function cat_event_category_save($event, $table_name)
{
global $txpcfg;
extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title'))));
$id = assert_int($id);
$name = sanitizeForUrl($name);
// make sure the name is valid
if (!$name) {
$message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR);
return cat_category_list($message);
}
// don't allow rename to clobber an existing category
$existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'");
if ($existing_id and $existing_id != $id) {
$message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
return cat_category_list($message);
}
$parent = $parent ? $parent : 'root';
if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) {
safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'");
}
rebuild_tree_full($event);
if ($event == 'article') {
safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'");
safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'");
} else {
safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'");
}
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
cat_category_list($message);
}
function checkIfNeighbour($whichway, $sPosted)
{
$sPosted = assert_int($sPosted);
$dir = $whichway == 'prev' ? '<' : '>';
$ord = $whichway == 'prev' ? 'desc' : 'asc';
return safe_field("ID", "textpattern", "Posted {$dir} from_unixtime({$sPosted}) order by Posted {$ord} limit 1");
}
/**
* Constructor.
*
* @param int $id The Image id.
*/
public function __construct($id)
{
$id = assert_int($id);
$rs = safe_row("*", 'txp_image', "id = {$id} LIMIT 1");
if ($rs) {
extract($rs);
$this->m_ext = $ext;
$this->m_id = $id;
}
parent::__construct();
}
/**
* User editor panel.
*
* Accessing requires 'admin.edit' privileges.
*/
function author_edit()
{
global $step, $txp_user;
require_privs('admin.edit');
pagetop(gTxt('tab_site_admin'), '');
$vars = array('user_id', 'name', 'RealName', 'email', 'privs');
$rs = array();
$out = array();
extract(gpsa($vars));
$is_edit = $user_id && $step == 'author_edit';
if ($is_edit) {
$user_id = assert_int($user_id);
$rs = safe_row('*', 'txp_users', "user_id = {$user_id}");
extract($rs);
}
if ($is_edit) {
$out[] = hed(gTxt('edit_author'), 2);
} else {
$out[] = hed(gTxt('add_new_author'), 2);
}
if ($is_edit) {
$out[] = inputLabel('login_name', strong(txpspecialchars($name)));
} else {
$out[] = inputLabel('login_name', fInput('text', 'name', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), 'login_name', 'add_new_author');
}
$out[] = inputLabel('real_name', fInput('text', 'RealName', $RealName, '', '', '', INPUT_REGULAR, '', 'real_name'), 'real_name') . inputLabel('login_email', fInput('email', 'email', $email, '', '', '', INPUT_REGULAR, '', 'login_email'), 'email');
if ($txp_user != $name) {
$out[] = inputLabel('privileges', privs($privs), 'privileges', 'about_privileges');
} else {
$out[] = inputLabel('privileges', strong(get_priv_level($privs))) . hInput('privs', $privs);
}
$out[] = pluggable_ui('author_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('admin');
if ($user_id) {
$out[] = hInput('user_id', $user_id) . hInput('name', $name) . sInput('author_save');
} else {
$out[] = sInput('author_save_new');
}
echo form(n . tag(join('', $out) . n, 'section', array('class' => 'txp-edit')), '', '', 'post', 'edit-form', '', 'user_edit');
}
function author_delete()
{
require_privs('admin.edit');
$user_id = assert_int(ps('user_id'));
$name = fetch('Realname', 'txp_users', 'user_id', $user_id);
if ($name) {
$rs = safe_delete('txp_users', "user_id = {$user_id}");
if ($rs) {
admin(gTxt('author_deleted', array('{name}' => $name)));
}
}
}
/**
* Executes the real action for @see udpateArticleId and @see newArticle
* @param array $incoming containing the desired article fields
* @param mixed(string|integer) $article_id the ID of the article to update
* @return mixed integer article id on success, false otherwise
* @access private
*/
function _setArticle($incoming, $article_id = null)
{
global $txpcfg;
$prefs = get_prefs();
extract($prefs);
if (!empty($incoming['Section']) && !$this->getSection($incoming['Section'])) {
return false;
}
if (!empty($incoming['Category1']) && !$this->getCategory($incoming['Category1'])) {
return false;
}
if (!empty($incoming['Category2']) && !$this->getCategory($incoming['Category2'])) {
return false;
}
if ($article_id !== null) {
$article_id = assert_int($article_id);
}
//All validation rules assumed to be passed before this point.
//Do content processing here
$incoming_with_markup = $this->textile_main_fields($incoming, $use_textile);
$incoming['Title'] = $incoming_with_markup['Title'];
if (empty($incoming['Body_html']) && !empty($incoming['Body'])) {
$incoming['Body_html'] = $incoming_with_markup['Body_html'];
}
if (empty($incoming['Excerpt_html']) && !empty($incoming['Excerpt'])) {
$incoming['Excerpt_html'] = $incoming_with_markup['Excerpt_html'];
}
unset($incoming_with_markup);
if (empty($incoming['Posted'])) {
if ($article_id === null) {
$when = !$article_id ? 'now()' : '';
$incoming['Posted'] = $when;
} else {
# do not override post time for existing articles unless Posted is present
unset($incoming['Posted']);
}
} else {
$when = strtotime($incoming['Posted']) - tz_offset();
$when = "from_unixtime({$when})";
}
if ($incoming['Title'] || $incoming['Body'] || $incoming['Excerpt']) {
//Build SQL then and run query
//Prevent data erase if not defined on the update action
//but it was on the DB from a previous creation/edition time
if ($article_id) {
$old = safe_row('*', 'textpattern', "ID = {$article_id}");
//Status should be defined previously. Be sure of that.
if (!has_privs('article.publish', $this->txp_user) && $incoming['Status'] == 4 && $old['Status'] != 4) {
$incoming['Status'] = 3;
}
foreach ($old as $key => $val) {
if (!isset($incoming[$key])) {
$incoming[$key] = $val;
}
}
} else {
//Status should be defined previously. Be sure of that.
