public function testUndoSpecialChars() { // Line 3048 $encoded = '$a{b}c>d<e"f g&h'; $decoded = '$a{b}c>d<e"f g&h'; $this->assertEquals($decoded, COM_undoSpecialChars($encoded)); }
/** * Creates the edit form * @param integer $id Optional ID, current record used if zero * @return string HTML for edit form */ public function Edit($eid = '', $rp_id = 0, $saveaction = '') { global $_CONF, $_EV_CONF, $_TABLES, $_USER, $LANG_EVLIST, $LANG_ADMIN, $_GROUPS, $LANG_ACCESS, $_SYSTEM; // If an eid is specified and this is an object, then read the // event data- UNLESS a repeat ID is given in which case we're // editing a repeat and already have the info we need. // This probably needs to change, since we should always read event // data during construction. if (!$this->isSubmitter) { // At least submit privilege required COM_404(); } elseif ($eid != '' && $rp_id == 0 && is_object($this)) { // If an id is passed in, then read that record if (!$this->Read($eid)) { return 'Invalid object ID'; } } elseif (isset($_POST['eid']) && !empty($_POST['eid'])) { // Returning to an existing form, probably due to errors $this->SetVars($_POST); // Make sure the current user has access to this event. if (!$this->hasAccess(3)) { COM_404(); } } $T = new Template($_CONF['path'] . 'plugins/evlist/templates/'); if ($_SYSTEM['disable_jquery_slimbox']) { $T->set_file('editor', 'editor.uikit.thtml'); } else { $T->set_file('editor', 'editor.thtml'); } // Basic tabs for editing both events and instances, show up on // all edit forms //$tabs = array('ev_info', 'ev_schedule', 'ev_location', 'ev_contact',); $tabs = array('ev_info', 'ev_location', 'ev_contact'); $rp_id = (int) $rp_id; if ($rp_id > 0) { // Make sure the current user has access to this event. if (!$this->hasAccess(3)) { COM_404(); } if ($saveaction == 'savefuturerepeat') { $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_future'], 'warning'); } else { $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_instance'], 'info'); } //$T->clear_var('contact_section'); $T->clear_var('category_section'); $T->clear_var('permissions_editor'); // Set the static calendar name for the edit form. Can't // change it for a single instance. $cal_name = DB_getItem($_TABLES['evlist_calendars'], 'cal_name', "cal_id='" . (int) $this->cal_id . "'"); $T->set_var(array('contact_section' => 'true', 'is_repeat' => 'true', 'cal_name' => $cal_name)); // Override our dates & times with those from the repeat. // $rp_id is passed when this is called from class evRepeat. // Maybe that should pass in the repeat's data instead to avoid // another DB lookup. An array of values could be used. $Rep = DB_fetchArray(DB_query("SELECT * \n FROM {$_TABLES['evlist_repeat']}\n WHERE rp_id='{$rp_id}'"), false); if ($Rep) { $this->date_start1 = $Rep['rp_date_start']; $this->date_end1 = $Rep['rp_date_end']; $this->time_start1 = $Rep['rp_time_start1']; $this->time_end1 = $Rep['rp_time_end1']; $this->time_start2 = $Rep['rp_time_start2']; $this->time_end2 = $Rep['rp_time_end2']; } } else { // Editing the main event record if ($this->id != '' && $this->recurring == 1) { $alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_series'], 'error'); } if ($this->isAdmin) { $tabs[] = 'ev_perms'; // Add permissions tab, event edit only $T->set_var('permissions_editor', 'true'); } $T->set_var(array('contact_section' => 'true', 'category_section' => 'true', 'upcoming_chk' => $this->show_upcoming ? EVCHECKED : '')); } $action_url = EVLIST_URL . '/event.php'; $delaction = 'delevent'; if (isset($_GET['from']) && $_GET['from'] == 'admin') { $cancel_url = EVLIST_ADMIN_URL . '/index.php'; } else { $cancel_url = EVLIST_URL . '/index.php'; } switch ($saveaction) { case 'saverepeat': case 'savefuturerepeat': case 'saveevent': break; case 'moderate': // Approving a submission $saveaction = 'approve'; $delaction = 'disapprove'; $action_url = EVLIST_ADMIN_URL . '/index.php'; $cancel_url = $_CONF['site_admin_url'] . '/moderation.php'; break; default: $saveaction = 'saveevent'; break; } $retval = ''; //$recinterval = ''; $recweekday = ''; $ownerusername = DB_getItem($_TABLES['users'], 'username', "uid='{$this->owner_id}'"); $retval .= COM_startBlock($LANG_EVLIST['event_editor']); $summary = $this->Detail->summary; $full_description = $this->Detail->full_description; $location = $this->Detail->location; if (($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) && $A['postmode'] == 'html') { $postmode = '2'; //html } else { $postmode = '1'; //plaintext $summary = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->summary))); $full_description = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->full_description))); $location = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->location))); } $starthour2 = ''; $startminute2 = ''; $endhour2 = ''; $endminute2 = ''; if ($this->date_end1 == '' || $this->date_end1 == '0000-00-00') { $this->date_end1 = $this->date_start1; } if ($this->date_start1 != '' && $this->date_start1 != '0000-00-00') { list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts($this->date_start1, $this->time_start1); } else { list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts(date('Y-m-d', time()), date('H:i:s', time())); } // The end date can't be before the start date if ($this->date_end1 >= $this->date_start1) { list($endmonth1, $endday1, $endyear1, $endhour1, $endminute1) = $this->DateParts($this->date_end1, $this->time_end1); $days_interval = Date_Calc::dateDiff($endday1, $endmonth1, $endyear1, $startday1, $startmonth1, $startyear1); } else { $days_interval = 0; $endmonth1 = $startmonth1; $endday1 = $startday1; $endyear1 = $startyear1; $endhour1 = $starthour1; $endminute1 = $startminute1; } if ($this->recurring != '1') { $T->set_var(array('recurring_show' => ' style="display:none;"', 'format_opt' => '0')); //for ($i = 1; $i <= 6; $i++) { // $T->set_var('format' . $i . 'show', ' style="display:none;"'); //} } else { $option = empty($this->rec_data['type']) ? '0' : (int) $this->rec_data['type']; $T->set_var(array('recurring_show' => '', 'recurring_checked' => EVCHECKED, 'format_opt' => $option)); } if (isset($this->rec_data['stop']) && !empty($this->rec_data['stop'])) { $T->set_var(array('stopdate' => $this->rec_data['stop'], 'd_stopdate' => EVLIST_formattedDate($this->rec_data['stop']))); } if (!empty($this->rec_data['skip'])) { $T->set_var("skipnext{$this->rec_data['skip']}_checked", EVCHECKED); } if (!empty($this->rec_data['freq'])) { $freq = (int) $this->rec_data['freq']; if ($freq < 1) { $freq = 1; } } else { $freq = 1; } $T->set_var(array('freq_text' => $LANG_EVLIST['rec_periods'][$this->rec_data['type']] . '(s)', 'rec_freq' => $freq)); foreach ($LANG_EVLIST['rec_intervals'] as $key => $str) { $T->set_var('dom_int_txt_' . $key, $str); if (is_array($this->rec_data['interval'])) { if (in_array($key, $this->rec_data['interval'])) { $T->set_var('dom_int_chk_' . $key, EVCHECKED); } } } // Set up the recurring options needed for the current event switch ($option) { case 0: break; case EV_RECUR_MONTHLY: if (is_array($this->rec_data['listdays'])) { foreach ($this->rec_data['listdays'] as $mday) { $T->set_var('mdchk' . $mday, EVCHECKED); } } break; case EV_RECUR_WEEKLY: $T->set_var('listdays_val', COM_stripslashes($rec_data[0])); if (is_array($this->rec_data['listdays']) && !empty($this->rec_data['listdays'])) { foreach ($this->rec_data['listdays'] as $day) { $day = (int) $day; if ($day > 0 && $day < 8) { $T->set_var('daychk' . $day, EVCHECKED); } } } break; case EV_RECUR_DOM: $recweekday = $this->rec_data['weekday']; break; case EV_RECUR_DATES: $T->set_var(array('stopshow' => 'style="display:none;"', 'custom_val' => implode(',', $this->rec_data['custom']))); break; } $start1 = EVLIST_TimeSelect('start1', $this->time_start1); $start2 = EVLIST_TimeSelect('start2', $this->time_start2); $end1 = EVLIST_TimeSelect('end1', $this->time_end1); $end2 = EVLIST_TimeSelect('end2', $this->time_end2); $cal_select = COM_optionList($_TABLES['evlist_calendars'], 'cal_id,cal_name', $this->cal_id, 1, 'cal_status = 1 ' . COM_getPermSQL('AND', 0, 2)); USES_class_navbar(); $navbar = new navbar(); $cnt = 0; foreach ($tabs as $id) { $navbar->add_menuitem($LANG_EVLIST[$id], 'showhideEventDiv("' . $id . '",' . $cnt . ');return false;', true); $cnt++; } $navbar->set_selected($LANG_EVLIST['ev_info']); if ($this->AdminMode) { $action_url .