function trigger()
{
$username = $_POST['username'];
$password = md5($_POST['password']);
if (isset($_COOKIE[__SYM_COOKIE__]) && !isset($_POST['action']['login'])) {
$args = unserialize(base64_decode($_COOKIE[__SYM_COOKIE_SAFE__]));
$username = $args['username'];
$password = $args['password'];
}
$sql = "SELECT *\n\t\t\t\t\tFROM `tbl_authors`\n\t\t\t\t\tWHERE `username` = '" . addslashes($username) . "'\n\t\t\t\t\tAND `password` = '" . $password . "'";
$row = $this->_db->fetchRow(0, $sql);
if (!empty($row) && is_array($row)) {
$sql = "UPDATE `tbl_authors` SET `lastvisit` = UNIX_TIMESTAMP() WHERE `id` = '" . $row['id'] . "'";
$this->_db->query($sql);
setcookie(__SYM_COOKIE__, serialize($row), time() + 31536000, $this->_parent->getCookieDomain());
setcookie(__SYM_COOKIE_SAFE__, base64_encode(serialize($row)), time() + 31536000, $this->_parent->getCookieDomain());
$status = 'Author';
if ($row['owner'] == 1) {
$status = 'Owner';
} elseif ($row['superuser'] == 1) {
$status = 'Administrator';
}
$result = new XMLElement("user");
$result->setAttribute("logged-in", "true");
$result->addChild(new XMLElement("username", $row['username']));
$result->addChild(new XMLElement("first-name", $row['firstname']));
$result->addChild(new XMLElement("last-name", $row['lastname']));
$result->addChild(new XMLElement("email", $row['email']));
$result->addChild(new XMLElement("account-type", $status));
} else {
$result = new XMLElement("user");
$result->setAttribute("logged-in", "false");
}
return $result;
}
function grab($param = array())
{
extract($this->_env, EXTR_PREFIX_ALL, 'env');
include_once TOOLKIT . '/class.entrymanager.php';
$entryManager = new EntryManager($this->_parent);
$section_id = $entryManager->fetchSectionIDFromHandle($this->__resolveDefine("dsFilterPARENTSECTION"));
$schema = $entryManager->fetchEntryFieldSchema($section_id, NULL, $this->_dsFilterCUSTOMFIELD);
$schema = $schema[0];
##Check the cache
$hash_id = md5(get_class($this));
if ($param['caching'] && ($cache = $this->check_cache($hash_id))) {
return $cache;
exit;
}
##------------------------------
##Create the XML container
$xml = new XMLElement("categories-list");
$xml->setAttribute("section", "customfield");
##Populate the XML
if (empty($schema) || !is_array($schema)) {
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
} else {
$ops = preg_split('/,/', $schema['values'], -1, PREG_SPLIT_NO_EMPTY);
$ops = array_map("trim", $ops);
$xml->addChild(new XMLElement("name", $schema['name']));
$xml->setAttribute("handle", $schema['handle']);
$options = new XMLElement("options");
foreach ($ops as $o) {
if ($schema['type'] == 'multiselect') {
$table = 'tbl_entries2customfields_list';
} else {
$table = 'tbl_entries2customfields';
}
$count = $this->_db->fetchVar('count', 0, "SELECT count(id) AS `count` FROM `{$table}` WHERE `field_id` = '" . $schema['id'] . "' AND value_raw = '{$o}' ");
$xO = new XMLElement("option", $o);
$xO->setAttribute('entry-count', $count);
$xO->setAttribute('handle', Lang::createHandle($o, $this->_parent->getConfigVar('handle_length', 'admin')));
$options->addChild($xO);
}
$xml->addChild($options);
}
##------------------------------
##Write To Cache
if ($param['caching']) {
$result = $xml->generate($param['indent'], $param['indent-depth']);
$this->write_to_cache($hash_id, $result, $this->_cache_sections);
return $result;
}
return $xml;
}
break;
case "boolean":
$sql = "SELECT DISTINCT t1.entry_id,\n\t\t\t\t MATCH(t1.value) AGAINST ('{$searchstring}' IN BOOLEAN MODE) AS score\n\t\t\t\t FROM tbl_entries2customfields AS t1\n\t LEFT JOIN `tbl_entries` AS t2 ON t1.entry_id = t2.id\n\t\t\t LEFT JOIN `tbl_entries2sections` AS t3 on t2.id = t3.entry_id\n\t WHERE 1 AND MATCH(t1.value) AGAINST ('{$searchstring}' IN BOOLEAN MODE)\n\t\t\t\t " . ($Author->get('superuser') != 1 ? " AND t3.section_id IN ({$can_access})" : '') . "\n\t\t\t\t ORDER BY score DESC LIMIT 5";
break;
}
$result = $db->fetchCol('entry_id', $sql);
$result = array_flip($result);
$result = array_flip($result);
if (@count($result) >= 1) {
$parent =& new ParentShell($db, $config);
include_once LIBRARY . "/core/class.manager.php";
include_once LIBRARY . "/core/class.symphonylog.php";
include_once LIBRARY . "/core/class.textformattermanager.php";
include_once TOOLKIT . "/class.entrymanager.php";
$entryManager = new EntryManager($parent);
foreach ($result as $entry_id) {
$row = $entryManager->fetchEntriesByID($entry_id, false, true);
$locked = 'content';
##Generate the XML
$entry = new XMLElement("item");
$entry->setAttribute("class", $locked);
$entry->addChild(new XMLElement("title", strip_tags($row['fields'][$row['primary_field']]['value'])));
$entry->addChild(new XMLElement("date", $cDate->get(true, true, strtotime($row['publish_date_gmt']))));
$entry->addChild(new XMLElement("link", "?page=/publish/section/edit/&_sid=" . $row['section_id'] . "&id=" . $row['id']));
$entry->addChild(new XMLElement("handle", $row['primary_field']));
if (isset($row['fields']['body']) && $row['fields']['body']['type'] == 'textarea') {
$entry->addChild(new XMLElement("description", General::limitWords(strip_tags($row['fields']['body']['value']), 100, true, false)));
}
$xml->addChild($entry);
}
}
function grab($param = array())
{
## Decide if we return an emtpy set or not
if ($this->__forceEmptySet()) {
##Create the XML container
$xml = new XMLElement("archive-overview");
$xml->setAttribute("section", $this->getType());
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
}
$obDate = $this->_parent->getDateObj();
extract($this->_env, EXTR_PREFIX_ALL, 'env');
$where = $sort = $joins = NULL;
include_once TOOLKIT . '/class.entrymanager.php';
$entryManager = new EntryManager($this->_parent);
$section_id = $entryManager->fetchSectionIDFromHandle($this->getType());
##Prepare the Query