if (!has_privs('article.publish', $this->txp_user) && $incoming['Status'] == 4) {
$incoming['Status'] = 3;
}
}
if (empty($incoming['Section']) && $article_id) {
$incoming['Section'] = safe_field('Section', 'textpattern', "ID = {$article_id}");
}
$incoming = $this->_check_keys($incoming, array('AuthorID' => $this->txp_user, 'Annotate' => $comments_on_default, 'AnnotateInvite' => $comments_default_invite, 'textile_body' => $use_textile, 'textile_excerpt' => $use_textile, 'url_title' => stripSpace($incoming['Title'])));
//Build the SQL query
$sql = array();
foreach ($incoming as $key => $val) {
if ($key == 'Posted' && $val == 'now()') {
$sql[] = "{$key} = {$val}";
} elseif ($key != 'ID' && $key != 'uid' && $key != 'feed_time' && $key != 'LastMod' && $key != 'LastModID') {
$sql[] = "{$key} = '" . doSlash($val) . "'";
}
}
$sql[] = 'LastMod = now()';
$sql[] = "LastModID = '" . doSlash($this->txp_user) . "'";
if (!$article_id) {
$sql[] = "uid = '" . doSlash(md5(uniqid(rand(), true))) . "'";
}
if (!$article_id) {
if (empty($incoming['Posted'])) {
$sql[] = "feed_time = curdate()";
} else {
$when = strtotime($incoming['Posted']) - tz_offset();
$when = strftime("%Y-%m-%d", $when);
$sql[] = "feed_time ='" . doSlash($when) . "'";
}
}
$sql = join(', ', $sql);
$rs = $article_id ? safe_update('textpattern', $sql, "ID = {$article_id}") : safe_insert('textpattern', $sql);
$oldstatus = $article_id ? $old['Status'] : '';
if (!$article_id && $rs) {
$article_id = $rs;
}
if ($incoming['Status'] >= 4 && !$article_id || $oldstatus != 4 && $article_id) {
safe_update("txp_prefs", "val = now()", "name = 'lastmod'");
//@$this->_sendPings();
}
return $article_id;
}
return false;
}
function mail_comment($message, $cname, $cemail, $cweb, $parentid, $discussid)
{
global $sitename;
$parentid = assert_int($parentid);
$discussid = assert_int($discussid);
$article = safe_row("Section, Posted, ID, url_title, AuthorID, Title", "textpattern", "ID = {$parentid}");
extract($article);
extract(safe_row("RealName, email", "txp_users", "name = '" . doSlash($AuthorID) . "'"));
$evaluator =& get_comment_evaluator();
$out = gTxt('greeting') . " {$RealName}," . n . n;
$out .= str_replace('{title}', $Title, gTxt('comment_recorded')) . n;
$out .= permlinkurl_id($parentid) . n;
if (has_privs('discuss', $AuthorID)) {
$out .= hu . 'textpattern/index.php?event=discuss&step=discuss_edit&discussid=' . $discussid . n;
}
$out .= gTxt('status') . ": " . $evaluator->get_result('text') . '. ' . implode(',', $evaluator->get_result_message()) . n;
$out .= n;
$out .= gTxt('comment_name') . ": {$cname}" . n;
$out .= gTxt('comment_email') . ": {$cemail}" . n;
$out .= gTxt('comment_web') . ": {$cweb}" . n;
$out .= gTxt('comment_comment') . ": {$message}";
$subject = strtr(gTxt('comment_received'), array('{site}' => $sitename, '{title}' => $Title));
$success = txpMail($email, $subject, $out, $cemail);
}
function author_edit()
{
global $step, $txp_user;
require_privs('admin.edit');
pagetop(gTxt('tab_site_admin'), '');
$vars = array('user_id', 'name', 'RealName', 'email', 'privs');
$rs = array();
extract(gpsa($vars));
$is_edit = $user_id && $step == 'author_edit';
if ($is_edit) {
$user_id = assert_int($user_id);
$rs = safe_row('*', 'txp_users', "user_id = {$user_id}");
extract($rs);
}
$caption = gTxt($is_edit ? 'edit_author' : 'add_new_author');
echo form('<div class="txp-edit">' . n . hed($caption, 2) . n . inputLabel('login_name', $is_edit ? strong($name) : fInput('text', 'name', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), $is_edit ? '' : 'login_name', $is_edit ? '' : 'add_new_author') . n . inputLabel('real_name', fInput('text', 'RealName', $RealName, '', '', '', INPUT_REGULAR, '', 'real_name'), 'real_name') . n . inputLabel('login_email', fInput('text', 'email', $email, '', '', '', INPUT_REGULAR, '', 'login_email'), 'email') . n . inputLabel('privileges', $txp_user != $name ? privs($privs) : hInput('privs', $privs) . strong(get_priv_level($privs)), $is_edit ? '' : 'privileges', 'about_privileges') . n . pluggable_ui('author_ui', 'extend_detail_form', '', $rs) . n . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('admin') . ($user_id ? hInput('user_id', $user_id) . sInput('author_save') : sInput('author_save_new')) . '</div>', '', '', 'post', 'edit-form', '', 'user_edit');
}
function doArticle($atts, $thing = NULL)
{
global $pretext, $prefs, $thisarticle;
extract($prefs);
extract($pretext);
extract(gpsa(array('parentid', 'preview')));
$theAtts = lAtts(array('allowoverride' => '1', 'form' => 'default', 'status' => '4', 'pgonly' => 0), $atts, 0);
extract($theAtts);
filterAtts($atts);
// save *all* atts to get hold of the current article filter criteria
if ($pgonly) {
return '';
}
// no output required
// if a form is specified, $thing is for doArticles() - hence ignore $thing here.