= '?admin=true'; } $T->set_var(array('action_url' => $action_url, 'navbar' => $navbar->generate(), 'alert_msg' => $alert_msg, 'cancel_url' => $cancel_url, 'eid' => $this->id, 'rp_id' => $rp_id, 'title' => $this->Detail->title, 'summary' => $summary, 'description' => $full_description, 'location' => $location, 'status_checked' => $this->status == 1 ? EVCHECKED : '', 'url' => $this->Detail->url, 'street' => $this->Detail->street, 'city' => $this->Detail->city, 'province' => $this->Detail->province, 'country' => $this->Detail->country, 'postal' => $this->Detail->postal, 'contact' => $this->Detail->contact, 'email' => $this->Detail->email, 'phone' => $this->Detail->phone, 'startdate1' => $this->date_start1, 'enddate1' => $this->date_end1, 'd_startdate1' => EVLIST_formattedDate($this->date_start1), 'd_enddate1' => EVLIST_formattedDate($this->date_end1), 'start_hour_options1' => $start1['hour'], 'start_minute_options1' => $start1['minute'], 'startdate1_ampm' => $start1['ampm'], 'end_hour_options1' => $end1['hour'], 'end_minute_options1' => $end1['minute'], 'enddate1_ampm' => $end1['ampm'], 'start_hour_options2' => $start2['hour'], 'start_minute_options2' => $start2['minute'], 'startdate2_ampm' => $start2['ampm'], 'end_hour_options2' => $end2['hour'], 'end_minute_options2' => $end2['minute'], 'enddate2_ampm' => $end2['ampm'], 'recurring_format_options' => EVLIST_GetOptions($LANG_EVLIST['rec_formats'], $option), 'recurring_weekday_options' => EVLIST_GetOptions(Date_Calc::getWeekDays(), $recweekday, 1), 'dailystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['day_by_date'], ''), 'monthlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'yearlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year'], $LANG_EVLIST['if_any']), 'listdays_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['days_of_week'], ''), 'listdaystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['date_l'], $LANG_EVLIST['if_any']), 'intervalstop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'custom_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['dates'], ''), 'datestart_note' => $LANG_EVLIST['datestart_note'], 'src' => isset($_GET['src']) && $_GET['src'] == 'a' ? '1' : '0', 'rem_status_checked' => $this->enable_reminders == 1 ? EVCHECKED : '', 'del_button' => $this->id == '' ? '' : 'true', 'saveaction' => $saveaction, 'delaction' => $delaction, 'owner_id' => $this->owner_id, 'enable_reminders' => $_EV_CONF['enable_reminders'], 'iso_lang' => EVLIST_getIsoLang(), 'hour_mode' => $_CONF['hour_mode'], 'days_interval' => $days_interval, 'display_format' => $_CONF['shortdate'], 'ts_start' => strtotime($this->date_start1), 'ts_end' => strtotime($this->date_end1), 'cal_select' => $cal_select, 'contactlink_chk' => $this->options['contactlink'] == 1 ? EVCHECKED : '', 'lat' => $this->Detail->lat, 'lng' => $this->Detail->lng, 'perm_msg' => $LANG_ACCESS['permmsg'], 'last' => $LANG_EVLIST['rec_intervals'][5], 'doc_url' => EVLIST_getDocURL('event.html'), 'mootools' => $_SYSTEM['disable_mootools'] ? '' : 'true')); if ($_EV_CONF['enable_rsvp']) { USES_evlist_class_tickettype(); $TickTypes = evTicketType::GetTicketTypes(); //$T->set_block('editor', 'Tickets', 'tTypes'); $tick_opts = ''; foreach ($TickTypes as $tick_id => $tick_obj) { // Check enabled tickets. Ticket type 1 enabled by default if (isset($this->options['tickets'][$tick_id]) || $tick_id == 1) { $checked = 'checked="checked"'; $fee = (double) $this->options['tickets'][$tick_id]['fee']; } else { $checked = ''; $fee = 0; } $tick_opts .= '<tr><td><input name="tickets[' . $tick_id . ']" type="checkbox" ' . $checked . ' value="' . $tick_id . '" /></td>' . '<td>' . $tick_obj->description . '</td>' . '<td><input type="text" name="tick_fees[' . $tick_id . ']" value="' . $fee . '" size="8" /></td></tr>' . LB; /*$T->set_var(array( 'tick_id' => $tic['id'], 'tick_desc' => $tic['description'], 'tick_fee' => $fee, 'tick_enabled' => $enabled ? 'checked="checked"' : '', ) ) ; //$T->parse('tTypes', 'Tickets', true);*/ } if ($_EV_CONF['rsvp_print'] > 0) { $rsvp_print_chk = 'rsvp_print_chk' . $this->options['rsvp_print']; $rsvp_print = 'true'; } else { $rsvp_print = ''; $rsvp_print_chk = 'no_rsvp_print'; } $T->set_var(array('enable_rsvp' => 'true', 'reg_chk' . $this->options['use_rsvp'] => EVCHECKED, 'rsvp_wait_chk' => $this->options['rsvp_waitlist'] == 1 ? EVCHECKED : '', 'max_rsvp' => $this->options['max_rsvp'], 'max_user_rsvp' => $this->options['max_user_rsvp'], 'rsvp_cutoff' => $this->options['rsvp_cutoff'], 'use_rsvp' => $this->options['use_rsvp'], 'rsvp_waitlist' => $this->options['rsvp_waitlist'], 'tick_opts' => $tick_opts, 'rsvp_print' => $rsvp_print, $rsvp_print_chk => 'checked="checked"')); } // if rsvp_enabled // Split & All-Day settings if ($this->allday == 1) { // allday, can't be split, no times $T->set_var(array('starttime1_show' => 'style="display:none;"', 'endtime1_show' => 'style="display:none;"', 'datetime2_show' => 'style="display:none;"', 'allday_checked' => EVCHECKED, 'split_checked' => '', 'split_show' => 'style="display:none;"')); } elseif ($this->split == '1') { $T->set_var(array('split_checked' => EVCHECKED, 'allday_checked' => '', 'allday_show' => 'style="display:none"')); } else { $T->set_var(array('datetime2_show' => 'style="display:none;"')); } // Category fields. If $_POST['categories'] is set, then this is a // form re-entry due to an error saving. Populate checkboxes from the // submitted form. Include the user-added category, if any. // If not from a form re-entry, get the checked categories from the // evlist_lookup table. if ($_EV_CONF['enable_categories'] == '1') { $cresult = DB_query("SELECT tc.id, tc.name\n FROM {$_TABLES['evlist_categories']} tc \n WHERE tc.status='1' ORDER BY tc.name"); while ($A = DB_fetchArray($cresult, false)) { if (isset($_POST['categories']) && is_array($_POST['categories'])) { // Coming from a form re-entry $chk = in_array($A['id'], $_POST['categories']) ? EVCHECKED : ''; } else { $chk = in_array($A['id'], $this->categories) ? EVCHECKED : ''; } $catlist .= '<input type="checkbox" name="categories[]" ' . 'value="' . $A['id'] . '" ' . $chk . ' />' . ' ' . $A['name'] . ' '; } $T->set_var('catlist', $catlist); if (isset($_POST['newcat'])) { $T->set_var('newcat', $_POST['newcat']); } if ($_USER['uid'] > 1 && $rp_id == 0) { $T->set_var('category_section', 'true'); $T->set_var('add_cat_input', 'true'); } } // Enable the post mode selector if we allow HTML and the user is // logged in, or if this user is an authorized editor if ($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) { $T->set_var(array('postmode_options' => EVLIST_GetOptions($LANG_EVLIST['postmodes'], $postmode), 'allowed_html' => COM_allowedHTML('evlist.submit'))); if ($postmode == 'plaintext') { // plaintext, hide postmode selector $T->set_var('postmode_show', ' style="display:none"'); } $T->parse('event_postmode', 'edit_postmode'); } if ($this->isAdmin) { $T->set_var(array('owner_username' => COM_stripslashes($ownerusername), 'owner_dropdown' => COM_optionList($_TABLES['users'], 'uid,username', $this->owner_id, 1, "uid <> 1"), 'group_dropdown' => SEC_getGroupDropdown($this->group_id, 3))); if ($rp_id == 0) { // can only change permissions on main event $T->set_var('permissions_editor', SEC_getPermissionsHTML($this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon)); } } else { $T->set_var('group_id', $this->group_id); } // Latitude & Longitude part of location, if Location plugin is used if ($_EV_CONF['use_locator']) { $T->set_var(array('use_locator' => 'true', 'loc_selection' => GEO_optionList())); } $T->parse('output', 'editor'); $retval .= $T->finish($T->get_var('output')); $retval .= COM_endBlock(); return $retval; }
/** * Handles a comment edit submission * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $mode 'edit' or 'editsubmission' * @return string HTML (possibly a refresh) */ function handleEdit($mode) { global $_TABLES, $LANG03; //get needed data $cid = COM_applyFilter($_REQUEST['cid']); if ($mode == 'editsubmission') { $table = $_TABLES['commentsubmissions']; $result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}"); list($type, $sid) = DB_fetchArray($result); } else { $sid = COM_applyFilter($_REQUEST['sid']); $type = COM_applyFilter($_REQUEST['type']); $table = $_TABLES['comments']; } //check for bad data if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } $result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'"); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $title = COM_stripslashes($A['title']); $commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment'])); //remove signature $pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">'); if ($pos > 0) { $commenttext = substr($commenttext, 0, $pos); } //get format mode if (preg_match('/<.*>/', $commenttext) != 0) { $postmode = 'html'; } else { $postmode = 'plaintext'; } } else { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter(); }
