$pack = edit_option($pack, $i, $_REQUEST[$i]);
}
// Preview tool
$preview_hmtl = false;
if (isset($preview) && $preview == 'preview') {
$new[NEW_ID] = time();
$new[NEW_USER] = $member_db[2];
$new[NEW_TITLE] = $title;
$new[NEW_SHORT] = $short_story;
$new[NEW_FULL] = $full_story;
$new[NEW_AVATAR] = $manual_avatar;
$new[NEW_CAT] = $nice_category;
$new[NEW_MF] = $pack;
$new[NEW_OPT] = $options;
$preview_hmtl = getpart('addnews_preview', array(lang('Preview active news'), template_replacer_news($new, $template_active)));
$preview_hmtl .= getpart('addnews_preview', array(lang('Preview full story'), template_replacer_news($new, $template_full)));
$error_messages = false;
}
// ---------------------------------------------------------------------------------------------------- SAVE ---
if ($error_messages == false && empty($preview_hmtl)) {
// Make unique time, just for draft/normal: not postponed
if ($postpone == false) {
$added_time = time();
if (file_exists(SERVDIR . '/cdata/newsid.txt')) {
$added_time = join('', file(SERVDIR . '/cdata/newsid.txt'));
}
if (time() <= $added_time) {
$added_time++;
} else {
$added_time = time();
}
// Flood Protection
//----------------------------------
if ($config_flood_time != 0 and $config_flood_time != "") {
if (flooder($ip, $id) == true) {
echo '<div class="blocking_posting_comment">' . str_replace('%1', $config_flood_time, lang('Flood protection activated! You have to wait %1 seconds after your last comment before posting again at this article')) . '</div>';
return FALSE;
}
}
//----------------------------------
// Check if the name is protected
//----------------------------------
$user_member = user_search($name);
// In case if enter another name
if ($CNname && $CNpass && $CNname != $name or $name && $_SESS['user'] && $_SESS['user'] != $name) {
echo proc_tpl('remember');
echo getpart('forget_me_script');
$refer = $_SERVER['HTTP_REFERER'];
echo proc_tpl('wrong_user');
return FALSE;
}
if ($name && empty($user_member) == false) {
$is_member = true;
// Check stored password in cookies
if ($CNpass and $user_member[UDB_PASS] == $CNpass) {
$password = true;
}
if (!empty($_SESS['user']) && $_SESS['user'] == $name) {
$is_member = true;
} elseif (empty($password)) {
$comments = preg_replace(array("'\"'", "'\\''", "''"), array(""", "'", ""), $comments);
$name = replace_comment("add", preg_replace("/\n/", "", $name));
}
echo proc_tpl('plugins/list');
echofooter();
} elseif ($action == 'rewrite') {
if ($subaction == 'save') {
$w = fopen(SERVDIR . '/cdata/conf_rw.php', 'w');
flock($w, LOCK_EX);
fwrite($w, '<' . "?php\n");
foreach ($_REQUEST as $i => $v) {
if (substr($i, 0, 5) == 'conf_') {
fwrite($w, '$conf_rw_' . substr($i, 5) . ' = "' . str_replace('"', '\\"', $v) . "\";\n");
}
}
flock($w, LOCK_UN);
fclose($w);
$saved_ok = getpart('saved_ok');
}
// Read data from datatable
if (file_exists(SERVDIR . '/cdata/conf_rw.php')) {
include SERVDIR . '/cdata/conf_rw.php';
}
// Default values -----------------
set_default_val_for_rewrite();
hook('insert_additional_rewrites');
// Try to update htaccess
if ($update_htaccess == 'Y') {
$w = fopen($conf_rw_htaccess, 'w');
flock($w, LOCK_EX);
fwrite($w, "RewriteEngine ON\n");
fwrite($w, "RewriteCond %{REQUEST_FILENAME} !-d\n");
fwrite($w, "RewriteCond %{REQUEST_FILENAME} !-f\n");
echo $prev_next_msg;
}
$username = $usermail = false;
$template_form = str_replace("{config_http_script_dir}", $config_http_script_dir, $template_form);
//----------------------------------
// Check if the remember script exists
//----------------------------------
if (!empty($_SESS['user'])) {
$captcha_enabled = false;
$member_db = user_search($_SESS['user']);
}
$template_form = str_replace('{username}', isset($member_db[UDB_NAME]) ? $member_db[UDB_NAME] : false, $template_form);
$template_form = str_replace('{usermail}', isset($member_db[UDB_EMAIL]) ? $member_db[UDB_EMAIL] : false, $template_form);
// Remember and Forget for unregistered only
$remember_user = '';
$remember_form = getpart('remember_me');
if ($member_db) {
$remember_form = getpart('logged_as_member');
$remember_user = getpart('logger_as_membersp', htmlspecialchars($member_db[UDB_NAME]), htmlspecialchars($member_db[UDB_EMAIL]));
} elseif ($_COOKIE['CNname']) {
$remember_form = getpart('forget_me');
}
$gduse = function_exists('imagecreatetruecolor') ? 0 : 1;
$captcha_form = $config_use_captcha && $captcha_enabled ? proc_tpl('captcha_comments') : false;
$smilies_form = proc_tpl('remember_js') . insertSmilies('short', false);
$template_form = str_replace("{smilies}", $smilies_form, $template_form);
