Example #1
0
function mod_pick_style()
{
    $styles = array("Standardstil" => "css/aviscms.css", "Thormod" => "http://www.stud.ntnu.no/~nordram/thorstyle.css", "Heimegut" => "http://www.festsiden.org/_tore/heimegut.css", "Blogspot" => "http://www.festsiden.org/_tore/blogspot.css", "Galápagos" => "css/galapagos.css");
    global $stylestatus, $layout, $css_file, $languageChoice;
    echo '<div class="options"><div class="optionsheader">Stilvelger</div>';
    form_start_get();
    echo '<select name="chosenstyle">';
    foreach ($styles as $stylename => $stylefile) {
        if ($stylefile == $css_file) {
            echo '<option value="' . $stylefile . '" selected="selected">' . $stylename . '</option>';
        } else {
            echo '<option value="' . $stylefile . '">' . $stylename . '</option>';
        }
    }
    echo "</select>";
    form_hidden("module_right_2", "mod_pick_style");
    form_hidden("styleselect", "styleselect");
    echo "<br/>";
    echo "<br/>";
    echo '<div class="optionsheader">Velg layout</div>';
    ?>
		<select name="chosenlayout">
		<?php 
    echo '<option value="1">En kolonne</option>';
    echo '<option value="2">To kolonner</option>';
    echo '<option value="3">Tre kolonner</option>';
    echo '<option value="4">Fire kolonne</option>';
    ?>
		</select>
	<?php 
    form_hidden("redirect", "true");
    form_hidden("module_right_2", "mod_pick_style");
    form_hidden("layoutselect", "layoutselect");
    echo "<br/>";
    echo "<br/>";
    echo '<div class="optionsheader">Velg språk</div>';
    $arrayWithAllLanguageIds = getAllLanguageIds();
    $arrayWithAllLanguageNames = getAllLanguageNames();
    // Add a choice for viewing articles in all languages
    array_unshift($arrayWithAllLanguageIds, "-1");
    array_unshift($arrayWithAllLanguageNames, "Alle språk");
    debug("fra cookie..:" . $languageChoice . "!");
    debug("fra cookie..:" . $_REQUEST['languageChoice'] . "!");
    form_dropdown("languageChoice", $arrayWithAllLanguageIds, $arrayWithAllLanguageNames, $languageChoice + 1);
    echo "<br/>";
    echo "<br/>";
    form_submit("submitlayout", "Endre");
    form_end();
    echo "</div>";
}
Example #2
0
function module_add_article()
{
    global $flashformid;
    echo "\n<!-- start add article -->";
    $all_ok = true;
    // Error checking
    // create short variable names
    $edit = $_REQUEST['editarticle'];
    // Is this an edit operation?
    // User has confirmed a previewed article, get values from session
    if (isset($_REQUEST['previewconfirmed'])) {
        $author = $_SESSION['author'];
        $title = $_SESSION['title'];
        $intro = $_SESSION['intro'];
        $body = $_SESSION['body'];
        $priority = $_SESSION['priority'];
        $date_posted = $_SESSION['date_posted'];
        $time_posted = $_SESSION['time_posted'];
        $comment_to = $_SESSION['comment_to'];
        $articleid = $_SESSION['articleid'];
        $category = $_SESSION['category'];
        $is_draft = $_SESSION['is_draft'];
    } else {
        $author = $_POST['author'];
        $title = $_POST['title'];
        $intro = $_POST['intro'];
        $body = $_POST['body'];
        $priority = $_POST['priority'];
        $date_posted = $_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day'];
        $time_posted = $_POST['hours'] . ":" . $_POST['minutes'];
        $comment_to = $_POST['comment_to'];
        $articleid = $_POST['articleid'];
        $category = $_REQUEST['category'];
        $category = 0;
        $is_draft = $_POST['is_draft'];
        $article_form_id = $_REQUEST['article_form_id'];
    }
    // Replace form-given time with real time if this is a comment
    if ($comment_to > 0) {
        $date_posted = date("Y") . "-" . date("m") . "-" . date("d");
        $time_posted = date("H") . ":" . date("i");
    } else {
    }
    // Can occur if someone posts after session is deleted. Return whatever
    // contents is sent to us.
