public function testUndoSpecialChars()
{
// Line 3048
$encoded = '$a{b}c>d<e"f g&h';
$decoded = '$a{b}c>d<e"f g&h';
$this->assertEquals($decoded, COM_undoSpecialChars($encoded));
}
/**
* Creates the edit form
* @param integer $id Optional ID, current record used if zero
* @return string HTML for edit form
*/
public function Edit($eid = '', $rp_id = 0, $saveaction = '')
{
global $_CONF, $_EV_CONF, $_TABLES, $_USER, $LANG_EVLIST, $LANG_ADMIN, $_GROUPS, $LANG_ACCESS, $_SYSTEM;
// If an eid is specified and this is an object, then read the
// event data- UNLESS a repeat ID is given in which case we're
// editing a repeat and already have the info we need.
// This probably needs to change, since we should always read event
// data during construction.
if (!$this->isSubmitter) {
// At least submit privilege required
COM_404();
} elseif ($eid != '' && $rp_id == 0 && is_object($this)) {
// If an id is passed in, then read that record
if (!$this->Read($eid)) {
return 'Invalid object ID';
}
} elseif (isset($_POST['eid']) && !empty($_POST['eid'])) {
// Returning to an existing form, probably due to errors
$this->SetVars($_POST);
// Make sure the current user has access to this event.
if (!$this->hasAccess(3)) {
COM_404();
}
}
$T = new Template($_CONF['path'] . 'plugins/evlist/templates/');
if ($_SYSTEM['disable_jquery_slimbox']) {
$T->set_file('editor', 'editor.uikit.thtml');
} else {
$T->set_file('editor', 'editor.thtml');
}
// Basic tabs for editing both events and instances, show up on
// all edit forms
//$tabs = array('ev_info', 'ev_schedule', 'ev_location', 'ev_contact',);
$tabs = array('ev_info', 'ev_location', 'ev_contact');
$rp_id = (int) $rp_id;
if ($rp_id > 0) {
// Make sure the current user has access to this event.
if (!$this->hasAccess(3)) {
COM_404();
}
if ($saveaction == 'savefuturerepeat') {
$alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_future'], 'warning');
} else {
$alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_instance'], 'info');
}
//$T->clear_var('contact_section');
$T->clear_var('category_section');
$T->clear_var('permissions_editor');
// Set the static calendar name for the edit form. Can't
// change it for a single instance.
$cal_name = DB_getItem($_TABLES['evlist_calendars'], 'cal_name', "cal_id='" . (int) $this->cal_id . "'");
$T->set_var(array('contact_section' => 'true', 'is_repeat' => 'true', 'cal_name' => $cal_name));
// Override our dates & times with those from the repeat.
// $rp_id is passed when this is called from class evRepeat.
// Maybe that should pass in the repeat's data instead to avoid
// another DB lookup. An array of values could be used.
$Rep = DB_fetchArray(DB_query("SELECT * \n FROM {$_TABLES['evlist_repeat']}\n WHERE rp_id='{$rp_id}'"), false);
if ($Rep) {
$this->date_start1 = $Rep['rp_date_start'];
$this->date_end1 = $Rep['rp_date_end'];
$this->time_start1 = $Rep['rp_time_start1'];
$this->time_end1 = $Rep['rp_time_end1'];
$this->time_start2 = $Rep['rp_time_start2'];
$this->time_end2 = $Rep['rp_time_end2'];
}
} else {
// Editing the main event record
if ($this->id != '' && $this->recurring == 1) {
$alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_series'], 'error');
}
if ($this->isAdmin) {
$tabs[] = 'ev_perms';
// Add permissions tab, event edit only
$T->set_var('permissions_editor', 'true');
}
$T->set_var(array('contact_section' => 'true', 'category_section' => 'true', 'upcoming_chk' => $this->show_upcoming ? EVCHECKED : ''));
}
$action_url = EVLIST_URL . '/event.php';
$delaction = 'delevent';
if (isset($_GET['from']) && $_GET['from'] == 'admin') {
$cancel_url = EVLIST_ADMIN_URL . '/index.php';
} else {
$cancel_url = EVLIST_URL . '/index.php';
}
switch ($saveaction) {
case 'saverepeat':
case 'savefuturerepeat':
case 'saveevent':
break;
case 'moderate':
// Approving a submission
$saveaction = 'approve';
$delaction = 'disapprove';
$action_url = EVLIST_ADMIN_URL . '/index.php';
$cancel_url = $_CONF['site_admin_url'] . '/moderation.php';
break;
default:
$saveaction = 'saveevent';
break;
}
$retval = '';
//$recinterval = '';
$recweekday = '';
$ownerusername = DB_getItem($_TABLES['users'], 'username', "uid='{$this->owner_id}'");
$retval .= COM_startBlock($LANG_EVLIST['event_editor']);
$summary = $this->Detail->summary;
$full_description = $this->Detail->full_description;
$location = $this->Detail->location;
if (($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) && $A['postmode'] == 'html') {
$postmode = '2';
//html
} else {
$postmode = '1';
//plaintext
$summary = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->summary)));
$full_description = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->full_description)));
$location = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->location)));
}
$starthour2 = '';
$startminute2 = '';
$endhour2 = '';
$endminute2 = '';
if ($this->date_end1 == '' || $this->date_end1 == '0000-00-00') {
$this->date_end1 = $this->date_start1;
}
if ($this->date_start1 != '' && $this->date_start1 != '0000-00-00') {
list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts($this->date_start1, $this->time_start1);
} else {
list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts(date('Y-m-d', time()), date('H:i:s', time()));
}
// The end date can't be before the start date
if ($this->date_end1 >= $this->date_start1) {
list($endmonth1, $endday1, $endyear1, $endhour1, $endminute1) = $this->DateParts($this->date_end1, $this->time_end1);
$days_interval = Date_Calc::dateDiff($endday1, $endmonth1, $endyear1, $startday1, $startmonth1, $startyear1);
} else {
$days_interval = 0;
$endmonth1 = $startmonth1;
$endday1 = $startday1;
$endyear1 = $startyear1;
$endhour1 = $starthour1;
$endminute1 = $startminute1;
}
if ($this->recurring != '1') {
$T->set_var(array('recurring_show' => ' style="display:none;"', 'format_opt' => '0'));
//for ($i = 1; $i <= 6; $i++) {
// $T->set_var('format' . $i . 'show', ' style="display:none;"');
//}
} else {
$option = empty($this->rec_data['type']) ? '0' : (int) $this->rec_data['type'];
$T->set_var(array('recurring_show' => '', 'recurring_checked' => EVCHECKED, 'format_opt' => $option));
}
if (isset($this->rec_data['stop']) && !empty($this->rec_data['stop'])) {
$T->set_var(array('stopdate' => $this->rec_data['stop'], 'd_stopdate' => EVLIST_formattedDate($this->rec_data['stop'])));
}
if (!empty($this->rec_data['skip'])) {
$T->set_var("skipnext{$this->rec_data['skip']}_checked", EVCHECKED);
}
if (!empty($this->rec_data['freq'])) {
$freq = (int) $this->rec_data['freq'];
if ($freq < 1) {
$freq = 1;
}
} else {
$freq = 1;
}
$T->set_var(array('freq_text' => $LANG_EVLIST['rec_periods'][$this->rec_data['type']] . '(s)', 'rec_freq' => $freq));
foreach ($LANG_EVLIST['rec_intervals'] as $key => $str) {
$T->set_var('dom_int_txt_' . $key, $str);
if (is_array($this->rec_data['interval'])) {
if (in_array($key, $this->rec_data['interval'])) {
$T->set_var('dom_int_chk_' . $key, EVCHECKED);
}
}
}
// Set up the recurring options needed for the current event
