/**
* creates a new batch session id
*
* @parm char action to be performed
* @return int false if error, session_id if OK
*
*/
function MG_beginSession($action, $origin, $description, $flag0 = '', $flag1 = '', $flag2 = '', $flag3 = '', $flag4 = '')
{
global $_TABLES, $_USER, $_MG_CONF;
// create a new session_id
$session_id = COM_makesid();
$session_uid = intval($_USER['uid']);
$session_status = 1;
// 0 = complete, 1 = active, 2 = aborted ?? 0 not started, 1 started, 2 complete, 3 aborted?
$session_action = $action;
$session_start_time = time();
$session_end_time = time();
$session_description = addslashes($description);
$flag0 = addslashes($flag0);
$flag1 = addslashes($flag1);
$flag2 = addslashes($flag2);
$flag3 = addslashes($flag3);
$flag4 = addslashes($flag4);
$sql = "INSERT INTO {$_TABLES['mg_sessions']} " . "(session_id, session_uid, session_description, " . "session_status, session_action, session_origin, " . "session_start_time, session_end_time, session_var0, " . "session_var1, session_var2, session_var3, session_var4) " . "VALUES " . "('{$session_id}', {$session_uid}, '{$session_description}', " . "{$session_status}, '{$session_action}', '{$origin}', " . "{$session_start_time}, {$session_end_time}, '{$flag0}', " . "'{$flag1}', '{$flag2}', '{$flag3}', '{$flag4}')";
$result = DB_query($sql, 1);
if (DB_error()) {
COM_errorLog("MediaGallery: Error - Unable to create new batch session");
return false;
}
return $session_id;
}
/**
* Shows the links editor
*
* @param string $mode Used to see if we are moderating a link or simply editing one
* @param string $lid ID of link to edit
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array links plugin config vars
* @global array links plugin lang vars
* @global array core lang access vars
* @return string HTML for the link editor form
*
*/
function editlink($mode, $lid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
$retval = '';
$link_templates = COM_newTemplate(CTL_plugin_templatePath('links', 'admin'));
$link_templates->set_file('editor', 'linkeditor.thtml');
$link_templates->set_var('lang_pagetitle', $LANG_LINKS_ADMIN[28]);
$link_templates->set_var('lang_link_list', $LANG_LINKS_ADMIN[53]);
$link_templates->set_var('lang_new_link', $LANG_LINKS_ADMIN[51]);
$link_templates->set_var('lang_validate_links', $LANG_LINKS_ADMIN[26]);
$link_templates->set_var('lang_list_categories', $LANG_LINKS_ADMIN[50]);
$link_templates->set_var('lang_new_category', $LANG_LINKS_ADMIN[52]);
$link_templates->set_var('lang_admin_home', $LANG_ADMIN['admin_home']);
$link_templates->set_var('instructions', $LANG_LINKS_ADMIN[29]);
if ($mode != 'editsubmission' and !empty($lid)) {
$result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='{$lid}'");
if (DB_numRows($result) !== 1) {
$msg = COM_showMessageText($LANG_LINKS_ADMIN[25], $LANG_LINKS_ADMIN[24]);
return $msg;
}
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
$retval .= COM_showMessageText($LANG_LINKS_ADMIN[17], $LANG_LINKS_ADMIN[16]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
return $retval;
}
} else {
if ($mode == 'editsubmission') {
$result = DB_query("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '{$lid}'");
$A = DB_fetchArray($result);
} else {
$A['lid'] = COM_makesid();
$A['cid'] = '';
$A['url'] = '';
$A['description'] = '';
$A['title'] = '';
$A['owner_id'] = $_USER['uid'];
}
$A['hits'] = 0;
if (isset($_GROUPS['Links Admin'])) {
$A['group_id'] = $_GROUPS['Links Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('links.edit');
}
SEC_setDefaultPermissions($A, $_LI_CONF['default_permissions']);
$access = 3;
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_LINKS_ADMIN[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
$link_templates->set_var('link_id', $A['lid']);
if (!empty($lid) && SEC_hasRights('links.edit')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$link_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$link_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
if ($mode == 'editsubmission') {
$link_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
}
$link_templates->set_var('lang_linktitle', $LANG_LINKS_ADMIN[3]);
$link_templates->set_var('link_title', htmlspecialchars(stripslashes($A['title'])));
$link_templates->set_var('lang_linkid', $LANG_LINKS_ADMIN[2]);
$link_templates->set_var('lang_linkurl', $LANG_LINKS_ADMIN[4]);
$link_templates->set_var('max_url_length', 255);
$link_templates->set_var('link_url', $A['url']);
$link_templates->set_var('lang_includehttp', $LANG_LINKS_ADMIN[6]);
$link_templates->set_var('lang_category', $LANG_LINKS_ADMIN[5]);
$othercategory = links_select_box(3, $A['cid']);
$link_templates->set_var('category_options', $othercategory);
$link_templates->set_var('lang_ifotherspecify', $LANG_LINKS_ADMIN[20]);
$link_templates->set_var('category', $othercategory);
$link_templates->set_var('lang_linkhits', $LANG_LINKS_ADMIN[8]);
$link_templates->set_var('link_hits', $A['hits']);
$link_templates->set_var('lang_linkdescription', $LANG_LINKS_ADMIN[9]);
$link_templates->set_var('link_description', stripslashes($A['description']));
$allowed = COM_allowedHTML('links.edit') . COM_allowedAutotags();
$link_templates->set_var('lang_allowed_html', $allowed);
$link_templates->set_var('lang_save', $LANG_ADMIN['save']);
$link_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$link_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$link_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$link_templates->set_var('owner_name', $ownername);
$link_templates->set_var('owner', $ownername);
$link_templates->set_var('link_ownerid', $A['owner_id']);
$link_templates->set_var('lang_group', $LANG_ACCESS['group']);
$link_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$link_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$link_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$link_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$link_templates->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
$link_templates->set_var('gltoken_name', CSRF_TOKEN);
$link_templates->set_var('gltoken', $token);
$link_templates->parse('output', 'editor');
$retval .= $link_templates->finish($link_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function MG_sendPostCard()
{
global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST;
global $LANG_DIRECTION, $LANG_CHARSET;
$mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true));
$toname = COM_applyFilter($_POST['toname']);
$toemail = COM_applyFilter($_POST['toemail']);
$fromname = COM_applyFilter($_POST['fromname']);
$fromemail = COM_applyFilter($_POST['fromemail']);
$subject = strip_tags(COM_checkWords($_POST['subject']));
$message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message'])));
$ccself = isset($_POST['ccself']) ? 1 : 0;
$errCount = 0;
$msg = '';
if (!COM_isEmail($toemail)) {
$errCount++;
}
if (!COM_isEmail($fromemail)) {
$errCount++;
}
if (empty($subject)) {
$errCount++;
}
if (empty($message)) {
$errCount++;
}
$captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$msg = PLG_itemPreSave('mediagallery', $captchaString);
if ($msg != '') {
$errCount++;
}
if ($errCount > 0) {
return MG_editPostCard('edit', $mid, $msg);
}
$retval = '';
$aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows < 1) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$M = DB_fetchArray($result);
// trim the database
$purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
// save this one in the database
$newsubject = DB_escapeString($subject);
$newmessage = DB_escapeString($message);
$pcId = COM_makesid();
$pc_time = time();
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = (int) $_USER['uid'];
}
$sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error saving postcard");
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
$last = COM_checkSpeedlimit('mgpostcard');
if ($last > 0) {
$msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
return MG_errorHandler($msg);
}
$alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('postcard', 'postcard.thtml');
$media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
$T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
$T->parse('output', 'postcard');
$retval .= $T->finish($T->get_var('output'));
$msgData['subject'] = htmlspecialchars($subject);
$msgData['htmlmessage'] = $retval;
$msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link);
$msgData['from']['email'] = $fromemail;
$msgData['from']['name'] = $fromname;
$msgData['to'][] = array('email' => $toemail, 'name' => $toname);
if ($ccself) {
$msgData['to'][] = array('email' => $fromemail, 'name' => $fromname);
}
foreach ($_MG_CONF['validExtensions'] as $tnext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) {
$msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']);
}
}
$msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif');
COM_emailNotification($msgData);
$msgNo = 8;
// update the sent post card database...Or maybe just log it in an error log?
$logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid;
MG_postcardLog($logentry);
COM_updateSpeedlimit('mgpostcard');
header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid);
exit;
}
/**
* Shows the banner editor
*
* @param string $mode Used to see if we are moderating a banner or simply editing one
* @param string $bid ID of banner to edit
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array banner plugin config vars
* @global array banner plugin lang vars
* @global array core lang access vars
* @return string HTML for the banner editor form
*
*/
function editbanner($mode, $bid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $_BAN_CONF, $_PLUGINS, $LANG_BANNER_ADMIN, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
$retval = '';
$banner_templates = new Template($_CONF['path'] . 'plugins/banner/templates/admin/');
$banner_templates->set_file('editor', 'bannereditor.thtml');
$banner_templates->set_var('xhtml', XHTML);
$banner_templates->set_var('site_url', $_CONF['site_url']);
$banner_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$banner_templates->set_var('layout_url', $_CONF['layout_url']);
$banner_templates->set_var('lang_pagetitle', $LANG_BANNER_ADMIN[28]);
$banner_templates->set_var('lang_banner_list', $LANG_BANNER_ADMIN[53]);
$banner_templates->set_var('lang_new_banner', $LANG_BANNER_ADMIN[51]);
$banner_templates->set_var('lang_validate_banner', $LANG_BANNER_ADMIN[26]);
$banner_templates->set_var('lang_list_categories', $LANG_BANNER_ADMIN[50]);
$banner_templates->set_var('lang_new_category', $LANG_BANNER_ADMIN[52]);
$banner_templates->set_var('lang_admin_home', $LANG_ADMIN['admin_home']);
$banner_templates->set_var('instructions', $LANG_BANNER_ADMIN[29]);
$fcktoolbar_mg = '';
if (in_array('mediagallery', $_PLUGINS)) {
if (file_exists($_CONF['path_html'] . 'fckeditor/editor/plugins/mediagallery')) {
$fcktoolbar_mg = '-mg';
}
}
$banner_templates->set_var('mg', $fcktoolbar_mg);
if ($mode != 'editsubmission' and !empty($bid)) {
$result = DB_query("SELECT * FROM {$_TABLES['banner']} WHERE bid ='{$bid}'");
if (DB_numRows($result) !== 1) {
$msg = COM_startBlock($LANG_BANNER_ADMIN[24], '', COM_getBlockTemplate('_msg_block', 'header'));
$msg .= $LANG_BANNER_ADMIN[25];
$msg .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $msg;
}
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
$retval .= COM_startBlock($LANG_BANNER_ADMIN[16], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG_BANNER_ADMIN[17];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}.");
return $retval;
}
} else {
if ($mode == 'editsubmission') {
$result = DB_query("SELECT * FROM {$_TABLES['bannersubmission']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
} else {
$A['bid'] = COM_makesid();
$A['cid'] = '';
$A['url'] = '';
$A['description'] = '';
$A['title'] = '';
$A['publishstart'] = '';
$A['publishend'] = '';
$A['owner_id'] = $_USER['uid'];
}
$A['hits'] = 0;
if (isset($_GROUPS['Banner Admin'])) {
$A['group_id'] = $_GROUPS['Banner Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('banner.edit');
}
SEC_setDefaultPermissions($A, $_BAN_CONF['default_permissions']);
$access = 3;
}
$retval .= COM_startBlock($LANG_BANNER_ADMIN[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$banner_templates->set_var('banner_id', $A['bid']);
if (!empty($bid) && SEC_hasRights('banner.edit')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$banner_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$banner_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
if ($mode == 'editsubmission') {
$banner_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
}
$banner_templates->set_var('lang_bannertitle', $LANG_BANNER_ADMIN[3]);
$banner_templates->set_var('banner_title', htmlspecialchars(stripslashes($A['title'])));
$banner_templates->set_var('lang_bannerid', $LANG_BANNER_ADMIN[2]);
$banner_templates->set_var('lang_bannerurl', $LANG_BANNER_ADMIN[4]);
$banner_templates->set_var('max_url_length', 255);
$banner_templates->set_var('banner_url', $A['url']);
$banner_templates->set_var('lang_includehttp', $LANG_BANNER_ADMIN[6]);
$banner_templates->set_var('lang_category', $LANG_BANNER_ADMIN[5]);
$othercategory = banner_select_box(3, $A['cid']);
$banner_templates->set_var('category_options', $othercategory);
$banner_templates->set_var('lang_ifotherspecify', $LANG_BANNER_ADMIN[20]);
$banner_templates->set_var('category', $othercategory);
$banner_templates->set_var('lang_publishstart', $LANG_BANNER_ADMIN[61]);
$banner_templates->set_var('publishstart', $A['publishstart']);
$banner_templates->set_var('lang_publishend', $LANG_BANNER_ADMIN[62]);
$banner_templates->set_var('publishend', $A['publishend']);
$banner_templates->set_var('lang_helpdatetime', $LANG_BANNER_ADMIN[63]);
$banner_templates->set_var('lang_bannerhits', $LANG_BANNER_ADMIN[8]);
$banner_templates->set_var('banner_hits', $A['hits']);
$banner_templates->set_var('lang_bannerdescription', $LANG_BANNER_ADMIN[9]);
$banner_templates->set_var('banner_description', stripslashes($A['description']));
$banner_templates->set_var('lang_save', $LANG_ADMIN['save']);
$banner_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$banner_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$banner_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$banner_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$banner_templates->set_var('owner_name', $ownername);
$banner_templates->set_var('owner', $ownername);
$banner_templates->set_var('banner_ownerid', $A['owner_id']);
$banner_templates->set_var('lang_group', $LANG_ACCESS['group']);
$banner_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$banner_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$banner_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$banner_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$banner_templates->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
$banner_templates->set_var('gltoken_name', CSRF_TOKEN);
$banner_templates->set_var('gltoken', SEC_createToken());
$banner_templates->parse('output', 'editor');
$retval .= $banner_templates->finish($banner_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @return string HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode and $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if ($mode == 'preview') {
$tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
} else {
$tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true);
}
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_selection', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
$story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
$story_templates->set_var('cache_time', $story->EditElements('cache_time'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$postmode = $story->EditElements('postmode');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$postmode = '';
}
}
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
$postmode_list = 'plaintext,html';
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$postmode_list .= ',adveditor';
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
/**
* Return unique id
* @param string $extra additional entropy
*/
function _unique_id($extra = 'c')
{
static $dss_seeded = false;
global $_SYSTEM;
$rand_seed = COM_makesid();
$val = $rand_seed . microtime();
$val = md5($val);
$rand_seed = md5($rand_seed . $val . $extra);
return substr($val, 4, 16);
}
/**
* Displays the Static Page Editor
*
* @sp_id string ID of static page to edit
* @action string action (edit, clone or null)
* @editor string editor to use
*
*/
function PAGE_edit($sp_id, $action = '', $editor = '')
{
global $_CONF, $_SP_CONF, $_TABLES, $_USER, $LANG_STATIC;
if (!empty($sp_id) && $action == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
// // sp_old_id is not null, this is an existing page
} elseif ($action == 'edit') {
// we're creating a new staticpage, set default values
$A['sp_id'] = COM_makesid();
// make a default new/unique staticpage ID based upon the datetime
$A['sp_status'] = $_SP_CONF['status_flag'];
$A['sp_uid'] = $_USER['uid'];
// created by current user
$A['unixdate'] = time();
// date/time created
$A['sp_help'] = '';
// no help URL
$A['sp_old_id'] = '';
// sp_old_id is null, this is a new page
$A['commentcode'] = $_SP_CONF['comment_code'];
$A['sp_where'] = 1;
// top of page
$A['sp_search'] = $_SP_CONF['include_search'];
} elseif (!empty($sp_id) && $action == 'clone') {
// we're creating a new staticpage based upon an old one. get the page to be cloned
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 2));
$A = DB_fetchArray($result);
// override old page values with values unique to this page
$A['sp_id'] = COM_makesid();
// make a default new/unique staticpage ID based upon the datetime
$sp_id = $A['sp_id'];
// to ensure value displayed in field reflects updated value
$sp_title = $A['sp_title'] . ' (' . $LANG_STATIC['copy'] . ')';
$A['sp_title'] = $sp_title;
// indicate in title that this is a cloned page
$A['sp_uid'] = $_USER['uid'];
// created by current user
$A['unixdate'] = time();
// date/time created
$A['sp_hits'] = 0;
// reset page hits
$A['sp_old_id'] = '';
// sp_old_id is null, this is a new page
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
// update date and time
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']));
}
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
$A['editor'] = $editor;
return PAGE_form($A);
}
/**
* Save the current values to the database.
* Appends error messages to the $Errors property.
*
* The $forceNew parameter is a hack to force this record to be saved
* as a new record even if it already has an ID. This is only to
* handle events imported from the Calendar plugin.
*
* @param array $A Optional array of values from $_POST
* @param string $table Table name (submission or production)
* @param boolean $forceNew Hack to force this record to be "new"
* @return boolean True if no errors, False otherwise
*/
public function Save($A = '', $table = 'evlist_submissions', $forceNew = false)
{
global $_TABLES, $LANG_EVLIST, $_EV_CONF, $_USER, $_CONF;
// This is a bit of a hack, but we're going to save the old schedule
// first before changing our own values. This is done so that we
// can determine whether we have to update the repeats table, and
// is only relevant for an existing record.
if (!$this->isNew) {
$this->old_schedule = array('date_start1' => $this->date_start1, 'date_end1' => $this->date_end1, 'time_start1' => $this->time_start1, 'time_end1' => $this->time_end1, 'time_start2' => $this->time_start2, 'time_end2' => $this->time_end2, 'allday' => $this->allday, 'recurring' => $this->recurring, 'rec_data' => $this->rec_data);
} else {
// submit privilege required to submit new events
if (!$this->isSubmitter) {
return false;
}
$this->old_schedule = array();
}
// Now we can update our main record with the new info
if (is_array($A)) {
$this->SetVars($A);
$this->MakeRecData();
}
if (isset($A['eid']) && !empty($A['eid']) && !$forceNew) {
$this->isNew = false;
$oldid = COM_sanitizeID($A['eid']);
}
// Authorized to bypass the queue
if ($this->isAdmin) {
$table = 'evlist_events';
}
$this->table = $table;
if ($this->id == '') {
// If we allow users to create IDs, this could happen
$this->id = COM_makesid();
}
$ev_id_DB = DB_escapeString($this->id);
// Used often, sanitize now
// Insert or update the record, as appropriate
if (!$this->isNew) {
// Existing event, we already have a Detail object instantiated
$this->Detail->SetVars($A);
$this->Detail->ev_id = $this->id;
if (!$this->isValidRecord()) {
return $this->PrintErrors();
}
// Delete the category lookups
DB_delete($_TABLES['evlist_lookup'], 'eid', $this->id);
// Save the main event record
$sql1 = "UPDATE {$_TABLES[$this->table]} SET ";
$sql2 = "WHERE id='{$ev_id_DB}'";
// Save the new detail record & get the ID
$this->det_id = $this->Detail->Save();
// Quit now if the detail record failed
if ($this->det_id == 0) {
return false;
}
// Determine if the schedule has changed so that we need to
// update the repeat tables. If we do, any customizations will
// be lost.
if ($this->NeedRepeatUpdate($A)) {
if ($this->old_schedule['recurring'] || $this->recurring) {
// If this was, or is now, a recurring event then clear
// out the repeats and update with new ones.
// First, delete all detail records except the master
DB_query("DELETE FROM {$_TABLES['evlist_detail']}\n WHERE ev_id = '{$this->id}'\n AND det_id <> '{$this->det_id}'");
// This function sets the rec_data value.
$this->UpdateRepeats();
} else {
// this is a one-time event, update the existing instance
$sql = "UPDATE {$_TABLES['evlist_repeat']} SET\n rp_date_start = '{$this->date_start1}',\n rp_date_end = '{$this->date_end1}',\n rp_time_start1 = '{$this->time_start1}',\n rp_time_end1 = '{$this->time_end1}',\n rp_time_start2 = '{$this->time_start2}',\n rp_time_end2 = '{$this->time_end2}'\n WHERE rp_ev_id = '{$this->id}'";
DB_query($sql, 1);
}
}
} else {
// New event
if (!$this->isAdmin) {
// Override any submitted permissions if user is not an admin
$this->perm_owner = $_EV_CONF['default_permissions'][0];
$this->perm_group = $_EV_CONF['default_permissions'][1];
$this->perm_members = $_EV_CONF['default_permissions'][2];
$this->perm_anon = $_EV_CONF['default_permissions'][3];
// Set the group_id to the default
$this->group_id = (int) DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="evList Admin"');
// Set the owner to the submitter
$this->owner_id = (int) $_USER['uid'];
}
// Create a detail record
$this->Detail = new evDetail();
$this->Detail->SetVars($A);
$this->Detail->ev_id = $this->id;
if (!$this->isValidRecord()) {
return $this->PrintErrors();
}
// Save the new detail record & get the ID
$this->det_id = $this->Detail->Save();
// Quit now if the detail record failed
if ($this->det_id == 0) {
return false;
}
if ($this->table != 'evlist_submissions') {
// This function gets the rec_data value.