public function parse($p1, $p2 = '', $fulltag) { global $_CONF, $_TABLES, $_USER, $LANG01; USES_lib_comments(); $retval = ''; $skip = 0; $dt = new Date('now', $_USER['tzid']); // topic = specific topic or 'all' // display = how many stories to display, if 0, then all // meta = show meta data (i.e.; who when etc) // titleLink - make title a hot link // featured - 0 = show all, 1 = only featured, 2 = all except featured // frontpage - 1 = show only items marked for frontpage - 0 = show all // cols - number of columns to show // template - the template name $topic = $p1; if ($topic == 'all') { $topic = ''; } $uniqueID = md5($p1 . $p2); $display = 10; // display 10 articles $meta = 0; // do not display meta data $titleLink = 0; // do not use links in title $featured = 0; // 0 = show all, 1 = only featured, 2 = all except featured $frontpage = 0; // only show items marked for frontpage $cols = 3; // number of columns $truncate = 0; // maximum number of characters to include in story text $template = 'headlines.thtml'; $px = explode(' ', trim($p2)); if (is_array($px)) { foreach ($px as $part) { if (substr($part, 0, 8) == 'display:') { $a = explode(':', $part); $display = $a[1]; $skip++; } elseif (substr($part, 0, 5) == 'meta:') { $a = explode(':', $part); $meta = $a[1]; $skip++; } elseif (substr($part, 0, 10) == 'titlelink:') { $a = explode(':', $part); $titleLink = $a[1]; $skip++; } elseif (substr($part, 0, 9) == 'featured:') { $a = explode(':', $part); $featured = $a[1]; $skip++; } elseif (substr($part, 0, 10) == 'frontpage:') { $a = explode(':', $part); $frontpage = (int) $a[1]; $skip++; } elseif (substr($part, 0, 5) == 'cols:') { $a = explode(':', $part); $cols = $a[1]; $skip++; } elseif (substr($part, 0, 9) == 'template:') { $a = explode(':', $part); $template = $a[1]; $skip++; } elseif (substr($part, 0, 9) == 'truncate:') { $a = explode(':', $part); $truncate = (int) $a[1]; $skip++; } else { break; } } if ($skip != 0) { if (count($px) > $skip) { for ($i = 0; $i < $skip; $i++) { array_shift($px); } $caption = trim(implode(' ', $px)); } else { $caption = ''; } } } else { $caption = trim($p2); } if ($display < 0) { $display = 3; } $hash = CACHE_security_hash(); $instance_id = 'whatsnew_headlines_' . $uniqueID . '_' . $hash . '_' . $_USER['theme']; if (($cache = CACHE_check_instance($instance_id, 0)) !== FALSE) { return $cache; } $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); $sql = " (date <= NOW()) AND (draft_flag = 0)"; if (empty($topic)) { $sql .= COM_getLangSQL('tid', 'AND', 's'); } // if a topic was provided only select those stories. if (!empty($topic)) { $sql .= " AND s.tid = '" . DB_escapeString($topic) . "' "; } if ($featured == 1) { $sql .= " AND s.featured = 1 "; } else { if ($featured == 2) { $sql .= " AND s.featured = 0 "; } } if ($frontpage == 1) { $sql .= " AND frontpage = 1 "; } if ($topic != $archivetid) { $sql .= " AND s.tid != '{$archivetid}' "; } $sql .= COM_getPermSQL('AND', 0, 2, 's'); $sql .= COM_getTopicSQL('AND', 0, 's') . ' '; $userfields = 'u.uid, u.username, u.fullname'; if ($_CONF['allow_user_photo'] == 1) { $userfields .= ', u.photo'; if ($_CONF['use_gravatar']) { $userfields .= ', u.email'; } } $orderBy = ' date DESC '; $headlinesSQL = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC," . $orderBy; if ($display > 0) { $headlinesSQL .= " LIMIT " . $display; } $result = DB_query($headlinesSQL); $numRows = DB_numRows($result); if ($numRows < $cols) { $cols = $numRows; } if ($cols > 6) { $cols = 6; } if ($numRows > 0) { $T = new Template($_CONF['path'] . 'system/autotags/'); $T->set_file('page', $template); $T->set_var('columns', $cols); $T->set_block('page', 'headlines', 'hl'); $newstories = array(); while ($A = DB_fetchArray($result)) { $T->unset_var('readmore_url'); $T->unset_var('lang_readmore'); if ($A['attribution_author'] != '') { $author = $A['attribution_author']; } else { $author = $A['username']; } $title = COM_undoSpecialChars($A['title']); $title = str_replace(' ', ' ', $title); $subtitle = COM_undoSpecialChars($A['subtitle']); if ($A['story_image'] != '') { $story_image = $_CONF['site_url'] . $A['story_image']; } else { $story_image = ''; } $A['introtext'] = STORY_renderImages($A['sid'], $A['introtext']); if (!empty($A['bodytext'])) { $closingP = strrpos($A['introtext'], "</p>"); if ($closingP !== FALSE) { $text = substr($A['introtext'], 0, $closingP); $A['introtext'] = $text; } // adds the read more link $T->set_var('readmore_url', COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid'])); $T->set_var('lang_readmore', $LANG01['continue_reading']); } if ($truncate > 0) { $A['introtext'] = $this->truncateHTML($A['introtext'], $truncate, '...'); } $topicurl = $_CONF['site_url'] . '/index.php?topic=' . $A['tid']; $dt->setTimestamp($A['unixdate']); if ($A['commentcode'] >= 0) { $cmtLinkArray = CMT_getCommentLinkWithCount('article', $A['sid'], $_CONF['site_url'] . '/article.php?story=' . $A['sid'], $A['comments'], 1); $T->set_var(array('lang_comments' => '', 'comments_count' => $cmtLinkArray['comment_count'], 'comments_url' => $cmtLinkArray['url'], 'comments_url_extra' => $cmtLinkArray['url_extra'])); } else { $T->unset_var('lang_comments'); $T->unset_var('comments_count'); $T->unset_var('comments_url'); $T->unset_var('comments_url_extra'); } $T->set_var(array('titlelink' => $titleLink ? TRUE : '', 'meta' => $meta ? TRUE : '', 'lang_by' => $LANG01[95], 'lang_posted_in' => $LANG01['posted_in'], 'story_topic_url' => $topicurl, 'title' => $title, 'subtitle' => $subtitle, 'story_image' => $story_image, 'text' => PLG_replaceTags($A['introtext']), 'date' => $A['date'], 'time' => $dt->format('Y-m-d', true) . 'T' . $dt->format('H:i:s', true), 'topic' => $A['topic'], 'tid' => $A['tid'], 'author' => $author, 'author_id' => $A['uid'], 'sid' => $A['sid'], 'short_date' => $dt->format($_CONF['shortdate'], true), 'date_only' => $dt->format($_CONF['dateonly'], true), 'date' => $dt->format($dt->getUserFormat(), true), 'url' => COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']), 'attribution_url' => $A['attribution_url'], 'attribution_name' => $A['attribution_name'])); $T->parse('hl', 'headlines', true); } $retval = $T->finish($T->parse('output', 'page')); CACHE_create_instance($instance_id, $retval, 0); } return $retval; }
/** * Handle a pingback for an entry. * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET); $req->setHeader('User-Agent', 'Geeklog/' . VERSION); try { $response = $req->send(); $status = $response->getStatus(); if ($status == 200) { $body = $response->getBody(); if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if ($_CONF['pingback_excerpt']) { // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 $ctype = $response->getHeader('content-type'); $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); if (count($ch) === 2) { if (trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } } } if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); } elseif (function_exists('iconv')) { $body = @iconv($charset, COM_getCharset(), $body); } // else: tough luck ... } $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } elseif ($_CONF['check_trackback_link'] & 3) { COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } catch (HTTP_Request2_Exception $e) { if ($_CONF['check_trackback_link'] & 3) { // we were supposed to check for backlinks but didn't get the page COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
/** * Handle a pingback for an entry. * * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response * */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } else { if ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $req = new HTTP_Request($url); $req->addHeader('User-Agent', 'glFusion/' . GVERSION); $response = $req->sendRequest(); if (PEAR::isError($response)) { if ($_CONF['check_trackback_link'] & 3) { // we were supposed to check for backlinks but didn't get the page COM_errorLog("Pingback verification: " . $response->getMessage() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } // else: silently ignore errors - we'll simply do without the title } else { if ($req->getResponseCode() == 200) { $body = $req->getResponseBody(); if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if (isset($_CONF['pingback_excerpt']) && $_CONF['pingback_excerpt']) { $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } else { if ($_CONF['check_trackback_link'] & 3) { COM_errorLog("Pingback verification: Got HTTP response code " . $req->getResponseCode() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } // else: silently ignore errors - we'll simply do without the title } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
