$page_header = show_page_header($left_text, $right_text); $main_content = $page_header; // if an action parameter is set in the array then the article has been posted if (isset($article_data['action'])) { // default base text $main_content .= ' <h2>Your article has been ' . $article_data['action'] . '</h2> <p><strong>Title:</strong> ' . stripslashes($article_data['title']) . '</p>'; $main_content .= ' <p> <a href="' . $_SERVER["PHP_SELF"] . '?page_name=write&article_id=' . $article_data['id'] . '">Edit your article</a> </p>'; if ($status_text == 'postdated') { // postdated article $main_content .= ' <p>This article is postdated and will be available on the site from ' . from_mysql_date($article_data['date_uploaded'], 'd m Y \\a\\t H:i') . '</p>'; } elseif ($article_data['status'] == 'P' || $article_data['status'] == 'A') { // published or archived (i.e. still visible from main site if ($config['layout']['url_style'] == 'blog') { $article_url = WW_REAL_WEB_ROOT . '/' . date('Y/m/d', strtotime($article_data['date_uploaded'])) . '/' . $row['url'] . '/'; } else { // get category url $conn = author_connect(); $query = "SELECT url FROM categories WHERE id = " . (int) $article_data['category_id']; $result = $conn->query($query); $row = $result->fetch_assoc(); $article_url = WW_REAL_WEB_ROOT . '/' . $row['url'] . '/' . $article_data['url'] . '/'; } $action_text = $article_data['action'] == 'updated' ? 'Updated' : 'New'; $main_content .= ' <p>
function get_url($url, $cache_hard = true) { global $http_cache_timeout; global $api_calls; global $cached_api_calls; # Check whether we have a cached response for this URL # Note there are two cache timestamps: fetched_on_server is tied to the # server (mothership)'s clock and fetched_on is tied to the local clock. # We are careful to compare the local now() against fetched_on and the # server's "Date:" header values against fetched_on_server. if (!$http_cache_timeout) { throw new Exception("\$http_cache_timeout not set"); } # Expire old cache entries. mysql_query('delete from http_cache where fetched_on < now() - ' . $http_cache_timeout); # Load a valid cache element, if any. $sql = 'select content, fetched_on_server from http_cache where url = \'' . mysql_real_escape_string($url) . '\' and fetched_on >= now() - ' . $http_cache_timeout; $q = mysql_query($sql); if (!$q) { throw new Exception("Getting cache, got database error: " . mysql_error()); } require_once 'HTTP/Request.php'; if ($row = mysql_fetch_row($q)) { list($content, $fetched_on) = $row; # Under "hard" caching, return the cached data without talking to server. if ($cache_hard) { message("Hard cache hit at {$url}"); return $content; } # Under "soft" caching, we make a request to ask the server if the resource # has changed since our copy. $fetched_on_http_date = date(DATE_RFC1123, from_mysql_date($fetched_on)); $req = new HTTP_Request($url); $req->addHeader('If-Modified-Since', $fetched_on_http_date); $request_timer -= microtime(true); $ok = $req->sendRequest(); $request_timer += microtime(true); $cached_api_calls = $cached_api_calls + 1; if (!PEAR::isError($ok)) { $respCode = $req->getResponseCode(); if (304 == $respCode) { # 304 Not Modified; we can use the cached copy. message('Cache hit at ' . $url . ' using If-Modified-Since: ' . $fetched_on_http_date . "Request timer: {$request_timer}" . 's'); return $content; } elseif (200 <= $respCode && $respCode < 300) { # Got an OK response, use the data. message('Cache refresh at ' . $url . ' If-Modified-Since: ' . $fetched_on_http_date . '. Request timer: ' . $request_timer . 