    global $anyone_comments;
    if (!$anyone_comments && !is_logged_in()) {
        echo "Du må være innlogget for å kunne kommentere; dersom du ikke gjør noe på nettstedet i løpet av omtrent 25 minutter blir du logget ut. Teksten du forsøkte å poste følger under. " . "Merk den og bruk CTRL+C for å kopiere den og CTRL+V for å lime den inn i et tekstfelt når du har logget inn igjen.<br/><br/>";
        echo $body;
        return;
    }
    // Reject if this isn't a comment and user has no posting rights
    if ($comment_to < 1 && !is_logged_in()) {
        echo "Du har ikke tillatelse til å legge inn artikler.";
        echo "Antakelig ser du dette fordi du ikke har gjort noe på nettstedet de siste 20 minuttene, slik at du har blitt automatisk utlogget. Teksten du forsøkte å poste følger under. Merk den og bruk CTRL+C for å lage en kopi og CTRL+V til å lime den inn i et tekstfelt når du har logget inn igjen.<br/>";
        echo $body;
        return;
    }
    /* If the unique form ID doesn't match with the current session counter, we do _nothing */
    /* since this is most likely the result of the user tumbling back and forth. 
     * If the session has timed out (because the user has been writing too long, hopefully)
     * we still accept the new post (i.e. NEW_SESSION is TRUE).
     */
    /*
    global $NEW_SESSION;
    if($NEW_SESSION == TRUE)
    	echo "1";
    else
    	echo "0";
    */
    if (isset($article_form_id) && $flashformid != $article_form_id || $NEW_SESSION == TRUE) {
        echo "Kommentar innsendt tidligere, eller du har logget ut. Du prøvde å poste dette: <br/>";
        echo $body;
    } else {
        $preview = $_REQUEST['preview'];
        $_SESSION['editarticle'] = "true";
        save_form_article();
        if (!($_SESSION['valid_user'] || $comment_to && article_exists($comment_to))) {
            echo "Du må være en registrert bruker for å kunne legge inn artikler.";
        } else {
            if ($_SESSION['valid_user']) {
                $author_username = $_SESSION['valid_user'];
            } else {
                $author_username = '';
            }
            if (!$author || !$body || !$date_posted || !$time_posted) {
                $all_ok = false;
                $error_msg .= "Forfatter, tidspunkt og tekst må fylles inn.";
            }
            if (!$comment_to && !$title) {
                $all_ok = false;
                $error_msg .= " Tittel må være med!";
            }
            if (!(is_valid_alphanum($author) && is_valid_alphanum($title))) {
                $all_ok = false;
                $error_msg .= "Systemutvikleren gnir sitt fjes i grusen og beklager på det dypeste at forfatterfelt og tittelfelt nå inneholder et eller annet spesialtegn som ikke er godkjent. Ta vennligst kontakt snarest slik at deres personlige programmeringskonsulent kan rette opp denne pinlige feilen.";
            }
            $title = addslashes(strip_tags($title));
            $author = addslashes(strip_tags($author));
            $date_posted = addslashes(strip_tags($date_posted));
            $time_posted = addslashes(strip_tags($time_posted));
            $body = addslashes(strip_tags($body, "<a> <img> <br> <i> <b> <div>"));
            $category = addslashes(strip_tags($category));
            if ($is_draft == "ON") {
                $is_draft = 1;
                $log_description .= "savedraft,";
            } else {
                $is_draft = 'NULL';
            }
            if (!$comment_to > 0) {
                $comment_to = 'NULL';
            } else {
                $log_description .= "comment,";
            }
            // Inserting into DB
            if ($edit) {
                $log_description .= "editarticle,";
                $query = "UPDATE articles SET title=\"{$title}\", author=\"{$author}\", intro=\"{$intro}\", body=\"{$body}\", date_posted=\"{$date_posted}\", time_posted=\"{$time_posted}\", comment_to={$comment_to}, priority=\"{$priority}\", picture_url=\"{$picture_url}\", category=\"{$category}\", is_draft={$is_draft} WHERE articleid=" . $articleid . ";";
            } else {
                $log_description .= "newarticle,";
                $query = "INSERT INTO articles (title, author, author_username, body, date_posted, time_posted, comment_to, is_draft, view_count) VALUES(\"{$title}\", \"{$author}\", \"{$author_username}\",  \"{$body}\", \"{$date_posted}\", \"{$time_posted}\", {$comment_to},{$is_draft},0);";
            }
            if ($all_ok == true) {
                if (isset($preview)) {
                    echo "<div class=\"header2\">" . stripslashes($_REQUEST['title']) . "</div>";
                    echo "<div class=\"metatext\"><span class=\"author\">Av: " . $_REQUEST['author'];
                    if (isset($_SESSION['valid_user'])) {
                        echo "  (" . $_SESSION['valid_user'] . ").</span>";
                    } else {
                        echo "  (" . $unknown_author . ").</span>";
                    }
                    echo "<span class=\"time\">Lagt opp: " . date_nor_sql($date_posted) . ", " . $time_posted . "</span></div>";