if ($handle = $this->__resolveDefine("dsFilterHANDLE")) {
$entries = $entryManager->fetchEntryIDFromPrimaryFieldHandle($section_id, $handle);
$where .= " AND t1.`id`" . ($this->__isDefineNotClause("dsFilterHANDLE") ? ' NOT' : '') . " IN ('" . @implode("', '", $entries) . "') ";
}
if ($date = $this->__resolveDefine("dsFilterDAY")) {
$where .= " AND DATE_FORMAT(t1.publish_date, '%d') " . ($this->__isDefineNotClause("dsFilterDAY") ? '!' : '') . "= '" . $date . "' ";
}
if ($month = $this->__resolveDefine("dsFilterMONTH")) {
$where .= " AND DATE_FORMAT(t1.publish_date, '%m') " . ($this->__isDefineNotClause("dsFilterMONTH") ? '!' : '') . "= '" . $month . "' ";
}
if ($year = $this->__resolveDefine("dsFilterYEAR")) {
$where .= " AND DATE_FORMAT(t1.publish_date, '%Y') " . ($this->__isDefineNotClause("dsFilterYEAR") ? '!' : '') . "= '" . $year . "' ";
}
if ($this->_dsFilterINCLUDEPOSTDATED != 'yes') {
$where .= " AND UNIX_TIMESTAMP(t1.publish_date_gmt) <= '" . $obDate->get(false, false) . "' ";
}
if (is_array($this->_dsFilterCUSTOM) && !empty($this->_dsFilterCUSTOM)) {
$table_id = 15;
foreach ($this->_dsFilterCUSTOM as $handle => $value) {
$field = $this->_db->fetchRow(0, "SELECT `id`, `type`, `foreign_select_multiple` FROM `tbl_customfields` WHERE `parent_section` = '{$section_id}' AND `handle` = '{$handle}' LIMIT 1");
$value_handle = Lang::createHandle($value, $this->_parent->getConfigVar('handle_length', 'admin'));
if ($field['type'] == 'multiselect' || $field['type'] == 'foreign' && $field['foreign_select_multiple'] == 'yes') {
$joins .= " LEFT JOIN `tbl_entries2customfields_list` AS t{$table_id} ON t1.`id` = t{$table_id}.`entry_id` AND t{$table_id}.field_id = " . $field['id'] . " ";
$where .= " AND (t{$table_id}.value_raw = '{$value}' OR t{$table_id}.handle = '{$value_handle}') ";
} else {
$joins .= " LEFT JOIN `tbl_entries2customfields` AS t{$table_id} ON t1.`id` = t{$table_id}.`entry_id` AND t{$table_id}.field_id = " . $field['id'] . " ";
$where .= " AND (t{$table_id}.value_raw = '{$value}' OR t{$table_id}.handle = '{$value_handle}') ";
}
$table_id++;
}
}
if ($this->_dsFilterSORT != '') {
$sort = strtoupper($this->_dsFilterSORT);
}
$sql = "SELECT t1.id, t1.publish_date_gmt " . "FROM `tbl_entries` AS t1 " . "LEFT JOIN `tbl_metadata` AS t2 ON t1.`id` = t2.`relation_id` " . "AND t2.`class` = 'entry' " . "LEFT JOIN `tbl_authors` AS t4 ON t1.`author_id` = t4.`id` " . $joins . "LEFT JOIN `tbl_entries2sections` AS t8 ON t1.id = t8.entry_id " . "WHERE t8.section_id = '{$section_id}' " . $where . "GROUP BY t1.`id` " . "ORDER BY t1.`publish_date_gmt` " . $sort;
##Check the cache
$hash_id = md5(get_class($this) . serialize($env_url));
if ($param['caching'] && ($cache = $this->check_cache($hash_id))) {
return $cache;
exit;
}
##------------------------------
##Create the XML container
$xml = new XMLElement("archive-overview");
$xml->setAttribute("section", $this->getType());
##Grab the records
$entries = $this->_db->fetch($sql);
$current_month = date("m", $obDate->get(true, false));
$current_year = date("Y", $obDate->get(true, false));
##Populate the XML
if (empty($entries) || !is_array($entries)) {
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
} else {
$bin = array();
foreach ($entries as $e) {
list($dYear, $dMonth, $dDay) = explode("-", date("Y-m-d", $obDate->get(true, false, strtotime($e['publish_date_gmt']))));
$bin[$dYear][intval($dMonth)]++;
}
$years = @array_keys($bin);
if ($sort && $sort == 'DESC') {
$end_year = $current_year;
$bin_years = array_keys($bin);
rsort($bin_years);
for ($ii = $bin_years[0] + 1; $ii <= $current_year; $ii++) {
$bin[$ii] = array();
}
$bin = array_reverse($bin, true);
} else {
$start_year = $years[0];
}
foreach ($bin as $year => $months) {
$xYear = new XMLElement("year");
$xYear->setAttribute("value", $year);
#foreach($months as $month => $count){
if ($sort && $sort == 'DESC') {
for ($month = 12; $month > 0; $month--) {
if ($current_year > $year || $current_year == $year && $current_month >= $month) {
$xMonth = new XMLElement("month");
$xMonth->setAttribute("value", $month < 10 ? "0{$month}" : $month);
$xMonth->setAttribute("entry-count", "" . max(0, intval($months[$month])) . "");
$xYear->addChild($xMonth);
}
}
} else {
for ($month = 1; $month <= 12; $month++) {
if ($current_year > $year || $current_year == $year && $current_month >= $month) {
$xMonth = new XMLElement("month");
$xMonth->setAttribute("value", $month < 10 ? "0{$month}" : $month);
$xMonth->setAttribute("entry-count", "" . max(0, intval($months[$month])) . "");
$xYear->addChild($xMonth);
}
}
}
$xml->addChild($xYear);
if ($sort && $sort == 'DESC') {
$start_year = $year;
} else {
$end_year = $year;
}
}
$xml->setAttribute("year-start", $start_year);
$xml->setAttribute("year-end", $end_year);
}
##------------------------------
##Write To Cache
if ($param['caching']) {
$result = $xml->generate($param['indent'], $param['indent-depth']);
$this->write_to_cache($hash_id, $result, $this->_cache_sections);
return $result;
}
return $xml;
}
function grab($param = array())
{
## Decide if we return an emtpy set or not
if ($this->__forceEmptySet()) {
##Create the XML container
$xml = new XMLElement("archive-entry-list");
$xml->setAttribute("section", $this->getType());
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
}
$obDate = $this->_parent->getDateObj();
extract($this->_env, EXTR_PREFIX_ALL, 'env');
$where = $sort = $joins = NULL;
include_once TOOLKIT . '/class.entrymanager.php';
$entryManager = new EntryManager($this->_parent);
$section_id = $entryManager->fetchSectionIDFromHandle($this->getType());
##Prepare the Query
if ($handle = $this->__resolveDefine("dsFilterHANDLE")) {
$entries = $entryManager->fetchEntryIDFromPrimaryFieldHandle($section_id, $handle);
$where .= " AND t1.`id`" . ($this->__isDefineNotClause("dsFilterHANDLE") ? ' NOT' : '') . " IN ('" . @implode("', '", $entries) . "') ";