switch ($option) {
case 0:
break;
case EV_RECUR_MONTHLY:
if (is_array($this->rec_data['listdays'])) {
foreach ($this->rec_data['listdays'] as $mday) {
$T->set_var('mdchk' . $mday, EVCHECKED);
}
}
break;
case EV_RECUR_WEEKLY:
$T->set_var('listdays_val', COM_stripslashes($rec_data[0]));
if (is_array($this->rec_data['listdays']) && !empty($this->rec_data['listdays'])) {
foreach ($this->rec_data['listdays'] as $day) {
$day = (int) $day;
if ($day > 0 && $day < 8) {
$T->set_var('daychk' . $day, EVCHECKED);
}
}
}
break;
case EV_RECUR_DOM:
$recweekday = $this->rec_data['weekday'];
break;
case EV_RECUR_DATES:
$T->set_var(array('stopshow' => 'style="display:none;"', 'custom_val' => implode(',', $this->rec_data['custom'])));
break;
}
$start1 = EVLIST_TimeSelect('start1', $this->time_start1);
$start2 = EVLIST_TimeSelect('start2', $this->time_start2);
$end1 = EVLIST_TimeSelect('end1', $this->time_end1);
$end2 = EVLIST_TimeSelect('end2', $this->time_end2);
$cal_select = COM_optionList($_TABLES['evlist_calendars'], 'cal_id,cal_name', $this->cal_id, 1, 'cal_status = 1 ' . COM_getPermSQL('AND', 0, 2));
USES_class_navbar();
$navbar = new navbar();
$cnt = 0;
foreach ($tabs as $id) {
$navbar->add_menuitem($LANG_EVLIST[$id], 'showhideEventDiv("' . $id . '",' . $cnt . ');return false;', true);
$cnt++;
}
$navbar->set_selected($LANG_EVLIST['ev_info']);
if ($this->AdminMode) {
$action_url .= '?admin=true';
}
$T->set_var(array('action_url' => $action_url, 'navbar' => $navbar->generate(), 'alert_msg' => $alert_msg, 'cancel_url' => $cancel_url, 'eid' => $this->id, 'rp_id' => $rp_id, 'title' => $this->Detail->title, 'summary' => $summary, 'description' => $full_description, 'location' => $location, 'status_checked' => $this->status == 1 ? EVCHECKED : '', 'url' => $this->Detail->url, 'street' => $this->Detail->street, 'city' => $this->Detail->city, 'province' => $this->Detail->province, 'country' => $this->Detail->country, 'postal' => $this->Detail->postal, 'contact' => $this->Detail->contact, 'email' => $this->Detail->email, 'phone' => $this->Detail->phone, 'startdate1' => $this->date_start1, 'enddate1' => $this->date_end1, 'd_startdate1' => EVLIST_formattedDate($this->date_start1), 'd_enddate1' => EVLIST_formattedDate($this->date_end1), 'start_hour_options1' => $start1['hour'], 'start_minute_options1' => $start1['minute'], 'startdate1_ampm' => $start1['ampm'], 'end_hour_options1' => $end1['hour'], 'end_minute_options1' => $end1['minute'], 'enddate1_ampm' => $end1['ampm'], 'start_hour_options2' => $start2['hour'], 'start_minute_options2' => $start2['minute'], 'startdate2_ampm' => $start2['ampm'], 'end_hour_options2' => $end2['hour'], 'end_minute_options2' => $end2['minute'], 'enddate2_ampm' => $end2['ampm'], 'recurring_format_options' => EVLIST_GetOptions($LANG_EVLIST['rec_formats'], $option), 'recurring_weekday_options' => EVLIST_GetOptions(Date_Calc::getWeekDays(), $recweekday, 1), 'dailystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['day_by_date'], ''), 'monthlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'yearlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year'], $LANG_EVLIST['if_any']), 'listdays_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['days_of_week'], ''), 'listdaystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['date_l'], $LANG_EVLIST['if_any']), 'intervalstop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'custom_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['dates'], ''), 'datestart_note' => $LANG_EVLIST['datestart_note'], 'src' => isset($_GET['src']) && $_GET['src'] == 'a' ? '1' : '0', 'rem_status_checked' => $this->enable_reminders == 1 ? EVCHECKED : '', 'del_button' => $this->id == '' ? '' : 'true', 'saveaction' => $saveaction, 'delaction' => $delaction, 'owner_id' => $this->owner_id, 'enable_reminders' => $_EV_CONF['enable_reminders'], 'iso_lang' => EVLIST_getIsoLang(), 'hour_mode' => $_CONF['hour_mode'], 'days_interval' => $days_interval, 'display_format' => $_CONF['shortdate'], 'ts_start' => strtotime($this->date_start1), 'ts_end' => strtotime($this->date_end1), 'cal_select' => $cal_select, 'contactlink_chk' => $this->options['contactlink'] == 1 ? EVCHECKED : '', 'lat' => $this->Detail->lat, 'lng' => $this->Detail->lng, 'perm_msg' => $LANG_ACCESS['permmsg'], 'last' => $LANG_EVLIST['rec_intervals'][5], 'doc_url' => EVLIST_getDocURL('event.html'), 'mootools' => $_SYSTEM['disable_mootools'] ? '' : 'true'));
if ($_EV_CONF['enable_rsvp']) {
USES_evlist_class_tickettype();
$TickTypes = evTicketType::GetTicketTypes();
//$T->set_block('editor', 'Tickets', 'tTypes');
$tick_opts = '';
foreach ($TickTypes as $tick_id => $tick_obj) {
// Check enabled tickets. Ticket type 1 enabled by default
if (isset($this->options['tickets'][$tick_id]) || $tick_id == 1) {
$checked = 'checked="checked"';
$fee = (double) $this->options['tickets'][$tick_id]['fee'];
} else {
$checked = '';
$fee = 0;
}
$tick_opts .= '<tr><td><input name="tickets[' . $tick_id . ']" type="checkbox" ' . $checked . ' value="' . $tick_id . '" /></td>' . '<td>' . $tick_obj->description . '</td>' . '<td><input type="text" name="tick_fees[' . $tick_id . ']" value="' . $fee . '" size="8" /></td></tr>' . LB;
/*$T->set_var(array(
'tick_id' => $tic['id'],
'tick_desc' => $tic['description'],
'tick_fee' => $fee,
'tick_enabled' => $enabled ? 'checked="checked"' : '',
) ) ;
//$T->parse('tTypes', 'Tickets', true);*/
}
if ($_EV_CONF['rsvp_print'] > 0) {
$rsvp_print_chk = 'rsvp_print_chk' . $this->options['rsvp_print'];
$rsvp_print = 'true';
} else {
$rsvp_print = '';
$rsvp_print_chk = 'no_rsvp_print';
}
$T->set_var(array('enable_rsvp' => 'true', 'reg_chk' . $this->options['use_rsvp'] => EVCHECKED, 'rsvp_wait_chk' => $this->options['rsvp_waitlist'] == 1 ? EVCHECKED : '', 'max_rsvp' => $this->options['max_rsvp'], 'max_user_rsvp' => $this->options['max_user_rsvp'], 'rsvp_cutoff' => $this->options['rsvp_cutoff'], 'use_rsvp' => $this->options['use_rsvp'], 'rsvp_waitlist' => $this->options['rsvp_waitlist'], 'tick_opts' => $tick_opts, 'rsvp_print' => $rsvp_print, $rsvp_print_chk => 'checked="checked"'));
}
// if rsvp_enabled
// Split & All-Day settings
if ($this->allday == 1) {
// allday, can't be split, no times
$T->set_var(array('starttime1_show' => 'style="display:none;"', 'endtime1_show' => 'style="display:none;"', 'datetime2_show' => 'style="display:none;"', 'allday_checked' => EVCHECKED, 'split_checked' => '', 'split_show' => 'style="display:none;"'));
} elseif ($this->split == '1') {
$T->set_var(array('split_checked' => EVCHECKED, 'allday_checked' => '', 'allday_show' => 'style="display:none"'));
} else {
$T->set_var(array('datetime2_show' => 'style="display:none;"'));
}
// Category fields. If $_POST['categories'] is set, then this is a
// form re-entry due to an error saving. Populate checkboxes from the
// submitted form. Include the user-added category, if any.
// If not from a form re-entry, get the checked categories from the
// evlist_lookup table.
