/**
* Get a link owner object from link_type and object ID
*
* @param string link type ( item, comment, ... )
* @param integer the corresponding object ID
*/
function get_link_owner($link_type, $object_ID)
{
switch ($link_type) {
case 'item':
// create LinkItem object
$ItemCache =& get_ItemCache();
$Item = $ItemCache->get_by_ID($object_ID, false);
$LinkOwner = new LinkItem($Item);
break;
case 'comment':
// create LinkComment object
$CommentCache =& get_CommentCache();
$Comment = $CommentCache->get_by_ID($object_ID, false);
$LinkOwner = new LinkComment($Comment);
break;
case 'user':
// create LinkUser object
$UserCache =& get_UserCache();
$User = $UserCache->get_by_ID($object_ID, false);
$LinkOwner = new LinkUser($User);
break;
default:
$LinkOwner = NULL;
}
return $LinkOwner;
}
function user_avatar($user_ID)
{
global $Blog;
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($user_ID);
return $User->get_identity_link(array('link_text' => 'only_avatar', 'thumb_size' => $Blog->get_setting('image_size_user_list')));
}
function emlog_to($emlog_ID, $emlog_to, $emlog_user_ID)
{
$deleted_user_note = '';
if (!empty($emlog_user_ID)) {
// Get user
$UserCache =& get_UserCache();
if ($User = $UserCache->get_by_ID($emlog_user_ID, false)) {
$to = $User->get_identity_link();
} else {
// could not find user, probably it was deleted
$deleted_user_note = '( ' . T_('Deleted user') . ' )';
}
}
if (empty($to)) {
// User is not defined
global $admin_url;
$to = '<a href="' . $admin_url . '?ctrl=email&tab=sent&emlog_ID=' . $emlog_ID . '">' . htmlspecialchars($emlog_to) . $deleted_user_note . '</a>';
}
return $to;
}
/**
* Display the widget!
*
* @param array MUST contain at least the basic display params
*/
function display($params)
{
global $DB, $Settings, $UserSettings, $localtimenow;
if (!$this->get_param('allow_anonymous') && !is_logged_in()) {
// display only for logged in users
return;
}
// load online Users
$UserCache =& get_UserCache();
$online_threshold = $localtimenow - 2 * $Settings->get('timeout_online');
$UserCache->load_where('user_lastseen_ts > ' . $DB->quote(date2mysql($online_threshold) . ' AND user_status <> ' . $DB->quote('closed')));
$this->init_display($params);
// START DISPLAY:
echo $this->disp_params['block_start'];
// Display title if requested
$this->disp_title();
echo $this->disp_params['block_body_start'];
$r = '';
while (($iterator_User =& $UserCache->get_next()) != NULL) {
// Iterate through UserCache
$user_lastseen_ts = mysql2timestamp($iterator_User->get('lastseen_ts'));
if ($user_lastseen_ts > $online_threshold && $UserSettings->get('show_online', $iterator_User->ID) && !$iterator_User->check_status('is_closed')) {
if (empty($r)) {
// first user
$r .= $params['list_start'];
}
$r .= $params['item_start'];
$r .= $iterator_User->get_identity_link(array('login_mask' => '$login$'));
$r .= $params['item_end'];
}
}
if (!empty($r)) {
$r .= $params['list_end'];
echo $r;
}
echo $this->disp_params['block_body_end'];
echo $this->disp_params['block_end'];
return true;
}
/**
* Get title of the item/task cell by field type
*
* @param string Type of the field: 'priority', 'status', 'assigned'
* @param object Item
* @param integer Priority
* @return string
*/
function td_task_cell($type, $Item)
{
global $current_User;
switch ($type) {
case 'priority':
$value = $Item->priority;
$title = item_priority_title($Item->priority);
break;
case 'status':
$value = $Item->pst_ID;
$title = $Item->get('t_extra_status');
if (empty($title)) {
$title = T_('No status');
}
break;
case 'assigned':
$value = $Item->assigned_user_ID;
if (empty($value)) {
$title = T_('No user');
} else {
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($Item->assigned_user_ID);
$title = $User->get_colored_login(array('mask' => '$avatar$ $login$'));
}
break;
default:
$value = 0;
$title = '';
}
if ($current_User->check_perm('item_post!CURSTATUS', 'edit', false, $Item)) {
// Current user can edit this item
return '<a href="#" rel="' . $value . '">' . $title . '</a>';
} else {
// No perms to edit item, Display only a title
return $title;
}
}
function user_login($user_ID, $link = true)
{
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($user_ID, false, false);
if ($User) {
if ($link) {
$login_text = get_user_identity_link($User->login, $User->ID, 'user', 'login');
if ($User->check_status('is_closed')) {
// add (closed account) note to corresponding contacts!
$login_text .= '<span class="note">(' . T_('closed account') . ')</span>';
}
return $login_text;
}
return $User->login;
}
return '';
}
/**
* Get an array of registered users and guests.
*
* @return array containing number of registered users and guests ('registered' and 'guests')
*/
function init()
{
if ($this->_initialized) {
return true;
}
global $DB, $UserSettings, $localtimenow;
$this->_count_guests = 0;
$this->_registered_Users = array();
$timeout_YMD = date('Y-m-d H:i:s', $localtimenow - $this->_timeout_online_user);
$UserCache =& get_UserCache();
// We get all sessions that have been seen in $timeout_YMD and that have a session key.
// NOTE: we do not use DISTINCT here, because guest users are all "NULL".
$online_user_ids = $DB->get_col("\n\t\t\tSELECT SQL_NO_CACHE sess_user_ID\n\t\t\t FROM T_sessions\n\t\t\t WHERE sess_lastseen_ts > '" . $timeout_YMD . "'\n\t\t\t AND sess_key IS NOT NULL\n\t\t\t GROUP BY sess_ID", 0, 'Sessions: get list of relevant users.');
$registered_online_user_ids = array_diff($online_user_ids, array(NULL));
// load all online users into the cache because we need information ( login, avatar ) about them
$UserCache->load_list($registered_online_user_ids);
foreach ($online_user_ids as $user_ID) {
if (!empty($user_ID) && ($User =& $UserCache->get_by_ID($user_ID, false))) {
if ($UserSettings->get('show_online', $User->ID)) {
// Assign by ID so that each user is only counted once (he could use multiple user agents at the same time):
$this->_registered_Users[$user_ID] =& $User;
} else {
// Count this user as guest when he doesn't want to be visible:
$this->_count_guests++;
}
} else {
$this->_count_guests++;
}
}
$this->_initialized = true;
}
/**
* Get current_User for an XML-RPC request - Includes login (password) check.
*
* @param xmlrpcmsg XML-RPC Message
* @param integer idx of login param in XML-RPC Message
* @param integer idx of pass param in XML-RPC Message
* @return User or NULL
*/
function &xmlrpcs_login($m, $login_param, $pass_param)
{
global $xmlrpcs_errcode, $xmlrpcs_errmsg, $xmlrpcerruser;
$username = $m->getParam($login_param);
$username = $username->scalarval();
$password = $m->getParam($pass_param);
$password = $password->scalarval();
/**
* @var UserCache
*/
$UserCache =& get_UserCache();
$current_User =& $UserCache->get_by_login($username);
if (empty($current_User) || !$current_User->check_password($password, false)) {
// User not found or password doesn't match
$xmlrpcs_errcode = $xmlrpcerruser + 1;
$xmlrpcs_errmsg = 'Wrong username/password combination: ' . $username . ' / ' . starify($password);
$r = NULL;
return $r;
}
// This may be needed globally for status permissions in ItemList2, etc..
$GLOBALS['current_User'] =& $current_User;
// Check here ability to use APIs
$group = $current_User->get_Group();
if (!$group->check_perm('perm_api', 'always')) {
// Permission denied
$xmlrpcs_errcode = $xmlrpcerruser + 1;
$xmlrpcs_errmsg = 'User has no permission to use this API: ' . $username . ' / ' . starify($password);
$r = NULL;
return $r;
}
logIO('Login OK - User: '******' - ' . $current_User->login);
return $current_User;
}
/**
* Generate a title for the current list, depending on its filtering params
*
* @todo cleanup some displays
* @todo implement HMS part of YMDHMS
*
* @return array List of titles to display, which are escaped for HTML display
* (dh> only checked this for 'authors'/?authors=, where the output was not escaped)
*/
function get_filter_titles($ignore = array(), $params = array())
{
global $month;
$params = array_merge(array('category_text' => T_('Category') . ': ', 'categories_text' => T_('Categories') . ': ', 'tags_text' => T_('Tags') . ': '), $params);
if (empty($this->filters)) {
// Filters have no been set before, we'll use the default filterset:
// echo ' setting default filterset ';
$this->set_filters($this->default_filters);
}
$title_array = array();
if ($this->single_post) {
// We have requested a specific post:
// Should be in first position
$Item =& $this->get_by_idx(0);
if (is_null($Item)) {
$title_array[] = T_('Invalid request');
} else {
$title_array[] = $Item->get_titletag();
}
return $title_array;
}
// CATEGORIES:
if (!empty($this->filters['cat_array'])) {
// We have requested specific categories...
$cat_names = array();
$ChapterCache =& get_ChapterCache();
foreach ($this->filters['cat_array'] as $cat_ID) {
if (($my_Chapter =& $ChapterCache->get_by_ID($cat_ID, false)) !== false) {
// It is almost never meaningful to die over an invalid cat when generating title
$cat_names[] = $my_Chapter->name;
}
}
if ($this->filters['cat_modifier'] == '*') {
$cat_names_string = implode(' + ', $cat_names);
} else {
$cat_names_string = implode(', ', $cat_names);
}
if (!empty($cat_names_string)) {
if ($this->filters['cat_modifier'] == '-') {
$cat_names_string = T_('All but ') . ' ' . $cat_names_string;
$title_array['cats'] = $params['categories_text'] . $cat_names_string;
} else {
if (count($this->filters['cat_array']) > 1) {
$title_array['cats'] = $params['categories_text'] . $cat_names_string;
} else {
$title_array['cats'] = $params['category_text'] . $cat_names_string;
}
}
}
}
// ARCHIVE TIMESLOT:
if (!empty($this->filters['ymdhms'])) {
// We have asked for a specific timeframe:
$my_year = substr($this->filters['ymdhms'], 0, 4);
if (strlen($this->filters['ymdhms']) > 4) {
// We have requested a month too:
$my_month = T_($month[substr($this->filters['ymdhms'], 4, 2)]);
} else {
$my_month = '';
}
// Requested a day?