}
if ($date = $this->__resolveDefine("dsFilterDAY")) {
$where .= " AND DATE_FORMAT(t1.publish_date, '%d') " . ($this->__isDefineNotClause("dsFilterDAY") ? '!' : '') . "= '" . $date . "' ";
}
if ($month = $this->__resolveDefine("dsFilterMONTH")) {
$where .= " AND DATE_FORMAT(t1.publish_date, '%m') " . ($this->__isDefineNotClause("dsFilterMONTH") ? '!' : '') . "= '" . $month . "' ";
}
if ($year = $this->__resolveDefine("dsFilterYEAR")) {
$where .= " AND DATE_FORMAT(t1.publish_date, '%Y') " . ($this->__isDefineNotClause("dsFilterYEAR") ? '!' : '') . "= '" . $year . "' ";
}
if ($this->_dsFilterINCLUDEPOSTDATED != 'yes') {
$where .= " AND UNIX_TIMESTAMP(t1.publish_date_gmt) <= '" . $obDate->get(false, false) . "' ";
}
if (is_array($this->_dsFilterCUSTOM) && !empty($this->_dsFilterCUSTOM)) {
$table_id = 15;
foreach ($this->_dsFilterCUSTOM as $handle => $value) {
$field = $this->_db->fetchRow(0, "SELECT `id`, `type`, `foreign_select_multiple` FROM `tbl_customfields` WHERE `parent_section` = '{$section_id}' AND `handle` = '{$handle}' LIMIT 1");
$value_handle = Lang::createHandle($value, $this->_parent->getConfigVar('handle_length', 'admin'));
if ($field['type'] == 'multiselect' || $field['type'] == 'foreign' && $field['foreign_select_multiple'] == 'yes') {
$joins .= " LEFT JOIN `tbl_entries2customfields_list` AS t{$table_id} ON t1.`id` = t{$table_id}.`entry_id` AND t{$table_id}.field_id = " . $field['id'] . " ";
$where .= " AND (t{$table_id}.value_raw = '{$value}' OR t{$table_id}.handle = '{$value_handle}') ";
} else {
$joins .= " LEFT JOIN `tbl_entries2customfields` AS t{$table_id} ON t1.`id` = t{$table_id}.`entry_id` AND t{$table_id}.field_id = " . $field['id'] . " ";
$where .= " AND (t{$table_id}.value_raw = '{$value}' OR t{$table_id}.handle = '{$value_handle}') ";
}
$table_id++;
}
}
if ($this->_dsFilterSORT != '') {
$sort = strtoupper($this->_dsFilterSORT);
}
if ($max_months = $this->__resolveDefine("dsFilterLIMIT_MONTHS")) {
$sql = "SELECT UNIX_TIMESTAMP(t1.publish_date) AS publish_timestamp " . "FROM `tbl_entries` AS t1 " . "LEFT JOIN `tbl_metadata` AS t2 ON t1.`id` = t2.`relation_id` " . "AND t2.`class` = 'entry' " . "LEFT JOIN `tbl_authors` AS t4 ON t1.`author_id` = t4.`id` " . $joins . "LEFT JOIN `tbl_entries2sections` AS t8 ON t1.id = t8.entry_id " . "WHERE t8.section_id = '{$section_id}' " . $where . "GROUP BY t1.`id` " . "ORDER BY t1.`publish_date` {$sort} " . "LIMIT 1";
$relative_start = $this->_db->fetchVar('publish_timestamp', 0, $sql);
switch ($sort) {
case "DESC":
$end = mktime(0, 0, 0, date('m', $relative_start) - $max_months + 1, 1, date('Y', $relative_start));
$where .= " AND (UNIX_TIMESTAMP(t1.publish_date) <= '{$relative_start}' AND UNIX_TIMESTAMP(t1.publish_date) >= '{$end}')";
break;
case "ASC":
## Since this is assending, we need to start from 0. The DS editor will give us 1+
$max_months--;
$last_day = date('d', mktime(0, 0, 0, date('m', $relative_start) + 1, 0, date('Y', $relative_start)));
$end = mktime(23, 59, 59, date('m', $relative_start) + $max_months, $last_day, date('Y', $relative_start));
$where .= " AND (UNIX_TIMESTAMP(t1.publish_date) >= '{$relative_start}' AND UNIX_TIMESTAMP(t1.publish_date) <= '{$end}')";
break;
}
} else {
##We are trying to preview
if (isset($param['limit'])) {
$limit = " LIMIT 0, " . $param['limit'];
} elseif ($this->_dsFilterLIMIT != '') {
$limit = " LIMIT 0, " . $this->_dsFilterLIMIT;
} elseif ($where == NULL) {
$limit = " LIMIT 0, 50";
}
}
$sql = "SELECT t1.id " . "FROM `tbl_entries` AS t1 " . "LEFT JOIN `tbl_metadata` AS t2 ON t1.`id` = t2.`relation_id` " . "AND t2.`class` = 'entry' " . "LEFT JOIN `tbl_authors` AS t4 ON t1.`author_id` = t4.`id` " . $joins . "LEFT JOIN `tbl_entries2sections` AS t8 ON t1.id = t8.entry_id " . "WHERE t8.section_id = '{$section_id}' " . $where . "GROUP BY t1.`id` " . "ORDER BY t1.`publish_date_gmt` " . $sort . $limit;
##Check the cache
$hash_id = md5(get_class($this) . serialize($env_url));
if ($param['caching'] && ($cache = $this->check_cache($hash_id))) {
return $cache;
exit;
}
##------------------------------
##Create the XML container
$xml = new XMLElement("archive-entry-list");
$xml->setAttribute("section", $this->getType());
$xml->setAttribute("section-id", $section_id);
##Grab the records
$entries = $this->_db->fetchCol("id", $sql);
##Populate the XML
if (empty($entries) || !is_array($entries)) {
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
} else {
$bin = array();
foreach ($entries as $id) {
$row = $entryManager->fetchEntriesByID($id, false, true);
list($dYear, $dMonth, $dDay) = explode("-", date("Y-m-d", $obDate->get(true, false, strtotime($row['publish_date_gmt']))));
$bin[$dYear][$dMonth][$dDay][] = $row;
}
foreach ($bin as $year => $months) {
$xYear = new XMLElement("year");
$xYear->setAttribute("value", $year);
foreach ($months as $month => $days) {
$xMonth = new XMLElement("month");
$xMonth->setAttribute("value", $month);
foreach ($days as $day => $entries) {
$xDay = new XMLElement("day");
$xDay->setAttribute("value", $day);
foreach ($entries as $row) {
$entry = new XMLElement("entry");
$entry->setAttribute("id", $row['id']);
$entry->setAttribute("handle", trim($row['fields'][$row['primary_field']]['handle']));
$entry->setAttribute('linked-count', '' . count($row['linked_entries']) . '');
$date_local = $obDate->get(true, false, $row['timestamp_gmt']);
$entry_fields = array("date" => General::createXMLDateObject($date_local), "time" => General::createXMLTimeObject($date_local), "rfc822-date" => date("D, d M Y H:i:s \\G\\M\\T", $obDate->get(false, false, $row['timestamp_gmt'])));
$this->__addChildFieldsToXML($entry_fields, $entry);
##Author Details
$author_rec = $this->_db->fetchRow(0, "SELECT * FROM `tbl_authors` WHERE `id` = '" . $row['author_id'] . "' LIMIT 1");