if (!empty($atts['form'])) {
$thing = '';
}
if ($status) {
$status = in_array(strtolower($status), array('sticky', '5')) ? 5 : 4;
}
if (empty($thisarticle) or $thisarticle['thisid'] != $id) {
$id = assert_int($id);
$thisarticle = NULL;
$q_status = $status ? 'and Status = ' . intval($status) : 'and Status in (4,5)';
$rs = safe_row("*, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod", "textpattern", 'ID = ' . $id . " {$q_status} limit 1");
if ($rs) {
extract($rs);
populateArticleData($rs);
}
}
if (!empty($thisarticle) and ($thisarticle['status'] == $status or gps('txpreview'))) {
extract($thisarticle);
$thisarticle['is_first'] = 1;
$thisarticle['is_last'] = 1;
if ($allowoverride and $override_form) {
$article = parse_form($override_form);
} else {
$article = $thing ? parse($thing) : parse_form($form);
}
if ($use_comments and $comments_auto_append) {
$article .= parse_form('comments_display');
}
unset($GLOBALS['thisarticle']);
return $article;
}
}
safe_alter('textpattern', "add `uid` varchar(32) not null");
safe_alter('textpattern', "add `feed_time` DATE not null DEFAULT '0000-00-00'");
$rs = safe_rows_start('ID,Posted', 'textpattern', '1');
if ($rs) {
while ($a = nextRow($rs)) {
assert_int($a['ID']);
$feed_time = substr($a['Posted'], 0, 10);
safe_update('textpattern', "uid='" . md5(uniqid(rand(), true)) . "', feed_time='" . doSlash($feed_time) . "'", "ID={$a['ID']}");
}
}
}
// 1.0: populate comments_count field
$rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid');
if ($rs) {
while ($a = nextRow($rs)) {
assert_int($a['parentid']);
safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']);
}
}
// 1.0: Human-friendly title for sections and categories, to solve i18n problems
if (!in_array('title', $txpsect)) {
safe_alter("txp_section", "add `title` varchar(255) not null default ''");
}
if (!in_array('title', $txpcat)) {
safe_alter("txp_category", "add `title` varchar(255) not null default ''");
}
if (safe_count('txp_section', "title=''") > 0) {
safe_update('txp_section', 'title=name', "title=''");
}
if (safe_count('txp_category', "title=''") > 0) {
safe_update('txp_category', 'title=name', "title=''");
function rebuild_tree($parent, $left, $type)
{
$left = assert_int($left);
$right = $left + 1;
$parent = doSlash($parent);
$type = doSlash($type);
$result = safe_column("name", "txp_category", "parent='{$parent}' and type='{$type}' order by name");
foreach ($result as $row) {
$right = rebuild_tree($row, $right, $type);
}
safe_update("txp_category", "lft={$left}, rgt={$right}", "name='{$parent}' and type='{$type}'");
return $right + 1;
}
function replace_post()
{
$id = assert_int(gps('id'));
$rs = safe_row("*", "txp_image", "id = {$id}");
if ($rs) {
$meta = array('category' => $rs['category'], 'caption' => $rs['caption'], 'alt' => $rs['alt']);
} else {
$meta = '';
}
$img_result = image_data($_FILES['thefile'], $meta, $id);
if (is_array($img_result)) {
list($message, $id) = $img_result;
$this->_message($message);
} else {
$this->_error($img_result);
}
$this->_set_view('edit', $id);
}
function link_save()
{
global $txpcfg, $vars, $txp_user;
$varray = gpsa($vars);
extract(doSlash($varray));
$id = assert_int($id);
if ($linkname === '' && $url === '' && $description === '') {
link_edit();
return;
}
$author = fetch('author', 'txp_link', 'id', $id);
if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) {
link_edit(gTxt('restricted_area'));
return;
}
if (!$linksort) {
$linksort = $linkname;
}
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}',\n\t\t\tauthor \t\t= '" . doSlash($txp_user) . "'", "id = {$id}");
if ($rs) {
update_lastmod();
$message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
link_edit($message);
}
}
function file_delete($ids = array())
{
global $file_base_path, $txp_user;
$ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
if (!has_privs('file.delete')) {
if (has_privs('file.delete.own')) {
$ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$ids = array();
}
}
if (!empty($ids)) {
$fail = array();
$rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$filepath = build_file_path($file_base_path, $filename);
// Notify plugins of pending deletion, pass file's id and path.
callback_event('file_deleted', '', false, $id, $filepath);
$rsd = safe_delete('txp_file', "id = {$id}");
$ul = false;
if ($rsd && is_file($filepath)) {
$ul = unlink($filepath);
}
if (!$rsd or !$ul) {
$fail[] = $id;
}
}
if ($fail) {
file_list(array(messenger(gTxt('file_delete_failed'), join(', ', $fail)), E_ERROR));
return;
} else {
update_lastmod('file_deleted', $ids);
file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids))));
return;
}
} else {
file_list(array(messenger(gTxt('file_not_found'), join(', ', $ids), ''), E_ERROR));
return;
}
}
file_list();
}
function file_delete($ids = array())
{
global $file_base_path;
$ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
$fail = array();
$rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$filepath = build_file_path($file_base_path, $filename);
$rsd = safe_delete('txp_file', "id = {$id}");
$ul = false;
if ($rsd && is_file($filepath)) {
$ul = unlink($filepath);
}
if (!$rsd or !$ul) {
$fail[] = $id;
}
}
if ($fail) {
file_list(messenger(gTxt('file_delete_failed'), join(', ', $fail), ''));
} else {
file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids))));
}
} else {
file_list(messenger(gTxt('file_not_found'), join(', ', $ids), ''));
}
}
/**
* Gets the ID of the next or the previous article.