$this->UpdateRepeats();
//var_dump($this);die;
}
$sql1 = "INSERT INTO {$_TABLES[$this->table]} SET\n id = '" . DB_escapeString($this->id) . "', ";
$sql2 = '';
}
// Now save the categories
// First save the new category if one was submitted
if (!is_array($this->categories)) {
$this->categories = array();
}
if (isset($A['newcat']) && !empty($A['newcat'])) {
$newcat = $this->SaveCategory($A['newcat']);
if ($newcat > 0) {
$this->categories[] = $newcat;
}
}
$tmp = array();
foreach ($this->categories as $cat_id) {
$tmp[] = "('{$this->id}', '{$cat_id}')";
}
if (!empty($tmp)) {
$sql = "INSERT INTO {$_TABLES['evlist_lookup']}\n (eid, cid)\n VALUES " . implode(',', $tmp);
DB_query($sql);
}
$fld_sql = "date_start1 = '" . DB_escapeString($this->date_start1) . "',\n date_end1 = '" . DB_escapeString($this->date_end1) . "',\n time_start1 = '" . DB_escapeString($this->time_start1) . "',\n time_end1 = '" . DB_escapeString($this->time_end1) . "',\n time_start2 = '" . DB_escapeString($this->time_start2) . "',\n time_end2 = '" . DB_escapeString($this->time_end2) . "',\n recurring = '{$this->recurring}',\n rec_data = '" . DB_escapeString(serialize($this->rec_data)) . "',\n allday = '{$this->allday}',\n split = '{$this->split}',\n status = '{$this->status}',\n postmode = '" . DB_escapeString($this->postmode) . "',\n enable_reminders = '{$this->enable_reminders}',\n owner_id = '{$this->owner_id}',\n group_id = '{$this->group_id}',\n perm_owner = '{$this->perm_owner}',\n perm_group = '{$this->perm_group}',\n perm_members = '{$this->perm_members}',\n perm_anon = '{$this->perm_anon}',\n det_id = '{$this->det_id}',\n cal_id = '{$this->cal_id}',\n show_upcoming = '{$this->show_upcoming}',\n options = '" . DB_escapeString(serialize($this->options)) . "' ";
$sql = $sql1 . $fld_sql . $sql2;
//echo $sql;die;
DB_query($sql, 1);
if (DB_error()) {
$this->Errors[] = $LANG_EVLIST['err_db_saving'];
} elseif ($this->table == 'evlist_submissions' && isset($_CONF['notification']) && in_array('evlist', $_CONF['notification'])) {
$N = new Template(EVLIST_PI_PATH . '/templates/');
$N->set_file('mail', 'notify_submission.thtml');
$N->set_var(array('title' => $this->Detail->title, 'summary' => $this->Detail->summary, 'start_date' => $this->date_start1, 'end_date' => $this->date_end1, 'start_time' => $this->time_start1, 'end_time' => $this->time_end1, 'submitter' => COM_getDisplayName($this->owner_id)));
$N->parse('output', 'mail');
$mailbody = $N->finish($N->get_var('output'));
$subject = $LANG_EVLIST['notify_subject'];
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $subject, $mailbody, '', true);
}
if (empty($this->Errors)) {
return '';
} else {
return $this->PrintErrors();
}
}
/**
* Shows event editor
*
* @param string $action action we are performing: 'edit', 'clone' or 'moderate'
* @param array $A array holding the event's details
* @param string $msg an optional error message to display
* @return string HTML for event editor or error message
*
*/
function CALENDAR_edit($action, $A, $msg = '')
{
global $_CONF, $_USER, $_GROUPS, $_TABLES, $_USER, $_CA_CONF, $LANG_CAL_1, $LANG_CAL_ADMIN, $LANG10, $LANG12, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
USES_lib_admin();
$retval = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php', 'text' => $LANG_CAL_ADMIN[40]), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']), array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php?batchadmin=x', 'text' => $LANG_CAL_ADMIN[38]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
switch ($action) {
case 'edit':
case 'clone':
$blocktitle = $LANG_CAL_ADMIN[1];
// Event Editor
$saveoption = $LANG_ADMIN['save'];
// Save
break;
case 'moderate':
$blocktitle = $LANG_CAL_ADMIN[37];
// Moderate Event
$saveoption = $LANG_ADMIN['moderate'];
// Save & Approve
break;
}
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG_CAL_ADMIN[2], true);
}
$event_templates = new Template($_CONF['path'] . 'plugins/calendar/templates/admin');
$event_templates->set_file('editor', 'eventeditor.thtml');
$event_templates->set_var('lang_allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'calendar', 'description'));
$event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]);
if (!isset($A['perm_owner'])) {
$A['perm_owner'][0] = "0";
}
if (!isset($A['perm_group'])) {
$A['perm_group'][0] = "0";
}
if (!isset($A['perm_members'])) {
$A['perm_members'][0] = "0";
}
if (!isset($A['perm_anon'])) {
$A['perm_anon'][0] = "0";
}
if ($action != 'moderate' and !empty($A['eid'])) {
// Get what level of access user has to this object
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
// Uh, oh! User doesn't have access to this object
$retval .= COM_showMessageText($LANG_CAL_ADMIN[17], $LANG_ACCESS['accessdenied'], true);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
} else {
if (!isset($A['owner_id']) || $A['owner_id'] == '') {
$A['owner_id'] = $_USER['uid'];
}
if (isset($_GROUPS['Calendar Admin'])) {
$A['group_id'] = $_GROUPS['Calendar Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('calendar.edit');
}
SEC_setDefaultPermissions($A, $_CA_CONF['default_permissions']);
$access = 3;
}
if ($action == 'moderate') {
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', 'plaintext'));
} else {
if (!isset($A['postmode'])) {
$A['postmode'] = $_CONF['postmode'];
}
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', $A['postmode']));
}
$retval .= COM_startBlock($blocktitle, '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_CAL_ADMIN[41], plugin_geticon_calendar());
if (!empty($A['eid'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$event_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
$event_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$event_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
if ($action == 'moderate') {
$event_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>');
}
} else {
// new event
$A['eid'] = COM_makesid();
$A['status'] = 1;
$A['title'] = '';
$A['description'] = '';
$A['url'] = '';
$A['hits'] = 0;
// in case a start date/time has been passed from the calendar,
// pick it up for the end date/time
if (empty($A['dateend'])) {
$A['dateend'] = $A['datestart'];
}
if (empty($A['timeend'])) {
$A['timeend'] = $A['timestart'];
}
$A['event_type'] = '';
$A['location'] = '';
$A['address1'] = '';
$A['address2'] = '';
$A['city'] = '';
$A['state'] = '';
$A['zipcode'] = '';
$A['allday'] = 0;
}
$event_templates->set_var('event_id', $A['eid']);
$event_templates->set_var('lang_eventtitle', $LANG_ADMIN['title']);
$A['title'] = str_replace('{', '{', $A['title']);
$A['title'] = str_replace('}', '}', $A['title']);
$A['title'] = str_replace('"', '"', $A['title']);
$event_templates->set_var('event_title', $A['title']);
$event_templates->set_var('lang_eventtype', $LANG_CAL_1[37]);
$event_templates->set_var('lang_editeventtypes', $LANG12[50]);
$event_templates->set_var('type_options', CALENDAR_eventTypeList($A['event_type']));
$event_templates->set_var('status_checked', $A['status'] == 1 ? ' checked="checked"' : '');
$event_templates->set_var('lang_eventurl', $LANG_CAL_ADMIN[4]);
$event_templates->set_var('max_url_length', 255);
$event_templates->set_var('event_url', $A['url']);
$event_templates->set_var('lang_includehttp', $LANG_CAL_ADMIN[9]);
$event_templates->set_var('lang_eventstartdate', $LANG_CAL_ADMIN[5]);
//$event_templates->set_var('event_startdate', $A['datestart']);
$event_templates->set_var('lang_starttime', $LANG_CAL_1[30]);
// Combine date/time for easier manipulation
$A['datestart'] = trim($A['datestart'] . ' ' . $A['timestart']);
if (empty($A['datestart'])) {
$start_stamp = time();
} else {
$start_stamp = strtotime($A['datestart']);
}
$A['dateend'] = trim($A['dateend'] . ' ' . $A['timeend']);
if (empty($A['dateend'])) {
$end_stamp = time();
} else {
$end_stamp = strtotime($A['dateend']);
}
$start_month = date('m', $start_stamp);
$start_day = date('d', $start_stamp);
$start_year = date('Y', $start_stamp);
$end_month = date('m', $end_stamp);
$end_day = date('d', $end_stamp);
$end_year = date('Y', $end_stamp);
$start_hour = date('H', $start_stamp);
$start_minute = intval(date('i', $start_stamp) / 15) * 15;
if ($start_hour >= 12) {
$startampm = 'pm';
} else {
$startampm = 'am';
}
$start_hour_24 = $start_hour % 24;
if ($start_hour > 12) {
$start_hour = $start_hour - 12;
} else {
if ($start_hour == 0) {
$start_hour = 12;
}
}
$end_hour = date('H', $end_stamp);
$end_minute = intval(date('i', $end_stamp) / 15) * 15;
if ($end_hour >= 12) {
$endampm = 'pm';
} else {
$endampm = 'am';
}
$end_hour_24 = $end_hour % 24;
if ($end_hour > 12) {
$end_hour = $end_hour - 12;
} else {
if ($end_hour == 0) {
$end_hour = 12;
}
}
$month_options = COM_getMonthFormOptions($start_month);
$event_templates->set_var('startmonth_options', $month_options);
$month_options = COM_getMonthFormOptions($end_month);
$event_templates->set_var('endmonth_options', $month_options);
$day_options = COM_getDayFormOptions($start_day);
$event_templates->set_var('startday_options', $day_options);
$day_options = COM_getDayFormOptions($end_day);
$event_templates->set_var('endday_options', $day_options);
$year_options = COM_getYearFormOptions($start_year);
$event_templates->set_var('startyear_options', $year_options);
$year_options = COM_getYearFormOptions($end_year);
$event_templates->set_var('endyear_options', $year_options);
if (isset($_CA_CONF['hour_mode']) && $_CA_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($start_hour_24, 24);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour_24, 24);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 24);
} else {
$hour_options = COM_getHourFormOptions($start_hour);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 12);
}
$event_templates->set_var('startampm_selection', CALENDAR_getAmPmFormSelection('start_ampm', $startampm, 'update_ampm()'));
$event_templates->set_var('endampm_selection', CALENDAR_getAmPmFormSelection('end_ampm', $endampm));
$event_templates->set_var('startminute_options', COM_getMinuteFormOptions($start_minute, 15));
$event_templates->set_var('endminute_options', COM_getMinuteFormOptions($end_minute, 15));
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_eventenddate', $LANG_CAL_ADMIN[6]);
$event_templates->set_var('event_enddate', $A['dateend']);
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_endtime', $LANG_CAL_1[29]);
$event_templates->set_var('lang_alldayevent', $LANG_CAL_1[31]);
if ($A['allday'] == 1) {
$event_templates->set_var('allday_checked', 'checked="checked"');
}
$event_templates->set_var('lang_location', $LANG12[51]);
$event_templates->set_var('event_location', $A['location']);
$event_templates->set_var('lang_addressline1', $LANG12[44]);
$event_templates->set_var('event_address1', $A['address1']);
$event_templates->set_var('lang_addressline2', $LANG12[45]);
$event_templates->set_var('event_address2', $A['address2']);
$event_templates->set_var('lang_city', $LANG12[46]);
$event_templates->set_var('event_city', $A['city']);
$event_templates->set_var('lang_state', $LANG12[47]);
$event_templates->set_var('state_options', '');
$event_templates->set_var('event_state', $A['state']);
$event_templates->set_var('lang_zipcode', $LANG12[48]);
$event_templates->set_var('event_zipcode', $A['zipcode']);
$event_templates->set_var('lang_eventlocation', $LANG_CAL_ADMIN[7]);
$event_templates->set_var('event_location', $A['location']);
$event_templates->set_var('lang_eventdescription', $LANG_CAL_ADMIN[8]);
$event_templates->set_var('event_description', $A['description']);
$event_templates->set_var('lang_hits', $LANG10[30]);
$event_templates->set_var('hits', COM_numberFormat($A['hits']));
$event_templates->set_var('lang_save', $saveoption);
$event_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$event_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$event_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$event_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$event_templates->set_var('owner_name', $ownername);
$event_templates->set_var('owner', $ownername);
$event_templates->set_var('owner_id', $A['owner_id']);
$event_templates->set_var('lang_group', $LANG_ACCESS['group']);
$event_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$event_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$event_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$event_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$event_templates->set_var('gltoken_name', CSRF_TOKEN);
$event_templates->set_var('gltoken', SEC_createToken());
$event_templates->parse('output', 'editor');
$retval .= $event_templates->finish($event_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function MAPS_importCSV($FILES = '', $map_id, $separator = ';', $fields, $valid = false, $filename = '')
{
global $_CONF, $_TABLES, $LANG24, $LANG_MAPS_1, $_USER;
if ($map_id == '') {
return MAPS_message('Map ID is missing');
}
if (!in_array($separator, array(',', 'tab', ';'))) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/maps/import_export.php');
exit;
}
if ($valid == false) {
// OK, let's upload csv file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
//Debug with story debug function