$my_day = substr($this->filters['ymdhms'], 6, 2);
$arch = T_('Archives for') . ': ' . $my_month . ' ' . $my_year;
if (!empty($my_day)) {
// We also want to display a day
$arch .= ', ' . $my_day;
}
if (!empty($this->filters['week']) || $this->filters['week'] === 0) {
// We also want to display a week number
$arch .= ', ' . T_('week') . ' ' . $this->filters['week'];
}
$title_array['ymdhms'] = $arch;
}
// KEYWORDS:
if (!empty($this->filters['keywords'])) {
$title_array['keywords'] = T_('Keyword(s)') . ': ' . $this->filters['keywords'];
}
// TAGS:
if (!empty($this->filters['tags'])) {
$title_array[] = $params['tags_text'] . $this->filters['tags'];
}
// AUTHORS:
if (!empty($this->filters['authors']) || !empty($this->filters['authors_login'])) {
$authors = trim($this->filters['authors'] . ',' . get_users_IDs_by_logins($this->filters['authors_login']), ',');
$authors = preg_split('~\\s*,\\s*~', $authors, -1, PREG_SPLIT_NO_EMPTY);
$author_names = array();
if ($authors) {
$UserCache =& get_UserCache();
foreach ($authors as $author_ID) {
if ($tmp_User = $UserCache->get_by_ID($author_ID, false, false)) {
$author_names[] = $tmp_User->get_identity_link(array('link_text' => 'login'));
}
}
}
$title_array[] = T_('Author(s)') . ': ' . implode(', ', $author_names);
}
// ASSIGNEES:
if (!empty($this->filters['assignees']) || !empty($this->filters['assignees_login'])) {
if ($this->filters['assignees'] == '-') {
$title_array[] = T_('Not assigned');
} else {
$assignees = trim($this->filters['assignees'] . ',' . get_users_IDs_by_logins($this->filters['assignees_login']), ',');
$assignees = preg_split('~\\s*,\\s*~', $assignees, -1, PREG_SPLIT_NO_EMPTY);
$assignees_names = array();
if ($assignees) {
$UserCache =& get_UserCache();
foreach ($assignees as $user_ID) {
if ($tmp_User =& $UserCache->get_by_ID($user_ID, false, false)) {
$assignees_names[] = $tmp_User->get_identity_link(array('link_text' => 'login'));
}
}
}
$title_array[] = T_('Assigned to') . ': ' . implode(', ', $assignees_names);
}
}
// LOCALE:
if ($this->filters['lc'] != 'all') {
$title_array[] = T_('Locale') . ': ' . $this->filters['lc'];
}
// EXTRA STATUSES:
if (!empty($this->filters['statuses'])) {
if ($this->filters['statuses'] == '-') {
$title_array[] = T_('Without status');
} else {
$title_array[] = T_('Status(es)') . ': ' . $this->filters['statuses'];
}
}
// SHOW STATUSES
if (count($this->filters['visibility_array']) < 5 && !in_array('visibility', $ignore)) {
$post_statuses = get_visibility_statuses();
$status_titles = array();
foreach ($this->filters['visibility_array'] as $status) {
$status_titles[] = $post_statuses[$status];
}
$title_array[] = T_('Visibility') . ': ' . implode(', ', $status_titles);
}
// START AT
if (!empty($this->filters['ymdhms_min'])) {
$title_array['ymdhms_min'] = T_('Start at') . ': ' . $this->filters['ymdhms_min'];
}
if (!empty($this->filters['ts_min'])) {
if ($this->filters['ts_min'] == 'now') {
$title_array['ts_min'] = T_('Hide past');
} else {
$title_array['ts_min'] = T_('Start at') . ': ' . $this->filters['ts_min'];
}
}
// STOP AT
if (!empty($this->filters['ymdhms_max'])) {
$title_array['ymdhms_max'] = T_('Stop at') . ': ' . $this->filters['ymdhms_max'];
}
if (!empty($this->filters['ts_max'])) {
if ($this->filters['ts_max'] == 'now') {
if (!in_array('hide_future', $ignore)) {
$title_array['ts_max'] = T_('Hide future');
}
} else {
$title_array['ts_max'] = T_('Stop at') . ': ' . $this->filters['ts_max'];
}
}
// LIMIT TO
if ($this->single_post) {
// Single post: no paging required!
} elseif (!empty($this->filters['ymdhms'])) {
// no restriction if we request a month... some permalinks may point to the archive!
} elseif ($this->filters['unit'] == 'posts' || $this->filters['unit'] == 'all') {
// We're going to page, so there's no real limit here...
} elseif ($this->filters['unit'] == 'days') {
// We are going to limit to x days:
// echo 'LIMIT DAYS ';
if (empty($this->filters['ymdhms_min'])) {
// We have no start date, we'll display the last x days:
if (!empty($this->filters['keywords']) || !empty($this->filters['cat_array']) || !empty($this->filters['authors'])) {
// We are in DAYS mode but we can't restrict on these! (TODO: ?)
} else {
// We are going to limit to LAST x days:
// TODO: rename 'posts' to 'limit'
$title_array['posts'] = sprintf(T_('Limited to %d last days'), $this->limit);
}
} else {
// We have a start date, we'll display x days starting from that point:
$title_array['posts'] = sprintf(T_('Limited to %d days'), $this->limit);
}
} else {
debug_die('Unhandled LIMITING mode in ItemList:' . $this->filters['unit'] . ' (paged mode is obsolete)');
}
return $title_array;
}
/**
* Skip to previous/next User
*
* @param integer the currently selected user ID ( Note: it must be set only if we would like to skip some users from the list )
* @param string prev | next (relative to the current sort order)
*/
function &get_prevnext_User($direction = 'next', $selected_user_ID = NULL)
{
$users_list = $this->filters['users'];
if (count($users_list) < 2) {
// Short users list
$r = NULL;
return $r;
}
// ID of selected user
if ($selected_user_ID === NULL) {
// get currently selected user ID from param
$selected_user_ID = get_param('user_ID');
}
$user_key = array_search($selected_user_ID, $users_list);
if (is_int($user_key)) {
// Selected user is located in the list
$prevnext_key = $direction == 'next' ? $user_key + 1 : $user_key - 1;
if (isset($users_list[$prevnext_key])) {
// Prev/next user is located in the list
$prevnext_ID = $users_list[$prevnext_key];
}
}
if (empty($prevnext_ID)) {
// No prev/next user
$r = NULL;
return $r;
}
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($prevnext_ID, false, false);
return $User;
}
/**
* Display the edited items results table
*
* @param array Params
*/
function items_edited_results_block($params = array())
{
// Make sure we are not missing any param:
$params = array_merge(array('edited_User' => NULL, 'results_param_prefix' => 'actv_postedit_', 'results_title' => T_('Posts edited by the user'), 'results_no_text' => T_('User has not edited any posts')), $params);
if (!is_logged_in()) {
// Only logged in users can access to this function
return;
}
global $current_User;
if (!$current_User->check_perm('users', 'edit')) {
// Check minimum permission:
return;
}
$edited_User = $params['edited_User'];
if (!$edited_User) {
// No defined User, probably the function is calling from AJAX request
$user_ID = param('user_ID', 'integer', 0);
if (empty($user_ID)) {
// Bad request, Exit here
return;
}
$UserCache =& get_UserCache();
if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) {
// Bad request, Exit here
return;
}
}
global $DB;
param('user_tab', 'string', '', true);
param('user_ID', 'integer', 0, true);
$edited_versions_SQL = new SQL();
$edited_versions_SQL->SELECT('DISTINCT( iver_itm_ID )');
$edited_versions_SQL->FROM('T_items__version');
$edited_versions_SQL->WHERE('iver_edit_user_ID = ' . $DB->quote($edited_User->ID));
$SQL = new SQL();
$SQL->SELECT('*');
$SQL->FROM('T_items__item ');
$SQL->WHERE('( ( post_lastedit_user_ID = ' . $DB->quote($edited_User->ID) . ' ) OR ( post_ID IN ( ' . $edited_versions_SQL->get() . ' ) ) )');
$SQL->WHERE_and('post_creator_user_ID != ' . $DB->quote($edited_User->ID));
// Create result set:
$edited_items_Results = new Results($SQL->get(), $params['results_param_prefix'], 'D');
$edited_items_Results->Cache =& get_ItemCache();
$edited_items_Results->title = $params['results_title'];
$edited_items_Results->no_results_text = $params['results_no_text'];
// Get a count of the post which current user can delete
$deleted_posts_edited_count = count($edited_User->get_deleted_posts('edited'));
if ($edited_items_Results->total_rows > 0 && $deleted_posts_edited_count > 0) {
// Display actino icon to delete all records if at least one record exists & current user can delete at least one item created by user
$edited_items_Results->global_icon(sprintf(T_('Delete all post edited by %s'), $edited_User->login), 'delete', '?ctrl=user&user_tab=activity&action=delete_all_posts_edited&user_ID=' . $edited_User->ID . '&' . url_crumb('user'), ' ' . T_('Delete all'), 3, 4);
}
// Initialize Results object
items_results($edited_items_Results, array('field_prefix' => 'post_', 'display_ord' => false, 'display_history' => false));
if (is_ajax_content()) {
// init results param by template name
if (!isset($params['skin_type']) || !isset($params['skin_name'])) {
debug_die('Invalid ajax results request!');
}
$edited_items_Results->init_params_by_skin($params['skin_type'], $params['skin_name']);
}
$display_params = array('before' => '<div class="results" style="margin-top:25px" id="edited_posts_result">');
$edited_items_Results->display($display_params);
if (!is_ajax_content()) {
// Create this hidden div to get a function name for AJAX request
echo '<div id="' . $params['results_param_prefix'] . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>';
}
}
/**
* Resolve user ID of owner
*
* @return User
*/
function &get_owner_User()
{
if (!isset($this->owner_User)) {
$UserCache =& get_UserCache();
$this->owner_User =& $UserCache->get_by_ID($this->owner_user_ID);
}
return $this->owner_User;
}
/**
* Send newsletter emails
*/
function newsletter_send()
{
global $DB, $Session;
load_class('users/model/_userlist.class.php', 'UserList');
// Initialize users list from session cache in order to get users IDs for newsletter
$UserList = new UserList('admin');
$UserList->memorize = false;
$UserList->load_from_Request();
$users_IDs = $UserList->filters['users'];
// Get all active users which accept newsletter email
$SQL = get_newsletter_users_sql($users_IDs);
$users = $DB->get_col($SQL->get());
echo sprintf(T_('Newsletter is sending for %s users...'), count($users)) . '<br /><br />';
evo_flush();
$email_newsletter_params = array('message' => $Session->get('newsletter_message'));
foreach ($users as $user_ID) {
$UserCache =& get_UserCache();
$User = $UserCache->get_by_ID($user_ID);
echo sprintf(T_('Email is sending for %s (%s)...'), $User->get_identity_link(), $User->get('email')) . ' ';
// Send a newsletter in user's locale
locale_temp_switch($User->get('locale'));
$email_result = send_mail_to_User($user_ID, $Session->get('newsletter_title'), 'newsletter', $email_newsletter_params);
locale_restore_previous();
if ($email_result) {
// Success sending
echo T_('OK');
} else {
// Failed sending
echo '<span class="red">' . T_('Failed') . '</span>';
}
echo '<br />';
evo_flush();
}
}
/**
* Check if user has a permission to moderate the user
*
* @param integer User ID
* @return boolean TRUE on success
*/
function can_moderate_user($user_ID, $assert = false)
{
if ($this->ID == $user_ID) {
// User can edit own profile
return true;
}
if ($this->check_perm('users', 'edit')) {
// User can edit all users
return true;
}
if ($this->check_perm('users', 'moderate', $assert)) {
// User can moderate other user but we should to compare levels of users groups
$UserCache =& get_UserCache();
if ($target_User = $UserCache->get_by_ID($user_ID, false, false)) {
if ($target_User->get_Group()->get('level') < $this->get_Group()->get('level')) {
// User can moderate only users with level lower than own level
return true;
}
}
}
if ($assert) {
// We can't let this go on!
debug_die(sprintf(T_('User #%s has no permission to edit user #%s!'), $this->ID, $user_ID));
}
return false;
}
function pbm_validate_user_password($user_login, $user_pass)
{
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_login($user_login);
if (!$User) {
return false;
}
// First check unhashed password
if (!$User->check_password($user_pass, false)) {
if (preg_match('~^[a-f0-9]{32}$~i', $user_pass)) {
// This is a hashed password, see if it's valid
// We check it here because some crazy user may use a real 32-chars password!
if ($User->check_password($user_pass, true)) {
// Valid password
return $User;
}
}
return false;
}
return $User;
}
/**
* Constructor
*
* Will fail if non existent User or Blog is requested.
