/**
* post a new article
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new article, or FALSE on error
*
* @see articles/edit.php
**/
public static function post(&$fields)
{
global $context;
// title cannot be empty
if (!isset($fields['title']) || !$fields['title']) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// anchor cannot be empty
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
$fields['publish_date'] = NULL_DATE;
}
// set conservative default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (isset($fields['edit_action']) && $fields['edit_action']) {
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
if (!isset($fields['rank'])) {
$fields['rank'] = 10000;
}
if (!isset($fields['nick_name'])) {
$fields['nick_name'] = '';
}
// set canvas default value
if (!isset($fields['canvas']) || !$fields['canvas']) {
$fields['canvas'] = 'standard';
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// cascade anchor access rights
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// fields to update
$query = array();
// on import
if (isset($fields['id'])) {
$query[] = "id=" . SQL::escape($fields['id']);
}
// fields that are visible only to associates -- see articles/edit.php
if (Surfer::is_associate()) {
$query[] = "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'";
$query[] = "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'";
$query[] = "canvas='" . SQL::escape(isset($fields['canvas']) ? $fields['canvas'] : '') . "'";
}
$query[] = "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'";
$query[] = "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'";
$query[] = "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'";
$query[] = "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'";
$query[] = "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'";
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
$query[] = "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'";
$query[] = "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'";
$query[] = "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
// controlled fields
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
// fields visible to authorized member
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
$query[] = "title='" . SQL::escape($fields['title']) . "'";
$query[] = "source='" . SQL::escape(isset($fields['source']) ? $fields['source'] : '') . "'";
$query[] = "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'";
$query[] = "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
$query[] = "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'";
$query[] = "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'";
$query[] = "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'";
$query[] = "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'";
$query[] = "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'";
$query[] = "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']);
$query[] = "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'";
$query[] = "hits=0";
$query[] = "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "'";
$query[] = "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : (isset($fields['edit_id']) ? $fields['edit_id'] : '0'));
$query[] = "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "'";
$query[] = "create_date='" . SQL::escape($fields['create_date']) . "'";
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape(isset($fields['edit_id']) ? $fields['edit_id'] : '0');
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'article:submit') . "'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
// reset user assignment, if any
$query[] = "assign_name=''";
$query[] = "assign_id=0";
$query[] = "assign_address=''";
$query[] = "assign_date='" . SQL::escape(NULL_DATE) . "'";
// set or change the publication date
if (isset($fields['publish_date']) && $fields['publish_date'] > NULL_DATE) {
$query[] = "publish_name='" . SQL::escape(isset($fields['publish_name']) ? $fields['publish_name'] : $fields['edit_name']) . "'";
if (isset($fields['publish_id']) || isset($fields['edit_id'])) {
$query[] = "publish_id=" . SQL::escape(isset($fields['publish_id']) ? $fields['publish_id'] : $fields['edit_id']);
}
$query[] = "publish_address='" . SQL::escape(isset($fields['publish_address']) ? $fields['publish_address'] : $fields['edit_address']) . "'";
$query[] = "publish_date='" . SQL::escape($fields['publish_date']) . "'";
}
// always create a random handle for this article
if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
$fields['handle'] = md5(mt_rand());
}
$query[] = "handle='" . SQL::escape($fields['handle']) . "'";
$query[] = "rating_count='" . SQL::escape(isset($fields['rating_count']) ? $fields['rating_count'] : '0') . "'";
// allow anonymous surfer to access this page during his session
if (!Surfer::get_id()) {
Surfer::add_handle($fields['handle']);
}
// insert a new record
$query = "INSERT INTO " . SQL::table_name('articles') . " SET " . implode(', ', $query);
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// assign the page to related categories
Categories::remember('article:' . $fields['id'], isset($fields['publish_date']) ? $fields['publish_date'] : NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// turn author to page editor and update author's watch list
