function article_save() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE); return; } $incoming = textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt')))); $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; $when_ts = time(); } else { $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset(); $whenposted = "Posted=from_unixtime({$when})"; } if (empty($exp_year)) { $expires = 0; $whenexpires = "Expires=" . NULLDATETIME; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset(); $whenexpires = "Expires=from_unixtime({$expires})"; } if ($expires) { if ($expires <= $when_ts) { article_edit(gTxt('article_expires_before_postdate')); return; } } //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { do_pings(); } update_lastmod(); } article_edit(get_status_message($Status) . check_url_title($url_title)); }
function product_post() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); define("IMPATH", $path_to_site . '/' . $img_dir . '/'); $incoming = psa($vars); $import = false; $message = ''; $wrapper = new TXP_Wrapper(); $incoming = $wrapper->textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('Status', 'textile_body', 'textile_excerpt')))); $Annotate = ps('Annotate') ? assert_int(ps('Annotate')) : 0; if ($import) { $Status = $product['Status']; } $when = 'now()'; if ($Title or $Body or $Excerpt) { if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if (empty($url_title)) { $url_title = stripSpace($Title_plain, 1); } if (!$Annotate) { $Annotate = 0; } if (isset($new_vendor_name) && !empty($new_vendor_name)) { $custom_5 = $new_vendor_name; cat_vendor_category_create($custom_5); } else { if (isset($vendor)) { $custom_5 = $vendor; } } safe_insert("textpattern", "Title = '{$Title}',\n\t\t\t\tBody = '{$Body}',\n\t\t\t\tBody_html = '{$Body_html}',\n\t\t\t\tExcerpt = '{$Excerpt}',\n\t\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\t\tImage = '{$Image}',\n\t\t\t\tKeywords = '{$Keywords}',\n\t\t\t\tStatus = {$Status},\n\t\t\t\tPosted = {$when},\n\t\t\t\tLastMod = now(),\n\t\t\t\tAuthorID = '{$txp_user}',\n\t\t\t\tSection = '{$Section}',\n\t\t\t\tCategory1 = '{$Category1}',\n\t\t\t\tCategory2 = '{$Category2}',\n\t\t\t\ttextile_body = {$textile_body},\n\t\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\t\tAnnotate = {$Annotate},\n\t\t\t\toverride_form = '{$override_form}',\n\t\t\t\turl_title = '{$url_title}',\n\t\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\t\tcustom_1 = '{$custom_1}',\n\t\t\t\tcustom_2 = '{$custom_2}',\n\t\t\t\tcustom_3 = '{$custom_3}',\n\t\t\t\tcustom_4 = '{$custom_4}',\n\t\t\t\tcustom_5 = '{$custom_5}',\n\t\t\t\tcustom_6 = '{$custom_6}',\n\t\t\t\tcustom_7 = '{$custom_7}',\n\t\t\t\tcustom_8 = '{$custom_8}',\n\t\t\t\tcustom_9 = '{$custom_9}',\n\t\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t\tuid\t\t\t\t= '" . md5(uniqid(rand(), true)) . "',\n\t\t\t\tfeed_time\t\t= now()"); $GLOBALS['ID'] = mysql_insert_id(); $ID = $GLOBALS['ID']; //print_r($_FILES); //CUSTOM FIELDS save_custom_fields($_REQUEST['custom_fields'], $ID); //IMAGE UPLOAD //======================= if ($_FILES["uploadFile"]["type"] == "image/gif" || $_FILES["uploadFile"]["type"] == "image/jpeg" || $_FILES["uploadFile"]["type"] == "image/png") { // prepare the image for insertion $img = $_FILES['uploadFile']['tmp_name']; upload_image($img, 1, $ID); } //END IMAGE UPLOAD //======================= if ($Status >= 4) { if (!function_exists("do_pings")) { require_once txpath . '/include/txp_article.php'; do_pings(); } update_lastmod(); } product_edit("", "", "Product Saved"); } else { product_edit(); } }