's'); $content = $req->getResponseBody(); $fetched_on_server = mysql_date(from_http_date($req->getResponseHeader('Date'))); mysql_query('delete from http_cache where url = \'' . mysql_real_escape_string($url) . '\''); if (!insert_into('http_cache', array('url' => $url, 'content' => $content, 'fetched_on_server' => $fetched_on_server))) { throw new Exception("Database error writing to HTTP cache: " . mysql_error()); } return $content; } } else { throw new Exception("Error while GETing {$url} ({$ok})"); } } else { $req = new HTTP_Request($url); $request_timer -= microtime(true); $ok = $req->sendRequest(); $request_timer += microtime(true); $api_calls = $api_calls + 1; message("Cache miss at {$url} Request timer: " . $request_timer . "s"); if (PEAR::isError($ok)) { throw new Exception("Unknown error trying GET {$url}"); } $respCode = $req->getResponseCode(); if (200 <= $respCode && $respCode < 300) { # Got an OK response, use it. $content = $req->getResponseBody(); $fetched_on_server = mysql_date(from_http_date($req->getResponseHeader('Date'))); mysql_query('delete from http_cache where url = \'' . mysql_real_escape_string($url) . '\''); if (!insert_into('http_cache', array('url' => $url, 'content' => $content, 'fetched_on_server' => $fetched_on_server))) { throw new Exception("Database error writing to HTTP cache: " . mysql_error()); } return $content; } else { error("GET {$url} returned {$respCode}"); return null; } } }
</div>'; } if (!empty($user_comment_stats)) { $aside_content .= build_snippet('Your comments statistics', $user_comment_stats); } if (!empty($user_new_comments)) { $c_text = count($user_new_comments) > 1 ? ' new comments</a> have ' : ' new comment</a> has '; $aside_content .= ' <div class="snippet"> <p><a href="' . $_SERVER["PHP_SELF"] . '?page_name=comments">' . count($user_new_comments) . $c_text . 'been posted to your articles since your last login.</div>'; } // sitewide stats if (!empty($all_article_stats)) { $aside_content .= '<h4>All articles</h4>' . build_snippet('Sitewide article statistics', $all_article_stats) . ' <div class="snippet"> <p>The last article was published on:</p> <p class="indent"><em>' . from_mysql_date($last_site_post, 'l, j F Y') . '</em></p> <p>Total published:</p> <p class="indent"><strong><em>' . $total_site_post . ' articles</strong> since ' . from_mysql_date($first_site_post, 'j M Y') . '</em></p> </div>'; } if (!empty($all_comment_stats)) { $aside_content .= build_snippet('Sitewide comment statistics', $all_comment_stats); } if (!empty($all_new_comments)) { $c_text = count($all_new_comments) > 1 ? ' new comments</a> have ' : ' new comment</a> has '; $aside_content .= ' <div class="snippet"> <p><a href="' . $_SERVER["PHP_SELF"] . '?page_name=comments&new">' . count($all_new_comments) . $c_text . 'been posted to the site since your last login.</div>'; }
<p><strong>' . $error . '</strong></p>'; } if (!file_exists(WW_ROOT . '/ww_files/attachments/' . $attachment['ext'] . '/' . $attachment['filename'])) { $main_content .= ' <p><strong>File missing!</strong> This attachment cannot be found in the attachments/' . $attachment['ext'] . ' folder - it will either need to be replaced or deleted from the database</p>'; } // main attachment details $mime_edit = !empty($attachment['mime']) ? ' readonly="readonly"' : ''; $ext_edit = !empty($attachment['ext']) ? ' readonly="readonly"' : ''; $summary = isset($attachment['summary']) ? $attachment['summary'] : ''; $downloads = isset($attachment['downloads']) ? $attachment['downloads'] : 0; $main_content .= ' <hr /> <h4>file details</h4> <p>This file was uploaded by ' . $attachment['author_name'] . ' on ' . from_mysql_date($attachment['date_uploaded']) . ' | <a href="' . $attachment['src'] . '">download</a></p> <form id="attachment_details" method="post" action="' . $url . '"> <p> <label for="title">Title</label> <input type="text" name="title" value="' . $attachment['title'] . '"/> </p> <p> <label for="summary">Description</label> <textarea name="summary">' . $summary . '</textarea> </p> <p> <label for="filename">Filename</label> <input type="text" name="filename" value="' . $attachment['filename'] . '" readonly="readonly"/> </p> <p>