/** * Handles a comment edit submission * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $mode 'edit' or 'editsubmission' * @param string $format 'threaded', 'nested', or 'flat' * @param string $order 'ASC' or 'DESC' or blank * @param int $page Page number of comments to display * @return string HTML (possibly a refresh) */ function CMT_handleEdit($mode = '', $postmode = '', $format, $order, $page) { global $_TABLES, $LANG03, $_CONF; //get needed data $cid = 0; if (isset($_REQUEST[CMT_CID])) { $cid = COM_applyFilter($_REQUEST[CMT_CID], true); } if ($cid <= 0) { COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } $type = ''; $sid = ''; if ($mode == 'editsubmission') { $table = $_TABLES['commentsubmissions']; $result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}"); list($type, $sid) = DB_fetchArray($result); } else { $table = $_TABLES['comments']; if (isset($_REQUEST[CMT_TYPE])) { $type = COM_applyFilter($_REQUEST[CMT_TYPE]); } if (COMMENT_ON_SAME_PAGE) { list($plgurl, $plgid) = CMT_getCommentUrlId($type); if (isset($_REQUEST[$plgid])) { $sid = COM_applyFilter($_REQUEST[$plgid]); } } else { if (isset($_REQUEST['sid'])) { $sid = COM_applyFilter($_REQUEST['sid']); } } } //check for bad data if (empty($sid) || empty($type)) { COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } // Filemgmt plugin is doing special processing. // Therefore, I support specially, against my better judgment. // May should delete this code part. if ($type == 'filemgmt' and $mode != 'editsubmission') { $sid = 'fileid_' . $sid; } $result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'"); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $title = COM_stripslashes($A['title']); $commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment'])); //remove signature $pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">'); if ($pos > 0) { $commenttext = substr($commenttext, 0, $pos); } //get format mode if (preg_match('/<.*>/', $commenttext) != 0) { $postmode = 'html'; } else { $postmode = 'plaintext'; } } else { COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } return CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode, $format, $order, $page); }
/** * Send an email notification for a new submission. * * @param string $table Table where the new submission can be found * @param string $story Story object that was submitted. * */ function sendNotification($table, $story) { global $_CONF, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN; $title = COM_undoSpecialChars($story->displayElements('title')); if ($A['postmode'] == 'html') { $A['introtext'] = strip_tags($A['introtext']); } $introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext')); $storyauthor = COM_getDisplayName($story->displayelements('uid')); $topic = stripslashes(DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . $story->displayElements('tid') . '\'')); $mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . strftime($_CONF['date']) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n"; if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $introtext . "\n\n"; } if ($table == $_TABLES['storysubmission']) { $mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n"; } else { $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid()); $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n"; } $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35]; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; COM_mail($_CONF['site_mail'], $mailsubject, $mailbody); }
/** * Handles a comment edit submission * * @copyright Jared Wenerd 2008 * @author Jared Wenerd <wenerd87 AT gmail DOT com> * @return string HTML (possibly a refresh) */ function handleEdit() { global $_TABLES, $LANG03, $_USER, $_CONF, $_PLUGINS; if (isset($_POST['cid'])) { $cid = COM_applyFilter($_POST['cid'], true); } else { if (isset($_GET['cid'])) { $cid = COM_applyFilter($_GET['cid'], true); } else { $cid = -1; } } if (isset($_POST['sid'])) { $sid = COM_sanitizeID(COM_applyFilter($_POST['sid'])); } else { if (isset($_GET['sid'])) { $sid = COM_sanitizeID(COM_applyFilter($_GET['sid'])); } else { $sid = ''; } } if (isset($_POST['type'])) { $type = COM_applyFilter($_POST['type']); } else { if (isset($_GET['type'])) { $type = COM_applyFilter($_GET['type']); } else { $type = ''; } } if ($type != 'article') { if (!in_array($type, $_PLUGINS)) { $type = ''; } } if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.'); echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $result = DB_query("SELECT title,comment FROM {$_TABLES['comments']} " . "WHERE cid = " . (int) $cid . " AND sid = '" . DB_escapeString($sid) . "' AND type = '" . DB_escapeString($type) . "'"); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $title = $A['title']; $commenttext = COM_undoSpecialChars($A['comment']); //remove signature $pos = strpos($commenttext, '<!-- COMMENTSIG --><div class="comment-sig">'); if ($pos > 0) { $commenttext = substr($commenttext, 0, $pos); } //get format mode if (preg_match('/<.*>/', $commenttext) != 0) { $postmode = 'html'; } else { $postmode = 'plaintext'; } } else { COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.'); return COM_refresh($_CONF['site_url'] . '/index.php'); } $pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0; return PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, $commenttext, $sid, $pid, $type, 'edit', $postmode); }
/** * Send an email notification for a new submission. * * @param string $table Table where the new submission can be found * @param string $story Story object that was submitted. * */ function sendNotification($table, $story) { global $_CONF, $_USER, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN; $dt = new Date('now', $_USER['tzid']); $title = COM_undoSpecialChars($story->displayElements('title')); $postmode = $story->displayElements('postmode'); $introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext')); if ($postmode == 'html') { USES_lib_html2text(); $introtext = str_replace("\\r", "", $introtext); $introtext = $introtext; $html2txt = new html2text($introtext, false); $introtext = trim($html2txt->get_text()); } $storyauthor = COM_getDisplayName($story->displayelements('uid')); $topic = DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . DB_escapeString($story->displayElements('tid')) . '\''); $mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . $dt->format($_CONF['date'], true) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n"; if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $introtext . "\n\n"; } if ($table == $_TABLES['storysubmission']) { $mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n"; } else { $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid()); $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n"; } $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35]; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; $to = array(); $to = COM_formatEmailAddress('', $_CONF['site_mail']); COM_mail($to, $mailsubject, $mailbody); }
/** * Shows any new information in a block * * Return the HTML that shows any new stories, comments, etc * * @param string $help Help file for block * @param string $title Title used in block header * @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre) * @return string Return the HTML that shows any new stories, comments, etc * */ function COM_whatsNewBlock($help = '', $title = '', $position = '') { global $_CONF, $_TABLES, $_USER, $_PLUGINS, $LANG01, $LANG_WHATSNEW, $page, $newstories; if (!isset($_CONF['whatsnew_cache_time'])) { $_CONF['whatsnew_cache_time'] = 3600; } $cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_USER['theme']; $retval = CACHE_check_instance($cacheInstance, 0); if ($retval) { $lu = CACHE_get_instance_update($cacheInstance, 0); $now = time(); if ($now - $lu < $_CONF['whatsnew_cache_time']) { return $retval; } } $T = new Template($_CONF['path_layout'] . 