* But specific access permissions on (threfore existence of) this User or Blog should have been tested before anyway.
*
* @param string Root type: 'user', 'group' or 'collection'
* @param integer ID of the user, the group or the collection the file belongs to...
* @param boolean Create the directory, if it does not exist yet?
*/
function FileRoot($root_type, $root_in_type_ID, $create = true)
{
/**
* @var User
*/
global $current_User;
global $Messages;
global $Settings, $Debuglog;
global $Blog;
// Store type:
$this->type = $root_type;
// Store ID in type:
$this->in_type_ID = $root_in_type_ID;
// Generate unique ID:
$this->ID = FileRoot::gen_ID($root_type, $root_in_type_ID);
switch ($root_type) {
case 'user':
$UserCache =& get_UserCache();
if (!($User =& $UserCache->get_by_ID($root_in_type_ID, false, false))) {
// User not found
return false;
}
$this->name = $User->get('login');
//.' ('. /* TRANS: short for "user" */ T_('u').')';
$this->ads_path = $User->get_media_dir($create);
$this->ads_url = $User->get_media_url();
return;
case 'collection':
$BlogCache =& get_BlogCache();
if (!($Blog =& $BlogCache->get_by_ID($root_in_type_ID, false, false))) {
// Blog not found
return false;
}
$this->name = $Blog->get('shortname');
//.' ('. /* TRANS: short for "blog" */ T_('b').')';
$this->ads_path = $Blog->get_media_dir($create);
$this->ads_url = $Blog->get_media_url();
return;
case 'shared':
// fp> TODO: handle multiple shared directories
global $media_path, $media_url;
$rds_shared_subdir = 'shared/global/';
$ads_shared_dir = $media_path . $rds_shared_subdir;
if (!$Settings->get('fm_enable_roots_shared')) {
// Shared dir is disabled:
$Debuglog->add('Attempt to access shared dir, but this feature is globally disabled', 'files');
} elseif (!mkdir_r($ads_shared_dir)) {
// Only display error on an admin page:
if (is_admin_page()) {
$Messages->add(sprintf(T_('The directory «%s» could not be created.'), $rds_shared_subdir) . get_manual_link('directory_creation_error'), 'error');
}
} else {
$this->name = T_('Shared');
$this->ads_path = $ads_shared_dir;
if (isset($Blog)) {
// (for now) Let's make shared files appear as being part of the currently displayed blog:
$this->ads_url = $Blog->get_local_media_url() . 'shared/global/';
} else {
$this->ads_url = $media_url . 'shared/global/';
}
}
return;
case 'skins':
// fp> some stuff here should go out of here... but I don't know where to put it yet. I'll see after the Skin refactoring.
if (!$Settings->get('fm_enable_roots_skins')) {
// Skins root is disabled:
$Debuglog->add('Attempt to access skins dir, but this feature is globally disabled', 'files');
} elseif (empty($current_User) || !$current_User->check_perm('templates')) {
// No perm to access templates:
$Debuglog->add('Attempt to access skins dir, but no permission', 'files');
} else {
global $skins_path, $skins_url;
$this->name = T_('Skins');
$this->ads_path = $skins_path;
if (isset($Blog)) {
// (for now) Let's make skin files appear as being part of the currently displayed blog:
$this->ads_url = $Blog->get_local_skins_url();
} else {
$this->ads_url = $skins_url;
}
}
return;
}
debug_die("Invalid root type");
}
/**
* Handle messaging module htsrv actions
*/
function handle_htsrv_action()
{
global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url;
// Init objects we want to work on.
$action = param_action(true, true);
$disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads');
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_' . $disp);
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
if (!is_logged_in()) {
// user must be logged in
debug_die('User must be logged in to proceed with messaging updates!');
}
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
// set where to redirect
$redirect_to = param('redirect_to', 'url', NULL);
if (empty($redirect_to)) {
if (isset($Blog)) {
$redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp);
} else {
$redirect_to = url_add_param($baseurl, 'disp=' . $disp);
}
}
if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) {
// Load thread from cache:
$ThreadCache =& get_ThreadCache();
if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) {
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error');
$action = 'nil';
}
}
switch ($disp) {
// threads action
case 'threads':
if ($action != 'create') {
// Make sure we got a thrd_ID:
param('thrd_ID', 'integer', true);
}
switch ($action) {
case 'create':
// create thread
// check if create new thread is allowed
if (check_create_thread_limit()) {
// max new threads limit reached, don't allow to create new thread
debug_die('Invalid request, new conversation limit already reached!');
}
if (!create_new_thread()) {
// unsuccessful new thread creation
global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array;
$redirect_to .= '&action=new';
// save new message and thread params into the Session to not lose the content
$unsaved_message_params = array();
$unsaved_message_params['subject'] = $edited_Thread->title;
$unsaved_message_params['message'] = $edited_Message->text;
$unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual');
// alternative: discussion
$unsaved_message_params['thrd_recipients'] = $thrd_recipients;
$unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array;
save_message_params_to_session($unsaved_message_params);
}
break;
case 'delete':
// delete thread
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
$msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title'));
$edited_Thread->dbdelete(true);
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add($msg, 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title'));
$msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button;
$Messages->add($msg, 'error');
}
break;
case 'leave':
// user wants to leave the thread
leave_thread($edited_Thread->ID, $current_User->ID, false);
$Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success');
break;
case 'close':
// close the thread
// close the thread
case 'close_and_block':
// close the thread and block contact
leave_thread($edited_Thread->ID, $current_User->ID, true);
// user has closed this conversation because there was only one other user involved
$Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success');
if ($action == 'close_and_block') {
// user also wants to block contact with the other user involved in this thread
$block_user_ID = param('block_ID', 'integer', true);
$UserCache =& get_UserCache();
$blocked_User = $UserCache->get_by_ID($block_user_ID);
set_contact_blocked($block_user_ID, true);
$Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success');
}
break;
}
break;
// break from threads action switch
// contacts action
// break from threads action switch
// contacts action
case 'contacts':
$user_ID = param('user_ID', 'string', true);
if ($action != 'block' && $action != 'unblock') {
// only block or unblock is valid
debug_die("Invalid action param");
}
set_contact_blocked($user_ID, $action == 'block' ? 1 : 0);
$redirect_to = str_replace('&', '&', $redirect_to);
break;
// messages action
// messages action
case 'messages':
if ($action == 'create') {
// create new message
create_new_message($thrd_ID);
} elseif ($action == 'delete') {
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$msg_ID = param('msg_ID', 'integer', true);
$MessageCache =& get_MessageCache();
if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) {
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error');
break;
}
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
// delete message
$edited_Message->dbdelete();
unset($edited_Message);
$Messages->add(T_('Message deleted.'), 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1';
$delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button;
$Messages->add($msg, 'error');
}
}
break;
}
header_redirect($redirect_to);
// Will save $Messages into Session
}
/**
* Automagically login every user as "demouser" who is not logged in and does not
* try to currently.
*
* To enable/test it, change the "if-0" check below to "if( 1 )".
*
* @see Plugin::AlternateAuthentication()
*/
function AlternateAuthentication()
{
if (0) {
global $Session, $Messages;
$UserCache =& get_UserCache();
if ($demo_User =& $UserCache->get_by_login('demouser')) {
// demouser exists:
$Session->set_User($demo_User);
$Messages->add('Logged in as demouser.', 'success');
return true;
}
}
}
/**
* Get global title matching filter params
*
* Outputs the title of the category when you load the page with <code>?cat=</code>
* Display "Archive Directory" title if it has been requested
* Display "Latest comments" title if these have been requested
* Display "Statistics" title if these have been requested
* Display "User profile" title if it has been requested
*
* @todo single month: Respect locales datefmt
* @todo single post: posts do no get proper checking (wether they are in the requested blog or wether their permissions match user rights,
* thus the title sometimes gets displayed even when it should not. We need to pre-query the ItemList instead!!
* @todo make it complete with all possible params!