if ($_EV_CONF['enable_categories'] == '1') {
$cresult = DB_query("SELECT tc.id, tc.name\n FROM {$_TABLES['evlist_categories']} tc \n WHERE tc.status='1' ORDER BY tc.name");
while ($A = DB_fetchArray($cresult, false)) {
if (isset($_POST['categories']) && is_array($_POST['categories'])) {
// Coming from a form re-entry
$chk = in_array($A['id'], $_POST['categories']) ? EVCHECKED : '';
} else {
$chk = in_array($A['id'], $this->categories) ? EVCHECKED : '';
}
$catlist .= '<input type="checkbox" name="categories[]" ' . 'value="' . $A['id'] . '" ' . $chk . ' />' . ' ' . $A['name'] . ' ';
}
$T->set_var('catlist', $catlist);
if (isset($_POST['newcat'])) {
$T->set_var('newcat', $_POST['newcat']);
}
if ($_USER['uid'] > 1 && $rp_id == 0) {
$T->set_var('category_section', 'true');
$T->set_var('add_cat_input', 'true');
}
}
// Enable the post mode selector if we allow HTML and the user is
// logged in, or if this user is an authorized editor
if ($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) {
$T->set_var(array('postmode_options' => EVLIST_GetOptions($LANG_EVLIST['postmodes'], $postmode), 'allowed_html' => COM_allowedHTML('evlist.submit')));
if ($postmode == 'plaintext') {
// plaintext, hide postmode selector
$T->set_var('postmode_show', ' style="display:none"');
}
$T->parse('event_postmode', 'edit_postmode');
}
if ($this->isAdmin) {
$T->set_var(array('owner_username' => COM_stripslashes($ownerusername), 'owner_dropdown' => COM_optionList($_TABLES['users'], 'uid,username', $this->owner_id, 1, "uid <> 1"), 'group_dropdown' => SEC_getGroupDropdown($this->group_id, 3)));
if ($rp_id == 0) {
// can only change permissions on main event
$T->set_var('permissions_editor', SEC_getPermissionsHTML($this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon));
}
} else {
$T->set_var('group_id', $this->group_id);
}
// Latitude & Longitude part of location, if Location plugin is used
if ($_EV_CONF['use_locator']) {
$T->set_var(array('use_locator' => 'true', 'loc_selection' => GEO_optionList()));
}
$T->parse('output', 'editor');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock();
return $retval;
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $mode 'edit' or 'editsubmission'
* @return string HTML (possibly a refresh)
*/
function handleEdit($mode)
{
global $_TABLES, $LANG03;
//get needed data
$cid = COM_applyFilter($_REQUEST['cid']);
if ($mode == 'editsubmission') {
$table = $_TABLES['commentsubmissions'];
$result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}");
list($type, $sid) = DB_fetchArray($result);
} else {
$sid = COM_applyFilter($_REQUEST['sid']);
$type = COM_applyFilter($_REQUEST['type']);
$table = $_TABLES['comments'];
}
//check for bad data
if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = COM_stripslashes($A['title']);
$commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment']));
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter();
}
public function parse($p1, $p2 = '', $fulltag)
{
global $_CONF, $_TABLES, $_USER, $LANG01;
USES_lib_comments();
$retval = '';
$skip = 0;
$dt = new Date('now', $_USER['tzid']);
// topic = specific topic or 'all'
// display = how many stories to display, if 0, then all
// meta = show meta data (i.e.; who when etc)
// titleLink - make title a hot link
// featured - 0 = show all, 1 = only featured, 2 = all except featured
// frontpage - 1 = show only items marked for frontpage - 0 = show all
// cols - number of columns to show
// template - the template name
$topic = $p1;
if ($topic == 'all') {
$topic = '';
}
$uniqueID = md5($p1 . $p2);
$display = 10;
// display 10 articles
$meta = 0;
// do not display meta data
$titleLink = 0;
// do not use links in title
$featured = 0;
// 0 = show all, 1 = only featured, 2 = all except featured
$frontpage = 0;
// only show items marked for frontpage
$cols = 3;
// number of columns
$truncate = 0;
// maximum number of characters to include in story text
$template = 'headlines.thtml';
$px = explode(' ', trim($p2));
if (is_array($px)) {
foreach ($px as $part) {
if (substr($part, 0, 8) == 'display:') {
$a = explode(':', $part);
$display = $a[1];
$skip++;
} elseif (substr($part, 0, 5) == 'meta:') {
$a = explode(':', $part);
$meta = $a[1];
$skip++;
} elseif (substr($part, 0, 10) == 'titlelink:') {
$a = explode(':', $part);
$titleLink = $a[1];
$skip++;
} elseif (substr($part, 0, 9) == 'featured:') {
$a = explode(':', $part);
$featured = $a[1];
$skip++;
} elseif (substr($part, 0, 10) == 'frontpage:') {
$a = explode(':', $part);
$frontpage = (int) $a[1];
$skip++;
} elseif (substr($part, 0, 5) == 'cols:') {
$a = explode(':', $part);
$cols = $a[1];
$skip++;
} elseif (substr($part, 0, 9) == 'template:') {
$a = explode(':', $part);
$template = $a[1];
$skip++;
} elseif (substr($part, 0, 9) == 'truncate:') {
$a = explode(':', $part);
$truncate = (int) $a[1];
$skip++;
} else {
break;
}
}
if ($skip != 0) {
if (count($px) > $skip) {
for ($i = 0; $i < $skip; $i++) {
array_shift($px);
}
$caption = trim(implode(' ', $px));
} else {
$caption = '';
}
}
} else {
$caption = trim($p2);
}
if ($display < 0) {
$display = 3;
}
$hash = CACHE_security_hash();
$instance_id = 'whatsnew_headlines_' . $uniqueID . '_' . $hash . '_' . $_USER['theme'];
if (($cache = CACHE_check_instance($instance_id, 0)) !== FALSE) {
return $cache;
}
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
$sql = " (date <= NOW()) AND (draft_flag = 0)";
if (empty($topic)) {
$sql .= COM_getLangSQL('tid', 'AND', 's');
}
// if a topic was provided only select those stories.
if (!empty($topic)) {
$sql .= " AND s.tid = '" . DB_escapeString($topic) . "' ";
}
if ($featured == 1) {
$sql .= " AND s.featured = 1 ";
} else {
if ($featured == 2) {
$sql .= " AND s.featured = 0 ";
}
}
if ($frontpage == 1) {
$sql .= " AND frontpage = 1 ";
}
if ($topic != $archivetid) {
$sql .= " AND s.tid != '{$archivetid}' ";
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
$userfields = 'u.uid, u.username, u.fullname';
if ($_CONF['allow_user_photo'] == 1) {
$userfields .= ', u.photo';
if ($_CONF['use_gravatar']) {
$userfields .= ', u.email';
}
}
$orderBy = ' date DESC ';
$headlinesSQL = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC," . $orderBy;
if ($display > 0) {
$headlinesSQL .= " LIMIT " . $display;
}
$result = DB_query($headlinesSQL);
$numRows = DB_numRows($result);
if ($numRows < $cols) {
$cols = $numRows;
}
if ($cols > 6) {
$cols = 6;
}
if ($numRows > 0) {
$T = new Template($_CONF['path'] . 'system/autotags/');
$T->set_file('page', $template);
$T->set_var('columns', $cols);
$T->set_block('page', 'headlines', 'hl');
$newstories = array();
while ($A = DB_fetchArray($result)) {
$T->unset_var('readmore_url');
$T->unset_var('lang_readmore');
if ($A['attribution_author'] != '') {
$author = $A['attribution_author'];
} else {
$author = $A['username'];
}
$title = COM_undoSpecialChars($A['title']);
$title = str_replace(' ', ' ', $title);
$subtitle = COM_undoSpecialChars($A['subtitle']);
if ($A['story_image'] != '') {
$story_image = $_CONF['site_url'] . $A['story_image'];
} else {
$story_image = '';
}
$A['introtext'] = STORY_renderImages($A['sid'], $A['introtext']);
if (!empty($A['bodytext'])) {
$closingP = strrpos($A['introtext'], "</p>");
if ($closingP !== FALSE) {
$text = substr($A['introtext'], 0, $closingP);
$A['introtext'] = $text;
}
// adds the read more link
$T->set_var('readmore_url', COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']));
$T->set_var('lang_readmore', $LANG01['continue_reading']);
}
if ($truncate > 0) {
$A['introtext'] = $this->truncateHTML($A['introtext'], $truncate, '...');
}
$topicurl = $_CONF['site_url'] . '/index.php?topic=' . $A['tid'];
$dt->setTimestamp($A['unixdate']);
if ($A['commentcode'] >= 0) {
$cmtLinkArray = CMT_getCommentLinkWithCount('article', $A['sid'], $_CONF['site_url'] . '/article.php?story=' . $A['sid'], $A['comments'], 1);
$T->set_var(array('lang_comments' => '', 'comments_count' => $cmtLinkArray['comment_count'], 'comments_url' => $cmtLinkArray['url'], 'comments_url_extra' => $cmtLinkArray['url_extra']));
} else {
$T->unset_var('lang_comments');
$T->unset_var('comments_count');
$T->unset_var('comments_url');
$T->unset_var('comments_url_extra');
}
$T->set_var(array('titlelink' => $titleLink ? TRUE : '', 'meta' => $meta ? TRUE : '', 'lang_by' => $LANG01[95], 'lang_posted_in' => $LANG01['posted_in'], 'story_topic_url' => $topicurl, 'title' => $title, 'subtitle' => $subtitle, 'story_image' => $story_image, 'text' => PLG_replaceTags($A['introtext']), 'date' => $A['date'], 'time' => $dt->format('Y-m-d', true) . 'T' . $dt->format('H:i:s', true), 'topic' => $A['topic'], 'tid' => $A['tid'], 'author' => $author, 'author_id' => $A['uid'], 'sid' => $A['sid'], 'short_date' => $dt->format($_CONF['shortdate'], true), 'date_only' => $dt->format($_CONF['dateonly'], true), 'date' => $dt->format($dt->getUserFormat(), true), 'url' => COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']), 'attribution_url' => $A['attribution_url'], 'attribution_name' => $A['attribution_name']));
$T->parse('hl', 'headlines', true);
}
$retval = $T->finish($T->parse('output', 'page'));
CACHE_create_instance($instance_id, $retval, 0);
}
return $retval;
}
/**
* Handle a pingback for an entry.
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param string $id ID of entry that got pinged
* @param string $type type of that entry ('article' for stories, etc.)