'blocks'); $T->set_file('block', 'whatsnew.thtml'); $items_found = 0; $header = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position), 'whats_new_block'); $T->set_var('block_start', $header); $topicsql = ''; if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']); } if ($_CONF['hidenewstories'] == 0) { $archsql = ''; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if (!empty($archivetid)) { $archsql = " AND (tid <> '" . DB_escapeString($archivetid) . "')"; } // Find the newest stories $sql = "SELECT * FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND') . ' ORDER BY date DESC'; $result = DB_query($sql); $nrows = DB_numRows($result); if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'"); } $T->set_block('block', 'section', 'sectionblock'); if ($nrows > 0) { // Any late breaking news stories? $T->set_var('section_title', $LANG01[99]); $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval'])); $newstory = array(); $T->set_block('block', 'datarow', 'datablock'); while ($A = DB_fetchArray($result)) { $title = COM_undoSpecialChars($A['title']); $title = str_replace(' ', ' ', $title); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); $attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt())); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']); $storyitem = COM_createLink($titletouse, $url, $attr); $newstory[] = $storyitem; $T->set_var('data_item', $storyitem); $T->parse('datablock', 'datarow', true); $items_found++; } $T->parse('sectionblock', 'section', true); } } $T->unset_var('datablock'); if ($_CONF['hidenewcomments'] == 0) { // Go get the newest comments $commentHeader = 0; $newcomments = array(); $commentrow = array(); // get story whats new $stwhere = ''; if (!COM_isAnonUser()) { $stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR "; $stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR "; $stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)"; } else { $stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)"; } $sql = "SELECT DISTINCT COUNT(*) AS dups, type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, UNIX_TIMESTAMP(max({$_TABLES['comments']}.date)) AS lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.commentcode >= 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere}))) GROUP BY {$_TABLES['comments']}.sid,type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid ORDER BY 5 DESC LIMIT 15"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $T->set_var('section_title', $LANG01[83]); $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval'])); $commentHeader = 1; for ($x = 0; $x < $nrows; $x++) { $A = DB_fetchArray($result); $A['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#comments'; $commentrow[] = $A; } } $pluginComments = PLG_getWhatsNewComment(); $commentrow = array_merge($pluginComments, $commentrow); usort($commentrow, '_commentsort'); $nrows = count($commentrow); if ($nrows > 0) { if ($commentHeader == 0) { $commentHeader = 1; $T->set_var('section_title', $LANG01[83]); $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval'])); } $newcomments = array(); for ($x = 0; $x < $nrows; $x++) { $titletouse = ''; $url = $commentrow[$x]['url']; $title = COM_undoSpecialChars($commentrow[$x]['title']); $title = str_replace(' ', ' ', $title); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); $attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt())); if ($commentrow[$x]['dups'] > 1) { $titletouse .= ' [+' . $commentrow[$x]['dups'] . ']'; } $newcomments[] = COM_createLink($titletouse, $url, $attr); } $T->set_block('block', 'datarow', 'datablock'); foreach ($newcomments as $comment) { $T->set_var('data_item', $comment); $T->parse('datablock', 'datarow', true); $items_found++; } $T->parse('sectionblock', 'section', true); } } $T->unset_var('datablock'); if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $sql = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $T->set_var('section_title', $LANG01[114]); $T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval'])); $newcomments = array(); $T->set_block('block', 'datarow', 'datablock'); for ($i = 0; $i < $nrows; $i++) { $titletouse = ''; $A = DB_fetchArray($result); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback'; $title = COM_undoSpecialChars($A['title']); $title = str_replace(' ', ' ', $title); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); $attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt())); if ($A['count'] > 1) { $titletouse .= ' [+' . $A['count'] . ']'; } $trackback = COM_createLink($titletouse, $url, $attr); $newcomments[] = $trackback; $T->set_var('data_item', $trackback); $T->parse('datablock', 'datarow', true); $items_found++; } $T->parse('sectionblock', 'section', true); } } $T->unset_var('datablock'); if ($_CONF['hidenewplugins'] == 0) { list($headlines, $smallheadlines, $content) = PLG_getWhatsNew(); $plugins = count($headlines); if ($plugins > 0) { for ($i = 0; $i < $plugins; $i++) { $T->set_var('section_title', $headlines[$i]); $T->set_var('interval', $smallheadlines[$i]); $T->set_block('block', 'datarow', 'datablock'); if (is_array($content[$i])) { foreach ($content[$i] as $item) { $T->set_var('data_item', $item); $T->parse('datablock', 'datarow', true); $items_found++; } } else { $T->set_var('data_item', $content[$i]); $T->parse('datablock', 'datarow', true); $items_found++; } $T->parse('sectionblock', 'section', true); $T->unset_var('datablock'); $T->unset_var('interval'); $T->unset_var('section_title'); } } } if ($items_found == 0) { $T->set_var('no_items_found', $LANG01['no_new_items']); } else { $T->set_var('no_items_found', ''); } $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position))); $T->parse('output', 'block'); $final = $T->finish($T->get_var('output')); CACHE_create_instance($cacheInstance, $final, 0); return $final; }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @param int $uid user id of user * @param string $passwd user's password (optional) * @return bool true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '') { global $_CONF, $_SYSTEM, $_TABLES, $LANG04; if (!isset($_SYSTEM['verification_token_ttl'])) { $_SYSTEM['verification_token_ttl'] = 86400; } $activation_link = ''; $uid = (int) $uid; $storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid); $userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid); if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') { // no need to update password } else { if ($passwd == '') { $passwd = USER_createPassword(8); } $passwd2 = SEC_encryptPassword($passwd); DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid); } if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = new Template($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_url', $_CONF['site_url']); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) { $verification_id = USER_createActivationToken($uid, $username); $activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid; $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n"; $mailtext .= $LANG04[170] . "\n\n"; $mailtext .= "----------------------------\n"; $mailtext .= $LANG04[2] . ': ' . $username . "\n"; $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n"; $mailtext .= "----------------------------\n\n"; $mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n"; $mailtext .= $activation_link . "\n\n"; $mailtext .= $LANG04[173] . "\n\n"; $mailtext .= $LANG04[174] . "\n\n"; $mailtext .= "--\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } else { $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n"; $mailtext .= $LANG04[170] . "\n\n"; $mailtext .= "----------------------------\n"; $mailtext .= $LANG04[2] . ': ' . $username . "\n"; if ($passwd != '') { $mailtext .= $LANG04[4] . ": {$passwd}\n"; } $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n"; $mailtext .= "----------------------------\n\n"; $mailtext .= $LANG04[14] . "\n\n"; $mailtext .= "--\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } } $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) { $mailfrom = $_CONF['noreply_mail']; global $LANG_LOGIN; $mailtext .= LB . LB . $LANG04[159]; } else { $mailfrom = $_CONF['site_mail']; } $to = array(); $from = array(); $from = COM_formatEmailAddress($_CONF['site_name'], $mailfrom); $to = COM_formatEmailAddress($username, $useremail); $subject = COM_undoSpecialChars(strip_tags($subject)); return COM_mail($to, $subject, $mailtext, $from, false); }
/** * Email ad to a friend * * @param string $ad id of ad to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the ad * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function CLASSIFIEDS_mailAd($ad, $to, $toemail, $from, $fromemail, $shortmsg) { global $_CONF, $_TABLES, $LANG01, $LANG08; // check for correct $_CONF permission if (COM_isAnonUser() && $_CONF['loginrequired'] == 1) { return $retval; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return $retval; } //Query ad $shortmsg = COM_stripslashes($shortmsg); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB; if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($story->displayElements('uid')); $mailtext .= $LANG01[1] . ' ' . $author . LB; } $introtext = $story->DisplayElements('introtext'); $bodytext = $story->DisplayElements('bodytext'); $introtext = COM_undoSpecialChars(strip_tags($introtext)); $bodytext = COM_undoSpecialChars(strip_tags($bodytext)); $introtext = str_replace(array("\n\r", "\r"), LB, $introtext); $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext); $mailtext .= LB . $introtext; if (!empty($bodytext)) { $mailtext .= LB . LB . $bodytext; } $mailtext .= LB . LB . '------------------------------------------------------------' . LB; if ($story->DisplayElements('commentcode') == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title'))); $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], $to); $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext; $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom); } COM_updateSpeedlimit('mail'); return $retval; }