*
* @param array params
* - "auto_pilot": "seo_title": Use the SEO title autopilot. (Default: "none")
*/
function get_request_title($params = array())
{
global $MainList, $preview, $disp, $action, $current_User, $Blog, $admin_url;
$r = array();
$params = array_merge(array('auto_pilot' => 'none', 'title_before' => '', 'title_after' => '', 'title_none' => '', 'title_single_disp' => true, 'title_single_before' => '#', 'title_single_after' => '#', 'title_page_disp' => true, 'title_page_before' => '#', 'title_page_after' => '#', 'glue' => ' - ', 'format' => 'htmlbody', 'arcdir_text' => T_('Archive Directory'), 'catdir_text' => T_('Category Directory'), 'mediaidx_text' => T_('Photo Index'), 'postidx_text' => T_('Post Index'), 'search_text' => T_('Search'), 'sitemap_text' => T_('Site Map'), 'msgform_text' => T_('Sending a message'), 'messages_text' => T_('Messages'), 'contacts_text' => T_('Contacts'), 'login_text' => T_('Login '), 'register_text' => T_('Register'), 'req_validatemail' => T_('Account activation'), 'account_activation' => T_('Account activation'), 'lostpassword_text' => T_('Lost password?'), 'profile_text' => T_('User Profile'), 'avatar_text' => T_('Profile picture'), 'pwdchange_text' => T_('Password change'), 'userprefs_text' => T_('User preferences'), 'user_text' => T_('User: %s'), 'users_text' => T_('Users'), 'closeaccount_text' => T_('Close account'), 'subs_text' => T_('Notifications'), 'comments_text' => T_('Latest Comments'), 'feedback-popup_text' => T_('Feedback'), 'edit_text_create' => T_('New post'), 'edit_text_update' => T_('Editing post'), 'edit_text_copy' => T_('Duplicating post'), 'edit_comment_text' => T_('Editing comment'), 'front_text' => '', 'posts_text' => '#', 'useritems_text' => T_('User posts'), 'usercomments_text' => T_('User comments')), $params);
if ($params['auto_pilot'] == 'seo_title') {
// We want to use the SEO title autopilot. Do overrides:
$params['format'] = 'htmlhead';
$params['title_after'] = $params['glue'] . $Blog->get('name');
$params['title_single_after'] = '';
$params['title_page_after'] = '';
$params['title_none'] = $Blog->dget('name', 'htmlhead');
}
$before = $params['title_before'];
$after = $params['title_after'];
switch ($disp) {
case 'arcdir':
// We are requesting the archive directory:
$r[] = $params['arcdir_text'];
break;
case 'catdir':
// We are requesting the archive directory:
$r[] = $params['catdir_text'];
break;
case 'mediaidx':
$r[] = $params['mediaidx_text'];
break;
case 'postidx':
$r[] = $params['postidx_text'];
break;
case 'sitemap':
$r[] = $params['sitemap_text'];
break;
case 'search':
$r[] = $params['search_text'];
break;
case 'comments':
// We are requesting the latest comments:
global $Item;
if (isset($Item)) {
$r[] = sprintf($params['comments_text'] . T_(' on %s'), $Item->get('title'));
} else {
$r[] = $params['comments_text'];
}
break;
case 'feedback-popup':
// We are requesting the comments on a specific post:
// Should be in first position
$Item =& $MainList->get_by_idx(0);
$r[] = sprintf($params['feedback-popup_text'] . T_(' on %s'), $Item->get('title'));
break;
case 'profile':
// We are requesting the user profile:
$r[] = $params['profile_text'];
break;
case 'avatar':
// We are requesting the user avatar:
$r[] = $params['avatar_text'];
break;
case 'pwdchange':
// We are requesting the user change password:
$r[] = $params['pwdchange_text'];
break;
case 'userprefs':
// We are requesting the user preferences:
$r[] = $params['userprefs_text'];
break;
case 'subs':
// We are requesting the subscriptions screen:
$r[] = $params['subs_text'];
break;
case 'msgform':
// We are requesting the message form:
$r[] = $params['msgform_text'];
break;
case 'threads':
case 'messages':
// We are requesting the messages form
$thrd_ID = param('thrd_ID', 'integer', 0);
if (empty($thrd_ID)) {
$r[] = $params['messages_text'];
} else {
// We get a thread title by ID
load_class('messaging/model/_thread.class.php', 'Thread');
$ThreadCache =& get_ThreadCache();
if ($Thread = $ThreadCache->get_by_ID($thrd_ID, false)) {
// Thread exists and we get a title
if ($params['auto_pilot'] == 'seo_title') {
// Display thread title only for tag <title>
$r[] = $Thread->title;
}
} else {
// Bad request with not existing thread
$r[] = strip_tags($params['messages_text']);
}
}
break;
case 'contacts':
// We are requesting the message form:
$r[] = $params['contacts_text'];
break;
case 'login':
// We are requesting the login form:
if ($action == 'req_validatemail') {
$r[] = $params['req_validatemail'];
} else {
$r[] = $params['login_text'];
}
break;
case 'register':
// We are requesting the registration form:
$r[] = $params['register_text'];
break;
case 'activateinfo':
// We are requesting the activate info form:
$r[] = $params['account_activation'];
break;
case 'lostpassword':
// We are requesting the lost password form:
$r[] = $params['lostpassword_text'];
break;
case 'single':
case 'page':
// We are displaying a single message:
if ($preview) {
// We are requesting a post preview:
$r[] = T_('PREVIEW');
} elseif ($params['title_' . $disp . '_disp'] && isset($MainList)) {
$r = array_merge($r, $MainList->get_filter_titles(array('visibility', 'hide_future'), $params));
}
if ($params['title_' . $disp . '_before'] != '#') {
$before = $params['title_' . $disp . '_before'];
}
if ($params['title_' . $disp . '_after'] != '#') {
$after = $params['title_' . $disp . '_after'];
}
break;
case 'user':
// We are requesting the user page:
$user_ID = param('user_ID', 'integer', 0);
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($user_ID, false, false);
$user_login = $User ? $User->get('login') : '';
$r[] = sprintf($params['user_text'], $user_login);
break;
case 'users':
$r[] = $params['users_text'];
break;
case 'closeaccount':
$r[] = $params['closeaccount_text'];
break;
case 'edit':
$action = param_action();
// Edit post by switching into 'In skin' mode from Back-office
$p = param('p', 'integer', 0);
// Edit post from Front-office
$cp = param('cp', 'integer', 0);
// Copy post from Front-office
if ($action == 'edit_switchtab' || $p > 0) {
// Edit post
$title = $params['edit_text_update'];
} else {
if ($cp > 0) {
// Copy post
$title = $params['edit_text_copy'];
} else {
// Create post
$title = $params['edit_text_create'];
}
}
if ($params['auto_pilot'] != 'seo_title') {
// Add advanced edit and close icon
global $edited_Item;
if (!empty($edited_Item) && $edited_Item->ID > 0) {
// Set the cancel editing url as permanent url of the item
$cancel_url = $edited_Item->get_permanent_url();
} else {
// Set the cancel editing url to home page of the blog
$cancel_url = $Blog->gen_blogurl();
}
$title .= '<span class="title_action_icons">';
if ($current_User->check_perm('admin', 'normal')) {
global $advanced_edit_link;
$title .= action_icon(T_('Go to advanced edit screen'), 'edit', $advanced_edit_link['href'], ' ' . T_('Advanced editing'), NULL, 3, array('onclick' => $advanced_edit_link['onclick']));
}
$title .= action_icon(T_('Cancel editing'), 'close', $cancel_url, ' ' . T_('Cancel editing'), NULL, 3);
$title .= '</span>';
}
$r[] = $title;
break;
case 'edit_comment':
global $comment_Item, $edited_Comment;
$title = $params['edit_comment_text'];
if ($params['auto_pilot'] != 'seo_title') {
// Add advanced edit and close icon
$title .= '<span class="title_action_icons">';
if ($current_User->check_perm('admin', 'normal')) {
$advanced_edit_url = url_add_param($admin_url, 'ctrl=comments&action=edit&blog=' . $Blog->ID . '&comment_ID=' . $edited_Comment->ID);
$title .= action_icon(T_('Go to advanced edit screen'), 'edit', $advanced_edit_url, ' ' . T_('Advanced editing'), NULL, 3, array('onclick' => 'return switch_edit_view();'));
}
if (empty($comment_Item)) {
$comment_Item =& $edited_Comment->get_Item();
}
if (!empty($comment_Item)) {
$title .= action_icon(T_('Cancel editing'), 'close', url_add_tail($comment_Item->get_permanent_url(), '#c' . $edited_Comment->ID), ' ' . T_('Cancel editing'), NULL, 3);
}
$title .= '</span>';
}
$r[] = $title;
break;
case 'useritems':
// We are requesting the user items list:
$r[] = $params['useritems_text'];
break;
case 'usercomments':
// We are requesting the user comments list:
$r[] = $params['usercomments_text'];
break;
default:
if (isset($MainList)) {
$r = array_merge($r, $MainList->get_filter_titles(array('visibility', 'hide_future'), $params));
}
break;
}
if (!empty($r)) {
// We have at leats one title match:
$r = implode($params['glue'], $r);
if (!empty($r)) {
// This is in case we asked for an empty title (e-g for search)
$r = $before . format_to_output($r, $params['format']) . $after;
}
} elseif (!empty($params['title_none'])) {
$r = $params['title_none'];
} else {
// never return array()
$r = '';
}
return $r;
}
/**
* Get User that should be used for this widget now
*
* @return object User
*/
function &get_widget_User()
{
global $Item, $Blog;
$widget_User = NULL;
if (empty($this->disp_params['login'])) {
// No defined user in widget settings
// Note: There is no 'in-item' context in i7
if (!empty($Blog)) {
// Use an owner of the current $Blog
$widget_User =& $Blog->get_owner_User();
}
} else {
// Try to get user by login from DB
$UserCache =& get_UserCache();
$widget_User =& $UserCache->get_by_login($this->disp_params['login']);
}
return $widget_User;
}
/**
* Generate a title for the current list, depending on its filtering params
*
* @todo cleanup some displays
* @todo implement HMS part of YMDHMS
*
* @return array List of titles to display, which are escaped for HTML display
* (dh> only checked this for 'authors'/?authors=, where the output was not escaped)
*/
function get_filter_titles($ignore = array(), $params = array())
{
global $month, $disp_detail;
$params = array_merge(array('category_text' => T_('Category') . ': ', 'categories_text' => T_('Categories') . ': ', 'categories_nor_text' => T_('All but '), 'tag_text' => T_('Tag') . ': ', 'tags_text' => T_('Tags') . ': ', 'author_text' => T_('Author') . ': ', 'authors_text' => T_('Authors') . ': ', 'authors_nor_text' => T_('All authors except') . ': ', 'visibility_text' => T_('Visibility') . ': ', 'keyword_text' => T_('Keyword') . ': ', 'keywords_text' => T_('Keywords') . ': ', 'keywords_exact_text' => T_('Exact match') . ' ', 'status_text' => T_('Status') . ': ', 'statuses_text' => T_('Statuses') . ': ', 'archives_text' => T_('Archives for') . ': ', 'assignes_text' => T_('Assigned to') . ': ', 'group_mask' => '$group_title$$filter_items$', 'filter_mask' => '"$filter_name$"', 'filter_mask_nogroup' => '"$filter_name$"', 'before_items' => '', 'after_items' => '', 'separator_and' => ' ' . T_('and') . ' ', 'separator_or' => ' ' . T_('or') . ' ', 'separator_nor' => ' ' . T_('or') . ' ', 'separator_comma' => ', ', 'display_category' => true, 'display_archive' => true, 'display_keyword' => true, 'display_tag' => true, 'display_author' => true, 'display_assignee' => true, 'display_locale' => true, 'display_status' => true, 'display_visibility' => true, 'display_time' => true, 'display_limit' => true), $params);
if (empty($this->filters)) {
// Filters have no been set before, we'll use the default filterset:
// echo ' setting default filterset ';
$this->set_filters($this->default_filters);
}
$title_array = array();
if ($this->single_post) {
// We have requested a specific post:
// Should be in first position
$Item =& $this->get_by_idx(0);
if (is_null($Item)) {
$title_array[] = T_('Invalid request');
} else {
$title_array[] = $Item->get_titletag();
}
return $title_array;
}
// Check if the filter mask has an icon to clear the filter item
$clear_icon = strpos($params['filter_mask'], '$clear_icon$') !== false;
$filter_classes = array('green');
$filter_class_i = 0;
if (strpos($params['filter_mask'], '$filter_class$') !== false) {
// Initialize array with available classes for filter items
$filter_classes = array('green', 'yellow', 'orange', 'red', 'magenta', 'blue');
}
// CATEGORIES:
if ($params['display_category']) {
if (!empty($this->filters['cat_array'])) {
// We have requested specific categories...