* @param string $url URL of the page that pinged us
* @param string $oururl URL that got pinged on our site
* @return object XML-RPC response
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
global $_CONF, $_TABLES, $PNB_ERROR;
require_once 'HTTP/Request.php';
if (!isset($_CONF['check_trackback_link'])) {
$_CONF['check_trackback_link'] = 2;
}
// handle pingbacks to articles on our own site
$skip_speedlimit = false;
if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
if (!isset($_CONF['pingback_self'])) {
$_CONF['pingback_self'] = 0;
// default: skip self-pingbacks
}
if ($_CONF['pingback_self'] == 0) {
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
} elseif ($_CONF['pingback_self'] == 2) {
$skip_speedlimit = true;
}
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
if (!$skip_speedlimit) {
$last = COM_checkSpeedlimit('pingback');
if ($last > 0) {
return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
}
}
// update speed limit in any case
COM_updateSpeedlimit('pingback');
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
if ($_CONF['check_trackback_link'] & 4) {
$parts = parse_url($url);
if (empty($parts['host'])) {
TRB_logRejected('Pingback: No valid URL', $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
} else {
$ip = gethostbyname($parts['host']);
if ($ip != $_SERVER['REMOTE_ADDR']) {
TRB_logRejected('Pingback: IP address mismatch', $url);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
}
}
// See if we can read the page linking to us and extract at least
// the page's title out of it ...
$title = '';
$excerpt = '';
$req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET);
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
$body = $response->getBody();
if ($_CONF['check_trackback_link'] & 3) {
if (!TRB_containsBacklink($body, $oururl)) {
TRB_logRejected('Pingback: No link to us', $url);
$comment = TRB_formatComment($url);
PLG_spamAction($comment, $_CONF['spamx']);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
preg_match(':<title>(.*)</title>:i', $body, $content);
if (empty($content[1])) {
$title = '';
// no title found
} else {
$title = trim(COM_undoSpecialChars($content[1]));
}
if ($_CONF['pingback_excerpt']) {
// Check which character set the site that sent the Pingback
// is using
$charset = 'ISO-8859-1';
// default, see RFC 2616, 3.7.1
$ctype = $response->getHeader('content-type');
$c = explode(';', $ctype);
foreach ($c as $ct) {
$ch = explode('=', trim($ct));
if (count($ch) === 2) {
if (trim($ch[0]) === 'charset') {
$charset = trim($ch[1]);
break;
}
}
}
if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
if (function_exists('mb_convert_encoding')) {
$body = @mb_convert_encoding($body, COM_getCharset(), $charset);
} elseif (function_exists('iconv')) {
$body = @iconv($charset, COM_getCharset(), $body);
}
// else: tough luck ...
}
$excerpt = PNB_makeExcerpt($body, $oururl);
}
// we could also run the rest of the other site's page
// through the spam filter here ...
} elseif ($_CONF['check_trackback_link'] & 3) {
COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
} catch (HTTP_Request2_Exception $e) {
if ($_CONF['check_trackback_link'] & 3) {
// we were supposed to check for backlinks but didn't get the page
COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
}
// check for spam first
$saved = TRB_checkForSpam($url, $title, '', $excerpt);
if ($saved == TRB_SAVE_SPAM) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
// save as a trackback comment
$saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
if ($saved == TRB_SAVE_REJECT) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
}
if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
TRB_sendNotificationEmail($saved, 'pingback');
}
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
/**
* Handle a pingback for an entry.
*
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param string $id ID of entry that got pinged
* @param string $type type of that entry ('article' for stories, etc.)
* @param string $url URL of the page that pinged us
* @param string $oururl URL that got pinged on our site
* @return object XML-RPC response
*
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
global $_CONF, $_TABLES, $PNB_ERROR;
require_once 'HTTP/Request.php';
if (!isset($_CONF['check_trackback_link'])) {
$_CONF['check_trackback_link'] = 2;
}
// handle pingbacks to articles on our own site
$skip_speedlimit = false;
if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
if (!isset($_CONF['pingback_self'])) {
$_CONF['pingback_self'] = 0;
// default: skip self-pingbacks
}
if ($_CONF['pingback_self'] == 0) {
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
} else {
if ($_CONF['pingback_self'] == 2) {
$skip_speedlimit = true;
}
}
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
if (!$skip_speedlimit) {
$last = COM_checkSpeedlimit('pingback');
if ($last > 0) {
return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
}
}
// update speed limit in any case
COM_updateSpeedlimit('pingback');
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
if ($_CONF['check_trackback_link'] & 4) {
$parts = parse_url($url);
if (empty($parts['host'])) {
TRB_logRejected('Pingback: No valid URL', $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
} else {
$ip = gethostbyname($parts['host']);
if ($ip != $_SERVER['REMOTE_ADDR']) {
TRB_logRejected('Pingback: IP address mismatch', $url);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
}
}
// See if we can read the page linking to us and extract at least
// the page's title out of it ...
$title = '';
$excerpt = '';
$req = new HTTP_Request($url);
$req->addHeader('User-Agent', 'glFusion/' . GVERSION);
$response = $req->sendRequest();
if (PEAR::isError($response)) {
if ($_CONF['check_trackback_link'] & 3) {
// we were supposed to check for backlinks but didn't get the page
COM_errorLog("Pingback verification: " . $response->getMessage() . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
// else: silently ignore errors - we'll simply do without the title
} else {
if ($req->getResponseCode() == 200) {
$body = $req->getResponseBody();
if ($_CONF['check_trackback_link'] & 3) {
if (!TRB_containsBacklink($body, $oururl)) {
TRB_logRejected('Pingback: No link to us', $url);
$comment = TRB_formatComment($url);
PLG_spamAction($comment, $_CONF['spamx']);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
preg_match(':<title>(.*)</title>:i', $body, $content);
if (empty($content[1])) {
$title = '';
// no title found
} else {
$title = trim(COM_undoSpecialChars($content[1]));
}
if (isset($_CONF['pingback_excerpt']) && $_CONF['pingback_excerpt']) {
$excerpt = PNB_makeExcerpt($body, $oururl);
}
// we could also run the rest of the other site's page
// through the spam filter here ...
} else {
if ($_CONF['check_trackback_link'] & 3) {
COM_errorLog("Pingback verification: Got HTTP response code " . $req->getResponseCode() . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
}
// else: silently ignore errors - we'll simply do without the title
}
// check for spam first
$saved = TRB_checkForSpam($url, $title, '', $excerpt);
if ($saved == TRB_SAVE_SPAM) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
// save as a trackback comment
$saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
if ($saved == TRB_SAVE_REJECT) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
}
if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
TRB_sendNotificationEmail($saved, 'pingback');
}
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $mode 'edit' or 'editsubmission'
* @param string $format 'threaded', 'nested', or 'flat'
* @param string $order 'ASC' or 'DESC' or blank
* @param int $page Page number of comments to display
* @return string HTML (possibly a refresh)
*/
function CMT_handleEdit($mode = '', $postmode = '', $format, $order, $page)
{
global $_TABLES, $LANG03, $_CONF;
//get needed data
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
if ($cid <= 0) {
COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$type = '';
$sid = '';
if ($mode == 'editsubmission') {
$table = $_TABLES['commentsubmissions'];
$result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}");
list($type, $sid) = DB_fetchArray($result);
} else {
$table = $_TABLES['comments'];
if (isset($_REQUEST[CMT_TYPE])) {
$type = COM_applyFilter($_REQUEST[CMT_TYPE]);
}
if (COMMENT_ON_SAME_PAGE) {
list($plgurl, $plgid) = CMT_getCommentUrlId($type);
if (isset($_REQUEST[$plgid])) {
$sid = COM_applyFilter($_REQUEST[$plgid]);
}
} else {
if (isset($_REQUEST['sid'])) {
$sid = COM_applyFilter($_REQUEST['sid']);
}
}
}
//check for bad data
if (empty($sid) || empty($type)) {
COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
// Filemgmt plugin is doing special processing.
// Therefore, I support specially, against my better judgment.
// May should delete this code part.
if ($type == 'filemgmt' and $mode != 'editsubmission') {
$sid = 'fileid_' . $sid;
}
$result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = COM_stripslashes($A['title']);
$commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment']));
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("CMT_handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
return CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode, $format, $order, $page);
}
/**
* Send an email notification for a new submission.
*
* @param string $table Table where the new submission can be found
* @param string $story Story object that was submitted.