*
* @param string $whichway Either '<' or '>'
* @param int Unix timestamp
* @return int
*/
function checkIfNeighbour($whichway, $sPosted)
{
$sPosted = assert_int($sPosted);
$dir = $whichway == 'prev' ? '<' : '>';
$ord = $whichway == 'prev' ? "DESC" : "ASC";
return safe_field("ID", 'textpattern', "Posted {$dir} FROM_UNIXTIME({$sPosted}) ORDER BY Posted {$ord} LIMIT 1");
}
function link_save()
{
global $vars, $txp_user;
$varray = array_map('assert_string', gpsa($vars));
extract(doSlash($varray));
if ($id) {
$id = $varray['id'] = assert_int($id);
}
if ($linkname === '' && $url === '' && $description === '') {
link_list(array(gTxt('link_empty'), E_ERROR));
return;
}
$author = fetch('author', 'txp_link', 'id', $id);
if (!has_privs('link.edit') && !($author == $txp_user && has_privs('link.edit.own'))) {
link_list(gTxt('restricted_area'));
return;
}
if (!$linksort) {
$linksort = $linkname;
}
$constraints = array('category' => new CategoryConstraint($varray['category'], array('type' => 'link')));
callback_event_ref('link_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate()) {
if ($id) {
$ok = safe_update('txp_link', "category = '{$category}',\n\t\t\t\t\turl = '" . trim($url) . "',\n\t\t\t\t\tlinkname = '{$linkname}',\n\t\t\t\t\tlinksort = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor = '" . doSlash($txp_user) . "'", "id = {$id}");
} else {
$ok = safe_insert('txp_link', "category = '{$category}',\n\t\t\t\t\tdate = now(),\n\t\t\t\t\turl = '" . trim($url) . "',\n\t\t\t\t\tlinkname = '{$linkname}',\n\t\t\t\t\tlinksort = '{$linksort}',\n\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\tauthor = '" . doSlash($txp_user) . "'");
if ($ok) {
$GLOBALS['ID'] = $_POST['id'] = $ok;
}
}
if ($ok) {
// update lastmod due to link feeds
update_lastmod();
$message = gTxt($id ? 'link_updated' : 'link_created', array('{name}' => doStrip($linkname)));
} else {
$message = array(gTxt('link_save_failed'), E_ERROR);
}
} else {
$message = array(gTxt('link_save_failed'), E_ERROR);
}
link_list($message);
}
function list_multi_edit()
{
global $txp_user;
$selected = ps('selected');
if (!$selected) {
return list_list();
}
$method = ps('edit_method');
$changed = false;
$ids = array();
if ($method == 'delete') {
if (!has_privs('article.delete')) {
$allowed = array();
if (has_privs('article.delete.own')) {
foreach ($selected as $id) {
$id = assert_int($id);
$author = safe_field('AuthorID', 'textpattern', "ID = {$id}");
if ($author == $txp_user) {
$allowed[] = $id;
}
}
}
$selected = $allowed;
}
foreach ($selected as $id) {
$id = assert_int($id);
if (safe_delete('textpattern', "ID = {$id}")) {
$ids[] = $id;
}
}
$changed = join(', ', $ids);
if ($changed) {
safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})");
}
} else {
$selected = array_map('assert_int', $selected);
$selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')');
$allowed = array();
foreach ($selected as $item) {
if ($item['Status'] >= 4 and has_privs('article.edit.published') or $item['Status'] >= 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < 4 and has_privs('article.edit') or $item['Status'] < 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) {
$allowed[] = $item['ID'];
}
}
$selected = $allowed;
unset($allowed);
switch ($method) {
// change author
case 'changeauthor':
$key = 'AuthorID';
$val = has_privs('article.edit') ? ps('AuthorID') : '';
// do not allow to be set to an empty value
if (!$val) {
$selected = array();
}
break;
// change category1
// change category1
case 'changecategory1':
$key = 'Category1';
$val = ps('Category1');
break;
// change category2
// change category2
case 'changecategory2':
$key = 'Category2';
$val = ps('Category2');
break;
// change comments
// change comments
case 'changecomments':
$key = 'Annotate';
$val = (int) ps('Annotate');
break;
// change section
// change section
case 'changesection':
$key = 'Section';
$val = ps('Section');
// do not allow to be set to an empty value
if (!$val) {
$selected = array();
}
break;
// change status
// change status
case 'changestatus':
$key = 'Status';
$val = ps('Status');
if (!has_privs('article.publish') && $val >= 4) {
$val = 3;
}
// do not allow to be set to an empty value
if (!$val) {
$selected = array();
}
break;
default:
$key = '';
$val = '';
break;
}
if ($selected and $key) {
foreach ($selected as $id) {
if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) {
$ids[] = $id;
}
}
$changed = join(', ', $ids);
}
}
if ($changed) {
update_lastmod();
return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified'));
}
return list_list();
}
function link_save()
{
global $txpcfg, $vars;
$varray = gpsa($vars);
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$id = assert_int($id);
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
if ($rs) {
update_lastmod();
$message = gTxt('link_updated', array('{name}' => doStrip($linkname)));
link_edit($message);
}
}
function log_list($message = '')
{
global $event, $log_list_pageby, $expire_logs_after;
pagetop(gTxt('tab_logs'), $message);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('log_sort_column', 'time');
}
if ($dir === '') {
$dir = get_pref('log_sort_dir', 'desc');
}
$dir = $dir == 'asc' ? 'asc' : 'desc';