$cat_names = array();
$ChapterCache =& get_ChapterCache();
$catsel_param = get_param('catsel');
foreach ($this->filters['cat_array'] as $cat_ID) {
if (($tmp_Chapter =& $ChapterCache->get_by_ID($cat_ID, false)) !== false) {
// It is almost never meaningful to die over an invalid cat when generating title
$cat_clear_url = regenerate_url((empty($catsel_param) ? 'cat=' : 'catsel=') . $cat_ID);
if ($disp_detail == 'posts-subcat' || $disp_detail == 'posts-cat') {
// Remove category url from $ReqPath when we use the cat url instead of cat ID
$cat_clear_url = str_replace('/' . $tmp_Chapter->get_url_path(), '', $cat_clear_url);
}
$cat_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', $cat_clear_url) : '';
$cat_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['category_text'], $tmp_Chapter->name, $cat_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
}
$filter_class_i++;
if ($this->filters['cat_modifier'] == '*') {
// Categories with "AND" condition
$cat_names_string = implode($params['separator_and'], $cat_names);
} elseif ($this->filters['cat_modifier'] == '-') {
// Categories with "NOR" condition
$cat_names_string = implode($params['separator_nor'], $cat_names);
} else {
// Categories with "OR" condition
$cat_names_string = implode($params['separator_or'], $cat_names);
}
if (!empty($cat_names_string)) {
if ($this->filters['cat_modifier'] == '-') {
// Categories with "NOR" condition
$cat_names_string = $params['categories_nor_text'] . $cat_names_string;
$params['category_text'] = $params['categories_text'];
}
$title_array['cats'] = str_replace(array('$group_title$', '$filter_items$'), count($this->filters['cat_array']) > 1 ? array($params['categories_text'], $params['before_items'] . $cat_names_string . $params['after_items']) : array($params['category_text'], $cat_names_string), $params['group_mask']);
}
}
}
// ARCHIVE TIMESLOT:
if ($params['display_archive']) {
if (!empty($this->filters['ymdhms'])) {
// We have asked for a specific timeframe:
$my_year = substr($this->filters['ymdhms'], 0, 4);
if (strlen($this->filters['ymdhms']) > 4) {
// We have requested a month too:
$my_month = T_($month[substr($this->filters['ymdhms'], 4, 2)]);
} else {
$my_month = '';
}
// Requested a day?
$my_day = substr($this->filters['ymdhms'], 6, 2);
$arch = $my_month . ' ' . $my_year;
if (!empty($my_day)) {
// We also want to display a day
$arch .= ', ' . $my_day;
}
if (!empty($this->filters['week']) || $this->filters['week'] === 0) {
// We also want to display a week number
$arch .= ', ' . T_('week') . ' ' . $this->filters['week'];
}
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
$arch_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'm')) : '';
$arch = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['archives_text'], $arch, $arch_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
$title_array['ymdhms'] = str_replace(array('$group_title$', '$filter_items$'), array($params['archives_text'], $arch), $params['group_mask']);
$filter_class_i++;
}
}
// KEYWORDS:
if ($params['display_keyword']) {
if (!empty($this->filters['keywords'])) {
if ($this->filters['phrase'] == 'OR' || $this->filters['phrase'] == 'AND') {
// Search by each keyword
$keywords = trim(preg_replace('/("|, *)/', ' ', $this->filters['keywords']));
$keywords = explode(' ', $keywords);
} else {
// Exact match (Single keyword)
$keywords = array($this->filters['keywords']);
}
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
$keyword_names = array();
foreach ($keywords as $keyword) {
$word_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 's=' . $keyword)) : '';
$keyword_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['keyword_text'], $keyword, $word_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
$filter_class_i++;
$keywords = ($this->filters['exact'] ? $params['keywords_exact_text'] : '') . implode($this->filters['phrase'] == 'OR' ? $params['separator_or'] : $params['separator_and'], $keyword_names);
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($keyword_names) > 1 ? array($params['keywords_text'], $params['before_items'] . $keywords . $params['after_items']) : array($params['keyword_text'], $keywords), $params['group_mask']);
}
}
// TAGS:
if ($params['display_tag']) {
if (!empty($this->filters['tags'])) {
$tags = explode(',', $this->filters['tags']);
$tag_names = array();
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
foreach ($tags as $tag) {
$tag_clear_url = regenerate_url($this->param_prefix . 'tag=' . $tag);
if ($disp_detail == 'posts-tag') {
// Remove tag url from $ReqPath when we use tag url instead of tag ID
$tag_clear_url = str_replace('/' . $tag . ':', '', $tag_clear_url);
}
$tag_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', $tag_clear_url) : '';
$tag_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['tag_text'], $tag, $tag_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
$filter_class_i++;
$tags = implode($params['separator_comma'], $tag_names);
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($tag_names) > 1 ? array($params['tags_text'], $params['before_items'] . $tags . $params['after_items']) : array($params['tag_text'], $tags), $params['group_mask']);
}
}
// AUTHORS:
if ($params['display_author']) {
if (!empty($this->filters['authors']) || !empty($this->filters['authors_login'])) {
$authors = trim($this->filters['authors'] . ',' . get_users_IDs_by_logins($this->filters['authors_login']), ',');
$exclude_authors = false;
if (substr($authors, 0, 1) == '-') {
// Authors are excluded
$authors = substr($authors, 1);
$exclude_authors = true;
}
$authors = preg_split('~\\s*,\\s*~', $authors, -1, PREG_SPLIT_NO_EMPTY);
$author_names = array();
if ($authors) {
$UserCache =& get_UserCache();
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
foreach ($authors as $author_ID) {
if ($tmp_User = $UserCache->get_by_ID($author_ID, false, false)) {
$user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'author=' . $author_ID)) : '';
$author_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['author_text'], $tmp_User->get('login'), $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
}
$filter_class_i++;
}
if (count($author_names) > 0) {
// Display info of filter by authors
if ($exclude_authors) {
// Exclude authors
$author_names_string = $params['authors_nor_text'] . implode($params['separator_nor'], $author_names);
} else {
// Filter by authors
$author_names_string = implode($params['separator_comma'], $author_names);
}
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($author_names) > 1 ? array($params['authors_text'], $params['before_items'] . $author_names_string . $params['after_items']) : array($params['author_text'], $author_names_string), $params['group_mask']);
}
}
}
// ASSIGNEES:
if ($params['display_assignee']) {
if (!empty($this->filters['assignees']) || !empty($this->filters['assignees_login'])) {
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
if ($this->filters['assignees'] == '-') {
$user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'assgn')) : '';
$title_array[] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Not assigned'), $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']);
} else {
$assignees = trim($this->filters['assignees'] . ',' . get_users_IDs_by_logins($this->filters['assignees_login']), ',');
$assignees = preg_split('~\\s*,\\s*~', $assignees, -1, PREG_SPLIT_NO_EMPTY);
$assignees_names = array();
if ($assignees) {
$UserCache =& get_UserCache();
foreach ($assignees as $user_ID) {
if ($tmp_User =& $UserCache->get_by_ID($user_ID, false, false)) {
$user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'assgn=' . $user_ID)) : '';
$assignees_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['assignes_text'], $tmp_User->get_identity_link(array('link_text' => 'name')), $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
}
}
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($assignees_names) > 1 ? array($params['assignes_text'], $params['before_items'] . implode($params['separator_comma'], $assignees_names) . $params['after_items']) : array($params['assignes_text'], implode($params['separator_comma'], $assignees_names)), $params['group_mask']);
}
$filter_class_i++;
}
}
// LOCALE:
if ($params['display_locale']) {
if ($this->filters['lc'] != 'all') {
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
$user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'lc')) : '';
$loc = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Locale') . ': ', $this->filters['lc'], $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), array(T_('Locale') . ': ', $loc), $params['group_mask']);
$filter_class_i++;
}
}
// EXTRA STATUSES:
if ($params['display_status']) {
if (!empty($this->filters['statuses'])) {
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
if ($this->filters['statuses'] == '-') {
$status_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'status=-')) : '';
$title_array[] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Without status'), $status_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']);
} else {
$status_IDs = explode(',', $this->filters['statuses']);
$ItemStatusCache =& get_ItemStatusCache();
$statuses = array();
foreach ($status_IDs as $status_ID) {
if ($ItemStatus =& $ItemStatusCache->get_by_ID($status_ID)) {
$status_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'status=' . $status_ID)) : '';
$statuses[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['status_text'], $ItemStatus->get_name(), $status_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
}
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($statuses) > 1 ? array($params['statuses_text'], $params['before_items'] . implode($params['separator_comma'], $statuses) . $params['after_items']) : array($params['status_text'], implode($params['separator_comma'], $statuses)), $params['group_mask']);
}
$filter_class_i++;
}
}
// VISIBILITY (SHOW STATUSES):
if ($params['display_visibility']) {
if (!in_array('visibility', $ignore)) {
$post_statuses = get_visibility_statuses();
if (count($this->filters['visibility_array']) != count($post_statuses)) {
// Display it only when visibility filter is changed
$status_titles = array();
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
foreach ($this->filters['visibility_array'] as $status) {
$vis_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_statuses=' . $status)) : '';
$status_titles[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['visibility_text'], $post_statuses[$status], $vis_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
$filter_class_i++;
$title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($status_titles) > 1 ? array($params['visibility_text'], $params['before_items'] . implode($params['separator_comma'], $status_titles) . $params['after_items']) : array($params['visibility_text'], implode($params['separator_comma'], $status_titles)), $params['group_mask']);
}
}
}
if ($params['display_time']) {
// START AT:
if (!empty($this->filters['ymdhms_min']) || !empty($this->filters['ts_min'])) {
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
if (!empty($this->filters['ymdhms_min'])) {
$time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'dstart')) : '';
$title_array['ts_min'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Start at') . ': ', date2mysql($this->filters['ymdhms_min']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
} else {
if ($this->filters['ts_min'] == 'now') {
$time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_future')) : '';
$title_array['ts_min'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Hide past'), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']);
} else {
$time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_future')) : '';
$title_array['ts_min'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Start at') . ': ', date2mysql($this->filters['ts_min']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
}
$filter_class_i++;
}
// STOP AT:
if (!empty($this->filters['ymdhms_max']) || !empty($this->filters['ts_max'])) {
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
if (!empty($this->filters['ymdhms_max'])) {
$time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'dstop')) : '';
$title_array['ts_max'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Stop at') . ': ', date2mysql($this->filters['ymdhms_max']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
} else {
if ($this->filters['ts_max'] == 'now') {
if (!in_array('hide_future', $ignore)) {
$time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_past')) : '';
$title_array['ts_max'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Hide future'), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']);
}
} else {
$time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_past')) : '';
$title_array['ts_max'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Stop at') . ': ', date2mysql($this->filters['ts_max']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']);
}
}
$filter_class_i++;
}
}
// LIMIT TO:
if ($params['display_limit']) {
if ($this->single_post) {
// Single post: no paging required!
} elseif (!empty($this->filters['ymdhms'])) {
// no restriction if we request a month... some permalinks may point to the archive!
} elseif ($this->filters['unit'] == 'posts' || $this->filters['unit'] == 'all') {
// We're going to page, so there's no real limit here...
} elseif ($this->filters['unit'] == 'days') {
// We are going to limit to x days:
// echo 'LIMIT DAYS ';
$filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i;
if (empty($this->filters['ymdhms_min'])) {
// We have no start date, we'll display the last x days:
if (!empty($this->filters['keywords']) || !empty($this->filters['cat_array']) || !empty($this->filters['authors'])) {
// We are in DAYS mode but we can't restrict on these! (TODO: ?)