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv'));
if (!$upload->setPath($_CONF['path_data'])) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $upload->printErrors(false);
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$curfile = current($FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filename = 'import_markers_' . COM_makesid() . '.' . $fextension;
}
if ($filename == '') {
return MAPS_message('Houston, we have a problem.');
}
$upload->setFileNames($filename);
reset($FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$msg = $upload->printErrors(false);
return MAPS_message($msg, $LANG24[30]);
}
$retval = '<p>' . $LANG_MAPS_1['markers_to_add'] . ' ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$map_id}") . '</p><ul>';
} else {
$retval = '<p>' . $LANG_MAPS_1['markers_added'] . ' ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$map_id}") . '</p><ul>';
}
//open file and record markers
$row = 1;
$marker = array();
$valid_fields = MAPS_getFieldsImportExport();
if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) {
if ($separator == 'tab') {
$separator = "\t";
}
$iteration = 0;
while (($field_read = fgetcsv($handle, 0, $separator)) !== FALSE) {
$iteration++;
for ($i = 27; $i > -1; $i = $i - 1) {
if ($fields[$i] == $valid_fields[$i]) {
$marker[$i] = $field_read[$i];
} else {
if (!isset($marker[$i])) {
$marker[$i] = '';
}
while ($position = current($valid_fields)) {
if ($position == $fields[$i]) {
$key = key($valid_fields);
$marker[$key] = $field_read[$i];
}
next($valid_fields);
}
reset($valid_fields);
}
}
if ($marker[3] == '') {
ksort($marker);
$retval = '<table style="margin:20px;" border="1">';
foreach ($marker as $key => $val) {
$retval .= "<tr><td><font size=2>" . $key . "</td><td><font size=2>" . $val . "</td></tr>";
}
$retval .= "</table>";
return MAPS_message($LANG_MAPS_1['name_missing'] . ' | Line: ' . $iteration . $retval);
}
if ($marker[0] == '' && $marker[1] == '') {
return MAPS_message($LANG_MAPS_1['need_address']);
}
if ($valid == false) {
$retval .= '<li>#' . $iteration . ' Name: ' . $marker[3] . '<br' . XHTML . '>Address: ' . $marker[0] . '<br' . XHTML . '>Lat: ' . $marker[1] . ' | Lng: ' . $marker[2] . '<br' . XHTML . '>Description: ' . $marker[4] . '<br' . XHTML . '>mk_default: ' . $marker[5] . ' | mk_pcolor: ' . $marker[6] . ' | mk_scolor: ' . $marker[7] . ' | mk_label: ' . $marker[8] . ' | mk_label_color: ' . $marker[9] . '<br' . XHTML . '>street: ' . $marker[10] . '<br' . XHTML . '>code: ' . $marker[11] . ' | city: ' . $marker[12] . '<br' . XHTML . '>state: ' . $marker[13] . ' | country: ' . $marker[14] . '<br' . XHTML . '>tel: ' . $marker[15] . ' | fax: ' . $marker[16] . '<br' . XHTML . '>web: ' . $marker[17] . '<br' . XHTML . '>item_1: ' . $marker[18] . ' | item_2: ' . $marker[19] . ' | item_3: ' . $marker[20] . ' | item_4: ' . $marker[21] . ' | item_5: ' . $marker[22] . ' | item_6: ' . $marker[23] . ' | item_7: ' . $marker[24] . ' | item_8: ' . $marker[25] . ' | item_9: ' . $marker[26] . ' | item_10: |' . $marker[27] . '<br' . XHTML . '>Map id: ' . $map_id . ' | ' . 'Owner id: ' . $_USER['uid'] . '<br' . XHTML . '> ';
} else {
ksort($marker);
$markers = '';
foreach ($marker as $key => $value) {
if ($key != 0) {
$markers .= ",";
}
// prepare strings for insertion
switch ($key) {
case '0':
//address
$val[0] = $value;
$type = array(0 => 'text');
MAPS_filterVars($type, $val);
//MAPS_convert_to ( $val[0], $_CONF['default_charset'] );
$address = $val[0];
break;
case '1':
//lat
if ($value == '') {
$lat = $lng = '';
$coords = MAPS_getCoords($address, $lat, $lng);
$value = $lat;
}
break;
case '2':
//lng
if ($value == '') {
$value = $lng;
}
break;
default:
$val[0] = $value;
$type = array(0 => 'text');
MAPS_filterVars($type, $val);
//MAPS_convert_to ( $val[0], $_CONF['default_charset'] );
$value = $val[0];
break;
}
$markers .= " '" . $value . "'";
}
//pause 1/10 second to avoid
$nano = time_nanosleep(0, 100000);
if ($nano === true) {
$mkid = date('YmdHis') . $iteration;
}
$created = $modified = date("Ymd");
$sql = "INSERT INTO {$_TABLES['maps_markers']} (\n\t\t\t\t mkid,\n\t\t\t\t mid,\n\t\t\t\t owner_id,\n\t\t\t\t created, modified,\n\t\t\t\t address, lat, lng, name, description, mk_default, mk_pcolor, mk_scolor, mk_label, mk_label_color,\n\t\t\t\t street, code, city, state, country, tel, fax, web, item_1, item_2, item_3, item_4, item_5, item_6,\n\t\t\t\t item_7, item_8, item_9, item_10) VALUES (\n\t\t\t\t {$mkid},\n\t\t\t\t {$map_id},\n\t\t\t\t {$_USER['uid']},\n\t\t\t\t {$created}, {$modified},\n\t\t\t\t {$markers})";
$mkid_exists = DB_getItem($_TABLES['maps_markers'], 'mkid', "mkid={$mkid}");
DB_query("SET character_set_results = 'utf8', character_set_client = 'utf8', character_set_connection = 'utf8', character_set_database = 'utf8', character_set_server = 'utf8'");
if ($mkid_exists == '' and $mkid != '') {
DB_query($sql, 0);
} else {
COM_errorLog('MAPS - Duplicate mkid during import from ' . $filename);
}
$mkid = '';
$retval .= '<li>' . stripslashes($marker[3]) . ' | ' . stripslashes($marker[0]);
}
}
fclose($handle);
}
$retval .= '</ul>';
if ($valid == false) {
$validation = '<p><form name="import" action="' . $_CONF['site_url'] . '/admin/plugins/maps/import_export.php?mode=valid" method="POST">';
$validation .= '<input type="hidden" name="filename" value="' . $filename . '">';
$validation .= '<input type="hidden" name="mid" value="' . $map_id . '">';
$validation .= '<input type="hidden" name="separator_in" value="' . $separator . '">';
$validation .= '<input type="submit" name="submit" value="' . $LANG_MAPS_1['yes'] . '"> ';
foreach ($fields as $value) {
$validation .= '<input type="hidden" name="import_export[]" value="' . $value . '">';
}
$validation .= '<input type="submit" name="submit" value="' . $LANG_MAPS_1['no'] . '">';
$validation .= '</form></p>';
return MAPS_message($retval) . $validation;
} else {
return $retval;
}
}
/**
* Create session id
*
* Creates session id
*
* @return string Session ID
*
*/
function _createID()
{
global $_SYSTEM;
$rand_seed = COM_makesid();
$val = $rand_seed . microtime();
$val = md5($val);
$rand_seed = md5($rand_seed . $val);
$id = substr($val, 3, 18);
return $id;
}
function _MG_getFile($filename, $file, $albums, $caption = '', $description = '', $upload = 1, $purgefiles = 0, $filetype, $atttn, $thumbnail, $keywords = '', $category = 0, $dnc = 0, $replace = 0, $userid)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
$errors = 0;
$errMsg = '';
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
clearstatcache();
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($MG_albums[$albums]->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
sleep(1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username']) || $_USER['username'] == '') {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . '/' . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
return array(false, $errMsg);
}
$filename = $tmpPath;
if ($replace > 0) {
$new_media_id = $replace;
} else {
$new_media_id = COM_makesid();
}
$media_time = time();
$media_upload_time = time();
$media_user_id = $userid;
$mimeInfo = IMG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, "."), 1));
$mimeInfo['type'] = $mimeExt;
if (!isset($mimeInfo['mime_type']) || $mimeInfo['mime_type'] == '') {
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if (isset($mimeInfo['id3v2']['APIC'][0]['mime']) && $mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
$file_extension = strtolower(substr(strrchr($file, "."), 1));
switch ($file_extension) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
$mimeInfo['type'] = 'file';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
} else {
$mimeInfo['mime_type'] = 'application/octet-stream';
}
$mimeExt = $file_extension;
break;
}
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if (!($MG_albums[$albums]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . DB_escapeString($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
$mimeExtLower = strtolower($mimeExt);
if ($mimeExtLower == 'php') {
$mimeExt = 'phps';
} else {
if ($mimeExtLower == 'pl') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'cgi') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'py') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'sh') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'rb') {
$mimeExt = 'txt';
}
}
}
}
}
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
if ($mimeType == 'image/psd' || $mimeType == 'image/x-targa' || $mimeType == 'image/tga' || $mimeType == 'image/photoshop' || $mimeType == 'image/x-photoshop' || $mimeType == 'image/psd' || $mimeType == 'application/photoshop' || $mimeType == 'application/psd' || $mimeType == 'image/tiff') {
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . ".jpg";
$media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . ".jpg";
} else {
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
}
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $albums, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($MG_albums[$albums]->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $albums, 1);
if ($rc == TRUE) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $albums, 1);
$rc2 = MG_watermark($media_disp, $albums, 0);
if ($rc1 == TRUE && $rc2 == TRUE) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if ($mimeType != 'image/tga' && $mimeType != 'image/x-targa' && $mimeType != 'image/tiff') {
if ($mimeType != 'image/photoshop' && $mimeType != 'image/x-photoshop' && $mimeType != 'image/psd' && $mimeType != 'application/photoshop' && $mimeType != 'application/psd') {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($albums, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
$rc = @copy($filename, $media_orig);
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = DB_escapeString($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = DB_escapeString($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = DB_escapeString($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $albums, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $MG_albums[$albums]->album_disk_usage;
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . '.jpg');
} else {
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_disk_usage=" . $quota . " WHERE album_id=" . $albums);
if ($errors) {
@unlink($tmpPath);
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . '/mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albums, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albums, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($MG_albums[$albums]->enable_html != 1) {
// if ($_MG_CONF['htmlallowed'] != 1 ) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($MG_albums[$albums]->moderate == 1 && !$MG_albums[0]->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = DB_escapeString($file);
if ($MG_albums[$albums]->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET\n\t \t\t\t\t\tmedia_filename='" . DB_escapeString($media_filename) . "',\n\t \t\t\t\t\tmedia_original_filename='{$original_filename}',\n\t \t\t\t\t\tmedia_mime_ext='" . DB_escapeString($mimeExt) . "',\n\t \t\t\t\t\tmime_type='" . DB_escapeString($mimeType) . "',\n\t \t\t\t\t\tmedia_time='" . DB_escapeString($media_time) . "',\n\t \t\t\t\t\tmedia_user_id='" . DB_escapeString($media_user_id) . "',\n\t \t\t\t\t\tmedia_type='" . DB_escapeString($mediaType) . "',\n\t \t\t\t\t\tmedia_upload_time='" . DB_escapeString($media_upload_time) . "',\n\t \t\t\t\t\tmedia_watermarked='" . DB_escapeString($successfulWatermark) . "',\n\t \t\t\t\t\tmedia_resolution_x='" . DB_escapeString($resolution_x) . "',\n\t \t\t\t\t\tmedia_resolution_y='" . DB_escapeString($resolution_y) . "'\n\t \t\t\t\t\tWHERE media_id='" . DB_escapeString($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url,artist,album,genre)\n\t VALUES ('{$new_media_id}','{$media_filename}','{$original_filename}','{$mimeExt}','1','{$mimeType}','{$media_caption}','{$media_desc}','{$media_keywords}','{$media_time}','0','0','0','0.00','{$atttn}','','1','{$media_user_id}','','0','{$mediaType}','{$media_upload_time}','{$category}','{$successfulWatermark}','0','0',{$resolution_x},{$resolution_y},0,'','{$artist}','{$musicAlbum}','{$genre}');";
DB_query($sql);
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $albums;
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('{$new_media_id}', {$albums}, {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$MG_albums[$albums]->media_count++;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $MG_albums[$albums]->media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
if ($_MG_CONF['update_parent_lastupdated'] == 1) {
$currentAID = $MG_albums[$albums]->parent;
while ($MG_albums[$currentAID]->id != 0) {
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$currentAID]->id . "'");
$currentAID = $MG_albums[$currentAID]->parent;
}
}
if ($MG_albums[$albums]->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
}
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albums);
CACHE_remove_instance('whatsnew');
}
@unlink($tmpPath);
return array(true, $errMsg);
}
/**
* Load a Story object from the sid specified, returning a status result.