$expire_logs_after = assert_int($expire_logs_after);
safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
switch ($sort) {
case 'ip':
$sort_sql = 'ip ' . $dir;
break;
case 'host':
$sort_sql = 'host ' . $dir;
break;
case 'page':
$sort_sql = 'page ' . $dir;
break;
case 'refer':
$sort_sql = 'refer ' . $dir;
break;
case 'method':
$sort_sql = 'method ' . $dir;
break;
case 'status':
$sort_sql = 'status ' . $dir;
break;
default:
$sort = 'time';
$sort_sql = 'time ' . $dir;
break;
}
set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = 1;
if ($search_method and $crit != '') {
$verbatim = preg_match('/^"(.*)"$/', $crit, $m);
$crit_escaped = doSlash($verbatim ? $m[1] : str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
$critsql = $verbatim ? array('ip' => "ip = '{$crit_escaped}'", 'host' => "host = '{$crit_escaped}'", 'page' => "page = '{$crit_escaped}'", 'refer' => "refer = '{$crit_escaped}'", 'method' => "method = '{$crit_escaped}'", 'status' => "status = '{$crit_escaped}'") : array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
$limit = 500;
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$criteria .= callback_event('admin_criteria', 'log_list', 0, $criteria);
$total = safe_count('txp_log', "{$criteria}");
echo '<h1 class="txp-heading">' . gTxt('tab_logs') . '</h1>';
echo '<div id="' . $event . '_control" class="txp-control-panel">';
if ($total < 1) {
if ($criteria != 1) {
echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
} else {
echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
}
return;
}
$limit = max($log_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
echo n . log_search_form($crit, $search_method) . '</div>';
$rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
if ($rs) {
echo n . '<div id="' . $event . '_container" class="txp-container">';
echo n . n . '<form action="index.php" id="log_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') . n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . n . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . n . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . n . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . n . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . n . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . n . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status')) . n . '</thead>';
echo '<tbody>';
while ($a = nextRow($rs)) {
extract($a, EXTR_PREFIX_ALL, 'log');
if ($log_refer) {
$log_refer = 'http://' . $log_refer;
$log_refer = '<a href="' . txpspecialchars($log_refer) . '" target="_blank">' . txpspecialchars(soft_wrap($log_refer, 30)) . '</a>';
}
if ($log_page) {
$log_anchor = preg_replace('/\\/$/', '', $log_page);
$log_anchor = soft_wrap(substr($log_anchor, 1), 30);
$log_page = '<a href="' . txpspecialchars($log_page) . '" target="_blank">' . txpspecialchars($log_anchor) . '</a>';
if ($log_method == 'POST') {
$log_page = '<strong>' . $log_page . '</strong>';
}
}
echo tr(n . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit') . td(gTime($log_uTime), '', 'date time') . td(txpspecialchars($log_ip), '', 'log_detail ip') . td(txpspecialchars(soft_wrap($log_host, 30)), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(txpspecialchars($log_method), '', 'log_detail method') . td($log_status, '', 'log_detail status'));
}
echo '</tbody>', n, endTable(), n, '</div>', n, log_multiedit_form($page, $sort, $dir, $crit, $search_method), n, tInput(), n, '</form>', n, graf(toggle_box('log_detail'), ' class="detail-toggle"'), n, '<div id="' . $event . '_navigation" class="txp-navigation">', n, nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit), n, pageby_form('log', $log_list_pageby), n, '</div>', n, '</div>';
}
}
function author_form()
{
global $step, $txp_user;
$vars = array('user_id', 'name', 'RealName', 'email', 'privs');
extract(gpsa($vars));
if ($user_id && $step == 'author_edit') {
$user_id = assert_int($user_id);
extract(safe_row('*', 'txp_users', "user_id = {$user_id}"));
}
if ($step == 'author_save' or $step == 'author_save_new') {
foreach ($vars as $var) {
${$var} = '';
}
}
$caption = gTxt($step == 'author_edit' ? 'edit_author' : 'add_new_author');
return form(hed($caption, 3, ' style="text-align: center;"') . startTable('edit') . tr(fLabelCell('login_name') . ($user_id && $step == 'author_edit' ? td(strong($name)) : fInputCell('name', $name))) . tr(fLabelCell('real_name') . fInputCell('RealName', $RealName)) . tr(fLabelCell('email') . fInputCell('email', $email)) . tr(fLabelCell('privileges') . td(($txp_user != $name ? privs($privs) : hInput('privs', $privs) . strong(get_priv_level($privs))) . sp . popHelp('about_privileges'))) . tr(td() . td(fInput('submit', '', gTxt('save'), 'publish') . ($user_id ? '' : sp . popHelp('add_new_author')))) . endTable() . eInput('admin') . ($user_id ? hInput('user_id', $user_id) . sInput('author_save') : sInput('author_save_new')));
}
function txp_thumb($id)
{
$id = assert_int($id);
$rs = safe_row('*', 'txp_image', 'id = ' . $id . ' limit 1');
if ($rs) {
extract($rs);
$this->m_ext = $ext;
$this->m_id = $id;
}
$this->wet_thumb();
// construct base class instance
}
/**
* The main panel listing all log hits.