$template_form = str_replace('{remember_me}', $remember_form, $template_form);
$template_form = hook('comment_template_form', $template_form);
$remember_js = read_tpl('remember') . $remember_user;
echo proc_tpl('comment_form');
return TRUE;
if ($rememberme == 'yes') {
$_SESS['@'] = true;
} elseif (isset($_SESS['@'])) {
unset($_SESS['@']);
}
add_to_log($username, 'login');
user_remove_ban($ip);
// Modify Last Login
$member_db[UDB_LAST] = time();
user_update($username, $member_db);
$is_loged_in = true;
send_cookie();
} else {
$_SESS['user'] = false;
$bandata = user_addban($ip, time() + 3600);
$result .= getpart('block_ban', $bandata[1], date('d-m-Y H:i:s', $bandata[2]));
add_to_log($username, lang('Wrong username/password'));
$is_loged_in = false;
send_cookie();
}
}
} else {
// Check existence of user
$member_db = user_search($_SESS['user']);
if ($member_db) {
$is_loged_in = true;
} else {
$_SESS['user'] = false;
$is_loged_in = false;
send_cookie();
}
$error_messages .= getpart('addnews_err', array(lang("The title can not be blank"), "#GOBACK"));
}
if ($short_story == "" and $ifdelete != "yes") {
$error_messages .= getpart('addnews_err', array(lang("The story can not be blank"), "#GOBACK"));
}
// Some replaces
$use_html = $if_use_html == "yes" || $use_wysiwyg ? 1 : 0;
$short_story = replace_news("add", $short_story, $use_html);
$full_story = replace_news("add", $full_story, $use_html);
$title = stripslashes(preg_replace(array("'\\|'", "'\n'", "''"), array("I", "<br />", ""), $title));
$avatar = stripslashes(preg_replace(array("'\\|'", "'\n'", "''"), array("I", "<br />", ""), $avatar));
// Check avatar
if ($editavatar) {
$editavatar = check_avatar($editavatar);
if ($editavatar == false) {
$error_messages .= getpart('addnews_err', array(lang('Avatar not uploaded'), '#GOBACK'));
}
}
// *************************************************
// EDIT ONLY IF ALL CORRECT!
// *************************************************
if ($error_messages == false) {
// select news and comment files
if ($source == "") {
$news_file = SERVDIR . "/cdata/news.txt";
$com_file = SERVDIR . "/cdata/comments.txt";
} elseif ($source == "postponed") {
$news_file = SERVDIR . "/cdata/postponed_news.txt";
$com_file = SERVDIR . "/cdata/comments.txt";
} elseif ($source == "unapproved") {
$news_file = SERVDIR . "/cdata/unapproved_news.txt";
function caticon($cats, $cat_icon, $cat)
{
$cats = trim($cats);
if (empty($cats)) {
return false;
}
$result = false;
foreach (spsep($cats) as $cid) {
if ($cat_icon[$cid]) {
$result .= getpart('category_icon', array($cat[$cid], $cat_icon[$cid]));
}
}
return $result;
}
function getpart($mbox, $mid, $p, $partno, $charset, $htmlmsg, $plainmsg, $attachments)
{
// $partno = '1', '2', '2.1', '2.1.3', etc for multipart, 0 if simple
// DECODE DATA
if ($p->encoding != 3 || $partno < 2) {
$data = $partno ? imap_fetchbody($mbox, $mid, $partno, FT_UID) : imap_body($mbox, $mid, FT_UID);
}
// simple
// Any part may be encoded, even plain text messages, so check everything.
if ($p->encoding == 4) {
$data = quoted_printable_decode($data);
} elseif ($p->encoding == 3) {
$data = base64_decode($data);
}
// PARAMETERS
// get all parameters, like charset, filenames of attachments, etc.
$params = array();
if ($p->parameters) {
foreach ($p->parameters as $x) {
$params[strtolower($x->attribute)] = $x->value;
}
}
if ($p->dparameters) {
foreach ($p->dparameters as $x) {
$params[strtolower($x->attribute)] = $x->value;
}
}
// ATTACHMENT
// Any part with a filename is an attachment,
// so an attached text file (type 0) is not mistaken as the message.
if ($params['filename'] || $params['name']) {
// filename may be given as 'Filename' or 'Name' or both
$filename = $params['filename'] ? $params['filename'] : $params['name'];
// filename may be encoded, so see imap_mime_header_decode()
$attachments[$filename] = $data;
// this is a problem if two files have same name
}
// TEXT
if ($p->type == 0 && $data) {
// Messages may be split in different parts because of inline attachments,
// so append parts together with blank row.
if (strtolower($p->subtype) == 'plain') {
$plainmsg .= trim($data) . "\n\n";
} else {
$htmlmsg .= $data . "<br /><br />";
}
$charset = $params['charset'];
// assume all parts are same charset
} elseif ($p->type == 2 && $data) {
$plainmsg .= $data . "\n\n";
}
// SUBPART RECURSION
if ($p->parts) {
foreach ($p->parts as $partno0 => $p2) {
list($charset, $htmlmsg, $plainmsg, $attachments) = getpart($mbox, $mid, $p2, $partno . '.' . ($partno0 + 1), $charset, $htmlmsg, $plainmsg, $attachments);
}
// 1.2, 1.2.1, etc.
}
return array($charset, $htmlmsg, $plainmsg, $attachments);
}