* The result will either be a permission denied message, invalid SID
* message, or a loaded ok message. If it's loaded ok, then we've got all
* the exciting gubbins here.
* Only used from story admin and submit.php!
*
* @param string $sid Story Identifier, valid geeklog story id from the db.
* @param string $mode 'edit'|'view'|'clone'|'editsubmission'
* @return int from a constant.
*/
public function loadFromDatabase($sid, $mode = 'edit')
{
global $_TABLES, $_CONF, $_USER, $topic;
$sid = DB_escapeString(COM_applyFilter($sid));
$sql = array();
if (!empty($sid) && ($mode === 'edit' || $mode === 'view' || $mode === 'clone')) {
if (empty($topic)) {
$topic_sql = ' AND ta.tdefault = 1';
} else {
$topic_sql = " AND ta.tid = '{$topic}'";
}
/* Original
$sql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, "
. "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '$sid')";
*/
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl\n FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE ta.type = 'article' AND ta.id = sid {$topic_sql} AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')";
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, UNIX_TIMESTAMP(s.comment_expire) as cmt_expire_unix, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl\n FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')";
} elseif (!empty($sid) && $mode === 'editsubmission') {
/* Original
$sql['mysql'] = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, '
. 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
$sql['pgsql'] = 'SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, '
. 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
*/
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl, t.group_id, t.perm_owner, t.perm_group, t.perm_members, t.perm_anon\n FROM {$_TABLES['storysubmission']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1";
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl, t.group_id, t.perm_owner, t.perm_group, t.perm_members, t.perm_anon\n FROM {$_TABLES['storysubmission']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1";
} elseif ($mode === 'edit') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 0;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
if (isset($_CONF['default_cache_time_article'])) {
$this->_cache_time = $_CONF['default_cache_time_article'];
} else {
$this->_cache_time = 0;
}
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = $this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_title = '';
$this->_page_title = '';
$this->_meta_description = '';
$this->_meta_keywords = '';
$this->_introtext = '';
$this->_bodytext = '';
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_text_version = GLTEXT_LATEST_VERSION;
$this->_hits = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
if ($_CONF['advanced_editor'] && $_USER['advanced_editor'] && $_CONF['postmode'] !== 'plaintext' && $_CONF['postmode'] !== 'wikitext') {
$this->_advanced_editor_mode = 1;
$this->_postmode = 'adveditor';
} else {
$this->_postmode = $_CONF['postmode'];
$this->_advanced_editor_mode = 0;
}
$this->_statuscode = 0;
$this->_featured = 0;
$this->_cache_time = $_CONF['default_cache_time_article'];
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
if (isset($_GROUPS['Story Admin'])) {
$this->_group_id = $_GROUPS['Story Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('story.edit');
}
$array = array();
SEC_setDefaultPermissions($array, $_CONF['default_permissions_story']);
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_anon = $array['perm_anon'];
$this->_perm_members = $array['perm_members'];
} else {
$this->loadFromArgsArray($_POST);
}
// if we have SQL, load from it
if (!empty($sql)) {
$result = DB_query($sql);
if ($result) {
$story = DB_fetchArray($result, false);
if ($story == null) {
return STORY_INVALID_SID;
}
$this->loadFromArray($story);
/**
* The above SQL also got the story owner's username etc. from
* the DB. If the user doing the cloning is different from the
* original author, we need to fix those here.
*/
if ($mode === 'clone' && $this->_uid != $_USER['uid']) {
$this->_uid = $_USER['uid'];
$story['owner_id'] = $this->_uid;
$uResult = DB_query("SELECT username, fullname, photo, email FROM {$_TABLES['users']} WHERE uid = {$_USER['uid']}");
list($this->_username, $this->_fullname, $this->_photo, $this->_email) = DB_fetchArray($uResult);
}
if (!isset($story['owner_id'])) {
$story['owner_id'] = 1;
}
$access = SEC_hasAccess($story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], $story['perm_members'], $story['perm_anon']);
//$this->_access = min($access, SEC_hasTopicAccess($this->_tid));
//$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid));
if ($mode !== 'view') {
// When editing an article they need access to all topics article is assigned to plus edit access to article itself
$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid));
} else {
// When viewing a article we only care about if it has access to the current topic and article
$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid, $topic));
}
if ($this->_access == 0) {
return STORY_PERMISSION_DENIED;
} elseif ($this->_access == 2 && $mode !== 'view') {
return STORY_EDIT_DENIED;
} elseif ($this->_access == 2 && $mode == 'view' && ($this->_draft_flag == 1 || $this->_date > time())) {
return STORY_INVALID_SID;
}
} else {
return STORY_INVALID_SID;
}
}
if ($mode === 'editsubmission') {
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 1;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_featured = 0;
$this->_cache_time = $_CONF['default_cache_time_article'];
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_text_version = GLTEXT_LATEST_VERSION;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_statuscode = 0;
$this->_owner_id = $this->_uid;
} elseif ($mode === 'clone') {
// new story, new sid ...
$this->_sid = COM_makeSid();
$this->_old_sid = $this->_sid;
// assign ownership to current user
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_owner_id = $this->_uid;
// use current date + time
$this->_date = $this->_expire = time();
// if the original story uses comment expire, update the time
if ($this->_comment_expire != 0) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
}
// reset counters
$this->_hits = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
}
$this->sanitizeData();
return STORY_LOADED_OK;
}
/**
* Load a Story object from the sid specified, returning a status result.
* The result will either be a permission denied message, invalid SID
* message, or a loaded ok message. If it's loaded ok, then we've got all
* the exciting gubbins here.
*
* Only used from story admin and submit.php!
*
* @param $sid string Story Identifier, valid glFusion story id from the db.
* @return Integer from a constant.
*/
function loadFromDatabase($sid, $mode = 'edit')
{
global $_TABLES, $_CONF, $_USER, $_GROUPS;
$dtPublish = new Date('now', $_USER['tzid']);
$dtExpire = new Date('now', $_USER['tzid']);
$dtCmtclose = new Date('now', $_USER['tzid']);
$sid = DB_escapeString(COM_applyFilter($sid));
if (!empty($sid) && ($mode == 'edit' || $mode == 'view' || $mode == 'clone')) {
$sql = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, UNIX_TIMESTAMP(s.comment_expire) as cmt_expire_unix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '{$sid}')";
} elseif (!empty($sid) && $mode == 'moderate') {
$sql = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, ' . 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
} elseif ($mode == 'edit') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 0;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = $dtPublish->toUnix();
$this->_expire = $dtExpire->toUnix();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = $dtCmtclose->toUnix() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_title = '';
$this->_introtext = '';
$this->_bodytext = '';
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_hits = 0;
$this->_rating = 0.0;
$this->_votes = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
if ($_CONF['postmode'] != 'plaintext') {
$this->_postmode = 'html';
} else {
$this->_postmode = $_CONF['postmode'];
}
$this->_statuscode = 0;
$this->_featured = 0;
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
if (isset($_GROUPS['Story Admin'])) {
$this->_group_id = $_GROUPS['Story Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('story.edit');
}
$array = array();
SEC_setDefaultPermissions($array, $_CONF['default_permissions_story']);
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_anon = $array['perm_anon'];
$this->_perm_members = $array['perm_members'];
} else {
$this->loadFromArgsArray($_POST);
}
/* if we have SQL, load from it */
if (!empty($sql)) {
$result = DB_query($sql);
if ($result) {
$story = DB_fetchArray($result, false);
if ($story == null) {
return STORY_INVALID_SID;
}
$this->loadFromArray($story);
if (!isset($story['owner_id'])) {
$story['owner_id'] = 1;
}
if (SEC_hasRights('story.edit')) {
$this->_access = 3;
} else {
$access = SEC_hasAccess($story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], $story['perm_members'], $story['perm_anon']);
$this->_access = min($access, SEC_hasTopicAccess($this->_tid));
}
if ($this->_access == 0) {
return STORY_PERMISSION_DENIED;
} elseif ($this->_access == 2 && $mode != 'view') {
return STORY_EDIT_DENIED;
} elseif ($this->_access == 2 && $mode == 'view' && ($this->_draft_flag == 1 || $this->_date > time())) {
return STORY_INVALID_SID;
}
} else {
return STORY_INVALID_SID;
}
}
if ($mode == 'moderate') {
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 1;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_featured = 0;
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '" . DB_escapeString($this->_tid) . "'") == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_statuscode = 0;
$this->_owner_id = $this->_uid;
} elseif ($mode == 'clone') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
$this->_originalSid = '';
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = $dtPublish->toUnix();
$this->_expire = $dtExpire->toUnix();
//time();
// if the original story uses comment expire, update the time
if ($this->_comment_expire != 0) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
}
// reset counters
$this->_hits = 0;
$this->_rating = 0.0;
$this->_votes = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_owner_id = $_USER['uid'];
}
$this->_sanitizeData();
return STORY_LOADED_OK;
}
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true, 'error');
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
/* Store the first CATEGORY as the Topic ID */
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
/* Apply filters to the parameters passed by the webservice */
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
/* - START: Set all the defaults - */
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
}
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (isset($args['alternate_tid']) && $args['tid'] == $args['alternate_tid']) {
$args['alternate_tid'] = NULL;
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
/* Permissions */
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
/* - END: Set all the defaults - */
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$args['sid'] = COM_makesid();
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
/* First load the original story to check if it has been modified */
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
/* This function is also doing the security checks */
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
switch ($result) {
case STORY_DUPLICATE_SID:
if (!$args['gl_svc']) {
if (isset($args['type']) && $args['type'] == 'submission') {
$output .= STORY_edit($sid, 'moderate');
} else {
$output .= STORY_edit($sid, 'error');
}
}
return PLG_RET_ERROR;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true, 'error');
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true, 'error');
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_EMPTY_REQUIRED_FIELDS:
if (!$args['gl_svc']) {
$output .= STORY_edit($sid, 'error');
}
return PLG_RET_ERROR;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
$upload->setFieldName('file');
//@TODO - better error handling...