if (isset($fields['edit_id']) && $fields['edit_id']) {
Members::assign('user:'******'edit_id'], 'article:' . $fields['id']);
Members::assign('article:' . $fields['id'], 'user:'******'edit_id']);
}
// clear the cache
Articles::clear($fields);
// return the id of the new item
return $fields['id'];
}
/**
* post a new section
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @param boolean TRUE to update the watch list of the poster
* @return the id of the new article, or FALSE on error
*
* @see sections/edit.php
* @see sections/populate.php
* @see letters/new.php
* @see links/links.php
* @see query.php
**/
public static function post(&$fields, $watch = TRUE)
{
global $context;
// title cannot be empty
if (!isset($fields['title']) || !trim($fields['title'])) {
Logger::error(i18n::s('No title has been provided.'));
return FALSE;
}
// sanity filter
$fields['title'] = strip_tags($fields['title'], '<br>');
// protect from hackers
if (isset($fields['icon_url'])) {
$fields['icon_url'] = encode_link($fields['icon_url']);
}
if (isset($fields['thumbnail_url'])) {
$fields['thumbnail_url'] = encode_link($fields['thumbnail_url']);
}
// set default values for this editor
Surfer::check_default_editor($fields);
// reinforce date formats
if (!isset($fields['activation_date']) || $fields['activation_date'] <= NULL_DATE) {
$fields['activation_date'] = NULL_DATE;
}
if (!isset($fields['create_date']) || $fields['create_date'] <= NULL_DATE) {
$fields['create_date'] = $fields['edit_date'];
}
if (!isset($fields['expiry_date']) || $fields['expiry_date'] <= NULL_DATE) {
$fields['expiry_date'] = NULL_DATE;
}
if (!isset($fields['publish_date']) || $fields['publish_date'] <= NULL_DATE) {
$fields['publish_date'] = NULL_DATE;
}
// set conservative default values
if (!isset($fields['active_set'])) {
$fields['active_set'] = 'Y';
}
if (isset($fields['edit_action'])) {
$fields['edit_action'] = preg_replace('/import$/i', 'update', $fields['edit_action']);
}
if (!isset($fields['home_panel']) || !$fields['home_panel']) {
$fields['home_panel'] = 'main';
}
if (!isset($fields['index_map']) || !$fields['index_map']) {
$fields['index_map'] = 'Y';
}
if (!isset($fields['index_news']) || !$fields['index_news']) {
$fields['index_news'] = 'none';
}
// save on requests
if (!isset($fields['rank']) || !$fields['rank']) {
$fields['rank'] = 10000;
}
// set layout for sections
if (!isset($fields['sections_layout']) || !$fields['sections_layout'] || !preg_match('/^(accordion|carrousel|compact|custom|decorated|directory|folded|inline|jive|map|slashdot|tabs|titles|yabb|none)$/', $fields['sections_layout'])) {
$fields['sections_layout'] = 'none';
} elseif ($fields['sections_layout'] == 'custom') {
if (isset($fields['sections_custom_layout']) && $fields['sections_custom_layout']) {
$fields['sections_layout'] = $fields['sections_custom_layout'];
} else {
$fields['sections_layout'] = 'none';
}
}
// set layout for articles
if (!isset($fields['articles_layout']) || !$fields['articles_layout'] || !preg_match('/^(accordion|alistapart|carrousel|custom|compact|daily|decorated|digg|directory|hardboiled|jive|map|newspaper|none|simile|slashdot|table|tabs|tagged|threads|titles|yabb)$/', $fields['articles_layout'])) {
$fields['articles_layout'] = 'decorated';
} elseif ($fields['articles_layout'] == 'custom') {
if (isset($fields['articles_custom_layout']) && $fields['articles_custom_layout']) {
$fields['articles_layout'] = $fields['articles_custom_layout'];
} else {
$fields['articles_layout'] = 'decorated';
}
}
// set canvas for articles
if (!isset($fields['articles_canvas']) || !$fields['articles_canvas']) {
$fields['articles_canvas'] = 'standard';
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// cascade anchor access rights
if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
} else {
$fields['active'] = $fields['active_set'];
}
// always create a random handle for this section
if (!isset($fields['handle']) || strlen($fields['handle']) < 32) {
$fields['handle'] = md5(mt_rand());
}
$handle = "handle='" . SQL::escape($fields['handle']) . "',";
// allow anonymous surfer to access this section during his session
if (!Surfer::get_id()) {
Surfer::add_handle($fields['handle']);
}
// insert a new record
$query = "INSERT INTO " . SQL::table_name('sections') . " SET ";
// on import
if (isset($fields['id'])) {
$query .= "id='" . SQL::escape($fields['id']) . "',";
}
// all fields should be visible