*
*/
function sendNotification($table, $story)
{
global $_CONF, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN;
$title = COM_undoSpecialChars($story->displayElements('title'));
if ($A['postmode'] == 'html') {
$A['introtext'] = strip_tags($A['introtext']);
}
$introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext'));
$storyauthor = COM_getDisplayName($story->displayelements('uid'));
$topic = stripslashes(DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . $story->displayElements('tid') . '\''));
$mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . strftime($_CONF['date']) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n";
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $introtext . "\n\n";
}
if ($table == $_TABLES['storysubmission']) {
$mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n";
} else {
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
$mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n";
}
$mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35];
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
COM_mail($_CONF['site_mail'], $mailsubject, $mailbody);
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd <wenerd87 AT gmail DOT com>
* @return string HTML (possibly a refresh)
*/
function handleEdit()
{
global $_TABLES, $LANG03, $_USER, $_CONF, $_PLUGINS;
if (isset($_POST['cid'])) {
$cid = COM_applyFilter($_POST['cid'], true);
} else {
if (isset($_GET['cid'])) {
$cid = COM_applyFilter($_GET['cid'], true);
} else {
$cid = -1;
}
}
if (isset($_POST['sid'])) {
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
} else {
if (isset($_GET['sid'])) {
$sid = COM_sanitizeID(COM_applyFilter($_GET['sid']));
} else {
$sid = '';
}
}
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
} else {
if (isset($_GET['type'])) {
$type = COM_applyFilter($_GET['type']);
} else {
$type = '';
}
}
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$result = DB_query("SELECT title,comment FROM {$_TABLES['comments']} " . "WHERE cid = " . (int) $cid . " AND sid = '" . DB_escapeString($sid) . "' AND type = '" . DB_escapeString($type) . "'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = $A['title'];
$commenttext = COM_undoSpecialChars($A['comment']);
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><div class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0;
return PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, $commenttext, $sid, $pid, $type, 'edit', $postmode);
}
/**
* Send an email notification for a new submission.
*
* @param string $table Table where the new submission can be found
* @param string $story Story object that was submitted.
*
*/
function sendNotification($table, $story)
{
global $_CONF, $_USER, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN;
$dt = new Date('now', $_USER['tzid']);
$title = COM_undoSpecialChars($story->displayElements('title'));
$postmode = $story->displayElements('postmode');
$introtext = COM_undoSpecialChars($story->displayElements('introtext') . "\n" . $story->displayElements('bodytext'));
if ($postmode == 'html') {
USES_lib_html2text();
$introtext = str_replace("\\r", "", $introtext);
$introtext = $introtext;
$html2txt = new html2text($introtext, false);
$introtext = trim($html2txt->get_text());
}
$storyauthor = COM_getDisplayName($story->displayelements('uid'));
$topic = DB_getItem($_TABLES['topics'], 'topic', 'tid = \'' . DB_escapeString($story->displayElements('tid')) . '\'');
$mailbody = "{$LANG08['31']}: {$title}\n" . "{$LANG24['7']}: {$storyauthor}\n" . "{$LANG08['32']}: " . $dt->format($_CONF['date'], true) . "\n" . "{$LANG_ADMIN['topic']}: {$topic}\n\n";
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$introtext = MBYTE_substr($introtext, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $introtext . "\n\n";
}
if ($table == $_TABLES['storysubmission']) {
$mailbody .= "{$LANG01['10']} <{$_CONF['site_admin_url']}/moderation.php>\n\n";
} else {
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
$mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n";
}
$mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35];
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
}
/**
* Shows any new information in a block
*
* Return the HTML that shows any new stories, comments, etc
*
* @param string $help Help file for block
* @param string $title Title used in block header
* @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return string Return the HTML that shows any new stories, comments, etc
*
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
global $_CONF, $_TABLES, $_USER, $_PLUGINS, $LANG01, $LANG_WHATSNEW, $page, $newstories;
if (!isset($_CONF['whatsnew_cache_time'])) {
$_CONF['whatsnew_cache_time'] = 3600;
}
$cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_USER['theme'];
$retval = CACHE_check_instance($cacheInstance, 0);
if ($retval) {
$lu = CACHE_get_instance_update($cacheInstance, 0);
$now = time();
if ($now - $lu < $_CONF['whatsnew_cache_time']) {
return $retval;
}
}
$T = new Template($_CONF['path_layout'] . 'blocks');
$T->set_file('block', 'whatsnew.thtml');
$items_found = 0;
$header = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position), 'whats_new_block');
$T->set_var('block_start', $header);
$topicsql = '';
if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']);
}
if ($_CONF['hidenewstories'] == 0) {
$archsql = '';
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if (!empty($archivetid)) {
$archsql = " AND (tid <> '" . DB_escapeString($archivetid) . "')";
}
// Find the newest stories
$sql = "SELECT * FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND') . ' ORDER BY date DESC';
$result = DB_query($sql);
$nrows = DB_numRows($result);
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
}
$T->set_block('block', 'section', 'sectionblock');
if ($nrows > 0) {
// Any late breaking news stories?
$T->set_var('section_title', $LANG01[99]);
$T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']));
$newstory = array();
$T->set_block('block', 'datarow', 'datablock');
while ($A = DB_fetchArray($result)) {
$title = COM_undoSpecialChars($A['title']);
$title = str_replace(' ', ' ', $title);
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
$attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()));
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$storyitem = COM_createLink($titletouse, $url, $attr);
$newstory[] = $storyitem;
$T->set_var('data_item', $storyitem);
$T->parse('datablock', 'datarow', true);
$items_found++;
}
$T->parse('sectionblock', 'section', true);
}
}
$T->unset_var('datablock');
if ($_CONF['hidenewcomments'] == 0) {
// Go get the newest comments
$commentHeader = 0;
$newcomments = array();
$commentrow = array();
// get story whats new
$stwhere = '';
if (!COM_isAnonUser()) {
$stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)";
} else {
$stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
}
$sql = "SELECT DISTINCT COUNT(*) AS dups, type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, UNIX_TIMESTAMP(max({$_TABLES['comments']}.date)) AS lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.commentcode >= 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere}))) GROUP BY {$_TABLES['comments']}.sid,type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid ORDER BY 5 DESC LIMIT 15";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$T->set_var('section_title', $LANG01[83]);
$T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']));
$commentHeader = 1;
for ($x = 0; $x < $nrows; $x++) {
$A = DB_fetchArray($result);
$A['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#comments';
$commentrow[] = $A;
}
}
$pluginComments = PLG_getWhatsNewComment();
$commentrow = array_merge($pluginComments, $commentrow);
usort($commentrow, '_commentsort');
$nrows = count($commentrow);
if ($nrows > 0) {
if ($commentHeader == 0) {
$commentHeader = 1;
$T->set_var('section_title', $LANG01[83]);
$T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']));
}
$newcomments = array();
for ($x = 0; $x < $nrows; $x++) {
$titletouse = '';
$url = $commentrow[$x]['url'];
$title = COM_undoSpecialChars($commentrow[$x]['title']);
$title = str_replace(' ', ' ', $title);
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
$attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()));
if ($commentrow[$x]['dups'] > 1) {
$titletouse .= ' [+' . $commentrow[$x]['dups'] . ']';
}
$newcomments[] = COM_createLink($titletouse, $url, $attr);
}
$T->set_block('block', 'datarow', 'datablock');
foreach ($newcomments as $comment) {
$T->set_var('data_item', $comment);
$T->parse('datablock', 'datarow', true);
$items_found++;
}
$T->parse('sectionblock', 'section', true);
}
}
$T->unset_var('datablock');
if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$sql = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$T->set_var('section_title', $LANG01[114]);
$T->set_var('interval', COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']));
$newcomments = array();
$T->set_block('block', 'datarow', 'datablock');
for ($i = 0; $i < $nrows; $i++) {
$titletouse = '';
$A = DB_fetchArray($result);
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
$title = COM_undoSpecialChars($A['title']);
$title = str_replace(' ', ' ', $title);
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
$attr = array('title' => htmlspecialchars($title, ENT_COMPAT, COM_getEncodingt()));
if ($A['count'] > 1) {
$titletouse .= ' [+' . $A['count'] . ']';
}
$trackback = COM_createLink($titletouse, $url, $attr);
$newcomments[] = $trackback;
$T->set_var('data_item', $trackback);
$T->parse('datablock', 'datarow', true);
$items_found++;
}
$T->parse('sectionblock', 'section', true);
}
}
$T->unset_var('datablock');
if ($_CONF['hidenewplugins'] == 0) {
list($headlines, $smallheadlines, $content) = PLG_getWhatsNew();
$plugins = count($headlines);
if ($plugins > 0) {
for ($i = 0; $i < $plugins; $i++) {
$T->set_var('section_title', $headlines[$i]);
$T->set_var('interval', $smallheadlines[$i]);
$T->set_block('block', 'datarow', 'datablock');
if (is_array($content[$i])) {
foreach ($content[$i] as $item) {
$T->set_var('data_item', $item);
$T->parse('datablock', 'datarow', true);
$items_found++;
}
} else {
$T->set_var('data_item', $content[$i]);
$T->parse('datablock', 'datarow', true);
$items_found++;
}
$T->parse('sectionblock', 'section', true);
$T->unset_var('datablock');
$T->unset_var('interval');
$T->unset_var('section_title');
}
}
}
if ($items_found == 0) {
$T->set_var('no_items_found', $LANG01['no_new_items']);
} else {
$T->set_var('no_items_found', '');
}
$T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position)));