                    echo "<div class=\"textbody\">" . stripslashes(nl2br($_REQUEST['body'])) . "</div>";
                    form_start_post();
                    form_submit("previewconfirmed", "Lagre artikkel");
                    if (isset($edit)) {
                        form_hidden("editarticle", "editarticle");
                    }
                    form_hidden("m_c", "module_add_article");
                    form_end();
                    form_start_post();
                    if (isset($edit)) {
                        form_hidden("edit", "edit");
                    }
                    form_hidden("articleid", $articleid);
                    form_submit("backtoedit", "Rediger artikkel");
                    form_hidden("m_c", "module_enter_article");
                    form_end();
                    echo "<br/><br/>";
                    do_cancel_article_form();
                } else {
                    $result = DB_insert($query);
                    if ($result > 0) {
                        global $logtype;
                        global $eventdesc;
                        if ($edit) {
                            if ($comment_to > 0) {
                                write_log_entry($articleid, $logtype['comment'], $log_description);
                            } else {
                                write_log_entry($articleid, $logtype['article'], $log_description);
                            }
                        } else {
                            if ($comment_to > 0) {
                                write_log_entry(mysql_insert_id(), $logtype['comment'], $log_description);
                            } else {
                                write_log_entry(mysql_insert_id(), $logtype['article'], $log_description);
                            }
                        }
                        $_SESSION['flashformid'] = $flashformid + 1;
                        if ($comment_to != 'NULL') {
                            echo "Kommentar lagt til! Godt sagt, forhåpentligvis. Husk Vær Varsom-plakaten.<br/>";
                            form_start_get();
                            form_submit("submit", "Gå tilbake til artikkelen");
                            form_hidden("m_c", "m_va");
                            form_hidden("articleid", $comment_to);
                            form_end();
                            unset_form_article();
                        } else {
                            if ($edit) {
                                echo "Redigering fullført. Håper det ble bedre.";
                                if ($is_draft != 'NULL') {
                                    echo " Denne artikkelen er lagret og er tilgjengelig fra din profilside. " . "Den blir ikke lagt ut på forsiden eller gjort tilgjengelig  gjennom artikkelsøk.";
                                }
                                unset_form_article();
                            } else {
                                echo "Ny artikkel lagt inn! Husk: Sist gang noen sjekket, var det bare 1 av 10 lesere som gadd &aring kommentere. ;)";
                                if ($is_draft != 'NULL') {
                                    echo "Denne artikkelen er lagret og er tilgjengelig fra din profilside. " . "Den blir ikke lagt ut på forsiden eller gjort tilgjengelig  gjennom artikkelsøk.";
                                }
                                unset_form_article();
                            }
                        }
                    } else {
                        echo $query;
                        echo "Artikkel ikke lagt opp, databaseproblem.";
                    }
                }
            } else {
                echo $error_msg;
            }
        }
    }
}
Example #3
0
function do_logout_button()
{
    form_start_get();
    form_hidden("logmeout", "logout");
    form_submit("logout", "Logg ut");
    form_end();
}
Example #4
0
function module_article_search()
{
    global $months;
    echo "<!-- start search for article -->";
    echo "<table class=\"default_table\"><tr><td colspan=2><div class=\"default_header\">Artikkelsøk</td></tr></div>";
    if (isset($_REQUEST['searchtype'])) {
        $searchtype = $_REQUEST['searchtype'];
    }
    if (isset($searchtype)) {
        if (!isset($_REQUEST['table'])) {
            $_REQUEST['table'] = "";
        }
        if (!isset($_REQUEST['column'])) {
            $_REQUEST['column'] = "";
        }
        if (!isset($_REQUEST['condition'])) {
            $_REQUEST['condition'] = "";
        }
        $table = strip_tags($_REQUEST['table']);
        $column = strip_tags($_REQUEST['column']);
        $condition = strip_tags($_REQUEST['condition']);
        if ($searchtype == "selectquery" && ($table && $column) && $_SESSION['valid_admin']) {
            if ($condition) {
                $query = "SELECT " . $_GET['column'] . " FROM " . $_GET['table'] . " WHERE " . stripslashes($_GET['condition']) . ";";
            } else {
                $query = "SELECT " . $_GET['column'] . " FROM " . $_GET['table'] . ";";
            }
            $result = DB_get_table($query);
            $num_results = DB_rows_affected($result);