} else {
// We are going to limit to LAST x days:
// TODO: rename 'posts' to 'limit'
$unit_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'unit')) : '';
$title_array['posts'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(sprintf(T_('Limited to last %d days'), $this->limit), $unit_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']);
}
} else {
// We have a start date, we'll display x days starting from that point:
$unit_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'unit')) : '';
$title_array['posts'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(sprintf(T_('Limited to %d days'), $this->limit), $unit_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']);
}
$filter_class_i++;
} else {
debug_die('Unhandled LIMITING mode in ItemList:' . $this->filters['unit'] . ' (paged mode is obsolete)');
}
}
return $title_array;
}
/**
* Display threads results table
*
* @param array Params
*/
function threads_results_block($params = array())
{
// Make sure we are not missing any param:
$params = array_merge(array('edited_User' => NULL, 'results_param_prefix' => 'actv_thrd_', 'results_title' => T_('Threads with private messages sent by the user'), 'results_no_text' => T_('User has not sent any private messages')), $params);
if (!is_logged_in()) {
// Only logged in users can access to this function
return;
}
global $current_User;
if (!$current_User->check_perm('users', 'edit') || !$current_User->check_perm('perm_messaging', 'reply')) {
// Check minimum permission:
return;
}
$edited_User = $params['edited_User'];
if (!$edited_User) {
// No defined User, probably the function is calling from AJAX request
$user_ID = param('user_ID', 'integer', 0);
if (empty($user_ID)) {
// Bad request, Exit here
return;
}
$UserCache =& get_UserCache();
if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) {
// Bad request, Exit here
return;
}
}
global $DB, $current_User;
param('user_tab', 'string', '', true);
param('user_ID', 'integer', 0, true);
// Check permission:
if ($current_User->check_perm('perm_messaging', 'abuse')) {
// Create result set:
$threads_Results = get_threads_results(array('results_param_prefix' => $params['results_param_prefix'], 'user_ID' => $edited_User->ID, 'sent_user_ID' => $edited_User->ID));
$threads_Results->Cache =& get_ThreadCache();
$threads_Results->title = $params['results_title'];
$threads_Results->no_results_text = $params['results_no_text'];
if ($threads_Results->total_rows > 0) {
// Display action icon to delete all records if at least one record exists
$threads_Results->global_icon(sprintf(T_('Delete all private messages sent by %s'), $edited_User->login), 'delete', '?ctrl=user&user_tab=activity&action=delete_all_messages&user_ID=' . $edited_User->ID . '&' . url_crumb('user'), ' ' . T_('Delete all'), 3, 4);
}
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
// Initialize Results object
threads_results($threads_Results, array('abuse_management' => 1, 'show_only_date' => 1));
if (is_ajax_content()) {
// init results param by template name
if (!isset($params['skin_type']) || !isset($params['skin_name'])) {
debug_die('Invalid ajax results request!');
}
$threads_Results->init_params_by_skin($params['skin_type'], $params['skin_name']);
}
$display_params = array('before' => '<div class="results" style="margin-top:25px" id="threads_result">');
$threads_Results->display($display_params);
if (!is_ajax_content()) {
// Create this hidden div to get a function name for AJAX request
echo '<div id="' . $params['results_param_prefix'] . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>';
}
} else {
// No permission for abuse management
echo '<div style="margin-top:25px;font-weight:bold">' . sprintf(T_('User has sent %s private messages'), $edited_User->get_num_messages('sent')) . '</div>';
}
}
/**
* Sends an email to User
*
* @param integer Recipient ID.
* @param string Subject of the mail
* @param string Email template name
* @param array Email template params
* @param boolean Force to send this email even if the user is not activated. By default not activated user won't get emails.
* Pasword reset, and account activation emails must be always forced.
* @param array Additional headers ( headername => value ). Take care of injection!
* @return boolean True if mail could be sent (not necessarily delivered!), false if not - (return value of {@link mail()})
*/
function send_mail_to_User($user_ID, $subject, $template_name, $template_params = array(), $force_on_non_activated = false, $headers = array())
{
global $UserSettings, $Settings, $current_charset;
$UserCache =& get_UserCache();
if ($User = $UserCache->get_by_ID($user_ID)) {
if (!$User->check_status('can_receive_any_message')) {
// user status doesn't allow to receive nor emails nor private messages
return false;
}
if (!($User->check_status('is_validated') || $force_on_non_activated)) {
// user is not activated and non activated users should not receive emails, unless force_on_non_activated is turned on
return false;
}
// UserSettings update is not required yet
$update_settings = false;
// Check if a new email to User with the corrensponding email type is allowed
switch ($template_name) {
case 'account_activate':
if ($Settings->get('validation_process') == 'easy' && !$template_params['is_reminder']) {
// this is not a notification email
break;
}
case 'private_message_new':
case 'private_messages_unread_reminder':
case 'post_new':
case 'comment_new':
case 'account_activated':
case 'account_closed':
case 'account_reported':
// this is a notificaiton email
if (!check_allow_new_email('notification_email_limit', 'last_notification_email', $User->ID)) {
// more notification email is not allowed today
return false;
}
$update_settings = true;
break;
case 'newsletter':
// this is a newsletter email
if (!check_allow_new_email('newsletter_limit', 'last_newsletter', $User->ID)) {
// more newsletter email is not allowed today
return false;
}
$update_settings = true;
break;
}
// Update notification sender's info from General settings
$User->update_sender();
switch ($UserSettings->get('email_format', $User->ID)) {
// Set Content-Type from user's setting "Email format"
case 'auto':
$template_params['boundary'] = 'b2evo-' . md5(rand());
$headers['Content-Type'] = 'multipart/mixed; boundary="' . $template_params['boundary'] . '"';
break;
case 'html':
$headers['Content-Type'] = 'text/html; charset=' . $current_charset;
break;
case 'text':
$headers['Content-Type'] = 'text/plain; charset=' . $current_charset;
break;
}
// Get a message text from template file
$message = mail_template($template_name, $UserSettings->get('email_format', $User->ID), $template_params, $User);
// Autoinsert user's data
$subject = mail_autoinsert_user_data($subject, $User);
$message = mail_autoinsert_user_data($message, $User);
if (send_mail($User->email, NULL, $subject, $message, NULL, NULL, $headers, $user_ID)) {
// email was sent, update last email settings;
if ($update_settings) {
// User Settings need to be updated
$UserSettings->dbupdate();
}
return true;
}
}
// No user or email could not be sent
return false;
}
/**
* Template tag. Initializes internal states for the most common skin displays.
*
* For more specific skins, this function should not be called and
* equivalent code should be customized within the skin.
*
* @param string What are we going to display. Most of the time the global $disp should be passed.
*/
function skin_init($disp)
{
/**
* @var Blog
*/
global $Blog;
/**
* @var Item
*/
global $Item;
/**
* @var Skin
*/
global $Skin;
global $robots_index;
global $seo_page_type;
global $redir, $ReqURL, $ReqURI, $m, $w, $preview;
global $Chapter;
global $Debuglog;
/**
* @var ItemList2
*/
global $MainList;
/**
* This will give more detail when $disp == 'posts'; otherwise it will have the same content as $disp
* @var string
*/
global $disp_detail, $Settings;
global $Timer;
global $Messages, $PageCache;
$Timer->resume('skin_init');
if (empty($disp_detail)) {
$disp_detail = $disp;
}
$Debuglog->add('skin_init: ' . $disp, 'skins');
// This is the main template; it may be used to display very different things.
// Do inits depending on current $disp:
switch ($disp) {
case 'posts':
case 'single':
case 'page':
case 'feedback-popup':
case 'search':
// We need to load posts for this display:
// Note: even if we request the same post as $Item above, the following will do more restrictions (dates, etc.)
// Init the MainList object:
init_MainList($Blog->get_setting('posts_per_page'));
// Init post navigation
$post_navigation = $Skin->get_post_navigation();
if (empty($post_navigation)) {
$post_navigation = $Blog->get_setting('post_navigation');
}
break;
}
// SEO stuff & redirects if necessary:
$seo_page_type = NULL;
switch ($disp) {
// CONTENT PAGES:
case 'single':
case 'page':
init_ajax_forms();
// auto requires jQuery
init_ratings_js();
init_voting_comment_js();
init_scrollwide_js();
// Add jQuery Wide Scroll plugin
if ($disp == 'single') {
$seo_page_type = 'Single post page';
} else {
$seo_page_type = '"Page" page';
}
// Check if the post has 'redirected' status:
if (!$preview && $Item->status == 'redirected' && $redir == 'yes') {
// $redir=no here allows to force a 'single post' URL for commenting
// Redirect to the URL specified in the post:
$Debuglog->add('Redirecting to post URL [' . $Item->url . '].');
header_redirect($Item->url, true);
}
// Check if we want to redirect to a canonical URL for the post
// Please document encountered problems.
if (!$preview && ($Blog->get_setting('canonical_item_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_item_urls'))) {
// We want to redirect to the Item's canonical URL:
$canonical_url = $Item->get_permanent_url('', '', '&');
if (preg_match('|[&?](page=\\d+)|', $ReqURI, $page_param)) {
// A certain post page has been requested, keep only this param and discard all others:
$canonical_url = url_add_param($canonical_url, $page_param[1], '&');
}
if (preg_match('|[&?](mode=quote&[qcp]+=\\d+)|', $ReqURI, $page_param)) {
// A quote of comment/post, keep only these params and discard all others:
$canonical_url = url_add_param($canonical_url, $page_param[1], '&');
}
if (!is_same_url($ReqURL, $canonical_url)) {
// The requested URL does not look like the canonical URL for this post...
// url difference was resolved
$url_resolved = false;
// Check if the difference is because of an allowed post navigation param
if (preg_match('|[&?]cat=(\\d+)|', $ReqURI, $cat_param)) {
// A category post navigation param is set
$extended_url = '';
if ($post_navigation == 'same_category' && isset($cat_param[1])) {
// navigatie through posts from the same category
$category_ids = postcats_get_byID($Item->ID);
if (in_array($cat_param[1], $category_ids)) {
// cat param is one of this Item categories
$extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $cat_param[1], '&');
// Set MainList navigation target to the requested category
$MainList->nav_target = $cat_param[1];
}
}
$url_resolved = is_same_url($ReqURL, $extended_url);
}
if (!$url_resolved && $Blog->get_setting('canonical_item_urls') && $redir == 'yes' && !$Item->check_cross_post_nav('auto', $Blog->ID)) {
// REDIRECT TO THE CANONICAL URL:
$Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].');
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
// EXITED.
}
}
if (!$MainList->result_num_rows) {
// There is nothing to display for this page, don't index it!
$robots_index = false;
}
break;
case 'posts':
init_ajax_forms('blog');
// auto requires jQuery
init_scrollwide_js('blog');
// Add jQuery Wide Scroll plugin
// fp> if we add this here, we have to exetnd the inner if()
// init_ratings_js( 'blog' );
// Get list of active filters:
$active_filters = $MainList->get_active_filters();
if (!empty($active_filters)) {
// The current page is being filtered...
if (array_diff($active_filters, array('page')) == array()) {
// This is just a follow "paged" page
$disp_detail = 'posts-next';
$seo_page_type = 'Next page';
if ($Blog->get_setting('paged_noindex')) {
// We prefer robots not to index category pages:
$robots_index = false;
}
} elseif (array_diff($active_filters, array('cat_array', 'cat_modifier', 'cat_focus', 'posts', 'page')) == array()) {
// This is a category page
$disp_detail = 'posts-cat';
$seo_page_type = 'Category page';
if ($Blog->get_setting('chapter_noindex')) {
// We prefer robots not to index category pages:
$robots_index = false;
}
global $cat, $catsel;
if (empty($catsel) && preg_match('~[0-9]+~', $cat)) {
// We are on a single cat page:
// NOTE: we must have selected EXACTLY ONE CATEGORY through the cat parameter
// BUT: - this can resolve to including children
// - selecting exactly one cat through catsel[] is NOT OK since not equivalent (will exclude children)
// echo 'SINGLE CAT PAGE';
if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_cat_urls')) {
// Check if the URL was canonical:
if (!isset($Chapter)) {
$ChapterCache =& get_ChapterCache();
/**
* @var Chapter
*/
$Chapter =& $ChapterCache->get_by_ID($MainList->filters['cat_array'][0], false);
}
if ($Chapter) {
if ($Chapter->parent_ID) {
// This is a sub-category page (i-e: not a level 1 category)
$disp_detail = 'posts-subcat';
}
$canonical_url = $Chapter->get_permanent_url(NULL, NULL, $MainList->get_active_filter('page'), NULL, '&');
if (!is_same_url($ReqURL, $canonical_url)) {
// fp> TODO: we're going to lose the additional params, it would be better to keep them...