/** * Shows any new information in a block * * Return the HTML that shows any new stories, comments, etc * * @param string $help Help file for block * @param string $title Title used in block header * @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre) * @return string Return the HTML that shows any new stories, comments, etc * */ function COM_whatsNewBlock($help = '', $title = '', $position = '') { global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW, $page, $newstories; $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position)); $topicsql = ''; if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']); } if ($_CONF['hidenewstories'] == 0) { $archsql = ''; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if (!empty($archivetid)) { $archsql = " AND (tid <> '" . addslashes($archivetid) . "')"; } // Find the newest stories $sql['mssql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND'); $sql['mysql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND'); $sql['pgsql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND'); $result = DB_query($sql); $A = DB_fetchArray($result); $nrows = $A['count']; if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'"); } // Any late breaking news stories? $retval .= '<h3>' . $LANG01[99] . '</h3>'; if ($nrows > 0) { $newmsg = COM_formatTimeString($LANG_WHATSNEW['new_string'], $_CONF['newstoriesinterval'], $LANG01[11], $nrows); if ($newstories && $page < 2) { $retval .= $newmsg . '<br' . XHTML . '>'; } else { $retval .= COM_createLink($newmsg, $_CONF['site_url'] . '/index.php?display=new') . '<br' . XHTML . '>'; } } else { $retval .= $LANG01[100] . '<br' . XHTML . '>'; } if ($_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0 || $_CONF['hidenewplugins'] == 0) { $retval .= '<br' . XHTML . '>'; } } if ($_CONF['hidenewcomments'] == 0) { // Go get the newest comments $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>'; $new_plugin_comments = array(); $new_plugin_comments = PLG_getWhatsNewComment(); if (!empty($new_plugin_comments)) { // Sort array by element lastdate newest to oldest foreach ($new_plugin_comments as $k => $v) { $b[$k] = strtolower($v['lastdate']); } arsort($b); foreach ($b as $key => $val) { $temp[] = $new_plugin_comments[$key]; } $new_plugin_comments = $temp; $newcomments = array(); $count = 0; foreach ($new_plugin_comments as $A) { $count .= +1; $url = ''; $info = PLG_getItemInfo($A['type'], $A['sid'], 'url'); if (!empty($info)) { $url = $info . '#comments'; } // Check to see if url (plugin may not support PLG_getItemInfo if (!empty($url)) { $title = COM_undoSpecialChars(stripslashes($A['title'])); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titletouse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $acomment = str_replace('$', '$', $titletouse); $acomment = str_replace(' ', ' ', $acomment); if ($A['dups'] > 1) { $acomment .= ' [+' . $A['dups'] . ']'; } $newcomments[] = COM_createLink($acomment, $url, $attr); if ($count == 15) { break; } } } $retval .= COM_makeList($newcomments, 'list-new-comments'); } else { $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB; } if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<br' . XHTML . '>'; } } if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>'; $sql['mssql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15"; $sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15"; $sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $newcomments = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback'; $title = COM_undoSpecialChars(stripslashes($A['title'])); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titletouse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $acomment = str_replace('$', '$', $titletouse); $acomment = str_replace(' ', ' ', $acomment); if ($A['count'] > 1) { $acomment .= ' [+' . $A['count'] . ']'; } $newcomments[] = COM_createLink($acomment, $url, $attr); } $retval .= COM_makeList($newcomments, 'list-new-trackbacks'); } else { $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB; } if ($_CONF['hidenewplugins'] == 0) { $retval .= '<br' . XHTML . '>'; } } if ($_CONF['hidenewplugins'] == 0) { list($headlines, $smallheadlines, $content) = PLG_getWhatsNew(); $plugins = count($headlines); if ($plugins > 0) { for ($i = 0; $i < $plugins; $i++) { $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallheadlines[$i] . '</small></h3>'; if (is_array($content[$i])) { $retval .= COM_makeList($content[$i], 'list-new-plugins'); } else { $retval .= $content[$i]; } if ($i + 1 < $plugins) { $retval .= '<br' . XHTML . '>'; } } } } $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position)); return $retval; }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08; $dt = new Date('now', $_USER['tzid']); $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retURL = $storyurl . '?msg=85'; } else { $retURL = $storyurl . '&msg=85'; } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { echo COM_refresh($retURL); exit; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { echo COM_refresh($retURL); exit; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { echo COM_refresh($retURL); exit; } $filter = sanitizer::getInstance(); if ($html) { $filter->setPostmode('html'); } else { $filter->setPostmode('text'); } $allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']); $filter->setAllowedElements($allowedElements); $filter->setCensorData(true); $filter->setReplaceTags(true); $filter->setNamespace('glfusion', 'mail_story'); $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); $result = DB_query($sql); if (DB_numRows($result) == 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { if ($html) { $shortmsg = $filter->filterHTML($shortmsg); } $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $dt->setTimestamp($A['day']); if ($html) { $mailtext .= '<p>------------------------------------------------------------</p>' . '<p>' . COM_undoSpecialChars($A['title']) . '</p>' . '<p>' . $dt->format($_CONF['date'], true) . '</p>'; } else { $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($A['title']) . LB . $dt->format($_CONF['date'], true) . LB; } if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($A['uid']); $mailtext .= $LANG01[1] . ' ' . $author . LB; } if ($html) { $mailtext .= '<p>' . $filter->displayText($A['introtext']) . '<br />' . $filter->displayText($A['bodytext']) . '</p>' . '<p>------------------------------------------------------------</p>'; } else { $mailtext .= $filter->displayText($A['introtext']) . LB . $filter->displayText($A['bodytext']) . LB . LB . '------------------------------------------------------------' . LB; } if ($A['commentcode'] == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = array(); $mailfrom = array(); $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title'])); $rc = COM_mail($mailto, $subject, $mailtext, $mailfrom, $html); COM_updateSpeedlimit('mail'); if ($rc) { if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=27'); } else { $retval = COM_refresh($storyurl . '&msg=27'); } } else { // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=26'); } else { $retval = COM_refresh($storyurl . '&msg=26'); } } echo COM_refresh($retval); exit; }