$T->parse('output', 'block');
$final = $T->finish($T->get_var('output'));
CACHE_create_instance($cacheInstance, $final, 0);
return $final;
}
/**
* Create a new password and send it to the user
*
* @param string $username user's login name
* @param string $useremail user's email address
* @param int $uid user id of user
* @param string $passwd user's password (optional)
* @return bool true = success, false = an error occured
*
*/
function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '')
{
global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
if (!isset($_SYSTEM['verification_token_ttl'])) {
$_SYSTEM['verification_token_ttl'] = 86400;
}
$activation_link = '';
$uid = (int) $uid;
$storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid);
$userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid);
if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') {
// no need to update password
} else {
if ($passwd == '') {
$passwd = USER_createPassword(8);
}
$passwd2 = SEC_encryptPassword($passwd);
DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid);
}
if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) {
$template = new Template($_CONF['path_data']);
$template->set_file(array('mail' => 'welcome_email.txt'));
$template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}");
$template->set_var('site_url', $_CONF['site_url']);
$template->set_var('site_name', $_CONF['site_name']);
$template->set_var('site_slogan', $_CONF['site_slogan']);
$template->set_var('lang_text1', $LANG04[15]);
$template->set_var('lang_text2', $LANG04[14]);
$template->set_var('lang_username', $LANG04[2]);
$template->set_var('lang_password', $LANG04[4]);
$template->set_var('username', $username);
$template->set_var('password', $passwd);
$template->set_var('name', COM_getDisplayName($uid));
$template->parse('output', 'mail');
$mailtext = $template->get_var('output');
} else {
if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) {
$verification_id = USER_createActivationToken($uid, $username);
$activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid;
$mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
$mailtext .= $LANG04[170] . "\n\n";
$mailtext .= "----------------------------\n";
$mailtext .= $LANG04[2] . ': ' . $username . "\n";
$mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
$mailtext .= "----------------------------\n\n";
$mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n";
$mailtext .= $activation_link . "\n\n";
$mailtext .= $LANG04[173] . "\n\n";
$mailtext .= $LANG04[174] . "\n\n";
$mailtext .= "--\n";
$mailtext .= $_CONF['site_name'] . "\n";
$mailtext .= $_CONF['site_url'] . "\n";
} else {
$mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
$mailtext .= $LANG04[170] . "\n\n";
$mailtext .= "----------------------------\n";
$mailtext .= $LANG04[2] . ': ' . $username . "\n";
if ($passwd != '') {
$mailtext .= $LANG04[4] . ": {$passwd}\n";
}
$mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
$mailtext .= "----------------------------\n\n";
$mailtext .= $LANG04[14] . "\n\n";
$mailtext .= "--\n";
$mailtext .= $_CONF['site_name'] . "\n";
$mailtext .= $_CONF['site_url'] . "\n";
}
}
$subject = $_CONF['site_name'] . ': ' . $LANG04[16];
if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) {
$mailfrom = $_CONF['noreply_mail'];
global $LANG_LOGIN;
$mailtext .= LB . LB . $LANG04[159];
} else {
$mailfrom = $_CONF['site_mail'];
}
$to = array();
$from = array();
$from = COM_formatEmailAddress($_CONF['site_name'], $mailfrom);
$to = COM_formatEmailAddress($username, $useremail);
$subject = COM_undoSpecialChars(strip_tags($subject));
return COM_mail($to, $subject, $mailtext, $from, false);
}
/**
* Email ad to a friend
*
* @param string $ad id of ad to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the ad
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function CLASSIFIEDS_mailAd($ad, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
// check for correct $_CONF permission
if (COM_isAnonUser() && $_CONF['loginrequired'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
//Query ad
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
return $retval;
}
/**
* Shows any new information in a block
*
* Return the HTML that shows any new stories, comments, etc
*
* @param string $help Help file for block
* @param string $title Title used in block header
* @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return string Return the HTML that shows any new stories, comments, etc
*
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW, $page, $newstories;
$retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
$topicsql = '';
if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']);
}
if ($_CONF['hidenewstories'] == 0) {
$archsql = '';
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if (!empty($archivetid)) {
$archsql = " AND (tid <> '" . addslashes($archivetid) . "')";
}
// Find the newest stories
$sql['mssql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
$sql['mysql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
$sql['pgsql'] = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
$result = DB_query($sql);
$A = DB_fetchArray($result);
$nrows = $A['count'];
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
}
// Any late breaking news stories?
$retval .= '<h3>' . $LANG01[99] . '</h3>';
if ($nrows > 0) {
$newmsg = COM_formatTimeString($LANG_WHATSNEW['new_string'], $_CONF['newstoriesinterval'], $LANG01[11], $nrows);
if ($newstories && $page < 2) {
$retval .= $newmsg . '<br' . XHTML . '>';
} else {
$retval .= COM_createLink($newmsg, $_CONF['site_url'] . '/index.php?display=new') . '<br' . XHTML . '>';
}
} else {
$retval .= $LANG01[100] . '<br' . XHTML . '>';
}
if ($_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0 || $_CONF['hidenewplugins'] == 0) {
$retval .= '<br' . XHTML . '>';
}
}
if ($_CONF['hidenewcomments'] == 0) {
// Go get the newest comments
$retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
$new_plugin_comments = array();
$new_plugin_comments = PLG_getWhatsNewComment();
if (!empty($new_plugin_comments)) {
// Sort array by element lastdate newest to oldest
foreach ($new_plugin_comments as $k => $v) {
$b[$k] = strtolower($v['lastdate']);
}
arsort($b);
foreach ($b as $key => $val) {
$temp[] = $new_plugin_comments[$key];
}
$new_plugin_comments = $temp;
$newcomments = array();
$count = 0;
foreach ($new_plugin_comments as $A) {
$count .= +1;
$url = '';
$info = PLG_getItemInfo($A['type'], $A['sid'], 'url');
if (!empty($info)) {
$url = $info . '#comments';
}
// Check to see if url (plugin may not support PLG_getItemInfo
if (!empty($url)) {
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titletouse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$acomment = str_replace('$', '$', $titletouse);
$acomment = str_replace(' ', ' ', $acomment);
if ($A['dups'] > 1) {
$acomment .= ' [+' . $A['dups'] . ']';
}
$newcomments[] = COM_createLink($acomment, $url, $attr);
if ($count == 15) {
break;
}
}
}
$retval .= COM_makeList($newcomments, 'list-new-comments');
} else {
$retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<br' . XHTML . '>';
}
}
if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
$sql['mssql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
$sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
$sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$newcomments = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titletouse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$acomment = str_replace('$', '$', $titletouse);
$acomment = str_replace(' ', ' ', $acomment);
if ($A['count'] > 1) {
$acomment .= ' [+' . $A['count'] . ']';
}
$newcomments[] = COM_createLink($acomment, $url, $attr);
}
$retval .= COM_makeList($newcomments, 'list-new-trackbacks');
} else {
$retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0) {
$retval .= '<br' . XHTML . '>';
}
}
if ($_CONF['hidenewplugins'] == 0) {
list($headlines, $smallheadlines, $content) = PLG_getWhatsNew();
$plugins = count($headlines);
if ($plugins > 0) {
for ($i = 0; $i < $plugins; $i++) {
$retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallheadlines[$i] . '</small></h3>';
if (is_array($content[$i])) {
$retval .= COM_makeList($content[$i], 'list-new-plugins');
} else {
$retval .= $content[$i];
}
if ($i + 1 < $plugins) {
$retval .= '<br' . XHTML . '>';
}
}
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
return $retval;
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
$dt = new Date('now', $_USER['tzid']);
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retURL = $storyurl . '?msg=85';
} else {
$retURL = $storyurl . '&msg=85';
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
echo COM_refresh($retURL);
exit;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
echo COM_refresh($retURL);
exit;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
echo COM_refresh($retURL);
exit;
}
$filter = sanitizer::getInstance();
if ($html) {
$filter->setPostmode('html');
} else {
$filter->setPostmode('text');
}
$allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']);
$filter->setAllowedElements($allowedElements);
$filter->setCensorData(true);
$filter->setReplaceTags(true);
$filter->setNamespace('glfusion', 'mail_story');
$sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
$result = DB_query($sql);
if (DB_numRows($result) == 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
if ($html) {
$shortmsg = $filter->filterHTML($shortmsg);
}
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$dt->setTimestamp($A['day']);
if ($html) {
$mailtext .= '<p>------------------------------------------------------------</p>' . '<p>' . COM_undoSpecialChars($A['title']) . '</p>' . '<p>' . $dt->format($_CONF['date'], true) . '</p>';
} else {
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($A['title']) . LB . $dt->format($_CONF['date'], true) . LB;
}
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($A['uid']);
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
if ($html) {
$mailtext .= '<p>' . $filter->displayText($A['introtext']) . '<br />' . $filter->displayText($A['bodytext']) . '</p>' . '<p>------------------------------------------------------------</p>';
} else {
$mailtext .= $filter->displayText($A['introtext']) . LB . $filter->displayText($A['bodytext']) . LB . LB . '------------------------------------------------------------' . LB;
}
if ($A['commentcode'] == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = array();
$mailfrom = array();
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title']));
$rc = COM_mail($mailto, $subject, $mailtext, $mailfrom, $html);
COM_updateSpeedlimit('mail');