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true, 'error');
$output .= COM_siteFooter();
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
$curfile['name'] = '';
if (isset($_FILES['file']['name'][$z])) {
$curfile['name'] = $_FILES['file']['name'][$z];
}
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
$ai_img_num++;
} else {
$filenames[] = '';
}
}
$upload->setFileNames($filenames);
$upload->uploadFiles();
//@TODO - better error handling
if ($upload->areErrors()) {
$retval = COM_siteHeader('menu', $LANG24[30]);
$retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true, 'error');
$retval .= STORY_edit($sid, 'error');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
if ($filenames[$z] != '') {
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
}
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkImages();
if (count($errors) > 0) {
$output = COM_siteHeader('menu', $LANG24[54]);
$eMsg = $LANG24[55] . '<p>';
for ($i = 1; $i <= count($errors); $i++) {
$eMsg .= current($errors) . '<br />';
next($errors);
}
//@TODO - use return here...
$output .= COM_showMessageText($eMsg, $LANG24[54], true, 'error');
$output .= STORY_edit($sid, 'error');
$output .= COM_siteFooter();
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_olderStuff();
if ($story->type == 'submission') {
COM_setMessage(9);
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
function MG_getFile($filename, $file, $album_id, $opt = array())
{
global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id;
$caption = isset($opt['caption']) ? $opt['caption'] : '';
$description = isset($opt['description']) ? $opt['description'] : '';
$upload = isset($opt['upload']) ? $opt['upload'] : 1;
$purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0;
$filetype = isset($opt['filetype']) ? $opt['filetype'] : '';
$atttn = isset($opt['atttn']) ? $opt['atttn'] : 0;
$thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : '';
$keywords = isset($opt['keywords']) ? $opt['keywords'] : '';
$category = isset($opt['category']) ? $opt['category'] : 0;
$dnc = isset($opt['dnc']) ? $opt['dnc'] : 0;
$replace = isset($opt['replace']) ? $opt['replace'] : 0;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
// What is this?
$errors = 0;
$errMsg = '';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
$album = new mgAlbum($album_id);
$root_album = new mgAlbum(0);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: *********** Beginning media upload process...");
COM_errorLog("Filename to process: " . $filename);
COM_errorLog("UID=" . $_USER['uid']);
COM_errorLog("album access=" . $album->access);
COM_errorLog("album owner_id=" . $album->owner_id);
COM_errorLog("member_uploads=" . $album->member_uploads);
}
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($album->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
sleep(0.1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username'])) {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
$filename = $tmpPath;
$new_media_id = $replace > 0 ? $replace : COM_makesid();
$media_time = time();
$media_upload_time = $media_time;
if (!isset($_USER['uid']) || $_USER['uid'] < 1) {
$media_user_id = 1;
} else {
$media_user_id = $_USER['uid'];
}
$mimeInfo = MG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, '.'), 1));
$mimeInfo['type'] = $mimeExt;
// override the determination for some filetypes
$filetype = MG_getFileTypeFromExt($mimeExt, $filetype);
if (empty($mimeInfo['mime_type'])) {
COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection");
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']);
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
switch ($mimeExt) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
break;
default:
$mimeInfo['type'] = 'file';
$mimeInfo['mime_type'] = 'application/octet-stream';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
}
break;
}
break;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype);
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
if (!($album->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
$mimeType = $mimeInfo['mime_type'];
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype);
}
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
if ($mimeExt == 'php') {
$mimeExt = 'phps';
}
if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) {
$mimeExt = 'txt';
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
$dispExt = $mimeExt;
if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$dispExt = 'jpg';
}
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$media_disp = MG_getFilePath('disp', $media_filename, $dispExt);
$media_tn = MG_getFilePath('tn', $media_filename, $dispExt);
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: About to move/copy file");
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($album->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $album_id, 1);
if ($rc == true) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $album_id, 1);
$rc2 = MG_watermark($media_disp, $album_id, 0);
if ($rc1 == ture && $rc2 == true) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("MG Upload: Error moving uploaded file in video processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
COM_errorLog("MG Upload: Extracting audio meta data");
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in audio processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $album->album_disk_usage;
$quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt));
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
}
DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
if ($errors) {
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
$media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
$media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($album->moderate == 1 && !$root_album->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = addslashes($file);
if ($album->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'");
}
PLG_itemSaved($new_media_id, 'mediagallery');
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$album->media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id);
MG_updateAlbumLastUpdate($album->id);
if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id);
}
// MG_resetAlbumCover($album->id);
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($album_id);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
@unlink($tmpPath);
return array(true, $errMsg);
}
public function testMakesidDoesNotDuplicateAndIsInteger()
{
// Line 3073
$dummysid = date('YmdHis');
$dummysid .= rand(0, 999);
$this->assertNotEquals($dummysid, COM_makesid(), 'Error asserting return value is unique.');
$this->assertType(string, COM_makesid(), 'Error asserting return type was string.');
}
/**
* Displays the Static Page Editor
*
* @param string $sp_id ID of static page to edit
* @param string $mode Mode
* @param string $editor Editor mode? (unused?)
* @return string HTML for static pages editor
*
*/
function staticpageeditor($sp_id, $mode = '', $editor = '')
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC;
$retval = '';
if (!empty($sp_id) && $mode == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
}
} elseif ($mode == 'edit') {
$A['sp_id'] = COM_makesid();
$A['sp_uid'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_help'] = '';
$A['sp_old_id'] = '';
$A['commentcode'] = $_CONF['comment_code'];
$A['sp_where'] = 1;
// default new pages to "top of page"
} elseif (!empty($sp_id) && $mode == 'clone') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_id'] = COM_makesid();
$A['sp_uid'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_hits'] = 0;
$A['sp_old_id'] = '';
$A['commentcode'] = $_CONF['comment_code'];
}
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit');
}
if (isset($A)) {
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
if (isset($A['meta_description'])) {
$A['meta_description'] = strip_tags($A['meta_description']);
}
if (isset($A['meta_keywords'])) {
$A['meta_keywords'] = strip_tags($A['meta_keywords']);
}
$A['editor'] = $editor;
$retval = staticpageeditor_form($A);
} else {
$retval = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_STATIC['deny_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
return $retval;
}
/**
* Displays the Static Page Editor
*
* @param string $sp_id ID of static page to edit
* @param string $mode Mode
* @param string $editor Editor mode? (unused?)
* @return string HTML for static pages editor
*
*/
function staticpageeditor($sp_id, $mode = '', $editor = '')
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC, $_SP_CONF;
$retval = '';
if (!empty($sp_id) && $mode == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
}
} elseif ($mode == 'edit') {
// check if a new sp_id has been suggested
$sp_new_id = '';
if (isset($_GET['sp_new_id'])) {
$sp_new_id = COM_applyFilter($_GET['sp_new_id']);
}
if (empty($sp_new_id)) {
$A['sp_id'] = COM_makesid();
} else {
$A['sp_id'] = $sp_new_id;
}
$A['owner_id'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_help'] = '';
$A['sp_old_id'] = '';
$A['commentcode'] = $_SP_CONF['comment_code'];
$A['sp_where'] = 1;
// default new pages to "top of page"
$A['draft_flag'] = $_SP_CONF['draft_flag'];
$A['cache_time'] = $_SP_CONF['default_cache_time'];
$A['template_flag'] = '';
// Defaults to not a template
$A['template_id'] = '';
// Defaults to None
if ($_USER['advanced_editor'] == 1) {
$A['postmode'] = 'adveditor';
}
} elseif (!empty($sp_id) && $mode == 'clone') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_id'] = COM_makesid();
$A['clone_sp_id'] = $sp_id;
// need this so we can load the correct topics
$A['owner_id'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_hits'] = 0;
$A['sp_old_id'] = '';
$A['commentcode'] = $_SP_CONF['comment_code'];
}
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit');
}
if (isset($A)) {
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
if (isset($A['sp_page_title'])) {
$A['sp_page_title'] = strip_tags($A['sp_page_title']);
}
if (isset($A['meta_description'])) {
$A['meta_description'] = strip_tags($A['meta_description']);
}
if (isset($A['meta_keywords'])) {
$A['meta_keywords'] = strip_tags($A['meta_keywords']);
}
$A['editor'] = $editor;
$retval = staticpageeditor_form($A);
} else {
$retval = COM_showMessageText($LANG_STATIC['deny_msg'], $LANG_ACCESS['accessdenied']);
}
return $retval;
}
/**
* Shows event editor
*
* @param string $mode Indicates if this is a submission or a regular entry
* @param array $A array holding the event's details
* @param string $msg an optional error message to display
* @return string HTML for event editor or error message
*
*/
function CALENDAR_editEvent($mode, $A, $msg = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $_CA_CONF, $LANG_CAL_1, $LANG_CAL_ADMIN, $LANG10, $LANG12, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.options.stepMinute = 15;" . " geeklog.datetimepicker.set('start', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('end', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
$retval = '';
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG_CAL_ADMIN[2]);
}
$event_templates = COM_newTemplate(CTL_plugin_templatePath('calendar', 'admin'));
$event_templates->set_file('editor', 'eventeditor.thtml');
$allowed = '';
foreach (array('plaintext', 'html') as $pm) {
$allowed .= COM_allowedHTML('calendar.edit', false, 1, $pm);
}
$allowed .= COM_allowedAutotags();
$event_templates->set_var('lang_allowed_html', $allowed);
$event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]);
if ($mode != 'editsubmission' and !empty($A['eid'])) {
// Get what level of access user has to this object
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
// Uh, oh! User doesn't have access to this object
$retval .= COM_showMessageText($LANG_CAL_ADMIN[17], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
} else {
if (empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
}
if (isset($_GROUPS['Calendar Admin'])) {
$A['group_id'] = $_GROUPS['Calendar Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('calendar.edit');
}
SEC_setDefaultPermissions($A, $_CA_CONF['default_permissions']);
$access = 3;
}
if ($mode == 'editsubmission') {
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', 'plaintext'));
} else {
if (!isset($A['postmode'])) {
$A['postmode'] = $_CONF['postmode'];
}
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', $A['postmode']));
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_CAL_ADMIN[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
if (!empty($A['eid'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$event_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$event_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$event_templates->set_var('allow_delete', true);
$event_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$event_templates->set_var('confirm_message', $MESSAGE[76]);
if ($mode == 'editsubmission') {
$event_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
} else {
// new event
$A['eid'] = COM_makesid();
$A['title'] = '';
$A['description'] = '';
$A['url'] = '';
$A['hits'] = 0;
// in case a start date/time has been passed from the calendar,
// pick it up for the end date/time
if (empty($A['dateend'])) {
$A['dateend'] = $A['datestart'];
}
if (empty($A['timeend'])) {
$A['timeend'] = $A['timestart'];
}
$A['event_type'] = '';
$A['location'] = '';
$A['address1'] = '';
$A['address2'] = '';
$A['city'] = '';
$A['state'] = '';
$A['zipcode'] = '';
$A['allday'] = 0;
}
$event_templates->set_var('lang_eventid', $LANG_CAL_ADMIN[34]);
$event_templates->set_var('event_id', $A['eid']);
$event_templates->set_var('lang_eventtitle', $LANG_ADMIN['title']);
$A['title'] = str_replace('{', '{', $A['title']);
$A['title'] = str_replace('}', '}', $A['title']);
$A['title'] = str_replace('"', '"', $A['title']);
$event_templates->set_var('event_title', stripslashes($A['title']));
$event_templates->set_var('lang_eventtype', $LANG_CAL_1[37]);
$event_templates->set_var('lang_editeventtypes', $LANG12[50]);
$event_templates->set_var('type_options', CALENDAR_eventTypeList($A['event_type']));
$event_templates->set_var('lang_eventurl', $LANG_CAL_ADMIN[4]);
$event_templates->set_var('max_url_length', 255);
$event_templates->set_var('event_url', $A['url']);
$event_templates->set_var('lang_includehttp', $LANG_CAL_ADMIN[9]);
$event_templates->set_var('lang_eventstartdate', $LANG_CAL_ADMIN[5]);
//$event_templates->set_var('event_startdate', $A['datestart']);
$event_templates->set_var('lang_starttime', $LANG_CAL_1[30]);
// Combine date/time for easier manipulation
$A['datestart'] = trim($A['datestart'] . ' ' . $A['timestart']);
if (empty($A['datestart'])) {
$start_stamp = time();
} else {
$start_stamp = strtotime($A['datestart']);