// fp> what additional params actually?
if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canonical":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
}
if ($post_navigation == 'same_category') {
// Category is set and post navigation should go through the same category, set navigation target param
$MainList->nav_target = $cat;
}
}
} elseif (array_diff($active_filters, array('tags', 'posts', 'page')) == array()) {
// This is a tag page
$disp_detail = 'posts-tag';
$seo_page_type = 'Tag page';
if ($Blog->get_setting('tag_noindex')) {
// We prefer robots not to index tag pages:
$robots_index = false;
}
if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_tag_urls')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_tag_url($MainList->get_active_filter('tags'), $MainList->get_active_filter('page'), '&');
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
} elseif (array_diff($active_filters, array('ymdhms', 'week', 'posts', 'page')) == array()) {
// This is an archive page
// echo 'archive page';
$disp_detail = 'posts-date';
$seo_page_type = 'Date archive page';
if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_archive_urls')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_archive_url(substr($m, 0, 4), substr($m, 4, 2), substr($m, 6, 2), $w, '&', $MainList->get_active_filter('page'));
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
if ($Blog->get_setting('archive_noindex')) {
// We prefer robots not to index archive pages:
$robots_index = false;
}
} else {
// Other filtered pages:
// pre_dump( $active_filters );
$disp_detail = 'posts-filtered';
$seo_page_type = 'Other filtered page';
if ($Blog->get_setting('filtered_noindex')) {
// We prefer robots not to index other filtered pages:
$robots_index = false;
}
}
} else {
// This is the default blog page
$disp_detail = 'posts-default';
$seo_page_type = 'Default page';
if ($Blog->get_setting('canonical_homepage') && $redir == 'yes' || $Blog->get_setting('relcanonical_homepage')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_blogurl();
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_homepage') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
if ($Blog->get_setting('default_noindex')) {
// We prefer robots not to index archive pages:
$robots_index = false;
}
}
break;
case 'search':
$seo_page_type = 'Search page';
if ($Blog->get_setting('filtered_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
// SPECIAL FEATURE PAGES:
// SPECIAL FEATURE PAGES:
case 'feedback-popup':
$seo_page_type = 'Comment popup';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'arcdir':
$seo_page_type = 'Date archive directory';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'catdir':
$seo_page_type = 'Category directory';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'msgform':
init_ajax_forms('blog');
// auto requires jQuery
$seo_page_type = 'Contact form';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'messages':
case 'contacts':
case 'threads':
init_results_js('blog');
// Add functions to work with Results tables
// just in case some robot would be logged in:
$seo_page_type = 'Messaging module';
$robots_index = false;
break;
case 'login':
global $Plugins, $transmit_hashed_password;
$seo_page_type = 'Login form';
$robots_index = false;
require_js('functions.js', 'blog');
$transmit_hashed_password = (bool) $Settings->get('js_passwd_hashing') && !(bool) $Plugins->trigger_event_first_true('LoginAttemptNeedsRawPassword');
if ($transmit_hashed_password) {
// Include JS for client-side password hashing:
require_js('sha1_md5.js', 'blog');
}
break;
case 'register':
if (is_logged_in()) {
// If user is logged in the register form should not be displayed. In this case redirect to the blog home page.
$Messages->add(T_('You are already logged in.'), 'note');
header_redirect($Blog->gen_blogurl(), false);
}
$seo_page_type = 'Register form';
$robots_index = false;
break;
case 'lostpassword':
if (is_logged_in()) {
// If user is logged in the lost password form should not be displayed. In this case redirect to the blog home page.
$Messages->add(T_('You are already logged in.'), 'note');
header_redirect($Blog->gen_blogurl(), false);
}
$seo_page_type = 'Lost password form';
$robots_index = false;
break;
case 'profile':
global $rsc_url;
require_css($rsc_url . 'css/jquery/smoothness/jquery-ui.css');
init_userfields_js('blog');
case 'avatar':
case 'pwdchange':
case 'userprefs':
case 'subs':
$seo_page_type = 'Special feature page';
if ($Blog->get_setting('special_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'users':
$seo_page_type = 'Users list';
$robots_index = false;
global $rsc_url;
require_css($rsc_url . 'css/jquery/smoothness/jquery-ui.css');
init_results_js('blog');
// Add functions to work with Results tables
break;
case 'user':
$seo_page_type = 'User display';
if (is_logged_in()) {
// Used for combo_box contacts groups
require_js('form_extensions.js', 'blog');
}
break;
case 'edit':
init_datepicker_js('blog');
require_js('admin.js', 'blog');
init_inskin_editing('blog');
init_plugins_js('blog');
break;
case 'edit_comment':
init_plugins_js('blog');
break;
case 'useritems':
case 'usercomments':
global $inc_path, $display_params, $viewed_User;
// get user_ID because we want it in redirect_to in case we need to ask for login.
$user_ID = param('user_ID', 'integer', true, true);
if (empty($user_ID)) {
bad_request_die(sprintf(T_('Parameter «%s» is required!'), 'user_ID'));
}
// set where to redirect in case of error
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$Messages->add(T_('You must log in to view this user profile.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) {
// user is logged in, but his/her status doesn't permit to view user profile
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add(T_('Your account status currently does not permit to view this user profile.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
$viewed_User = $UserCache->get_by_ID($user_ID, false);
if (empty($viewed_User)) {
$Messages->add(T_('The requested user does not exist!'));
header_redirect($error_redirect_to);
// will have exited
}
if ($viewed_User->check_status('is_closed')) {
$Messages->add(T_('The requested user account is closed!'));
header_redirect($error_redirect_to);
// will have exited
}
}
// Require results.css to display thread query results in a table
require_css('results.css');
// Results/tables styles
// Require functions.js to show/hide a panel with filters
require_js('functions.js', 'blog');
// Include this file to expand/collapse the filters panel when JavaScript is disabled
require_once $inc_path . '_filters.inc.php';
$display_params = !empty($Skin) ? $Skin->get_template('Results') : NULL;
if ($disp == 'useritems') {
// Init items list
global $user_ItemList;
$param_prefix = 'useritems_';
$page = param($param_prefix . 'paged', 'integer', 1);
$orderby = param($param_prefix . 'orderby', 'string', $Blog->get_setting('orderby'));
$order = param($param_prefix . 'order', 'string', $Blog->get_setting('orderdir'));
$useritems_Blog = NULL;
$user_ItemList = new ItemList2($useritems_Blog, NULL, NULL, NULL, 'ItemCache', $param_prefix);
$user_ItemList->load_from_Request();
$user_ItemList->set_filters(array('page' => $page, 'authors' => $user_ID, 'orderby' => str_replace($param_prefix, '', $orderby), 'order' => str_replace($param_prefix, '', $order)));
$user_ItemList->query();
} else {
// Init comments list
global $user_CommentList;
$param_prefix = 'usercmts_';
$page = param($param_prefix . 'paged', 'integer', 1);
$orderby = param($param_prefix . 'orderby', 'string', 'date');
$order = param($param_prefix . 'order', 'string', $Blog->get_setting('orderdir'));
$user_CommentList = new CommentList2(NULL, NULL, 'CommentCache', $param_prefix);
$user_CommentList->load_from_Request();
$user_CommentList->set_filters(array('page' => $page, 'author_IDs' => $user_ID, 'orderby' => str_replace($param_prefix, '', $orderby), 'order' => str_replace($param_prefix, '', $order)));
$user_CommentList->query();
}
break;
case 'comments':
if (!$Blog->get_setting('comments_latest')) {
// If latest comments page is disabled - Display 404 page with error message
$Messages->add(T_('This feature is disabled.'), 'error');
global $disp;
$disp = '404';
} else {
break;
}
case '404':
// We have a 404 unresolved content error
// How do we want do deal with it?
skin_404_header();
// This MAY or MAY not have exited -- will exit on 30x redirect, otherwise will return here.
// Just in case some dumb robot needs extra directives on this:
$robots_index = false;
break;
}
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
// Detect IE browser version
preg_match('/msie (\\d+)/i', $_SERVER['HTTP_USER_AGENT'], $browser_ie);
if (count($browser_ie) == 2 && $browser_ie[1] < 7) {
// IE < 7
require_css('ie6.css', 'relative');
$Messages->add(T_('Your web browser is too old. For this site to work correctly, we recommend you use a more recent browser.'), 'note');
}
}
// dummy var for backward compatibility with versions < 2.4.1 -- prevents "Undefined variable"
global $global_Cache, $credit_links;
$credit_links = $global_Cache->get('creds');
$Timer->pause('skin_init');
// Check if user is logged in with a not active account, and display an error message if required
check_allow_disp($disp);
// initialize Blog enabled widgets, before displaying anything
init_blog_widgets($Blog->ID);
// Initialize displaying....
$Timer->start('Skin:display_init');
$Skin->display_init();
$Timer->pause('Skin:display_init');
// Send default headers:
// See comments inside of this function:
headers_content_mightcache('text/html');
// In most situations, you do NOT want to cache dynamic content!