/** * build_file_listing * * * * * * */ function build_file_listing($files) { if (empty($files)) { $html = '<p>No files found</p>'; return false; } $html = '<ul class="file_listing">'; foreach ($files as $file) { if (!is_array($file)) { continue; } // determine type of listing if ($_GET['page_name'] == 'attachments') { // check file exists $file_check = WW_ROOT . '/ww_files/attachments/' . $file['ext'] . '/' . $file['filename']; $class = !file_exists($file_check) ? ' class="notfound"' : ''; // output $html .= ' <li' . $class . '> <div class="file_name"> <a href="' . $_SERVER["PHP_SELF"] . '?page_name=attachments&attachment_id=' . $file['id'] . '"> ' . $file['title'] . '</a> </div> <div class="file_title"> ' . $file['filename'] . ' </div> <div class="file_type"> <a href="' . $_SERVER["PHP_SELF"] . '?page_name=attachments&ext=' . $file['ext'] . '"> ' . $file['ext'] . '</a> : ' . $file['mime'] . ' </div> <div class="file_size"> size: ' . get_kb_size($file['size']) . 'kb </div> <div class="file_downloads"> downloads: ' . $file['downloads'] . ' </div> <div class="file_date"> uploaded: ' . from_mysql_date($file['date_uploaded']) . ' </div> <div class="file_author"> by ' . $file['author_name'] . ' </div> <div class="file_delete"> <a href="' . $_SERVER["PHP_SELF"] . '?page_name=attachments&action=delete&attachment_id=' . $file['id'] . '"> delete</a> </div> </li>'; } else { $html .= ' <li> <div class="file_name"> <a href="' . $file['link'] . '"> ' . $file['filename'] . '</a> </div> <div class="file_title"> folder: <a href="' . $_SERVER["PHP_SELF"] . '?page_name=files&folder=' . $_GET['folder'] . '"> ' . $_GET['folder'] . '</a> </div> <div class="file_size"> size: ' . get_kb_size($file['size']) . 'kb </div> <div class="file_date"> uploaded: ' . date('d F Y', $file['date_uploaded']) . ' </div> <div class="file_author"> type: ' . $file['ext'] . ' </div> <div class="file_delete"> <a href="' . $_SERVER["PHP_SELF"] . '?page_name=files&action=delete&folder=' . $_GET['folder'] . '&filename=' . $file['filename'] . '"> delete</a> </div> </li>'; } } $html .= '</ul>'; return $html; }
} // output image details form $main_content .= ' <hr /> <h4>image details</h4>'; if (file_exists(WW_ROOT . '/ww_files/images/thumbs/' . $image['filename'])) { $main_content .= ' <a href="#full_image"> <img style="float: right; margin-bottom: 12px;" alt="' . $image['alt'] . '" title="' . $image['title'] . '" src="' . $image['thumb_src'] . '"/> </a>'; } $main_content .= ' <p>This image was uploaded by ' . $image['author_name'] . ' on ' . from_mysql_date($image['date_uploaded']) . '</p> <p>Form items with dotted borders are non-editable</p> <form id="image_details" method="post" action="' . $action_url . '"> <p> <label for="title">Title</label> <input type="text" name="title" id="title" value="' . $image['title'] . '"/> </p> <p> <label for="filename">Filename</label> <input type="text" name="filename" id="filename" value="' . $image['filename'] . '" readonly="readonly"/> </p> <p> <label for="alt">Alt text</label> <input type="text" name="alt" id="alt" value="' . $image['alt'] . '"/> </p>