}
$A['dateend'] = trim($A['dateend'] . ' ' . $A['timeend']);
if (empty($A['dateend'])) {
$end_stamp = time();
} else {
$end_stamp = strtotime($A['dateend']);
}
$start_month = date('m', $start_stamp);
$start_day = date('d', $start_stamp);
$start_year = date('Y', $start_stamp);
$end_month = date('m', $end_stamp);
$end_day = date('d', $end_stamp);
$end_year = date('Y', $end_stamp);
$start_hour = date('H', $start_stamp);
$start_minute = intval(date('i', $start_stamp) / 15) * 15;
if ($start_hour >= 12) {
$startampm = 'pm';
} else {
$startampm = 'am';
}
$start_hour_24 = $start_hour % 24;
if ($start_hour > 12) {
$start_hour = $start_hour - 12;
} else {
if ($start_hour == 0) {
$start_hour = 12;
}
}
$end_hour = date('H', $end_stamp);
$end_minute = intval(date('i', $end_stamp) / 15) * 15;
if ($end_hour >= 12) {
$endampm = 'pm';
} else {
$endampm = 'am';
}
$end_hour_24 = $end_hour % 24;
if ($end_hour > 12) {
$end_hour = $end_hour - 12;
} else {
if ($end_hour == 0) {
$end_hour = 12;
}
}
$month_options = COM_getMonthFormOptions($start_month);
$event_templates->set_var('startmonth_options', $month_options);
$month_options = COM_getMonthFormOptions($end_month);
$event_templates->set_var('endmonth_options', $month_options);
$day_options = COM_getDayFormOptions($start_day);
$event_templates->set_var('startday_options', $day_options);
$day_options = COM_getDayFormOptions($end_day);
$event_templates->set_var('endday_options', $day_options);
$year_options = COM_getYearFormOptions($start_year);
$event_templates->set_var('startyear_options', $year_options);
$year_options = COM_getYearFormOptions($end_year);
$event_templates->set_var('endyear_options', $year_options);
if (isset($_CA_CONF['hour_mode']) && $_CA_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($start_hour_24, 24);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour_24, 24);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 24);
} else {
$hour_options = COM_getHourFormOptions($start_hour);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 12);
}
$event_templates->set_var('startampm_selection', COM_getAmPmFormSelection('start_ampm', $startampm));
$event_templates->set_var('endampm_selection', COM_getAmPmFormSelection('end_ampm', $endampm));
$event_templates->set_var('startminute_options', COM_getMinuteFormOptions($start_minute, 15));
$event_templates->set_var('endminute_options', COM_getMinuteFormOptions($end_minute, 15));
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_eventenddate', $LANG_CAL_ADMIN[6]);
$event_templates->set_var('event_enddate', $A['dateend']);
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_endtime', $LANG_CAL_1[29]);
$event_templates->set_var('lang_alldayevent', $LANG_CAL_1[31]);
if ($A['allday'] == 1) {
$event_templates->set_var('allday_checked', 'checked="checked"');
}
$event_templates->set_var('lang_location', $LANG12[51]);
$event_templates->set_var('event_location', stripslashes($A['location']));
$event_templates->set_var('lang_addressline1', $LANG12[44]);
$event_templates->set_var('event_address1', stripslashes($A['address1']));
$event_templates->set_var('lang_addressline2', $LANG12[45]);
$event_templates->set_var('event_address2', stripslashes($A['address2']));
$event_templates->set_var('lang_city', $LANG12[46]);
$event_templates->set_var('event_city', stripslashes($A['city']));
$event_templates->set_var('lang_state', $LANG12[47]);
$event_templates->set_var('state_options', '');
$event_templates->set_var('event_state', stripslashes($A['state']));
$event_templates->set_var('lang_zipcode', $LANG12[48]);
$event_templates->set_var('event_zipcode', $A['zipcode']);
$event_templates->set_var('lang_eventlocation', $LANG_CAL_ADMIN[7]);
$event_templates->set_var('event_location', stripslashes($A['location']));
$event_templates->set_var('lang_eventdescription', $LANG_CAL_ADMIN[8]);
$event_templates->set_var('event_description', stripslashes($A['description']));
$event_templates->set_var('lang_hits', $LANG10[30]);
$event_templates->set_var('hits', COM_numberFormat($A['hits']));
$event_templates->set_var('lang_save', $LANG_ADMIN['save']);
$event_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$event_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$event_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$event_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$event_templates->set_var('owner_name', $ownername);
$event_templates->set_var('owner', $ownername);
$event_templates->set_var('owner_id', $A['owner_id']);
$event_templates->set_var('lang_group', $LANG_ACCESS['group']);
$event_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$event_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$event_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$event_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$event_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$event_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$event_templates->set_var('gltoken_name', CSRF_TOKEN);
$event_templates->set_var('gltoken', $token);
$event_templates->parse('output', 'editor');
$retval .= $event_templates->finish($event_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Load a Story object from the sid specified, returning a status result.
* The result will either be a permission denied message, invalid SID
* message, or a loaded ok message. If it's loaded ok, then we've got all
* the exciting gubbins here.
*
* Only used from story admin and submit.php!
*
* @param $sid string Story Identifier, valid geeklog story id from the db.
* @return Integer from a constant.
*/
function loadFromDatabase($sid, $mode = 'edit')
{
global $_TABLES, $_CONF, $_USER;
$sid = addslashes(COM_applyFilter($sid));
if (!empty($sid) && ($mode == 'edit' || $mode == 'view')) {
$sql = array();
$sql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '{$sid}')";
$sql['mssql'] = "SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, CAST(s.introtext AS text) AS introtext, CAST(s.bodytext AS text) AS bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode, " . " UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '{$sid}')";
} elseif (!empty($sid) && $mode == 'editsubmission') {
$sql = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, ' . 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
} elseif ($mode == 'edit') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 0;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = time();
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_title = '';
$this->_meta_description = '';
$this->_meta_keywords = '';
$this->_introtext = '';
$this->_bodytext = '';
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_hits = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] && $_CONF['postmode'] != 'plaintext') {
$this->_advanced_editor_mode = 1;
$this->_postmode = 'adveditor';
} else {
$this->_postmode = $_CONF['postmode'];
$this->_advanced_editor_mode = 0;
}
$this->_statuscode = 0;
$this->_featured = 0;
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
if (isset($_GROUPS['Story Admin'])) {
$this->_group_id = $_GROUPS['Story Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('story.edit');
}
$array = array();
SEC_setDefaultPermissions($array, $_CONF['default_permissions_story']);
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_anon = $array['perm_anon'];
$this->_perm_members = $array['perm_members'];
} else {
$this->loadFromArgsArray($_POST);
}
/* if we have SQL, load from it */
if (!empty($sql)) {
$result = DB_query($sql);
if ($result) {
$story = DB_fetchArray($result, false);
if ($story == null) {
return STORY_INVALID_SID;
}
$this->loadFromArray($story);
if (!isset($story['owner_id'])) {
$story['owner_id'] = 1;
}
$access = SEC_hasAccess($story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], $story['perm_members'], $story['perm_anon']);
$this->_access = min($access, SEC_hasTopicAccess($this->_tid));
if ($this->_access == 0) {
return STORY_PERMISSION_DENIED;
} elseif ($this->_access == 2 && $mode != 'view') {
return STORY_EDIT_DENIED;
} elseif ($this->_access == 2 && $mode == 'view' && ($this->_draft_flag == 1 || $this->_date > time())) {
return STORY_INVALID_SID;
}
} else {
return STORY_INVALID_SID;
}
}
if ($mode == 'editsubmission') {
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 1;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_featured = 0;
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$this->_tid}'") == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_statuscode = 0;
$this->_owner_id = $this->_uid;
}
$this->_sanitizeData();
return STORY_LOADED_OK;
}
/**
* Shows the links editor
*
* @param string $action 'edit' or 'moderate'
* @param string $lid ID of link to edit
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array links plugin config vars
* @global array links plugin lang vars
* @global array core lang access vars
* @return string HTML for the link editor form
*
*/
function LINK_edit($action, $lid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
USES_lib_admin();
$retval = '';
switch ($action) {
case 'edit':
$blocktitle = $LANG_LINKS_ADMIN[1];
// Link Editor
$saveoption = $LANG_ADMIN['save'];
// Save
break;
case 'moderate':
$blocktitle = $LANG_LINKS_ADMIN[65];
// Moderate Link
$saveoption = $LANG_ADMIN['moderate'];
// Save & Approve
break;
}
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php', 'text' => $LANG_LINKS_ADMIN[53]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$link_templates = new Template($_CONF['path'] . 'plugins/links/templates/admin/');
$link_templates->set_file('editor', 'linkeditor.thtml');
$link_templates->set_var('lang_pagetitle', $LANG_LINKS_ADMIN[28]);
$link_templates->set_var('lang_link_list', $LANG_LINKS_ADMIN[53]);
$link_templates->set_var('lang_new_link', $LANG_LINKS_ADMIN[51]);
$link_templates->set_var('lang_validate_links', $LANG_LINKS_ADMIN[26]);
$link_templates->set_var('lang_list_categories', $LANG_LINKS_ADMIN[50]);
$link_templates->set_var('lang_new_category', $LANG_LINKS_ADMIN[52]);
$link_templates->set_var('lang_admin_home', $LANG_ADMIN['admin_home']);
$link_templates->set_var('instructions', $LANG_LINKS_ADMIN[29]);
if ($action != 'moderate' and !empty($lid)) {
$result = DB_query("SELECT * FROM {$_TABLES['links']} WHERE lid ='{$lid}'");
if (DB_numRows($result) !== 1) {
$msg = COM_startBlock($LANG_LINKS_ADMIN[24], '', COM_getBlockTemplate('_msg_block', 'header'));
$msg .= $LANG_LINKS_ADMIN[25];
$msg .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $msg;
}
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
$retval .= COM_startBlock($LANG_LINKS_ADMIN[16], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG_LINKS_ADMIN[17];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
return $retval;
}
} else {
if ($action == 'moderate') {
$result = DB_query("SELECT * FROM {$_TABLES['linksubmission']} WHERE lid = '{$lid}'");
$A = DB_fetchArray($result);
} else {
$A['lid'] = COM_makesid();
$A['cid'] = '';
$A['url'] = '';
$A['description'] = '';
$A['title'] = '';
$A['owner_id'] = $_USER['uid'];
}
$A['hits'] = 0;
if (isset($_GROUPS['Links Admin'])) {
$A['group_id'] = $_GROUPS['Links Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('links.edit');
}
SEC_setDefaultPermissions($A, $_LI_CONF['default_permissions']);
$access = 3;
}
$retval .= COM_startBlock($blocktitle, '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_LINKS_ADMIN[66], plugin_geticon_links());
$link_templates->set_var('link_id', $A['lid']);
if (!empty($lid) && SEC_hasRights('links.edit')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$link_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$link_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$link_templates->set_var('delete_confirm_msg', $MESSAGE[76]);
if ($action == 'moderate') {
$link_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission">');
}
}
$link_templates->set_var('lang_linktitle', $LANG_LINKS_ADMIN[3]);
$link_templates->set_var('link_title', htmlspecialchars($A['title']));
$link_templates->set_var('lang_linkid', $LANG_LINKS_ADMIN[2]);
$link_templates->set_var('lang_linkurl', $LANG_LINKS_ADMIN[4]);
$link_templates->set_var('max_url_length', 255);
$link_templates->set_var('link_url', $A['url']);
$link_templates->set_var('lang_includehttp', $LANG_LINKS_ADMIN[6]);
$link_templates->set_var('lang_category', $LANG_LINKS_ADMIN[5]);
$othercategory = links_select_box(3, $A['cid']);
$link_templates->set_var('category_options', $othercategory);
$link_templates->set_var('lang_ifotherspecify', $LANG_LINKS_ADMIN[20]);
$link_templates->set_var('category', $othercategory);
$link_templates->set_var('lang_linkhits', $LANG_LINKS_ADMIN[8]);
$link_templates->set_var('link_hits', $A['hits']);
$link_templates->set_var('lang_linkdescription', $LANG_LINKS_ADMIN[9]);
$link_templates->set_var('link_description', $A['description']);
$link_templates->set_var('lang_save', $saveoption);
$link_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$link_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$link_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$link_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$link_templates->set_var('owner_name', $ownername);
$link_templates->set_var('owner', $ownername);
$link_templates->set_var('link_ownerid', $A['owner_id']);
$link_templates->set_var('lang_group', $LANG_ACCESS['group']);
$link_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$link_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$link_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$link_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$link_templates->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
$link_templates->set_var('gltoken_name', CSRF_TOKEN);
$link_templates->set_var('gltoken', SEC_createToken());
$link_templates->parse('output', 'editor');
$retval .= $link_templates->finish($link_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Ensure an ID contains only alphanumeric characters, dots, dashes, or underscores
*
* @param string $id the ID to sanitize
* @param boolean $new_id true = create a new ID in case we end up with an empty string
* @return string the sanitized ID
*/
public function sanitizeID($id, $new_id = true)
{
$id = str_replace(' ', '', $id);
$id = str_replace(array('/', '\\', ':', '+'), '-', $id);
$id = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $id);
if (empty($id) && $new_id) {
$id = COM_makesid();
}
return trim($id);
}
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Entering MG_getRemote()");
COM_errorLog("MG Upload: URL to process: " . htmlentities($URL));
}
$resolution_x = 0;
$resolution_y = 0;
$urlArray = array();
$urlArray = parse_url($URL);
// make sure we have the proper permissions to upload to this album....
