpsa($vars);
    extract(doSlash($varray));
    if (!$linksort) {
        $linksort = $linkname;
    }
    $id = assert_int($id);
    $rs = safe_update("txp_link", "category    = '{$category}',\n\t\t\turl         = '" . trim($url) . "',\n\t\t\tlinkname    = '{$linkname}',\n\t\t\tlinksort    = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
    if ($rs) {
        link_edit(messenger('link', doStrip($linkname), 'saved'));
    }
}
function customer_update($event, $step)
{
    global $txp_user, $vars, $txpcfg, $prefs;
    extract($prefs);
    extract(doSlash($_REQUEST));
    $RealName = $billing_firstname . " " . $billing_lastname;
    $user_id = assert_int($user_id);
    if (!isset($shipping_same_as_billing)) {
        $shipping_same_as_billing = 0;
    } else {
        $shipping_same_as_billing = 1;
    }
    if (!function_exists("generate_password")) {
        require_once txpath . '/include/txp_admin.php';
    }
    if (!function_exists("is_valid_email")) {
        require_once txpath . '/lib/txplib_misc.php';
    }
    if ($name && is_valid_email($email)) {
        $password = doSlash(generate_password(6));
        $nonce = doSlash(md5(uniqid(rand(), true)));
        $rs = safe_update('txp_users', "\r\n\t\t\t\tprivs\t\t = 0,\r\n\t\t\t\tname\t\t = '{$name}',\r\n\t\t\t\temail\t\t = '{$email}',\r\n\t\t\t\tRealName = '{$RealName}',\r\n\t\t\t\tbilling_company = '{$billing_company}',\r\n\t\t\t\tbilling_address1 = '{$billing_address1}',\r\n\t\t\t\tbilling_address2 = '{$billing_address2}',\r\n\t\t\t\tbilling_city = '{$billing_city}',\r\n\t\t\t\tbilling_state = '{$billing_state}',\r\n\t\t\t\tbilling_zip = '{$billing_zip}',\r\n\t\t\t\tbilling_country = '{$billing_country}',\r\n\t\t\t\tbilling_fax = '{$billing_fax}',\r\n\t\t\t\tbilling_phone = '{$billing_phone}',\r\n\t\t\t\tshipping_same_as_billing = {$shipping_same_as_billing},\r\n\t\t\t\tshipping_company = '{$shipping_company}',\r\n\t\t\t\tshipping_address1 = '{$shipping_address1}',\r\n\t\t\t\tshipping_address2 = '{$shipping_address2}',\r\n\t\t\t\tshipping_city = '{$shipping_city}',\r\n\t\t\t\tshipping_state = '{$shipping_state}',\r\n\t\t\t\tshipping_zip = '{$shipping_zip}',\r\n\t\t\t\tshipping_country = '{$shipping_country}',\r\n\t\t\t\tshipping_fax = '{$shipping_fax}',\r\n\t\t\t\tshipping_phone = '{$shipping_phone}',\r\n\t\t\t\tshipping_firstname = '{$shipping_firstname}',\r\n\t\t\t\tshipping_lastname = '{$shipping_lastname}',\r\n\t\t\t\tbilling_firstname = '{$billing_firstname}',\r\n\t\t\t\tbilling_lastname = '{$billing_lastname}'", "user_id = {$user_id}");
        if ($rs) {
            customers_list('', '', "customer updated");
        } else {
            customers_list("There was an error trying to update customer");
        }
    }
}
Ejemplo n.º 30
0
function log_list($message = '')
{
    pagetop(gTxt('visitor_logs'), $message);
    extract(get_prefs());
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    $expire_logs_after = assert_int($expire_logs_after);
    safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
    $dir = $dir == 'asc' ? 'asc' : 'desc';
    switch ($sort) {
        case 'ip':
            $sort_sql = 'ip ' . $dir;
            break;
        case 'host':
            $sort_sql = 'host ' . $dir;
            break;
        case 'page':
            $sort_sql = 'page ' . $dir;
            break;
        case 'refer':
            $sort_sql = 'refer ' . $dir;
            break;
        case 'method':
            $sort_sql = 'method ' . $dir;
            break;
        case 'status':
            $sort_sql = 'status ' . $dir;
            break;
        default:
            $sort = 'time';
            $sort_sql = 'time ' . $dir;
            break;
    }
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $criteria = 1;
    if ($search_method and $crit) {
        $crit_escaped = doSlash($crit);
        $critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
        if (array_key_exists($search_method, $critsql)) {
            $criteria = $critsql[$search_method];
            $limit = 500;
        } else {
            $search_method = '';
            $crit = '';
        }
    } else {
        $search_method = '';
        $crit = '';
    }
    $total = safe_count('txp_log', "{$criteria}");
    if ($total < 1) {
        if ($criteria != 1) {
            echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' style="text-align: center;"');
        } else {
            echo graf(gTxt('no_refers_recorded'), ' style="text-align: center;"');
        }
        return;
    }
    $limit = max(@$log_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    echo n . log_search_form($crit, $search_method);
    $rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
    if ($rs) {
        echo n . n . '<form action="index.php" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', '', '', '90%') . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, 'time' == $sort ? $dir : '') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, 'host' == $sort ? $dir : '') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, 'page' == $sort ? $dir : '') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, 'refer' == $sort ? $dir : '') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail') . hCell());
        while ($a = nextRow($rs)) {
            extract($a, EXTR_PREFIX_ALL, 'log');
            if ($log_refer) {
                $log_refer = htmlspecialchars('http://' . $log_refer);
                $log_refer = '<a href="' . $log_refer . '" target="_blank">' . soft_wrap($log_refer, 30) . '</a>';
            }
            if ($log_page) {
                $log_page = htmlspecialchars($log_page);
                $log_page = '<a href="' . $log_page . '" target="_blank">' . soft_wrap(preg_replace('/\\/$/', '', substr($log_page, 1)), 30) . '</a>';
                if ($log_method == 'POST') {
                    $log_page = '<strong>' . $log_page . '</strong>';
                }
            }
            echo tr(n . td(gTime($log_uTime), 85) . td($log_ip, 20, 'log_detail') . td(soft_wrap($log_host, 30)) . td($log_page) . td($log_refer) . td($log_method, 60, 'log_detail') . td($log_status, 60, 'log_detail') . td(fInput('checkbox', 'selected[]', $log_id)));
        }
        echo n . n . tr(tda(toggle_box('log_detail'), ' colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' colspan="6" style="text-align: right; border: none;"')) . n . endTable() . '</form>' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method) . n . pageby_form('log', $log_list_pageby);
    }
}