/** * get_article_attachments * * * * * * */ function insert_comment($form_data) { if (empty($form_data)) { return false; } $conn = reader_connect(); $query = "\tINSERT INTO comments\n\t\t\t\t\t\t(reply_id, author_id, article_id, \n\t\t\t\t\t\ttitle, body, date_uploaded,\n\t\t\t\t\t\tposter_name, poster_link, poster_email, poster_IP,\n\t\t\t\t\t\tapproved)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t(?,?,?,?,?,?,?,?,?,?,?)"; $stmt = $conn->prepare($query); if ($stmt === false) { die('stmt: ' . $mysqli->error); } $bind = $stmt->bind_param('iiisssssssi', $form_data['reply_id'], $form_data['author_id'], $form_data['article_id'], $form_data['title'], $form_data['body'], $form_data['date_uploaded'], $form_data['poster_name'], $form_data['poster_link'], $form_data['poster_email'], $form_data['poster_IP'], $form_data['approved']); if ($bind === false) { die('bind: ' . $stmt->error); } $ex = $stmt->execute(); if ($ex === false) { die('execute: ' . $stmt->error); } $new_id = $stmt->insert_id; $stmt->close(); // return error or update comment count for article if (empty($new_id)) { echo "no id returned"; return false; } else { unset($_POST); // set a session to deter bulk posting $_SESSION['comment_posted'] = time() + 30; // email author if (empty($form_data['approved'])) { $config = get_settings(); // get details $edit_link = WW_WEB_ROOT . '/ww_edit/index.php?page_name=comments&comment_id=' . $new_id; // compose mail require WW_ROOT . '/ww_edit/_snippets/class.phpmailer-lite.php'; $mail = new PHPMailerLite(); $mail->AddAddress($form_data['author_email'], $form_data['author_name']); $mail->SetFrom($config['admin']['email'], $config['site']['title']); $mail->Subject = 'A new comment needs approval'; // html body $html_body = '<p>The following comment has been posted to your article: <strong>' . $form_data['article_title'] . '</strong></p>'; if (!empty($form_data['title'])) { $html_body .= '<blockquote><em>' . $form_data['title'] . '</em><blockquote>'; } $html_body .= ' <blockquote>' . $form_data['body'] . '</blockquote> <p>Submitted by: <em>' . $form_data['poster_name'] . '</em> on <em>' . from_mysql_date($form_data['date_uploaded']) . '</em></p> <p><strong><a href="' . $edit_link . '">click here to approve or delete this comment</a></strong></p>'; // text body $mail->AltBody = 'The following comment has been posted to your article: ' . $form_data['article_title'] . "\n\n"; if (!empty($form_data['title'])) { $mail->AltBody .= $form_data['title'] . "\n\n"; } $mail->AltBody .= $form_data['body'] . "\n\n"; $mail->AltBody .= 'Submitted by: ' . $form_data['poster_name'] . ' on ' . from_mysql_date($form_data['date_uploaded']) . "\n\n"; $mail->AltBody .= 'To approve or delete this comment visit this link: ' . $edit_link; $mail->MsgHTML($html_body); $mail->Send(); } $reload = current_url(); header('Location: ' . $reload); return true; } }
$total_articles = ''; } // use the inbuilt function to generate the page header echo show_page_header($header_text, $total_articles); // add our own h1 tag echo '<h1>Custom listing page</h1>'; // add page navigation at the top of the page as well as the bottom if ($total > $config['layout']['per_page']) { echo show_listing_nav($articles[0]['total_pages'], $config['layout']['per_page']); } // create our own listing if (empty($articles)) { echo '<h2>No results...</h2>'; } else { echo ' <div id="listing_wrapper">'; foreach ($articles as $list) { echo ' <div class="listing"> <h2>' . $list['title'] . '</h2> <p><strong>Extract:</strong> ' . $list['summary'] . '</p> <p class="footer">written by ' . $list['author_name'] . ' on ' . from_mysql_date($list['date_uploaded']) . ' | <a href="' . $list['link'] . '">read more ...</a></p> </div>'; } echo ' </div>'; } // show nav at the bottom of the page as well if ($total > $config['layout']['per_page']) { echo show_listing_nav($articles[0]['total_pages'], $config['layout']['per_page']); }