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId);
$aResult = DB_query($sql);
$aRows = DB_numRows($aResult);
if ($aRows != 1) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
$albumInfo = DB_fetchArray($aResult);
$access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']);
if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
$errors = 0;
$errMsg = '';
sleep(1);
// We do this to make sure we don't get dupe sid's
$new_media_id = COM_makesid();
$media_time = time();
$media_upload_time = time();
$media_user_id = $_USER['uid'];
// we expect the mime type (player type) to be passed to this function
// - Image
// - Video - Windows Media
// - Video - QuickTime
// - Video - Flash Video
// - Audio - Windows Media
// - Audio - QuickTime
// - Audio - MP3
// - Embed - YouTube/Google/etc...
switch ($mimeType) {
case 'embed':
$format_type = MG_EMB;
$mimeExt = 'flv';
$mediaType = 5;
break;
case 'image/gif':
$format_type = MG_GIF;
$mimeExt = 'gif';
$mediaType = 0;
break;
case 'image/jpg':
$format_type = MG_JPG;
$mimeExt = 'jpg';
$mediaType = 0;
break;
case 'image/png':
$format_type = MG_PNG;
$mimeExt = 'png';
$mediaType = 0;
break;
case 'image/bmp':
$format_type = MG_BMP;
$mimeExt = 'bmp';
$mediaType = 0;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
$mimeExt = 'swf';
$mediaType = 1;
break;
case 'video/quicktime':
$format_type = MG_MOV;
$mimeExt = 'mov';
$mediaType = 1;
break;
case 'video/x-flv':
$format_type = MG_RFLV;
$mimeExt = 'flv';
$mediaType = 1;
break;
case 'video/x-ms-asf':
$format_type = MG_ASF;
$mimeExt = 'asf';
$mediaType = 1;
break;
case 'audio/mpeg':
$format_type = MG_MP3;
$mimeExt = 'mp3';
$mediaType = 2;
break;
case 'audio/x-ms-wma':
$format_type = MG_ASF;
$mimeExt = 'wma';
$mediaType = 2;
break;
}
if (!($MG_albums[$albumId]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
// create the unique filename to store this under
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
$disp_media_filename = $media_filename . '.' . $mimeExt;
// for remote files this will be a 0 byte file
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
// now we pretent to process the file
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_time = time();
// create a 0 byte file in the orig directory...
touch($media_orig);
if ($errors) {
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
// Now we need to process an uploaded thumbnail
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail);
COM_errorLog("MG Upload: thumbnail: " . $thumbnail);
}
if ($attachedThumbnail == 1 && $thumbnail != '') {
// see if it is remote, if yes go get it...
if (preg_match("/http/i", $thumbnail)) {
$tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg';
$rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail);
$tmp_image_size = @getimagesize($tmp_thumbnail);
if ($tmp_image_size != false) {
$resolution_x = $tmp_image_size[0];
$resolution_y = $tmp_image_size[1];
}
$thumbnail = $tmp_thumbnail;
} else {
$rc = true;
}
if ($rc == true) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName);
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) {
// && !SEC_hasRights('mediagallery.create')) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$pathParts = array();
$pathParts = explode('/', $urlArray['path']);
$ppCount = count($pathParts);
$pPath = '';
for ($i = 1; $i < $ppCount - 1; $i++) {
$pPath .= '/' . $pathParts[$i];
}
$videoFile = $pathParts[$ppCount - 1];
if ($mediaType != 5) {
$original_filename = $videoFile;
} else {
$original_filename = '';
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) {
$resolution_x = 320;
$resolution_y = 240;
}
$remoteURL = DB_escapeString($URL);
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$media_count = $albumInfo['media_count'] + 1;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'");
if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) {
if ($attachedThumbnail == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Setting album cover filename to " . $covername);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'");
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albumId);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
return array(true, $errMsg);
}
}
$tmp = substr($tmp, 0, strlen($tmp) - 4);
$sqltmp .= "({$tmp})";
} else {
$sqltmp = "WHERE (m.media_title LIKE '%{$keywords_db}%' OR m.media_desc LIKE '%{$keywords_db}%' OR m.media_keywords LIKE '%{$keywords_db}%')";
}
}
}
if ($category != 0) {
$sqltmp .= " AND m.media_category=" . (int) $category;
}
if ($users > 0) {
$sqltmp .= " AND m.media_user_id=" . $users;
}
$sqltmp = DB_escapeString($sqltmp);
$sort_id = COM_makesid();
if (COM_isAnonUser()) {
$sort_user = 1;
} else {
$sort_user = $_USER['uid'];
}
$sort_datetime = time();
$referer = DB_escapeString($referer);
$keywords = DB_escapeString($keywords);
$sql = "INSERT INTO {$_TABLES['mg_sort']} (sort_id,sort_user,sort_query,sort_results,sort_datetime,referer,keywords)\n VALUES ('{$sort_id}',{$sort_user},'{$sqltmp}',{$numresults},{$sort_datetime},'{$referer}','{$keywords}')";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error placing sort query into database");
}
$sort_purge = time() - 3660;
// 43200;
/**
* This function record in the hello queue the message to send to the specified group or to csv list
*
* @param array $vars Same as $_POST, holds all the email info
* @return string HTML with success or error message
*
*/
function send_messages($vars)
{
global $_CONF, $_TABLES, $LANG31, $LANG_HELLO01;
require_once $_CONF['path_system'] . 'lib-user.php';
$retval = '';
if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['content'])) {
$retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG31[26];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= $display .= display_mailform($vars);
return $retval;
}
// Urgent message!
if (isset($vars['priority'])) {
$priority = 1;
} else {
$priority = 0;
}
if (!empty($vars['to_group'])) {
$groupList = implode(',', USER_getChildGroups($vars['to_group']));
//Group name
$group_name = DB_query("SELECT grp_name FROM {$_TABLES['groups']} WHERE grp_id =" . $vars['to_group'] . " ");
$group_name = DB_fetchArray($group_name);
$email_group = $group_name[0];
if (isset($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
$result = DB_query($sql);
$nrows = DB_numRows($result);
$quantity = $nrows;
} else {
// OK, let's upload csv file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
//Debug with story debug function
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv', 'application/x-csv' => '.csv'));
if (!$upload->setPath($_CONF['path_data'])) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $upload->printErrors(false);
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filename = 'import_hello_' . COM_makesid() . '.' . $fextension;
}
if ($filename == '') {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= 'Upload error: csv file name is empty. Please try again...';
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
$upload->setFileNames($filename);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$msg = $upload->printErrors(false);
return $LANG24[30];
}
//email group
$email_group = $LANG_HELLO01['csv_file'];
$destinataires = array();
$separator = $vars['separator'];
if (!in_array($separator, array(',', 'tab', ';'))) {
$separator = ',';
}
if ($separator == 'tab') {
$separator = "\t";
}
if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) {
$quantity = 0;
while (($data = fgetcsv($handle, 0, $separator)) !== FALSE) {
//todo check if email is valid
if ($data[0] != '' and COM_isEmail($data[0])) {
$quantity++;
$destinataires[] = $data[0];
}
}
fclose($handle);
}
}
$retval .= COM_startBlock($LANG31[1]);
// register hello
$creation = date('YmdHi', time());
$subject = addslashes($vars['subject']);
$content = addslashes($vars['content']);
$from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']);
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello']} (subject, creation, email_group, quantity, content) VALUES ('{$subject}', '{$creation}', '{$email_group}', '{$quantity}','{$content}')";
DB_query($sql_ajout_hello);
$new_hello_id = DB_insertId();
// Loop through and send the messages in the DB!
$successes = 0;
$failures = 0;
if (!empty($vars['to_group'])) {
for ($i = 0; $i < $quantity; $i++) {
$A = DB_fetchArray($result);
$destinataire = $A['email'];
$expediteur = $from;
$date = date('YmdHi', time());
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
if ($destinataire != '') {
if (DB_query($sql_ajout_hello)) {
$successes = $successes + 1;
} else {
$failures = $failures + 1;
}
} else {
$failures = $failures + 1;
}
}
} else {
//csv file
for ($i = 0; $i < $quantity; $i++) {
$destinataire = $destinataires[$i];
$expediteur = $from;
$date = date('YmdHi', time());
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
if (DB_query($sql_ajout_hello)) {
$successes = $successes + 1;
} else {
$failures = $failures + 1;
}
}
}
if ($successes >= 0) {
$retval .= $i . ' ' . $LANG_HELLO01['email_schedule'] . '<br />' . $vars['priority'];
}
if ($failures > 0) {
$retval .= 'Oups... There was ' . $failures . ' failure(s)';
}
if (empty($vars['to_group'])) {
//list emails from csv
reset($destinataires);
$retval .= COM_makeList($destinataires);
}
$retval .= COM_endBlock();
return $retval;
}