/** * Return list of articles for the Related Items block * * @param array $tids list of topic ids * @param int $max maximum number of items to return * @param int $trim max length of text * @return array array of links to related articles with unix timestamp as key */ function plugin_getrelateditems_story($tids, $max, $trim) { global $_CONF, $_TABLES; $where_sql = ''; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if (!empty($archivetid)) { $where_sql = " AND (ta.tid <> '{$archivetid}')"; } // Find the newest stories the user has access too $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) s_date\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = sid AND (ta.tid IN ('" . implode("','", $tids) . "'))\n AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid ORDER BY s_date DESC LIMIT {$max}"; $result = DB_query($sql); $nrows = DB_numRows($result); $newstories = array(); if ($nrows > 0) { for ($x = 0; $x < $nrows; $x++) { $A = DB_fetchArray($result); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']); $title = COM_undoSpecialChars(stripslashes($A['title'])); if ($trim > 0) { $titletouse = COM_truncate($title, $trim, '...'); } else { $titletouse = $title; } if ($title != $titletouse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $astory = str_replace('$', '$', $titletouse); $astory = str_replace(' ', ' ', $astory); $newstories[$A['s_date']] = COM_createLink($astory, $url, $attr); } } return $newstories; }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08; $dt = new Date('now', $_USER['tzid']); $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retURL = $storyurl . '?msg=85'; } else { $retURL = $storyurl . '&msg=85'; } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { echo COM_refresh($retURL); exit; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { echo COM_refresh($retURL); exit; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { echo COM_refresh($retURL); exit; } $filter = sanitizer::getInstance(); if ($html) { $filter->setPostmode('html'); } else { $filter->setPostmode('text'); } $allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']); $filter->setAllowedElements($allowedElements); $filter->setCensorData(true); $filter->setReplaceTags(true); $filter->setNamespace('glfusion', 'mail_story'); $sql = "SELECT uid,title,introtext,bodytext,story_image,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); $result = DB_query($sql); if (DB_numRows($result) == 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); $result = PLG_checkforSpam($shortmsg, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } USES_lib_html2text(); $T = new Template($_CONF['path_layout'] . 'email/'); $T->set_file(array('html_msg' => 'mailstory_html.thtml', 'text_msg' => 'mailstory_text.thtml')); // filter any HTML from the short message $shortmsg = $filter->filterHTML($shortmsg); $html2txt = new html2text($shortmsg, false); $shortmsg_text = $html2txt->get_text(); $story_body = COM_truncateHTML($A['introtext'], 512); $html2txt = new html2text($story_body, false); $story_body_text = $html2txt->get_text(); $dt->setTimestamp($A['day']); $story_date = $dt->format($_CONF['date'], true); $story_title = COM_undoSpecialChars($A['title']); $story_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($A['uid']); } else { $author = ''; } if ($A['story_image'] != '') { $story_image = $_CONF['site_url'] . $A['story_image']; } else { $story_image = ''; } $T->set_var(array('shortmsg_html' => $shortmsg, 'shortmsg_text' => $shortmsg_text, 'story_title' => $story_title, 'story_date' => $story_date, 'story_url' => $story_url, 'author' => $author, 'story_image' => $story_image, 'story_body_html' => $story_body, 'story_body_text' => $story_body_text, 'lang_by' => $LANG01[1], 'site_name' => $_CONF['site_name'], 'from_name' => $from, 'disclaimer' => sprintf($LANG08[23], $from, $fromemail))); $T->parse('message_body_html', 'html_msg'); $message_body_html = $T->finish($T->get_var('message_body_html')); $T->parse('message_body_text', 'text_msg'); $message_body_text = $T->finish($T->get_var('message_body_text')); $msgData = array('htmlmessage' => $message_body_html, 'textmessage' => $message_body_text, 'subject' => $story_title, 'from' => array('email' => $_CONF['site_mail'], 'name' => $from), 'to' => array('email' => $toemail, 'name' => $to)); $mailto = array(); $mailfrom = array(); $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title'])); $rc = COM_mail($mailto, $msgData['subject'], $msgData['htmlmessage'], $mailfrom, true, 0, '', $msgData['textmessage']); COM_updateSpeedlimit('mail'); if ($rc) { if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=27'); } else { $retval = COM_refresh($storyurl . '&msg=27'); } } else { // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=26'); } else { $retval = COM_refresh($storyurl . '&msg=26'); } } echo COM_refresh($retval); exit; }
/** * Handle a pingback for an entry. * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $http = new http_class(); $http->timeout = 0; $http->data_timeout = 0; $http->debug = 0; $http->html_debug = 0; $http->user_agent = 'glFusion/' . GVERSION; $error = $http->GetRequestArguments($url, $arguments); $error = $http->Open($arguments); $error = $http->SendRequest($arguments); if ($error == "") { $http->ReadReplyHeaders($headers); if ($http->response_status == 200) { $error = $http->ReadWholeReplyBody($body); if ($error == "" || strlen($body) > 0) { if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if ($_CONF['pingback_excerpt']) { // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 $ctype = $headers['content-type']; $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); if (count($ch) === 2) { if (trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } } } if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); } elseif (function_exists('iconv')) { $body = @iconv($charset, COM_getCharset(), $body); } } $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } else { COM_errorLog("Pingback verification: unable to retrieve response body"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } else { COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } else { COM_errorLog("Pingback verification: " . $error . " when requesting " . $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
/** * Shows any new information in a block * * Return the HTML that shows any new stories, comments, etc * * @param string $help Help file for block * @param string $title Title used in block header * @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre) * @return string Return the HTML that shows any new stories, comments, etc * */ function COM_whatsNewBlock($help = '', $title = '', $position = '') { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG_WHATSNEW, $page, $newstories; $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position)); $topicsql = ''; if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']); } if ($_CONF['hidenewstories'] == 0) { $archsql = ''; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if (!empty($archivetid)) { $archsql = " AND (tid <> '" . addslashes($archivetid) . "')"; } // Find the newest stories $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND'); $result = DB_query($sql); $A = DB_fetchArray($result); $nrows = $A['count']; if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'"); } // Any late breaking news stories? $retval .= '<h3>' . $LANG01[99] . '</h3>'; if ($nrows > 0) { $newmsg = COM_formatTimeString($LANG_WHATSNEW['new_string'], $_CONF['newstoriesinterval'], $LANG01[11], $nrows); if ($newstories && $page < 2) { $retval .= $newmsg . '<br' . XHTML . '>'; } else { $retval .= COM_createLink($newmsg, $_CONF['site_url'] . '/index.php?display=new') . '<br' . XHTML . '>'; } } else { $retval .= $LANG01[100] . '<br' . XHTML . '>'; } if ($_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0 || $_CONF['hidenewplugins'] == 0) { $retval .= '<br' . XHTML . '>'; } } if ($_CONF['hidenewcomments'] == 0) { // Go get the newest comments $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>'; $stwhere = ''; if (!COM_isAnonUser()) { $stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR "; $stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR "; $stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)"; } else { $stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)"; } $sql = "SELECT DISTINCT COUNT(*) AS dups, type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, max({$_TABLES['comments']}.date) AS lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.commentcode >= 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere}))) GROUP BY {$_TABLES['comments']}.sid,type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid ORDER BY 5 DESC LIMIT 15"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $newcomments = array(); for ($x = 0; $x < $nrows; $x++) { $A = DB_fetchArray($result); if ($A['type'] == 'article' || empty($A['type'])) { $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#comments'; } $title = COM_undoSpecialChars(stripslashes($A['title'])); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titletouse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $acomment = str_replace('$', '$', $titletouse); $acomment = str_replace(' ', ' ', $acomment); if ($A['dups'] > 1) { $acomment .= ' [+' . $A['dups'] . ']'; } $newcomments[] = COM_createLink($acomment, $url, $attr); } $retval .= COM_makeList($newcomments, 'list-new-comments'); } else { $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB; } if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<br' . XHTML . '>'; } } if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>'; $sql = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $newcomments = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback'; $title = COM_undoSpecialChars(stripslashes($A['title'])); $titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titletouse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $acomment = str_replace('$', '$', $titletouse); $acomment = str_replace(' ', ' ', $acomment); if ($A['count'] > 1) { $acomment .