$author = new XMLElement("author");
$author_fields = array("first-name" => $author_rec['firstname'], "last-name" => $author_rec['lastname'], "email" => $author_rec['email'], "username" => $author_rec['username']);
$this->__addChildFieldsToXML($author_fields, $author, "author");
$entry->addChild($author);
##Custom Fields
$fields = $row['fields'];
if (is_array($fields) && !empty($fields)) {
$customFields = new XMLElement("fields");
foreach ($fields as $f) {
if (@in_array($f['field_handle'], $this->_dsFilterXMLFIELDS)) {
$newField = new XMLElement($f['field_handle']);
if ($f['type'] == 'list' || $f['type'] == 'multiselect') {
foreach ($f['value_raw'] as $val) {
$item = new XMLElement("item", $val);
$item->setAttribute("handle", Lang::createHandle($val, $this->_parent->getConfigVar('handle_length', 'admin')));
$newField->addChild($item);
}
} elseif ($f['type'] == 'foreign') {
$sid = $f['foreign_section'];
$section_handle = $this->_db->fetchVar('handle', 0, "SELECT `handle` FROM `tbl_sections` WHERE `id` = '{$sid} ' LIMIT 1");
$newField->setAttribute("handle", $f['handle']);
$newField->setAttribute("type", 'foreign');
$newField->setAttribute("section-id", $sid);
$newField->setAttribute("section-handle", $sid);
if (!is_array($f['value_raw'])) {
$f['value_raw'] = array($f['value_raw']);
}
foreach ($f['value_raw'] as $h) {
$entry_id = $entryManager->fetchEntryIDFromPrimaryFieldHandle($sid, $h);
$e = $entryManager->fetchEntriesByID($entry_id, false, true);
$item = new XMLElement("item", trim($e['fields'][$e['primary_field']]['value']));
$item->setAttribute("entry-id", $entry_id[0]);
$item->setAttribute("entry-handle", $e['fields'][$e['primary_field']]['handle']);
$newField->addChild($item);
}
} elseif ($f['type'] == 'upload') {
foreach ($f['value_raw'] as $val) {
$item = new XMLElement("item");
$item->addChild(new XMLElement("path", trim($val['path'], '/')));
$item->addChild(new XMLElement("type", $val['type']));
$item->addChild(new XMLElement("size", General::formatFilesize($val['size'])));
$newField->addChild($item);
}
} elseif ($f['type'] == 'checkbox') {
$newField->setValue($f['value_raw']);
} elseif ($f['type'] == 'select') {
$newField->setValue($f['value_raw']);
$newField->setAttribute("handle", $f['handle']);
} else {
$key = 'value';
if ($f['format'] != 1) {
$key = 'value_raw';
}
$f[$key] = trim($f[$key]);
$value = $f[$key];
if ($this->_dsFilterENCODE == "yes") {
$value = trim(General::sanitize($f[$key]));
}
if ($f['type'] == 'textarea') {
$newField->setValue($value);
$newField->setAttribute("word-count", General::countWords(strip_tags($f['value'])));
} elseif ($f['type'] == 'input' && $f['field_id'] != $row['primary_field']) {
$newField->setAttribute("handle", $f['handle']);
$newField->setValue($value);
}
}
$customFields->addChild($newField);
}
}
$entry->addChild($customFields);
}
##Comments
$commenting = $this->_db->fetchVar('commenting', 0, "SELECT `commenting` FROM `tbl_sections` WHERE `id` = '{$section_id}' LIMIT 1");
if ($commenting == 'on') {
$comments = new XMLElement("comments");
$sql = "SELECT count(*) as `count` " . "FROM `tbl_comments` " . "WHERE `entry_id` = '" . $row['id'] . "'";
$comment_count = max(0, @intval($this->_db->fetchVar("count", 0, $sql . " AND `spam` = 'no'")));
$spam_count = max(0, @intval($this->_db->fetchVar("count", 0, $sql . " AND `spam` = 'yes'")));
$comments->setAttribute("count", "" . $comment_count . "");
$comments->setAttribute("spam", "" . $spam_count . "");
$entry->addChild($comments);
}
$xDay->addChild($entry);
}
$xMonth->addChild($xDay);
}
$xYear->addChild($xMonth);
}
$xml->addChild($xYear);
}
}
##------------------------------
##Write To Cache
if ($param['caching']) {
$result = $xml->generate($param['indent'], $param['indent-depth']);
$this->write_to_cache($hash_id, $result, $this->_cache_sections);
return $result;
}
return $xml;
}
function trigger()
{
$result = new XMLElement("post-comment");
$comment = array();
$comment['author_name'] = $_POST['name'];
$comment['author_url'] = $_POST['website'];
$comment['author_email'] = $_POST['email'];
$comment['body'] = $_POST['comment'];
$comment['entry_handle'] = $_POST['entry-handle'];
$comment['section'] = $_POST['section'];
$comment = array_map("stripslashes", $comment);
## Create the cookie elements
$cookie = new XMLElement("cookie");
$cookie->addChild(new XMLElement("name", General::sanitize($comment['author_name'])));
$cookie->addChild(new XMLElement("email", General::sanitize($comment['author_email'])));
$cookie->addChild(new XMLElement("url", General::validateURL($comment['author_url'])));
$cookie->addChild(new XMLElement("comment", General::sanitize($comment['body'])));
$result->addChild($cookie);
$canProceed = true;
if ($comment['author_name'] == "" || $comment['author_email'] == "" || $comment['body'] == "") {
$xMissing = new XMLElement("missing");
if ($comment['author_name'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "name");
$xMissing->addChild($missing);
}
if ($comment['author_email'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "email");
$xMissing->addChild($missing);
}
if ($comment['body'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "comment");
$xMissing->addChild($missing);
}
$result->addChild($xMissing);
$canProceed = false;
}
if ($comment['author_email'] != "" && !ereg('^[a-zA-Z0-9_\\.\\-]+@[a-zA-Z0-9\\-]+\\.[a-zA-Z0-9\\-\\.]+$', $comment['author_email'])) {
$invalid = new XMLElement("invalid");
$xInvalid = new XMLElement("input");
$xInvalid->setAttribute("name", "email");
$invalid->addChild($xInvalid);
$result->addChild($invalid);
$canProceed = false;
}
if (!$canProceed) {
$result->setAttribute("sent", "false");
} else {
require_once TOOLKIT . "/class.commenting.php";
$oCommenting = new Commenting(array("parent" => $this->_parent));