if ($rc) {
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=27');
} else {
$retval = COM_refresh($storyurl . '&msg=27');
}
} else {
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=26');
} else {
$retval = COM_refresh($storyurl . '&msg=26');
}
}
echo COM_refresh($retval);
exit;
}
/**
* Return list of articles for the Related Items block
*
* @param array $tids list of topic ids
* @param int $max maximum number of items to return
* @param int $trim max length of text
* @return array array of links to related articles with unix timestamp as key
*/
function plugin_getrelateditems_story($tids, $max, $trim)
{
global $_CONF, $_TABLES;
$where_sql = '';
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if (!empty($archivetid)) {
$where_sql = " AND (ta.tid <> '{$archivetid}')";
}
// Find the newest stories the user has access too
$sql = "SELECT sid, title, UNIX_TIMESTAMP(date) s_date\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = sid AND (ta.tid IN ('" . implode("','", $tids) . "'))\n AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid ORDER BY s_date DESC LIMIT {$max}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
$newstories = array();
if ($nrows > 0) {
for ($x = 0; $x < $nrows; $x++) {
$A = DB_fetchArray($result);
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$title = COM_undoSpecialChars(stripslashes($A['title']));
if ($trim > 0) {
$titletouse = COM_truncate($title, $trim, '...');
} else {
$titletouse = $title;
}
if ($title != $titletouse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$astory = str_replace('$', '$', $titletouse);
$astory = str_replace(' ', ' ', $astory);
$newstories[$A['s_date']] = COM_createLink($astory, $url, $attr);
}
}
return $newstories;
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08;
$dt = new Date('now', $_USER['tzid']);
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retURL = $storyurl . '?msg=85';
} else {
$retURL = $storyurl . '&msg=85';
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
echo COM_refresh($retURL);
exit;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
echo COM_refresh($retURL);
exit;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
echo COM_refresh($retURL);
exit;
}
$filter = sanitizer::getInstance();
if ($html) {
$filter->setPostmode('html');
} else {
$filter->setPostmode('text');
}
$allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']);
$filter->setAllowedElements($allowedElements);
$filter->setCensorData(true);
$filter->setReplaceTags(true);
$filter->setNamespace('glfusion', 'mail_story');
$sql = "SELECT uid,title,introtext,bodytext,story_image,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
$result = DB_query($sql);
if (DB_numRows($result) == 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$result = PLG_checkforSpam($shortmsg, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
USES_lib_html2text();
$T = new Template($_CONF['path_layout'] . 'email/');
$T->set_file(array('html_msg' => 'mailstory_html.thtml', 'text_msg' => 'mailstory_text.thtml'));
// filter any HTML from the short message
$shortmsg = $filter->filterHTML($shortmsg);
$html2txt = new html2text($shortmsg, false);
$shortmsg_text = $html2txt->get_text();
$story_body = COM_truncateHTML($A['introtext'], 512);
$html2txt = new html2text($story_body, false);
$story_body_text = $html2txt->get_text();
$dt->setTimestamp($A['day']);
$story_date = $dt->format($_CONF['date'], true);
$story_title = COM_undoSpecialChars($A['title']);
$story_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($A['uid']);
} else {
$author = '';
}
if ($A['story_image'] != '') {
$story_image = $_CONF['site_url'] . $A['story_image'];
} else {
$story_image = '';
}
$T->set_var(array('shortmsg_html' => $shortmsg, 'shortmsg_text' => $shortmsg_text, 'story_title' => $story_title, 'story_date' => $story_date, 'story_url' => $story_url, 'author' => $author, 'story_image' => $story_image, 'story_body_html' => $story_body, 'story_body_text' => $story_body_text, 'lang_by' => $LANG01[1], 'site_name' => $_CONF['site_name'], 'from_name' => $from, 'disclaimer' => sprintf($LANG08[23], $from, $fromemail)));
$T->parse('message_body_html', 'html_msg');
$message_body_html = $T->finish($T->get_var('message_body_html'));
$T->parse('message_body_text', 'text_msg');
$message_body_text = $T->finish($T->get_var('message_body_text'));
$msgData = array('htmlmessage' => $message_body_html, 'textmessage' => $message_body_text, 'subject' => $story_title, 'from' => array('email' => $_CONF['site_mail'], 'name' => $from), 'to' => array('email' => $toemail, 'name' => $to));
$mailto = array();
$mailfrom = array();
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title']));
$rc = COM_mail($mailto, $msgData['subject'], $msgData['htmlmessage'], $mailfrom, true, 0, '', $msgData['textmessage']);
COM_updateSpeedlimit('mail');
if ($rc) {
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=27');
} else {
$retval = COM_refresh($storyurl . '&msg=27');
}
} else {
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=26');
} else {
$retval = COM_refresh($storyurl . '&msg=26');
}
}
echo COM_refresh($retval);
exit;
}
/**
* Handle a pingback for an entry.
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param string $id ID of entry that got pinged
* @param string $type type of that entry ('article' for stories, etc.)
* @param string $url URL of the page that pinged us
* @param string $oururl URL that got pinged on our site
* @return object XML-RPC response
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
global $_CONF, $_TABLES, $PNB_ERROR;
require_once 'HTTP/Request.php';
if (!isset($_CONF['check_trackback_link'])) {
$_CONF['check_trackback_link'] = 2;
}
// handle pingbacks to articles on our own site
$skip_speedlimit = false;
if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
if (!isset($_CONF['pingback_self'])) {
$_CONF['pingback_self'] = 0;
// default: skip self-pingbacks
}
if ($_CONF['pingback_self'] == 0) {
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
} elseif ($_CONF['pingback_self'] == 2) {
$skip_speedlimit = true;
}
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
if (!$skip_speedlimit) {
$last = COM_checkSpeedlimit('pingback');
if ($last > 0) {
return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
}
}
// update speed limit in any case
COM_updateSpeedlimit('pingback');
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
if ($_CONF['check_trackback_link'] & 4) {
$parts = parse_url($url);
if (empty($parts['host'])) {
TRB_logRejected('Pingback: No valid URL', $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
} else {
$ip = gethostbyname($parts['host']);
if ($ip != $_SERVER['REMOTE_ADDR']) {
TRB_logRejected('Pingback: IP address mismatch', $url);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
}
}
// See if we can read the page linking to us and extract at least
// the page's title out of it ...
$title = '';
$excerpt = '';
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
$http->debug = 0;
$http->html_debug = 0;
$http->user_agent = 'glFusion/' . GVERSION;
$error = $http->GetRequestArguments($url, $arguments);
$error = $http->Open($arguments);
$error = $http->SendRequest($arguments);
if ($error == "") {
$http->ReadReplyHeaders($headers);
if ($http->response_status == 200) {
$error = $http->ReadWholeReplyBody($body);
if ($error == "" || strlen($body) > 0) {
if ($_CONF['check_trackback_link'] & 3) {
if (!TRB_containsBacklink($body, $oururl)) {
TRB_logRejected('Pingback: No link to us', $url);
$comment = TRB_formatComment($url);
PLG_spamAction($comment, $_CONF['spamx']);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
preg_match(':<title>(.*)</title>:i', $body, $content);
if (empty($content[1])) {
$title = '';
// no title found
} else {
$title = trim(COM_undoSpecialChars($content[1]));
}
if ($_CONF['pingback_excerpt']) {
// Check which character set the site that sent the Pingback
// is using
$charset = 'ISO-8859-1';
// default, see RFC 2616, 3.7.1
$ctype = $headers['content-type'];
$c = explode(';', $ctype);
foreach ($c as $ct) {
$ch = explode('=', trim($ct));
if (count($ch) === 2) {
if (trim($ch[0]) === 'charset') {
$charset = trim($ch[1]);
break;
}
}
}
if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
if (function_exists('mb_convert_encoding')) {
$body = @mb_convert_encoding($body, COM_getCharset(), $charset);
} elseif (function_exists('iconv')) {
$body = @iconv($charset, COM_getCharset(), $body);
}
}
$excerpt = PNB_makeExcerpt($body, $oururl);
}
// we could also run the rest of the other site's page
// through the spam filter here ...
} else {
COM_errorLog("Pingback verification: unable to retrieve response body");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
} else {
COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}");
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
} else {
COM_errorLog("Pingback verification: " . $error . " when requesting " . $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
}
// check for spam first
$saved = TRB_checkForSpam($url, $title, '', $excerpt);
if ($saved == TRB_SAVE_SPAM) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
// save as a trackback comment
$saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt);
if ($saved == TRB_SAVE_REJECT) {
return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']);
}
if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) {
TRB_sendNotificationEmail($saved, 'pingback');
}
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success']));
}
/**
* Shows any new information in a block
*
* Return the HTML that shows any new stories, comments, etc
*
* @param string $help Help file for block
* @param string $title Title used in block header
* @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return string Return the HTML that shows any new stories, comments, etc
*
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG_WHATSNEW, $page, $newstories;
$retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
$topicsql = '';
if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$topicsql = COM_getTopicSql('AND', 0, $_TABLES['stories']);
}
if ($_CONF['hidenewstories'] == 0) {
$archsql = '';
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if (!empty($archivetid)) {
$archsql = " AND (tid <> '" . addslashes($archivetid) . "')";
}
// Find the newest stories
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $archsql . COM_getPermSQL('AND') . $topicsql . COM_getLangSQL('sid', 'AND');
$result = DB_query($sql);
$A = DB_fetchArray($result);
$nrows = $A['count'];
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
}
// Any late breaking news stories?