= ' [+' . $A['count'] . ']'; } $newcomments[] = COM_createLink($acomment, $url, $attr); } $retval .= COM_makeList($newcomments, 'list-new-trackbacks'); } else { $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB; } if ($_CONF['hidenewplugins'] == 0) { $retval .= '<br' . XHTML . '>'; } } if ($_CONF['hidenewplugins'] == 0) { list($headlines, $smallheadlines, $content) = PLG_getWhatsNew(); $plugins = count($headlines); if ($plugins > 0) { for ($i = 0; $i < $plugins; $i++) { $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallheadlines[$i] . '</small></h3>'; if (is_array($content[$i])) { $retval .= COM_makeList($content[$i], 'list-new-plugins'); } else { $retval .= $content[$i]; } if ($i + 1 < $plugins) { $retval .= '<br' . XHTML . '>'; } } } } $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position)); return $retval; }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) { global $_CONF, $_TABLES, $LANG01, $LANG08; require_once $_CONF['path_system'] . 'lib-story.php'; $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=85'); } else { $retval = COM_refresh($storyurl . '&msg=85'); } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { return $retval; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { return $retval; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return $retval; } $story = new Story(); $result = $story->loadFromDatabase($sid, 'view'); if ($result != STORY_LOADED_OK) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $shortmsg = COM_stripslashes($shortmsg); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB; if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($story->displayElements('uid')); $mailtext .= $LANG01[1] . ' ' . $author . LB; } $introtext = $story->DisplayElements('introtext'); $bodytext = $story->DisplayElements('bodytext'); $introtext = COM_undoSpecialChars(strip_tags($introtext)); $bodytext = COM_undoSpecialChars(strip_tags($bodytext)); $introtext = str_replace(array("\n\r", "\r"), LB, $introtext); $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext); $mailtext .= LB . $introtext; if (!empty($bodytext)) { $mailtext .= LB . LB . $bodytext; } $mailtext .= LB . LB . '------------------------------------------------------------' . LB; if ($story->DisplayElements('commentcode') == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title'))); $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], $to); $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext; $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom); } COM_updateSpeedlimit('mail'); // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85')); } else { $retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85')); } return $retval; }
/** * Shows any new information in a block * Return the HTML that shows any new stories, comments, etc * * @param string $help Help file for block * @param string $title Title used in block header * @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre) * @return string Return the HTML that shows any new stories, comments, etc */ function COM_whatsNewBlock($help = '', $title = '', $position = '') { global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW; if ($_CONF['whatsnew_cache_time'] > 0) { $cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_CONF['theme']; $retval = CACHE_check_instance($cacheInstance); if ($retval) { $lu = CACHE_get_instance_update($cacheInstance); $now = time(); if ($now - $lu < $_CONF['whatsnew_cache_time']) { return $retval; } } } $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position)); $topicSql = ''; if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $topicSql = COM_getTopicSQL('AND', 0, 'ta'); } if ($_CONF['hidenewstories'] == 0) { $where_sql = " AND ta.type = 'article' AND ta.id = sid"; $archiveTid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if (!empty($archiveTid)) { $where_sql .= " AND (ta.tid <> '{$archiveTid}')"; } // Find the newest stories $sql['mysql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid, title, date ORDER BY date DESC"; $sql['pgsql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid, title, date ORDER BY date DESC"; $result = DB_query($sql); $numRows = DB_numRows($result); if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'"); } // Any late breaking news stories? $retval .= '<h3>' . $LANG01[99] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newstoriesinterval']) . '</small></h3>'; if ($numRows > 0) { $newArticles = array(); for ($x = 0; $x < $numRows; $x++) { $A = DB_fetchArray($result); $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']); $title = COM_undoSpecialChars(stripslashes($A['title'])); $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titleToUse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $anchorText = str_replace('$', '$', $titleToUse); $anchorText = str_replace(' ', ' ', $anchorText); $newArticles[] = COM_createLink($anchorText, $url, $attr); } $retval .= COM_makeList($newArticles, 'list-new-plugins'); } else { $retval .= $LANG01[100] . '<br' . XHTML . '>' . LB; // No new stories } if ($_CONF['hidenewcomments'] == 0 || $_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<div class="divider-whats-new"></div>'; } } if ($_CONF['hidenewcomments'] == 0) { // Go get the newest comments $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>'; $new_plugin_comments = PLG_getWhatsNewComment(); if (!empty($new_plugin_comments)) { // Sort array by element lastdate newest to oldest foreach ($new_plugin_comments as $k => $v) { $b[$k] = strtolower($v['lastdate']); } arsort($b); $temp = array(); foreach ($b as $key => $val) { $temp[] = $new_plugin_comments[$key]; } $new_plugin_comments = $temp; $newComments = array(); $count = 0; foreach ($new_plugin_comments as $A) { $count .= +1; $url = ''; $info = PLG_getItemInfo($A['type'], $A['sid'], 'url'); if (!empty($info)) { $url = $info . '#comments'; } // Check to see if url (plugin may not support PLG_getItemInfo if (!empty($url)) { $title = COM_undoSpecialChars(stripslashes($A['title'])); $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titleToUse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $anchorComment = str_replace('$', '$', $titleToUse); $anchorComment = str_replace(' ', ' ', $anchorComment); if ($A['dups'] > 1) { $anchorComment .= ' [+' . $A['dups'] . ']'; } $newComments[] = COM_createLink($anchorComment, $url, $attr); if ($count == 15) { break; } } } $retval .= COM_makeList($newComments, 'list-new-comments'); } else { $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB; } if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<div class="divider-whats-new"></div>'; } } if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) { $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>'; $sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n GROUP BY t.sid, s.title\n ORDER BY lastdate DESC LIMIT 15"; $sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n GROUP BY t.sid, s.title\n ORDER BY lastdate DESC LIMIT 15"; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows > 0) { $newComments = array(); for ($i = 0; $i < $numRows; $i++) { $A = DB_fetchArray($result); $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback'; $title = COM_undoSpecialChars(stripslashes($A['title'])); $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...'); if ($title != $titleToUse) { $attr = array('title' => htmlspecialchars($title)); } else { $attr = array(); } $anchorComment = str_replace('$', '$', $titleToUse); $anchorComment = str_replace(' ', ' ', $anchorComment); if ($A['count'] > 1) { $anchorComment .= ' [+' . $A['count'] . ']'; } $newComments[] = COM_createLink($anchorComment, $url, $attr); } $retval .= COM_makeList($newComments, 'list-new-trackbacks'); } else { $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB; } if ($_CONF['hidenewplugins'] == 0) { $retval .= '<div class="divider-whats-new"></div>'; } } if ($_CONF['hidenewplugins'] == 0) { list($headlines, $smallHeadlines, $content) = PLG_getWhatsNew(); $plugins = count($headlines); if ($plugins > 0) { for ($i = 0; $i < $plugins; $i++) { $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallHeadlines[$i] . '</small></h3>'; if (is_array($content[$i])) { $retval .= COM_makeList($content[$i], 'list-new-plugins'); } else { $retval .= $content[$i]; } if ($i + 1 < $plugins) { $retval .= '<div class="divider-whats-new"></div>'; } } } } $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position)); if ($_CONF['whatsnew_cache_time'] > 0) { CACHE_create_instance($cacheInstance, $retval); } return $retval; }