## By default 'body', 'author_name' and 'author_ip' are required, but we
## want an email ('author_email') address as well.
$oCommenting->setRequiredField('author_email');
#if(is_array($oCommenting->_notices) && !empty($oCommenting->_notices)){
if (!$oCommenting->insertComment($comment)) {
$result->addChild(new XMLElement("notice", $oCommenting->_notices[0]));
$result->setAttribute("sent", "false");
} else {
$result->setAttribute("sent", "true");
$result->addChild(new XMLElement("notice", "Comment saved successfully"));
}
if ($oCommenting->isLastCommentSpam) {
$result->setAttribute("spam", "true");
}
$prefix = $this->_parent->getConfigVar('cookie_prefix', 'symphony');
if ($_POST['remember'] == 'on') {
setcookie($prefix . 'comment-remember[name]', $comment['author_name'], time() + TWO_WEEKS, $this->_parent->getCookieDomain());
setcookie($prefix . 'comment-remember[url]', $comment['author_url'], time() + TWO_WEEKS, $this->_parent->getCookieDomain());
setcookie($prefix . 'comment-remember[email]', $comment['author_email'], time() + TWO_WEEKS, $this->_parent->getCookieDomain());
} else {
setcookie($prefix . 'comment-remember', ' ', time() - TWO_WEEKS, $this->_parent->getCookieDomain());
}
}
return $result;
}
foreach ($comments as $c) {
$comment = new XMLElement("comment");
$tmp_time = strtotime($c['creation_date_gmt']);
if (!$done) {
$comment->setAttribute("new", "true");
} elseif ($tmp_time > $lastrefresh) {
if ($tmp_time > @file_get_contents($done_path)) {
$comment->setAttribute("new", "true");
@unlink($done_path);
}
}
$body = strip_tags($c['body']);
$body = ereg_replace("[^[:space:]a-zA-Z0-9,*_.-\\'\\\"&;\\]]", "", $body);
$body = General::stripEntities($body, ' ');
$comment->setAttribute("class", "comment" . ($c['spam'] == "yes" ? "-spam" : ""));
$comment->addChild(new XMLElement("title", General::limitWords(General::sanitize(strip_tags($body)), 100, true, false)));
$comment->addChild(new XMLElement("link", "?page=/publish/comments/edit/&id=" . $c['id']));
if (kFULL_MODE) {
$comment->addChild(new XMLElement('body', $body));
$comment->addChild(new XMLElement('date', $c['creation_date_gmt']));
$comment->addChild(new XMLElement('referrer', $c['referrer']));
$comment->addChild(new XMLElement('author-name', $c['author_name']));
$comment->addChild(new XMLElement('author-email', $c['author_email']));
if ($c['author_url'] != '') {
$comment->addChild(new XMLElement('author-url', $c['author_url']));
}
}
$xml->addChild($comment);
}
}
}
die("<h2>Symphony Fatal Error</h2><p>You cannot directly access this file</p>");
}
$cDate = new SymDate($settings["region"]["time_zone"], "d");
$month = isset($_REQUEST['month']) || $_REQUEST['month'] != "" ? $_REQUEST['month'] : date("F", time());
$year = isset($_REQUEST['year']) || $_REQUEST['year'] != "" ? $_REQUEST['year'] : date("Y", time());
$startdate = strtotime("1 " . $month . " " . $year);
$enddate = mktime(0, 0, 0, date("m", $startdate) + 1, 1, $year);
$sql = "SELECT t1.*, t2.section_id, t3.value_raw as `title`,\n\t\t\tUNIX_TIMESTAMP(t1.publish_date_gmt) as `timestamp_gmt`\n\t\t\tFROM `tbl_entries` as t1, `tbl_sections` as t4, `tbl_entries2sections` as t2, `tbl_entries2customfields` as t3\n\t\t\tWHERE UNIX_TIMESTAMP(t1.publish_date) >= '{$startdate}'\n\t\t\tAND UNIX_TIMESTAMP(t1.publish_date) <= '{$enddate}'\n\t\t\tAND t1.`id` = t2.entry_id\n\t\t\tAND t1.`id` = t3.entry_id AND t4.primary_field = t3.field_id\n\t\t\tAND t2.section_id = t4.id\n\t\t\tORDER BY t1.publish_date DESC ";
$result = $db->fetch($sql);
$xml->addChild(new XMLElement("month", $month . " " . $year));
if (@count($result) >= 1) {
$final = array();
foreach ($result as $row) {
if ($Author->canAccessSection($row['section_id'])) {
$final[$cDate->get(true, true, $row['timestamp_gmt'])][] = $row;
}
}
foreach ($final as $date => $entries) {
$item = new XMLElement("item");
$item->addChild(new XMLElement("date", intval($date)));
foreach ($entries as $row) {
$locked = 'content';
$entry = new XMLElement("entry");
$entry->setAttribute("class", $locked);
$entry->addChild(new XMLElement("title", General::limitWords(strip_tags($row['title']), 32, true, true)));
$entry->addChild(new XMLElement("link", "?page=/publish/section/edit/&_sid=" . $row['section_id'] . "&id=" . $row['id']));
$item->addChild($entry);
}
$xml->addChild($item);
}
}
$description = '<p><strong>Author:</strong> ' . $fragment['data']['author-name'][0] . '<br />' . CRLF . '<strong>Email:</strong> ' . $fragment['data']['author-email'][0] . '<br />' . CRLF . (isset($fragment['data']['author-url']) ? '<strong>Website:</strong> ' . $fragment['data']['author-url'][0] . '<br />' . CRLF : '') . '<strong>Entry:</strong> <a href="' . $fragment['data']['referrer'][0] . '">' . $fragment['data']['referrer'][0] . '</a></p>' . CRLF . CRLF . '<p>' . $fragment['data']['body'][0] . '</p>';
break;
case 'version':
$fragment = flattenFragment($fragment, $type);
## Skip this one if there is no update
if (!isset($fragment['data']['update'])) {
continue 2;
}
$title = '[Update] ' . $fragment['data']['announcement'][0];
$link = $guid = 'http://accounts.symphony21.com';
$pubdate = date("D, d M Y H:i:s \\G\\M\\T", $obDate->get(false, false, strtotime($fragment['data']['releasedate'][0])));
$description = '<p><em>You get this update from <a href="' . $link . '">your account</a> page.</em></p>' . $fragment['data']['change-log'][0];
break;
}
$item->addChild(new XMLElement('title', General::sanitize($title)));
if ($description) {
$item->addChild(new XMLElement('description', General::sanitize($description)));
}
$item->addChild(new XMLElement('link', General::sanitize($link)));
$item->addChild(new XMLElement('pubDate', $pubdate));
$item->addChild(new XMLElement('guid', General::sanitize($guid)));
$channel->addChild($item);
}
$rss->addChild($channel);
##RSS XML is returned, make sure the browser knows it
header("Content-Type: text/xml");
$rss->setIncludeHeader(true);
print $rss->generate(true);