            $field_count = DB_num_fields($result);
            for ($i = 0; $i < $num_results; $i++) {
                $row = DB_next_row_numeric($result);
                echo '<tr><td colspan=2>';
                for ($j = 0; $j < $field_count; $j++) {
                    echo strip_tags($row[$j]) . " - ";
                }
                $j = 0;
                echo "</td></tr>";
            }
        } else {
            if ($searchtype == "commentquery") {
                global $article_author;
                $comment_query = "SELECT title,articleid,author_username,author,intro,body,date_posted,time_posted FROM articles WHERE author='" . strip_tags($_GET['author']) . "' AND is_deleted IS NULL AND (is_draft=0 OR is_draft IS NULL) AND (comment_to IS NOT NULL) ORDER BY date_posted, time_posted DESC;";
                $result = DB_get_table($comment_query);
                $num_results = DB_rows_affected($result);
                if (!$num_results || $num_results == 0) {
                    echo "Fant ingen artikler.";
                } else {
                    list_articles($result, $num_results);
                }
            } elseif ($searchtype == "bymonth") {
                $month = $_REQUEST['month'];
                $year = $_REQUEST['year'];
                $query = "SELECT * FROM articles WHERE (date_posted <= '" . date("Y-m-d") . "' OR (time_posted <= '" . date("H:i") . "' AND date_posted <= '" . date("Y-m-d") . "'))  AND date_posted LIKE '" . $year . "-" . $month . "-%' AND is_deleted IS NULL AND comment_to IS NULL AND is_draft IS NULL ORDER BY date_posted DESC, time_posted DESC;\t";
                debug($query);
                $result = DB_get_table($query);
                $num_rows = DB_rows_affected($result);
                if ($result && $num_rows > 0) {
                    echo $num_rows . " artikler funnet.<br/>";
                    list_articles($result, $num_rows);
                } else {
                    $month += 0;
                    // VERY corny way of converting $month from string to int to remove leading zero
                    echo "Fant ingen artikler fra " . $months[$month] . " " . $year . ".<br/><br/>";
                }
            } else {
                if ($searchtype == "username") {
                    $query = "SELECT comment_to,title,articleid,author_username,author,intro,body,date_posted,time_posted FROM articles WHERE author_username='******'username']) . "' AND is_deleted IS NULL AND is_draft IS NULL ORDER BY date_posted DESC, time_posted DESC;";
                    $result = DB_get_table($query);
                    $num_results = DB_rows_affected($result);
                    if (!$num_results || $num_results == 0) {
                        echo "Fant ingen artikler.";
                    } else {
                        list_articles($result, $num_results);
                    }
                }
            }
        }
    } else {
        //echo "Ugyldig søk.";
    }
    if (isset($_SESSION['valid_admin'])) {
        echo '<tr><td>';
        echo "Altmuligsøk, eksklusivt for admins</td><td>";
        form_start_get();
        form_hidden("searchtype", "selectquery");
        form_hidden("m_c", "module_article_search");
        echo "<br/>SELECT ";
        form_textfield("column", "");
        echo "<br/>FROM ";
        form_textfield("table", "");
        echo "<br/>WHERE ";
        form_textfield("condition", "");
        echo "<br/>";
        form_submit("submit", "Søk");
        form_end();
        echo "</td></tr>";
    }
    echo '<tr><td>';
    $query = "SELECT firstname,username FROM user;";
    $result = DB_get_table($query);
    $num_results = DB_rows_affected($result);
    form_start_get();
    form_hidden("searchtype", "username");
    form_hidden("m_c", "module_article_search");
    echo "Vis alle artikler og kommentarer skrevet av forfatter:</td><td>";
    echo '<select name="username">';
    while ($row = DB_next_row($result)) {
        echo '<option value="' . $row['username'] . '" >' . $row['firstname'] . " (" . $row['username'] . ')</option>';
    }
    echo '</select>';
    form_submit("submit", "Søk");
    form_end();
    echo '</td></tr>';
    echo '<tr><td>';
    form_start_get();
    form_hidden("searchtype", "commentquery");
    form_hidden("m_c", "module_article_search");
    echo "Vis alle kommentarer skrevet av forfatter:</td><td>";
    form_textfield("author", "");
    form_submit("submit", "Søk");
    form_end();
    echo '</td></tr><tr><td>';
    form_start_get();
    form_hidden("searchtype", "bymonth");
    form_hidden("m_c", "module_article_search");
    echo "Vis alle artikler publisert i:</td><td>";
    echo '<select name="month">';
    for ($i = 1; $i < 10; $i++) {
        echo '<option value="0' . $i . '">' . $months[$i] . '</option>\\n';
    }
    for ($i = 10; $i < 13; $i++) {
        echo '<option value="' . $i . '">' . $months[$i] . '</option>\\n';
    }
    echo '</select>';
    form_select_number("year", 2004, date("Y"), date("Y"));
    form_submit("submit", "Søk");
    form_end();
    echo '</td><tr>';
    echo '</table>';
}