*
* @param string|array $message The activity message
*/
function log_list($message = '')
{
global $event, $log_list_pageby, $expire_logs_after;
pagetop(gTxt('tab_logs'), $message);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('log_sort_column', 'time');
} else {
if (!in_array($sort, array('ip', 'host', 'page', 'refer', 'method', 'status'))) {
$sort = 'time';
}
set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
}
if ($dir === '') {
$dir = get_pref('log_sort_dir', 'desc');
} else {
$dir = $dir == 'asc' ? "asc" : "desc";
set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
}
$expire_logs_after = assert_int($expire_logs_after);
safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL {$expire_logs_after} DAY)");
switch ($sort) {
case 'ip':
$sort_sql = "ip {$dir}";
break;
case 'host':
$sort_sql = "host {$dir}";
break;
case 'page':
$sort_sql = "page {$dir}";
break;
case 'refer':
$sort_sql = "refer {$dir}";
break;
case 'method':
$sort_sql = "method {$dir}";
break;
case 'status':
$sort_sql = "status {$dir}";
break;
default:
$sort = 'time';
$sort_sql = "time {$dir}";
break;
}
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$search = new Filter($event, array('ip' => array('column' => 'txp_log.ip', 'label' => gTxt('IP')), 'host' => array('column' => 'txp_log.host', 'label' => gTxt('host')), 'page' => array('column' => 'txp_log.page', 'label' => gTxt('page')), 'refer' => array('column' => 'txp_log.refer', 'label' => gTxt('referrer')), 'method' => array('column' => 'txp_log.method', 'label' => gTxt('method')), 'status' => array('column' => 'txp_log.status', 'label' => gTxt('status'), 'type' => 'integer')));
list($criteria, $crit, $search_method) = $search->getFilter(array('status' => array('can_list' => true)));
$search_render_options = array('placeholder' => 'search_logs');
$total = safe_count('txp_log', "{$criteria}");
echo n . tag(hed(gTxt('tab_logs'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
$searchBlock = n . tag($search->renderForm('log_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control'));
$contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container'));
if ($total < 1) {
if ($criteria != 1) {
echo $searchBlock . $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information'));
} else {
echo $contentBlockStart . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_refers_recorded'), array('class' => 'alert-block information'));
}
echo n . tag_end('div');
return;
}
$limit = max($log_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
echo $searchBlock . $contentBlockStart;
$rs = safe_rows_start("*, UNIX_TIMESTAMP(time) AS uTime", 'txp_log', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
if ($rs) {
echo n . tag(toggle_box('log_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'log_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'txp-list-col-time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'txp-list-col-ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'txp-list-col-host log_detail') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'txp-list-col-page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'txp-list-col-refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'txp-list-col-method log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status log_detail')) . n . tag_end('thead') . n . tag_start('tbody');
while ($a = nextRow($rs)) {
extract($a, EXTR_PREFIX_ALL, 'log');
if ($log_refer) {
$log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' target="_blank"');
}
if ($log_page) {
$log_anchor = preg_replace('/\\/$/', '', $log_page);
$log_anchor = soft_wrap(substr($log_anchor, 1), 30);
$log_page = href(txpspecialchars($log_anchor), txpspecialchars($log_page), ' target="_blank"');
if ($log_method == 'POST') {
$log_page = strong($log_page);
}
}
echo tr(td(fInput('checkbox', 'selected[]', $log_id), '', 'txp-list-col-multi-edit') . hCell(gTime($log_uTime), '', ' class="txp-list-col-time" scope="row"') . td(href(txpspecialchars($log_ip), 'https://whois.domaintools.com/' . rawurlencode($log_ip), array('rel' => 'external', 'target' => '_blank')), '', 'txp-list-col-ip') . td(txpspecialchars($log_host), '', 'txp-list-col-host log_detail') . td($log_page, '', 'txp-list-col-page') . td($log_refer, '', 'txp-list-col-refer') . td(txpspecialchars($log_method), '', 'txp-list-col-method log_detail') . td($log_status, '', 'txp-list-col-status log_detail'));
}
echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . log_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('log', $log_list_pageby) . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div');
}
echo n . tag_end('div');
}
function doArticle($atts, $thing = null)
{
global $pretext, $prefs, $thisarticle;
extract($prefs);
extract($pretext);
extract(gpsa(array('parentid', 'preview')));
$theAtts = lAtts(array('allowoverride' => '1', 'form' => 'default', 'status' => STATUS_LIVE, 'pgonly' => 0), $atts, 0);
extract($theAtts);
// Save *all* atts to get hold of the current article filter criteria.
filterAtts($atts);
// No output required.
if ($pgonly) {
return '';
}
// If a form is specified, $thing is for doArticles() - hence ignore
// $thing here.
if (!empty($atts['form'])) {
$thing = '';
}
if ($status) {
$status = in_array(strtolower($status), array('sticky', STATUS_STICKY)) ? STATUS_STICKY : STATUS_LIVE;
}
if (empty($thisarticle) or $thisarticle['thisid'] != $id) {
$id = assert_int($id);
$thisarticle = null;
$q_status = $status ? "AND Status = " . intval($status) : "AND Status IN (" . STATUS_LIVE . "," . STATUS_STICKY . ")";
$rs = safe_row("*, UNIX_TIMESTAMP(Posted) AS uPosted, UNIX_TIMESTAMP(Expires) AS uExpires, UNIX_TIMESTAMP(LastMod) AS uLastMod", 'textpattern', "ID = {$id} {$q_status} LIMIT 1");
if ($rs) {
extract($rs);
populateArticleData($rs);
}
}
if (!empty($thisarticle) and ($thisarticle['status'] == $status or gps('txpreview'))) {
extract($thisarticle);
$thisarticle['is_first'] = 1;
$thisarticle['is_last'] = 1;
if ($allowoverride and $override_form) {