## Important. Need this otherwise rest of Symphony admin
## laods.
exit;
function buildXML($page_handle = NULL, $utilities = NULL, $indent = false, $caching = true)
{
$events = new XMLElement("events");
$xml = new XMLElement("data");
$xml->setIncludeHeader(true);
$page_handle = $page_handle ? $page_handle : $this->_page;
$sql = "SELECT t1.*,\n\t\t\t\t\t\t t2.events as `master_events`,\n\t\t\t\t\t\t t2.data_sources as `master_data_sources`\n\n\t\t\t\t\tFROM `tbl_pages` AS `t1`\n\t\t\t\t\tLEFT JOIN `tbl_masters` AS `t2` ON t1.`master` = concat(t2.`name`, '.xsl')\n\t\t\t\t\tWHERE t1.`handle` = '" . $page_handle . "' LIMIT 1";
if (!($page = $this->_db->fetchRow(0, $sql))) {
$this->fatalError("Requested page '" . $page_handle . "' could not be found");
}
$page_data = preg_split('/,/', $page['data_sources'] . "," . $page['master_data_sources'], -1, PREG_SPLIT_NO_EMPTY);
$page_events = preg_split('/,/', $page['events'] . "," . $page['master_events'], -1, PREG_SPLIT_NO_EMPTY);
$page_data = General::array_remove_duplicates($page_data);
$page_events = General::array_remove_duplicates($page_events);
##EVENTS
if (is_array($page_events) && !empty($page_events)) {
foreach ($page_events as $e) {
$this->_EventManager->addEvent($e);
}
}
$this->_EventManager->fireEvents($events, array('parent' => $this, 'env' => $this->_env));
$this->_EventManager->flush();
$xml->addChild($events);
$this->_events = $events;
##DATASOURCES
$dsParam = array("indent-depth" => 1, "caching" => $caching, "indent" => $indent, "preview" => $this->_preview, "allow_optimise" => $page['optimise_xml'] == "yes" ? 'on' : 'off');
if (is_array($page_data) && !empty($page_data)) {
foreach ($page_data as $d) {
$this->_DatasourceManager->addDatasource($d, $dsParam);
}
}
$this->_DatasourceManager->renderData($xml, array('parent' => $this, 'env' => $this->_env));
$this->_DatasourceManager->flush();
##Generate the final XML
$this->_xml_final = $xml->generate($indent, 0);
$doctor = new XMLRepair();
$doctor->repair($this->_xml_final);
unset($doctor);
$this->_xml_final = trim($this->_xml_final);
return $this->_xml_final;
}
function update(&$Page, &$Contents)
{
/*
<form action="" method="post">
<h2>Update Symphony</h2>
<p>Symphony is ready to update from version 1.6.2 to version 1.6.3.</p>
<div class="submit">
<input name="action[update]" type="submit" value="Update Symphony" />
<input name="action[update]" type="hidden" value="true" />
</div>
</form>
*/
$Form = new XMLElement('form');
$Form->setAttribute('action', 'install.php');
$Form->setAttribute('method', 'post');
$Form->addChild(new XMLElement('h2', 'Update Symphony'));
$Form->addChild(new XMLElement('p', 'Symphony is ready to update from version ' . kCURRENT_VERSION . ' to version ' . kVERSION));
$Submit = new XMLElement('div');
$Submit->setAttribute('class', 'submit');
### submit
$Submit->addChild(Widget::input('submit', 'Update Symphony', NULL, 'submit'));
### action[update]
$Submit->addChild(Widget::input('action[update' . kCURRENT_BUILD . ']', 'true', NULL, 'hidden'));
$Form->addChild($Submit);
$Contents->addChild($Form);
$Page->setTemplateVar('title', 'Update Symphony');
$Page->setTemplateVar('tagline', 'Version ' . kVERSION);
}
function grab($param = array())
{
## Decide if we return an emtpy set or not
if ($this->__forceEmptySet()) {
##Create the XML container
$xml = new XMLElement("comments");
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
}
$obDate = $this->_parent->getDateObj();
extract($this->_env, EXTR_PREFIX_ALL, 'env');
$where = NULL;
include_once TOOLKIT . "/class.entrymanager.php";
$entryManager = new EntryManager($this->_parent);
##Prepare the Query
if ($section_id = $entryManager->fetchSectionIDFromHandle($this->_dsFilterSECTION)) {
$comment_where .= " AND t4.`section_id` = '{$section_id}' ";
if ($entries = $this->__resolveDefine("dsFilterHANDLE", true)) {
$entry_ids = $entryManager->fetchEntryIDFromPrimaryFieldHandle($section_id, $entries);
$comment_where .= " AND t3.`id`" . ($this->__isDefineNotClause("dsFilterHANDLE") ? ' NOT' : '') . " IN ('" . @implode("', '", $entry_ids) . "') ";
}
}
if ($date = $this->__resolveDefine("dsFilterDAY")) {
$comment_where .= " AND DATE_FORMAT(t2.creation_date, '%d') " . ($this->__isDefineNotClause("dsFilterDAY") ? '!' : '') . "= '" . $date . "' ";
}
if ($month = $this->__resolveDefine("dsFilterMONTH")) {
$comment_where .= " AND DATE_FORMAT(t2.creation_date, '%m') " . ($this->__isDefineNotClause("dsFilterMONTH") ? '!' : '') . "= '" . $month . "' ";
}
if ($year = $this->__resolveDefine("dsFilterYEAR")) {
$comment_where .= " AND DATE_FORMAT(t2.creation_date, '%Y') " . ($this->__isDefineNotClause("dsFilterYEAR") ? '!' : '') . "= '" . $year . "' ";
}
$sort = "DESC";
if ($this->_dsFilterSORT != '') {
$sort = strtoupper($this->_dsFilterSORT);
}
if (!isset($this->_dsFilterSHOWSPAM) || $this->_dsFilterSHOWSPAM != 'yes') {
$comment_where .= " AND `t1`.`spam` = 'no' ";
}
if ($max_months = $this->__resolveDefine("dsFilterLIMIT_MONTHS")) {
$sql = "SELECT UNIX_TIMESTAMP(t2.creation_date_gmt) as `creation_timestamp_gmt` " . "FROM `tbl_comments` as t1 " . "LEFT JOIN `tbl_metadata` AS t2 ON t1.`id` = t2.`relation_id` AND t2.`class` = 'comment' " . "INNER JOIN `tbl_entries` as t3 ON t1.`entry_id` = t3.`id` " . "LEFT JOIN `tbl_entries2sections` AS t4 ON t3.`id` = t4.`entry_id` " . "WHERE 1 " . $comment_where . "GROUP BY t1.`id` " . "ORDER BY `creation_timestamp_gmt` {$sort} " . "LIMIT 1";
$relative_start = $this->_db->fetchVar('creation_timestamp_gmt', 0, $sql);
switch ($sort) {
case "DESC":
$end = mktime(0, 0, 0, date('m', $relative_start) - $max_months + 1, 1, date('Y', $relative_start));
$comment_where .= " AND (UNIX_TIMESTAMP(t2.creation_date_gmt) <= '{$relative_start}' AND UNIX_TIMESTAMP(t2.creation_date_gmt) >= '{$end}')";
break;
case "ASC":