/** * Processes sent forms and updates existing articles. */ function article_save() { global $txp_user, $vars, $prefs; extract($prefs); $incoming = array_map('assert_string', psa($vars)); $oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n UNIX_TIMESTAMP(Posted) AS sPosted,\n UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']); if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true); return; } if (!has_privs('article.set_markup')) { $incoming['textile_body'] = $oldArticle['textile_body']; $incoming['textile_excerpt'] = $oldArticle['textile_excerpt']; } $incoming = textile_main_fields($incoming); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status')))); // Comments may be on, off, or disabled. $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= STATUS_LIVE) { $Status = STATUS_PENDING; } // Set and validate article timestamp. if ($reset_time) { $whenposted = "Posted = NOW()"; $when_ts = time(); } else { if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) { $ts = false; } else { $ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second); } if ($ts === false || $ts < 0) { $when = $when_ts = $oldArticle['sPosted']; $msg = array(gTxt('invalid_postdate'), E_ERROR); } else { $when = $when_ts = $ts - tz_offset($ts); } $whenposted = "Posted = FROM_UNIXTIME({$when})"; } // Set and validate expiry timestamp. if (empty($exp_year)) { $expires = 0; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second); if ($ts === false || $ts < 0) { $expires = $oldArticle['sExpires']; $msg = array(gTxt('invalid_expirydate'), E_ERROR); } else { $expires = $ts - tz_offset($ts); } } if ($expires && $expires <= $when_ts) { $expires = $oldArticle['sExpires']; $msg = array(gTxt('article_expires_before_postdate'), E_ERROR); } if ($expires) { $whenexpires = "Expires = FROM_UNIXTIME({$expires})"; } else { $whenexpires = "Expires = " . NULLDATETIME; } // Auto-update custom-titles according to Title, as long as unpublished and // NOT customised. if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); $user = doSlash($txp_user); $description = doSlash($description); $cfq = array(); $cfs = getCustomFields(); foreach ($cfs as $i => $cf_name) { $custom_x = "custom_{$i}"; $cfq[] = "custom_{$i} = '" . ${$custom_x} . "'"; } $cfq = join(', ', $cfq); $rs = compact($vars); if (article_validate($rs, $msg)) { if (safe_update('textpattern', "Title = '{$Title}',\n Body = '{$Body}',\n Body_html = '{$Body_html}',\n Excerpt = '{$Excerpt}',\n Excerpt_html = '{$Excerpt_html}',\n Keywords = '{$Keywords}',\n description = '{$description}',\n Image = '{$Image}',\n Status = {$Status},\n LastMod = NOW(),\n LastModID = '{$user}',\n Section = '{$Section}',\n Category1 = '{$Category1}',\n Category2 = '{$Category2}',\n Annotate = {$Annotate},\n textile_body = '{$textile_body}',\n textile_excerpt = '{$textile_excerpt}',\n override_form = '{$override_form}',\n url_title = '{$url_title}',\n AnnotateInvite = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n {$whenexpires}", "ID = {$ID}")) { if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) { do_pings(); } if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) { update_lastmod('article_saved', $rs); } now('posted', true); now('expires', true); callback_event('article_saved', '', false, $rs); if (empty($msg)) { $s = check_url_title($url_title); $msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0); } } else { $msg = array(gTxt('article_save_failed'), E_ERROR); } } article_edit($msg, false, true); }
function article_save() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } $incoming = textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt')))); $Annotate = ps('Annotate') ? assert_int(ps('Annotate')) : 0; if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; } else { $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset(); $when = "from_unixtime({$when})"; $whenposted = "Posted={$when}"; } //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) { $url_title = stripSpace($Title_plain, 1); } if (!$Annotate) { $Annotate = 0; } safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID = {$ID}"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { do_pings(); } update_lastmod(); } article_edit(get_status_message($Status) . check_url_title($url_title)); }