$article = parse_form($override_form);
} else {
$article = $thing ? parse($thing) : parse_form($form);
}
if ($use_comments and $comments_auto_append) {
$article .= parse_form('comments_display');
}
unset($GLOBALS['thisarticle']);
return $article;
}
}
function log_list($message = '')
{
global $event, $log_list_pageby, $expire_logs_after;
pagetop(gTxt('visitor_logs'), $message);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('log_sort_column', 'time');
}
if ($dir === '') {
$dir = get_pref('log_sort_dir', 'desc');
}
$dir = $dir == 'asc' ? 'asc' : 'desc';
$expire_logs_after = assert_int($expire_logs_after);
safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
switch ($sort) {
case 'ip':
$sort_sql = 'ip ' . $dir;
break;
case 'host':
$sort_sql = 'host ' . $dir;
break;
case 'page':
$sort_sql = 'page ' . $dir;
break;
case 'refer':
$sort_sql = 'refer ' . $dir;
break;
case 'method':
$sort_sql = 'method ' . $dir;
break;
case 'status':
$sort_sql = 'status ' . $dir;
break;
default:
$sort = 'time';
$sort_sql = 'time ' . $dir;
break;
}
set_pref('log_sort_column', $sort, 'log', 2, '', 0, PREF_PRIVATE);
set_pref('log_sort_dir', $dir, 'log', 2, '', 0, PREF_PRIVATE);
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = 1;
if ($search_method and $crit) {
$crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
$critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
$limit = 500;
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$total = safe_count('txp_log', "{$criteria}");
echo '<div id="' . $event . '_control" class="txp-control-panel">';
if ($total < 1) {
if ($criteria != 1) {
echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
} else {
echo graf(gTxt('no_refers_recorded'), ' class="indicator"') . '</div>';
}
return;
}
$limit = max($log_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
echo n . log_search_form($crit, $search_method) . '</div>';
$rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
if ($rs) {
echo n . '<div id="' . $event . '_container" class="txp-container txp-list">';
echo n . n . '<form action="index.php" id="log_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list', '', '90%') . n . '<thead>' . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, ('time' == $sort ? "{$dir} " : '') . 'date time') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail ip') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, ('host' == $sort ? "{$dir} " : '') . 'host') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, ('page' == $sort ? "{$dir} " : '') . 'page') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, ('refer' == $sort ? "{$dir} " : '') . 'refer') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail method') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail status') . hCell('', '', ' class="multi-edit"')) . n . '</thead>';
$tfoot = n . '<tfoot>' . tr(tda(toggle_box('log_detail'), ' class="detail-toggle" colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' class="multi-edit" colspan="6" style="text-align: right; border: none;"')) . n . '</tfoot>';
echo $tfoot;
echo '<tbody>';
$ctr = 1;
while ($a = nextRow($rs)) {
extract($a, EXTR_PREFIX_ALL, 'log');
if ($log_refer) {
$log_refer = 'http://' . $log_refer;
$log_refer = '<a href="' . htmlspecialchars($log_refer) . '" target="_blank">' . htmlspecialchars(soft_wrap($log_refer, 30)) . '</a>';
}
if ($log_page) {
$log_anchor = preg_replace('/\\/$/', '', $log_page);
$log_anchor = soft_wrap(substr($log_anchor, 1), 30);
$log_page = '<a href="' . htmlspecialchars($log_page) . '" target="_blank">' . htmlspecialchars($log_anchor) . '</a>';
if ($log_method == 'POST') {
$log_page = '<strong>' . $log_page . '</strong>';
}
}
echo tr(n . td(gTime($log_uTime), 85, 'date time') . td($log_ip, 20, 'log_detail ip') . td(soft_wrap($log_host, 30), '', 'host') . td($log_page, '', 'page') . td($log_refer, '', 'refer') . td(htmlspecialchars($log_method), 60, 'log_detail method') . td($log_status, 60, 'log_detail status') . td(fInput('checkbox', 'selected[]', $log_id), '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
$ctr++;
}
echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="' . $event . '_navigation" class="txp-navigation">' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . pageby_form('log', $log_list_pageby) . n . '</div>' . n . '</div>';
}
}
function file_delete($ids = array())
{
global $file_base_path, $txp_user;
$ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id')));
$message = '';
if (!has_privs('file.delete')) {
if (has_privs('file.delete.own')) {
$ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\'');
} else {
$ids = array();
}
}
if (!empty($ids)) {
$fail = array();
$rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')');
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$filepath = build_file_path($file_base_path, $filename);
$rsd = safe_delete('txp_file', "id = {$id}");
$ul = false;
if ($rsd && is_file($filepath)) {
$ul = unlink($filepath);
}
if (!$rsd or !$ul) {
$fail[] = $id;
}
}
if ($fail) {
$message = messenger(gTxt('file_delete_failed'), join(', ', $fail), '');
} else {
update_lastmod();
$message = gTxt('file_deleted', array('{name}' => join(', ', $ids)));
}
} else {
$message = messenger(gTxt('file_not_found'), join(', ', $ids), '');
}
}
file_list($message);
}
function update_comments_count($id)
{
$id = assert_int($id);
$thecount = safe_field('count(*)', 'txp_discuss', 'parentid=' . $id . ' and visible=' . VISIBLE);
$thecount = assert_int($thecount);
$updated = safe_update('textpattern', 'comments_count=' . $thecount, 'ID=' . $id);
return $updated ? true : false;
}
function link_save()
{
global $txpcfg, $vars;
$varray = gpsa($vars);
extract(doSlash($varray));
if (!$linksort) {
$linksort = $linkname;
}
$id = assert_int($id);
$rs = safe_update("txp_link", "category = '{$category}',\n\t\t\turl = '" . trim($url) . "',\n\t\t\tlinkname = '{$linkname}',\n\t\t\tlinksort = '{$linksort}',\n\t\t\tdescription = '{$description}'", "id = {$id}");
if ($rs) {
link_edit(messenger('link', doStrip($linkname), 'saved'));