## Since this is assending, we need to start from 0. The DS editor will give us 1+
$max_months--;
$last_day = date('d', mktime(0, 0, 0, date('m', $relative_start) + 1, 0, date('Y', $relative_start)));
$end = mktime(23, 59, 59, date('m', $relative_start) + $max_months, $last_day, date('Y', $relative_start));
$comment_where .= " AND (UNIX_TIMESTAMP(t2.creation_date_gmt) >= '{$relative_start}' AND UNIX_TIMESTAMP(t2.creation_date_gmt) <= '{$end}')";
break;
}
} else {
##We are trying to preview
if (isset($param['limit'])) {
$limit = $param['limit'];
} elseif ($this->_dsFilterLIMIT != '') {
$limit = intval($this->_dsFilterLIMIT);
##Prevent things from getting too big
} else {
$limit = 50;
}
}
$start = 0;
$sql = "SELECT count(t1.id) AS `total-comments` " . "FROM `tbl_comments` AS t1 " . "LEFT JOIN `tbl_metadata` AS t2 ON t1.`id` = t2.`relation_id` AND t2.`class` = 'comment' " . "INNER JOIN `tbl_entries` as t3 ON t1.`entry_id` = t3.`id` " . "LEFT JOIN `tbl_entries2sections` AS t4 ON t3.`id` = t4.`entry_id` " . "WHERE 1 " . $comment_where;
$kTotalCommentCount = $this->_db->fetchVar('total-comments', 0, $sql);
if (isset($this->_dsFilterPAGENUMBER)) {
$pagenumber = $this->__resolveDefine("dsFilterPAGENUMBER");
$kPageNumber = max(1, intval($pagenumber));
if (!$limit) {
$limit = 50;
}
$kTotalPages = ceil($kTotalCommentCount * (1 / $limit));
$start = $limit * ($kPageNumber - 1);
}
$sql = "SELECT t1.*, UNIX_TIMESTAMP(t2.creation_date_gmt) as `creation_timestamp_gmt` " . "FROM `tbl_comments` as t1 " . "LEFT JOIN `tbl_metadata` AS t2 ON t1.`id` = t2.`relation_id` AND t2.`class` = 'comment' " . "INNER JOIN `tbl_entries` as t3 ON t1.`entry_id` = t3.`id` " . "LEFT JOIN `tbl_entries2sections` AS t4 ON t3.`id` = t4.`entry_id` " . "WHERE 1 " . $comment_where . "GROUP BY t1.`id` " . "ORDER BY `creation_timestamp_gmt` {$sort} " . ($limit ? " LIMIT {$start}, {$limit}" : '');
##Check Cache
$hash_id = md5(get_class($this) . $sql);
if ($param['caching'] && ($cache = $this->check_cache($hash_id))) {
return $cache;
exit;
}
##------------------------------
##Create the XML container
$xml = new XMLElement("comments");
##Grab the records
$comments = $this->_db->fetch($sql);
##Populate the XML
if (empty($comments) || !is_array($comments)) {
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
} else {
$entries = array();
foreach ($comments as $c) {
$entries[$c['entry_id']]['commenting'] = $c['commenting'];
$entries[$c['entry_id']]['comments'][] = $c;
}
if (in_array("pagination-info", $this->_dsFilterXMLFIELDS)) {
$pageinfo = new XMLElement("pagination-info");
$pageinfo->setAttribute("total-comments", $kTotalCommentCount);
$pageinfo->setAttribute("total-pages", $kTotalPages);
$pageinfo->setAttribute("comment-per-page", $limit);
$pageinfo->setAttribute("current-page", $kPageNumber);
$xml->addChild($pageinfo);
}
foreach ($entries as $id => $row) {
$entry_data = $entryManager->fetchEntriesByID($id, false, true);
$entry = new XMLElement("entry");
$entry->setAttribute("id", $id);
$entry->setAttribute('section-id', $entry_data['section_id']);
$entry->setAttribute("handle", trim($entry_data['fields'][$entry_data['primary_field']]['handle']));
$entry->setAttribute("commenting", $row['commenting']);
$entry->addChild(new XMLElement("entry-title", trim($entry_data['fields'][$entry_data['primary_field']]['value'])));
$fields = $row['comments'];
$entry->setAttribute("count", $kTotalCommentCount);
if (is_array($fields) && !empty($fields)) {
foreach ($fields as $c) {
$comment = new XMLElement("comment");
$comment->setAttribute("id", $c['id']);
if ($c['author_id'] != NULL) {
$comment->setAttribute('authorised', 'yes');
$comment->setAttribute('author_id', $c['author_id']);
}
if (@in_array('spam', $this->_dsFilterXMLFIELDS)) {
$comment->setAttribute("spam", $c['spam']);
}
$date_local = $obDate->get(true, false, $c['creation_timestamp_gmt']);
$comment_fields = array("author" => $c['author_name'], "date" => General::createXMLDateObject($date_local), "time" => General::createXMLTimeObject($date_local), "rfc822-date" => date("D, d M Y H:i:s \\G\\M\\T", $obDate->get(false, false, $row['creation_timestamp_gmt'])), "message" => $this->_dsFilterENCODE != 'yes' ? $c['body'] : General::sanitize($c['body']), "url" => $c['author_url'], "email" => $c['author_email'], "email-hash" => md5($c['author_email']));
$this->__addChildFieldsToXML($comment_fields, $comment);
$entry->addChild($comment);
}
}
$xml->addChild($entry);
}
}
##------------------------------
##Write To Cache
if ($param['caching']) {
$result = $xml->generate($param['indent'], $param['indent-depth']);
$this->write_to_cache($hash_id, $result, $this->_cache_sections);
return $result;
}
return $xml;
}
* Symphony web publishing system
*
* Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
*
* @version 1.7
* @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
*
***/
if (!defined("__IN_SYMPHONY__")) {
die("<h2>Symphony Fatal Error</h2><p>You cannot directly access this file</p>");
}
$sql = "SELECT data_sources as `master_data_sources`, events as `master_events`\n\t\t\tFROM `tbl_masters`\n\t\t\tWHERE `id` = '" . $_REQUEST['master'] . "' LIMIT 1";
$master_data_sources = $db->fetchVar('master_data_sources', 0, $sql);
$master_data_sources = preg_split('/,/', $master_data_sources, -1, PREG_SPLIT_NO_EMPTY);
$master_data_sources = array_map("trim", $master_data_sources);
$master_events = $db->fetchVar('master_events', 0, $sql);
$master_events = preg_split('/,/', $master_events, -1, PREG_SPLIT_NO_EMPTY);
$master_events = array_map("trim", $master_events);
$datasources = preg_split('/,/', $_REQUEST['datasources'], -1, PREG_SPLIT_NO_EMPTY);
$datasources = array_map("trim", $datasources);
$events = preg_split('/,/', $_REQUEST['events'], -1, PREG_SPLIT_NO_EMPTY);
$events = array_map("trim", $events);
$datasources = array_merge($datasources, $master_data_sources);