$retval .= '<h3>' . $LANG01[99] . '</h3>';
if ($nrows > 0) {
$newmsg = COM_formatTimeString($LANG_WHATSNEW['new_string'], $_CONF['newstoriesinterval'], $LANG01[11], $nrows);
if ($newstories && $page < 2) {
$retval .= $newmsg . '<br' . XHTML . '>';
} else {
$retval .= COM_createLink($newmsg, $_CONF['site_url'] . '/index.php?display=new') . '<br' . XHTML . '>';
}
} else {
$retval .= $LANG01[100] . '<br' . XHTML . '>';
}
if ($_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0 || $_CONF['hidenewplugins'] == 0) {
$retval .= '<br' . XHTML . '>';
}
}
if ($_CONF['hidenewcomments'] == 0) {
// Go get the newest comments
$retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
$stwhere = '';
if (!COM_isAnonUser()) {
$stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL)";
} else {
$stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
}
$sql = "SELECT DISTINCT COUNT(*) AS dups, type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid, max({$_TABLES['comments']}.date) AS lastdate FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.commentcode >= 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . ") WHERE ({$_TABLES['comments']}.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newcommentsinterval']} SECOND))) AND ((({$stwhere}))) GROUP BY {$_TABLES['comments']}.sid,type, {$_TABLES['stories']}.title, {$_TABLES['stories']}.title, {$_TABLES['stories']}.sid ORDER BY 5 DESC LIMIT 15";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$newcomments = array();
for ($x = 0; $x < $nrows; $x++) {
$A = DB_fetchArray($result);
if ($A['type'] == 'article' || empty($A['type'])) {
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#comments';
}
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titletouse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$acomment = str_replace('$', '$', $titletouse);
$acomment = str_replace(' ', ' ', $acomment);
if ($A['dups'] > 1) {
$acomment .= ' [+' . $A['dups'] . ']';
}
$newcomments[] = COM_createLink($acomment, $url, $attr);
}
$retval .= COM_makeList($newcomments, 'list-new-comments');
} else {
$retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<br' . XHTML . '>';
}
}
if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
$sql = "SELECT DISTINCT COUNT(*) AS count,{$_TABLES['stories']}.title,t.sid,max(t.date) AS lastdate FROM {$_TABLES['trackback']} AS t,{$_TABLES['stories']} WHERE (t.type = 'article') AND (t.sid = {$_TABLES['stories']}.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, $_TABLES['stories']) . " AND ({$_TABLES['stories']}.draft_flag = 0) AND ({$_TABLES['stories']}.trackbackcode = 0)" . $topicsql . COM_getLangSQL('sid', 'AND', $_TABLES['stories']) . " GROUP BY t.sid, {$_TABLES['stories']}.title ORDER BY lastdate DESC LIMIT 15";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$newcomments = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titletouse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titletouse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$acomment = str_replace('$', '$', $titletouse);
$acomment = str_replace(' ', ' ', $acomment);
if ($A['count'] > 1) {
$acomment .= ' [+' . $A['count'] . ']';
}
$newcomments[] = COM_createLink($acomment, $url, $attr);
}
$retval .= COM_makeList($newcomments, 'list-new-trackbacks');
} else {
$retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0) {
$retval .= '<br' . XHTML . '>';
}
}
if ($_CONF['hidenewplugins'] == 0) {
list($headlines, $smallheadlines, $content) = PLG_getWhatsNew();
$plugins = count($headlines);
if ($plugins > 0) {
for ($i = 0; $i < $plugins; $i++) {
$retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallheadlines[$i] . '</small></h3>';
if (is_array($content[$i])) {
$retval .= COM_makeList($content[$i], 'list-new-plugins');
} else {
$retval .= $content[$i];
}
if ($i + 1 < $plugins) {
$retval .= '<br' . XHTML . '>';
}
}
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
return $retval;
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
require_once $_CONF['path_system'] . 'lib-story.php';
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=85');
} else {
$retval = COM_refresh($storyurl . '&msg=85');
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
return $retval;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85'));
} else {
$retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85'));
}
return $retval;
}
/**
* Shows any new information in a block
* Return the HTML that shows any new stories, comments, etc
*
* @param string $help Help file for block
* @param string $title Title used in block header
* @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return string Return the HTML that shows any new stories, comments, etc
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW;
if ($_CONF['whatsnew_cache_time'] > 0) {
$cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_CONF['theme'];
$retval = CACHE_check_instance($cacheInstance);
if ($retval) {
$lu = CACHE_get_instance_update($cacheInstance);
$now = time();
if ($now - $lu < $_CONF['whatsnew_cache_time']) {
return $retval;
}
}
}
$retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
$topicSql = '';
if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$topicSql = COM_getTopicSQL('AND', 0, 'ta');
}
if ($_CONF['hidenewstories'] == 0) {
$where_sql = " AND ta.type = 'article' AND ta.id = sid";
$archiveTid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if (!empty($archiveTid)) {
$where_sql .= " AND (ta.tid <> '{$archiveTid}')";
}
// Find the newest stories
$sql['mysql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid, title, date ORDER BY date DESC";
$sql['pgsql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid, title, date ORDER BY date DESC";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
}
// Any late breaking news stories?
$retval .= '<h3>' . $LANG01[99] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newstoriesinterval']) . '</small></h3>';
if ($numRows > 0) {
$newArticles = array();
for ($x = 0; $x < $numRows; $x++) {
$A = DB_fetchArray($result);
$url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titleToUse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$anchorText = str_replace('$', '$', $titleToUse);
$anchorText = str_replace(' ', ' ', $anchorText);
$newArticles[] = COM_createLink($anchorText, $url, $attr);
}
$retval .= COM_makeList($newArticles, 'list-new-plugins');
} else {
$retval .= $LANG01[100] . '<br' . XHTML . '>' . LB;
// No new stories
}
if ($_CONF['hidenewcomments'] == 0 || $_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
if ($_CONF['hidenewcomments'] == 0) {
// Go get the newest comments
$retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
$new_plugin_comments = PLG_getWhatsNewComment();
if (!empty($new_plugin_comments)) {
// Sort array by element lastdate newest to oldest
foreach ($new_plugin_comments as $k => $v) {
$b[$k] = strtolower($v['lastdate']);
}
arsort($b);
$temp = array();
foreach ($b as $key => $val) {
$temp[] = $new_plugin_comments[$key];
}
$new_plugin_comments = $temp;
$newComments = array();
$count = 0;
foreach ($new_plugin_comments as $A) {
$count .= +1;
$url = '';
$info = PLG_getItemInfo($A['type'], $A['sid'], 'url');
if (!empty($info)) {
$url = $info . '#comments';
}
// Check to see if url (plugin may not support PLG_getItemInfo
if (!empty($url)) {
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titleToUse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$anchorComment = str_replace('$', '$', $titleToUse);
$anchorComment = str_replace(' ', ' ', $anchorComment);
if ($A['dups'] > 1) {
$anchorComment .= ' [+' . $A['dups'] . ']';
}
$newComments[] = COM_createLink($anchorComment, $url, $attr);
if ($count == 15) {
break;
}
}
}
$retval .= COM_makeList($newComments, 'list-new-comments');
} else {
$retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
$sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n GROUP BY t.sid, s.title\n ORDER BY lastdate DESC LIMIT 15";
$sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n GROUP BY t.sid, s.title\n ORDER BY lastdate DESC LIMIT 15";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows > 0) {
$newComments = array();
for ($i = 0; $i < $numRows; $i++) {
$A = DB_fetchArray($result);
$url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titleToUse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$anchorComment = str_replace('$', '$', $titleToUse);
$anchorComment = str_replace(' ', ' ', $anchorComment);
if ($A['count'] > 1) {
$anchorComment .= ' [+' . $A['count'] . ']';
}
$newComments[] = COM_createLink($anchorComment, $url, $attr);
}
$retval .= COM_makeList($newComments, 'list-new-trackbacks');
} else {
$retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
if ($_CONF['hidenewplugins'] == 0) {
list($headlines, $smallHeadlines, $content) = PLG_getWhatsNew();
$plugins = count($headlines);
if ($plugins > 0) {
for ($i = 0; $i < $plugins; $i++) {
$retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallHeadlines[$i] . '</small></h3>';
if (is_array($content[$i])) {
$retval .= COM_makeList($content[$i], 'list-new-plugins');
} else {
$retval .= $content[$i];
}
if ($i + 1 < $plugins) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
if ($_CONF['whatsnew_cache_time'] > 0) {
CACHE_create_instance($cacheInstance, $retval);
}
return $retval;
}