$query .= "anchor='" . SQL::escape(isset($fields['anchor']) ? $fields['anchor'] : '') . "'," . "activation_date='" . SQL::escape($fields['activation_date']) . "'," . "active='" . SQL::escape($fields['active']) . "'," . "active_set='" . SQL::escape($fields['active_set']) . "'," . "articles_canvas='" . SQL::escape(isset($fields['articles_canvas']) ? $fields['articles_canvas'] : 'null') . "'," . "articles_layout='" . SQL::escape(isset($fields['articles_layout']) ? $fields['articles_layout'] : 'decorated') . "'," . "articles_templates='" . SQL::escape(isset($fields['articles_templates']) ? $fields['articles_templates'] : '') . "'," . "behaviors='" . SQL::escape(isset($fields['behaviors']) ? $fields['behaviors'] : '') . "'," . "content_options='" . SQL::escape(isset($fields['content_options']) ? $fields['content_options'] : '') . "'," . "content_overlay='" . SQL::escape(isset($fields['content_overlay']) ? $fields['content_overlay'] : '') . "'," . "create_address='" . SQL::escape(isset($fields['create_address']) ? $fields['create_address'] : $fields['edit_address']) . "', " . "create_date='" . SQL::escape($fields['create_date']) . "'," . "create_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "create_name='" . SQL::escape(isset($fields['create_name']) ? $fields['create_name'] : $fields['edit_name']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'," . "edit_action='" . SQL::escape(isset($fields['edit_action']) ? $fields['edit_action'] : 'section:create') . "', " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'," . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "expiry_date='" . SQL::escape($fields['expiry_date']) . "'," . "extra='" . SQL::escape(isset($fields['extra']) ? $fields['extra'] : '') . "'," . "family='" . SQL::escape(isset($fields['family']) ? $fields['family'] : '') . "'," . "file_overlay='" . SQL::escape(isset($fields['file_overlay']) ? $fields['file_overlay'] : '') . "'," . $handle . "hits=" . SQL::escape(isset($fields['hits']) ? $fields['hits'] : 0) . "," . "home_panel='" . SQL::escape(isset($fields['home_panel']) ? $fields['home_panel'] : 'main') . "'," . "icon_url='" . SQL::escape(isset($fields['icon_url']) ? $fields['icon_url'] : '') . "'," . "index_map='" . SQL::escape(isset($fields['index_map']) ? $fields['index_map'] : 'Y') . "'," . "index_news='" . SQL::escape(isset($fields['index_news']) ? $fields['index_news'] : 'static') . "'," . "index_news_count=" . SQL::escape(isset($fields['index_news_count']) ? $fields['index_news_count'] : 5) . "," . "index_title='" . SQL::escape(isset($fields['index_title']) ? $fields['index_title'] : '') . "'," . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "'," . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : '') . "'," . "locked='" . SQL::escape(isset($fields['locked']) ? $fields['locked'] : 'N') . "'," . "meta='" . SQL::escape(isset($fields['meta']) ? $fields['meta'] : '') . "'," . "nick_name='" . SQL::escape(isset($fields['nick_name']) ? $fields['nick_name'] : '') . "'," . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "'," . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "owner_id=" . SQL::escape(isset($fields['create_id']) ? $fields['create_id'] : $fields['edit_id']) . ", " . "prefix='" . SQL::escape(isset($fields['prefix']) ? $fields['prefix'] : '') . "'," . "rank='" . SQL::escape(isset($fields['rank']) ? $fields['rank'] : 10000) . "'," . "section_overlay='" . SQL::escape(isset($fields['section_overlay']) ? $fields['section_overlay'] : '') . "'," . "sections_layout='" . SQL::escape(isset($fields['sections_layout']) ? $fields['sections_layout'] : 'map') . "'," . "suffix='" . SQL::escape(isset($fields['suffix']) ? $fields['suffix'] : '') . "'," . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "'," . "template='" . SQL::escape(isset($fields['template']) ? $fields['template'] : '') . "'," . "thumbnail_url='" . SQL::escape(isset($fields['thumbnail_url']) ? $fields['thumbnail_url'] : '') . "'," . "title='" . SQL::escape(isset($fields['title']) ? $fields['title'] : '') . "'," . "trailer='" . SQL::escape(isset($fields['trailer']) ? $fields['trailer'] : '') . "'";
// actual insert
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
$fields['id'] = SQL::get_last_id($context['connection']);
// assign the page to related categories
Categories::remember('section:' . $fields['id'], NULL_DATE, isset($fields['tags']) ? $fields['tags'] : '');
// turn author to page editor and update author's watch list
if ($watch && isset($fields['edit_id']) && $fields['edit_id']) {
Members::assign('user:'******'edit_id'], 'section:' . $fields['id']);
Members::assign('section:' . $fields['id'], 'user:'******'edit_id']);
}
// clear the cache
Sections::clear($fields);
// return the id of the new item
return $fields['id'];
}
// extract the actual e-mail address -- Foo Bar <*****@*****.**> => foo@bar.com
$tokens = explode(' ', $credentials[2]);
$address = trim(str_replace(array('<', '>'), '', $tokens[count($tokens) - 1]));
// if surfer has not been authenticated yet
if (!Surfer::get_id()) {
// look for a surfer with this address
if (!($user = Users::get($address))) {
$user = array();
$user['nick_name'] = $address;
$user['email'] = $address;
}
// save surfer profile in session context
Surfer::set($user, TRUE);
}
// add this anchor to allowed handles during this session
Surfer::add_handle($anchor->get_handle());
// redirect to target page
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . $anchor->get_url());
}
} else {
Logger::error(i18n::s('Request is invalid.'));
}
// some data have been posted
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
// protect from hackers
$name = preg_replace(FORBIDDEN_IN_NAMES, '_', strip_tags($_REQUEST['login_name']));
// the surfer has been authenticated
if ($user = Users::login($name, $_REQUEST['login_password'])) {
// surfer request long validity authentication
if (isset($_REQUEST['remember']) && $_REQUEST['remember'] == 'Y') {
$context['users_with_permanent_authentication'] = 'Y';