$events = array_merge($events, $master_events);
$utilities = $db->fetch("SELECT DISTINCT t1.*\n\t\t\t\t\t\t\t FROM `tbl_utilities` as t1\n\t\t\t\t\t\t\t LEFT JOIN `tbl_utilities2datasources` as t2 ON t1.id = t2.utility_id\n\t\t\t\t\t\t\t LEFT JOIN `tbl_utilities2events` as t3 ON t1.id = t3.utility_id\n\t\t\t\t\t\t\t WHERE (t2.`data_source` IS NULL AND t3.`event` IS NULL)\n\t\t\t\t\t\t\t OR (t2.`data_source` IN ('" . @implode("', '", $datasources) . "')\n\t\t\t\t\t\t\t OR t3.`event` IN ('" . @implode("', '", $events) . "'))");
foreach ($utilities as $u) {
$utility = new XMLElement("utility");
$utility->addChild(new XMLElement("name", $u['name']));
$utility->addChild(new XMLElement("link", URL . "/symphony/?page=/blueprint/utilities/edit/&id=" . $u['id']));
$xml->addChild($utility);
}
function trigger()
{
$result = new XMLElement("send-email");
$fields['recipient_username'] = $_POST['recipient-username'];
$fields['email'] = $_POST['email'];
$fields['name'] = $_POST['name'];
$fields['subject'] = stripslashes(strip_tags($_POST['subject']));
$fields['message'] = stripslashes(strip_tags($_POST['message']));
$fields = array_map("trim", $fields);
## Create the cookie elements
$cookie = new XMLElement("cookie");
$cookie->addChild(new XMLElement("name", $fields['name']));
$cookie->addChild(new XMLElement("email", $fields['email']));
$cookie->addChild(new XMLElement("subject", $fields['subject']));
$cookie->addChild(new XMLElement("message", General::sanitize($fields['message'])));
$result->addChild($cookie);
$usernames = @implode("', '", @explode(" ", $fields['recipient_username']));
$email_addresses = $this->_parent->_db->fetchCol("email", "SELECT `email` FROM `tbl_authors` WHERE `username` IN ('" . $usernames . "')");
$canProceed = true;
if ($fields['email'] == "" || $fields['name'] == "" || $fields['subject'] == "" || $fields['message'] == "") {
$xMissing = new XMLElement("missing");
if ($fields['email'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "email");
$xMissing->addChild($missing);
}
if ($fields['name'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "name");
$xMissing->addChild($missing);
}
if ($fields['subject'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "subject");
$xMissing->addChild($missing);
}
if ($fields['message'] == "") {
$missing = new XMLElement("input");
$missing->setAttribute("name", "message");
$xMissing->addChild($missing);
}
$result->addChild($xMissing);
$canProceed = false;
}
if (!ereg('^[a-zA-Z0-9_\\.\\-]+@[a-zA-Z0-9\\-]+\\.[a-zA-Z0-9\\-\\.]+$', $fields['email'])) {
$invalid = new XMLElement("invalid");
$xInvalid = new XMLElement("input");
$xInvalid->setAttribute("name", "email");
$invalid->addChild($xInvalid);
$result->addChild($invalid);
$canProceed = false;
}
if (!$canProceed) {
$result->setAttribute("sent", "false");
} else {
$errors = array();
foreach ($email_addresses as $e) {
if (!General::sendEmail($e, $fields['email'], $fields['name'], $fields['subject'], $fields['message'])) {
$errors[] = $fields['recipient-email'];
}
}
if (!empty($errors)) {
$result->addChild(new XMLElement("notice", "Email could not be sent. An unknown error occurred."));
$result->setAttribute("sent", "false");
} else {
$result->addChild(new XMLElement("notice", "Email sent successfully"));
$result->setAttribute("sent", "true");
}
}
return $result;
}
function grab($param = array())
{
$date = $this->_parent->getDateObj();
extract($this->_env, EXTR_PREFIX_ALL, 'env');
$where = NULL;
##Prepare the Query
if ($usernames = $this->__resolveDefine('dsFilterUSERNAME', true)) {
$where .= " AND `tbl_authors`.username " . ($this->__isDefineNotClause("dsFilterUSERNAME") ? 'NOT' : '') . " IN ('" . @implode("', '", $usernames) . "') ";
}
if ($account_type = $this->__resolveDefine("dsFilterSTATUS")) {
switch ($account_type) {
case "author":
$where .= " AND `tbl_authors`.owner = '0' AND `tbl_authors`.superuser = '******' ";
break;
case "owner":
$where .= " AND `tbl_authors`.owner = '1' ";
break;
case "administrator":
$where .= " AND `tbl_authors`.superuser = '******' ";
break;
}
}
##We are trying to preview
if (isset($param['limit'])) {
$limit = " LIMIT 0, " . $param['limit'];
} elseif ($where == NULL) {
$limit = " LIMIT 0, 50";
}
$sql = "SELECT tbl_authors.*, count(tbl_entries.id) as `entry_count` FROM `tbl_authors` " . "LEFT JOIN `tbl_entries` ON `tbl_entries`.`author_id` = `tbl_authors`.`id` " . "WHERE 1 " . $where . "GROUP BY `tbl_authors`.id " . "ORDER BY `tbl_authors`.username ASC " . $sort . $limit;
##Check Cache
$hash_id = md5(get_class($this) . $sql);
if ($param['caching'] && ($cache = $this->check_cache($hash_id))) {
return $cache;
exit;
}
##------------------------------
##Create the XML container
$xml = new XMLElement("owner");
##Grab the records
$authors = $this->_db->fetch($sql);
##Populate the XML
if (empty($authors) || !is_array($authors)) {
$xml->addChild(new XMLElement("error", "No Records Found."));
return $xml;
} else {
foreach ($authors as $row) {
$status = 'Author';
if ($row['owner'] == 1) {
$status = 'Owner';
} elseif ($row['superuser'] == 1) {
$status = 'Adminstrator';
}
##Author Details
$fields = array();
$fields["entry-count"] = $row['entry_count'];
$fields["first-name"] = $row['firstname'];
$fields["last-name"] = $row['lastname'];
$fields["email"] = $row['email'];
$fields["username"] = array($row['username'], "attr");
$fields["status"] = $status;
$fields["auth-token"] = substr(md5($row['username'] . $row['password']), 0, 8);
$author = new XMLElement("author");
$this->__addChildFieldsToXML($fields, $author);
$xml->addChild($author);
}
}
##------------------------------
##Write To Cache
if ($param['caching']) {
$result = $xml->generate($param['indent'], $param['indent-depth']);
$this->write_to_cache($hash_id, $result, $this->_cache_sections);
return $result;
}
return $xml;
}