}
}
function customer_update($event, $step)
{
global $txp_user, $vars, $txpcfg, $prefs;
extract($prefs);
extract(doSlash($_REQUEST));
$RealName = $billing_firstname . " " . $billing_lastname;
$user_id = assert_int($user_id);
if (!isset($shipping_same_as_billing)) {
$shipping_same_as_billing = 0;
} else {
$shipping_same_as_billing = 1;
}
if (!function_exists("generate_password")) {
require_once txpath . '/include/txp_admin.php';
}
if (!function_exists("is_valid_email")) {
require_once txpath . '/lib/txplib_misc.php';
}
if ($name && is_valid_email($email)) {
$password = doSlash(generate_password(6));
$nonce = doSlash(md5(uniqid(rand(), true)));
$rs = safe_update('txp_users', "\r\n\t\t\t\tprivs\t\t = 0,\r\n\t\t\t\tname\t\t = '{$name}',\r\n\t\t\t\temail\t\t = '{$email}',\r\n\t\t\t\tRealName = '{$RealName}',\r\n\t\t\t\tbilling_company = '{$billing_company}',\r\n\t\t\t\tbilling_address1 = '{$billing_address1}',\r\n\t\t\t\tbilling_address2 = '{$billing_address2}',\r\n\t\t\t\tbilling_city = '{$billing_city}',\r\n\t\t\t\tbilling_state = '{$billing_state}',\r\n\t\t\t\tbilling_zip = '{$billing_zip}',\r\n\t\t\t\tbilling_country = '{$billing_country}',\r\n\t\t\t\tbilling_fax = '{$billing_fax}',\r\n\t\t\t\tbilling_phone = '{$billing_phone}',\r\n\t\t\t\tshipping_same_as_billing = {$shipping_same_as_billing},\r\n\t\t\t\tshipping_company = '{$shipping_company}',\r\n\t\t\t\tshipping_address1 = '{$shipping_address1}',\r\n\t\t\t\tshipping_address2 = '{$shipping_address2}',\r\n\t\t\t\tshipping_city = '{$shipping_city}',\r\n\t\t\t\tshipping_state = '{$shipping_state}',\r\n\t\t\t\tshipping_zip = '{$shipping_zip}',\r\n\t\t\t\tshipping_country = '{$shipping_country}',\r\n\t\t\t\tshipping_fax = '{$shipping_fax}',\r\n\t\t\t\tshipping_phone = '{$shipping_phone}',\r\n\t\t\t\tshipping_firstname = '{$shipping_firstname}',\r\n\t\t\t\tshipping_lastname = '{$shipping_lastname}',\r\n\t\t\t\tbilling_firstname = '{$billing_firstname}',\r\n\t\t\t\tbilling_lastname = '{$billing_lastname}'", "user_id = {$user_id}");
if ($rs) {
customers_list('', '', "customer updated");
} else {
customers_list("There was an error trying to update customer");
}
}
}
function log_list($message = '')
{
pagetop(gTxt('visitor_logs'), $message);
extract(get_prefs());
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
$expire_logs_after = assert_int($expire_logs_after);
safe_delete('txp_log', "time < date_sub(now(), interval {$expire_logs_after} day)");
$dir = $dir == 'asc' ? 'asc' : 'desc';
switch ($sort) {
case 'ip':
$sort_sql = 'ip ' . $dir;
break;
case 'host':
$sort_sql = 'host ' . $dir;
break;
case 'page':
$sort_sql = 'page ' . $dir;
break;
case 'refer':
$sort_sql = 'refer ' . $dir;
break;
case 'method':
$sort_sql = 'method ' . $dir;
break;
case 'status':
$sort_sql = 'status ' . $dir;
break;
default:
$sort = 'time';
$sort_sql = 'time ' . $dir;
break;
}
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = 1;
if ($search_method and $crit) {
$crit_escaped = doSlash($crit);
$critsql = array('ip' => "ip like '%{$crit_escaped}%'", 'host' => "host like '%{$crit_escaped}%'", 'page' => "page like '%{$crit_escaped}%'", 'refer' => "refer like '%{$crit_escaped}%'", 'method' => "method like '%{$crit_escaped}%'", 'status' => "status like '%{$crit_escaped}%'");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
$limit = 500;
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$total = safe_count('txp_log', "{$criteria}");
if ($total < 1) {
if ($criteria != 1) {
echo n . log_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' style="text-align: center;"');
} else {
echo graf(gTxt('no_refers_recorded'), ' style="text-align: center;"');
}
return;
}
$limit = max(@$log_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
echo n . log_search_form($crit, $search_method);
$rs = safe_rows_start('*, unix_timestamp(time) as uTime', 'txp_log', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
if ($rs) {
echo n . n . '<form action="index.php" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', '', '', '90%') . n . tr(n . column_head('time', 'time', 'log', true, $switch_dir, $crit, $search_method, 'time' == $sort ? $dir : '') . column_head('IP', 'ip', 'log', true, $switch_dir, $crit, $search_method, ('ip' == $sort ? "{$dir} " : '') . 'log_detail') . column_head('host', 'host', 'log', true, $switch_dir, $crit, $search_method, 'host' == $sort ? $dir : '') . column_head('page', 'page', 'log', true, $switch_dir, $crit, $search_method, 'page' == $sort ? $dir : '') . column_head('referrer', 'refer', 'log', true, $switch_dir, $crit, $search_method, 'refer' == $sort ? $dir : '') . column_head('method', 'method', 'log', true, $switch_dir, $crit, $search_method, ('method' == $sort ? "{$dir} " : '') . 'log_detail') . column_head('status', 'status', 'log', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'log_detail') . hCell());
while ($a = nextRow($rs)) {
extract($a, EXTR_PREFIX_ALL, 'log');
if ($log_refer) {
$log_refer = htmlspecialchars('http://' . $log_refer);
$log_refer = '<a href="' . $log_refer . '" target="_blank">' . soft_wrap($log_refer, 30) . '</a>';
}
if ($log_page) {
$log_page = htmlspecialchars($log_page);
$log_page = '<a href="' . $log_page . '" target="_blank">' . soft_wrap(preg_replace('/\\/$/', '', substr($log_page, 1)), 30) . '</a>';
if ($log_method == 'POST') {
$log_page = '<strong>' . $log_page . '</strong>';
}
}
echo tr(n . td(gTime($log_uTime), 85) . td($log_ip, 20, 'log_detail') . td(soft_wrap($log_host, 30)) . td($log_page) . td($log_refer) . td($log_method, 60, 'log_detail') . td($log_status, 60, 'log_detail') . td(fInput('checkbox', 'selected[]', $log_id)));
}
echo n . n . tr(tda(toggle_box('log_detail'), ' colspan="2" style="text-align: left; border: none;"') . tda(select_buttons() . log_multiedit_form($page, $sort, $dir, $crit, $search_method), ' colspan="6" style="text-align: right; border: none;"')) . n . endTable() . '</form>' . n . nav_form('log', $page, $numPages, $sort, $dir, $crit, $search_method) . n . pageby_form('log', $log_list_pageby);
}
}