// Never allow Messages to be cached!
if ($Messages->count() && !empty($PageCache)) {
// Abort PageCache collect
$PageCache->abort_collect();
}
}
/**
* Send email notifications to subscribed users:
*
* efy-asimo> moderatation and subscription notifications have been separated
*
* @param boolean true if send only moderation email, false otherwise
* @param boolean true if send for everyone else but not for moterators, because a moderation email was sent for them
* @param integer the user ID who executed the action which will be notified, or NULL if it was executed by an anonymous user
*/
function send_email_notifications($only_moderators = false, $except_moderators = false, $executed_by_userid = NULL)
{
global $DB, $admin_url, $baseurl, $debug, $Debuglog, $htsrv_url;
global $Settings, $UserSettings;
if ($only_moderators && $except_moderators) {
// at least one of them must be false
return;
}
$edited_Item =& $this->get_Item();
$edited_Blog =& $edited_Item->get_Blog();
$owner_User = $edited_Blog->get_owner_User();
$notify_users = array();
$moderators = array();
if ($only_moderators || $except_moderators) {
// we need the list of moderators:
$sql = 'SELECT DISTINCT user_email, user_ID, uset_value as notify_moderation
FROM T_users
LEFT JOIN T_coll_user_perms ON bloguser_user_ID = user_ID
LEFT JOIN T_coll_group_perms ON bloggroup_group_ID = user_grp_ID
LEFT JOIN T_users__usersettings ON uset_user_ID = user_ID AND uset_name = "notify_comment_moderation"
LEFT JOIN T_groups ON grp_ID = user_grp_ID
WHERE ( ( bloguser_blog_ID = ' . $edited_Blog->ID . ' AND bloguser_perm_edit_cmt IN ( "anon", "lt", "le", "all" ) )
OR ( bloggroup_blog_ID = ' . $edited_Blog->ID . ' AND bloggroup_perm_edit_cmt IN ( "anon", "lt", "le", "all" ) )
OR ( grp_perm_blogs = "editall" ) )
AND LENGTH(TRIM(user_email)) > 0';
$moderators_to_notify = $DB->get_results($sql);
foreach ($moderators_to_notify as $moderator) {
$notify_moderator = is_null($moderator->notify_moderation) ? $Settings->get('def_notify_comment_moderation') : $moderator->notify_moderation;
if ($notify_moderator) {
// add user to notify
$moderators[] = $moderator->user_ID;
}
}
if ($UserSettings->get('notify_comment_moderation', $owner_User->ID) && is_email($owner_User->get('email'))) {
// add blog owner
$moderators[] = $owner_User->ID;
}
// Load all moderators, and check each edit permission on this comment
$UserCache =& get_UserCache();
$UserCache->load_list($moderators);
foreach ($moderators as $index => $moderator_ID) {
$moderator_User = $UserCache->get_by_ID($moderator_ID, false);
if (!$moderator_User || !$moderator_User->check_perm('comment!CURSTATUS', 'edit', false, $this)) {
// User doesn't exists any more, or has no permission to edit this comment!
unset($moderators[$index]);
} elseif ($only_moderators) {
$notify_users[$moderator_ID] = 'moderator';
}
}
}
if (!$only_moderators) {
// Not only moderators needs to be notified:
$except_condition = '';
if ($except_moderators && !empty($moderators)) {
// Set except moderators condition. Exclude moderators who already got a notification email.
$except_condition = ' AND user_ID NOT IN ( "' . implode('", "', $moderators) . '" )';
}
// Check if we need to include the item creator user:
$creator_User =& $edited_Item->get_creator_User();
if ($UserSettings->get('notify_published_comments', $creator_User->ID) && !empty($creator_User->email) && !in_array($creator_User->ID, $moderators)) {
// Post creator wants to be notified, and post author is not a moderator...
$notify_users[$creator_User->ID] = 'creator';
}
// Get list of users who want to be notified about the this post comments:
if ($edited_Blog->get_setting('allow_item_subscriptions')) {
// item subscriptions is allowed
$sql = 'SELECT DISTINCT user_ID
FROM T_items__subscriptions INNER JOIN T_users ON isub_user_ID = user_ID
WHERE isub_item_ID = ' . $edited_Item->ID . '
AND isub_comments <> 0
AND LENGTH(TRIM(user_email)) > 0' . $except_condition;
$notify_list = $DB->get_results($sql);
// Preprocess list:
foreach ($notify_list as $notification) {
$notify_users[$notification->user_ID] = 'item_subscription';
}
}
// Get list of users who want to be notfied about this blog comments:
if ($edited_Blog->get_setting('allow_subscriptions')) {
// blog subscription is allowed
$sql = 'SELECT DISTINCT user_ID
FROM T_subscriptions INNER JOIN T_users ON sub_user_ID = user_ID
WHERE sub_coll_ID = ' . $edited_Blog->ID . '
AND sub_comments <> 0
AND LENGTH(TRIM(user_email)) > 0' . $except_condition;
$notify_list = $DB->get_results($sql);
// Preprocess list:
foreach ($notify_list as $notification) {
$notify_users[$notification->user_ID] = 'blog_subscription';
}
}
}
if ($executed_by_userid != NULL && isset($notify_users[$executed_by_userid])) {
// don't notify the user who just created/updated this comment
unset($notify_users[$executed_by_userid]);
}
if (!count($notify_users)) {
// No-one to notify:
return false;
}
/*
* We have a list of user IDs to notify:
*/
// TODO: dh> this reveals the comments author's email address to all subscribers!!
// $notify_from should get used by default, unless the user has opted in to be the sender!
// fp>If the subscriber has permission to moderate the comments, he SHOULD receive the email address.
// Get author email address. It will be visible for moderators/blog/post owners only -- NOT for other subscribers
if ($this->get_author_User()) {
// Comment from a registered user:
$reply_to = $this->author_User->get('email');
$author_name = $this->author_User->get('login');
$author_ID = $this->author_User->ID;
} elseif (!empty($this->author_email)) {
// non-member, but with email address:
$reply_to = $this->author_email;
$author_name = $this->dget('author');
$author_ID = NULL;
} else {
// Fallback (we have no email address): fp>TODO: or the subscriber is not allowed to view it.
$reply_to = NULL;
$author_name = $this->dget('author');
$author_ID = NULL;
}
// Load all users who will be notified, becasuse another way the send_mail_to_User funtion would load them one by one
$UserCache =& get_UserCache();
$UserCache->load_list(array_keys($notify_users));
// Load a list with the blocked emails in cache
load_blocked_emails(array_keys($notify_users));
// Send emails:
foreach ($notify_users as $notify_user_ID => $notify_type) {
// get data content
$notify_User = $UserCache->get_by_ID($notify_user_ID);
$notify_email = $notify_User->get('email');
// init notification setting
locale_temp_switch($notify_User->get('locale'));
$notify_user_Group = $notify_User->get_Group();
$notify_full = $notify_type == 'moderator' && $notify_user_Group->check_perm('comment_moderation_notif', 'full') || $notify_user_Group->check_perm('comment_subscription_notif', 'full');
switch ($this->type) {
case 'trackback':
/* TRANS: Subject of the mail to send on new trackbacks. First %s is the blog's shortname, the second %s is the item's title. */
$subject = T_('[%s] New trackback on "%s"');
break;
default:
/* TRANS: Subject of the mail to send on new comments. */
// In case of full notification the first %s is blog name, the second %s is the item's title.
// In case of short notification the first %s is author login, the second %s is the item's title.
$subject = $notify_full ? T_('[%s] New comment on "%s"') : T_('%s posted a new comment on "%s"');
if ($only_moderators) {
if ($this->status == 'draft') {
$subject = $notify_full ? T_('[%s] New comment awaiting moderation on "%s"') : T_('New comment awaiting moderation: ') . $subject;
} else {
$subject = $notify_full ? T_('[%s] New comment may need moderation on "%s"') : T_('New comment may need moderation: ') . $subject;
}
}
}
if ($notify_type == 'moderator') {
// moderation email
$user_reply_to = $reply_to;
} else {
if ($notify_type == 'blog_subscription') {
// blog subscription
$user_reply_to = NULL;
} else {
if ($notify_type == 'item_subscription') {
// item subscription
$user_reply_to = NULL;
} else {
if ($notify_type == 'creator') {
// user is the creator of the post
$user_reply_to = $reply_to;
} else {
debug_die('Unknown user subscription type');
}
}
}
}
$subject = sprintf($subject, $notify_full ? $edited_Blog->get('shortname') : $author_name, $edited_Item->get('title'));
$email_template_params = array('notify_full' => $notify_full, 'Comment' => $this, 'Blog' => $edited_Blog, 'Item' => $edited_Item, 'author_name' => $author_name, 'author_ID' => $author_ID, 'notify_type' => $notify_type);
if ($debug) {
$notify_message = mail_template('comment_new', 'text', $email_template_params);
$mail_dump = "Sending notification to {$notify_email}:<pre>Subject: {$subject}\n{$notify_message}</pre>";
if ($debug >= 2) {
// output mail content - NOTE: this will kill sending of headers.
echo "<p>{$mail_dump}</p>";
}
$Debuglog->add($mail_dump, 'notification');
}
// Send the email:
// Note: Note activated users won't get notification email
send_mail_to_User($notify_user_ID, $subject, 'comment_new', $email_template_params, false, array('Reply-To' => $user_reply_to));
blocked_emails_memorize($notify_User->email);
locale_restore_previous();
}
blocked_emails_display();
}
/**
* Replace @usernames with link to profile page
*
* @param string Content
* @param array Search list
* @param array Replace list
* @return string Content
*/
function replace_usernames($content, $search_list, $replace_list)
{
global $Blog;
if (empty($Blog)) {
// No Blog, Exit here
return $content;
}
if (preg_match_all($search_list, $content, $user_matches)) {
$blog_url = $Blog->gen_blogurl();
// Add this for rel attribute in order to activate bubbletips on usernames
$link_attr_rel = 'bubbletip_user_%user_ID%';
if ($this->get_coll_setting($this->setting_nofollow_auto, $Blog)) {
// Add attribute rel="nofollow" for auto-links
$link_attr_rel .= ' nofollow';
}
$link_attrs = ' rel="' . $link_attr_rel . '"';
$link_attrs .= ' class="user"';
if (!empty($user_matches[1])) {
$UserCache =& get_UserCache();
foreach ($user_matches[1] as $u => $username) {
if (in_array($username, $this->already_linked_usernames)) {
// Skip this username, it was already linked before
continue;
}
if ($User =& $UserCache->get_by_login($username)) {
// Replace @usernames
$user_link_attrs = str_replace('%user_ID%', $User->ID, $link_attrs);
$user_link = '<a href="' . $Blog->get('userurl', array('url_suffix' => 'user_ID=' . $User->ID)) . '"' . $user_link_attrs . '>' . $user_matches[0][$u] . '</a>';
$content = preg_replace('#' . $user_matches[0][$u] . '#', $user_link, $content, 1);
$this->already_linked_usernames[] = $user_matches[1][$u];
}
}
}
}
return $content;
}
/**
* Initialize internal states for the most common skin displays.
*
* For more specific skins, this function may not be called and
* equivalent code may be customized within the skin.
*
* @param string What are we going to display. Most of the time the global $disp should be passed.
*/
function skin_init($disp)
{
/**
* @var Blog
*/
global $Blog;
/**
* @var Item
*/
global $Item;
/**
* @var Skin
*/
global $Skin;
global $robots_index;
global $seo_page_type;
global $redir, $ReqURL, $ReqURI, $m, $w, $preview;
global $Chapter;
global $Debuglog;
/**
* @var ItemList2
*/
global $MainList;
/**
* This will give more detail when $disp == 'posts'; otherwise it will have the same content as $disp
* @var string
*/
global $disp_detail, $Settings;
global $Timer;
global $Messages, $PageCache;
global $Session, $current_User;
$Timer->resume('skin_init');
if (empty($disp_detail)) {
$disp_detail = $disp;
}
$Debuglog->add('skin_init: $disp=' . $disp, 'skins');
// This is the main template; it may be used to display very different things.
// Do inits depending on current $disp:
switch ($disp) {
case 'front':
case 'posts':
case 'single':
case 'page':
case 'terms':
case 'download':
case 'feedback-popup':
// We need to load posts for this display:
if ($disp == 'terms') {
// Initialize the redirect param to know what page redirect after accepting of terms:
param('redirect_to', 'url', '');
}
// Note: even if we request the same post as $Item above, the following will do more restrictions (dates, etc.)
// Init the MainList object:
init_MainList($Blog->get_setting('posts_per_page'));
// Init post navigation
$post_navigation = $Skin->get_post_navigation();
if (empty($post_navigation)) {
$post_navigation = $Blog->get_setting('post_navigation');
}
if (!empty($MainList) && $MainList->single_post && ($single_Item =& mainlist_get_item())) {
// If we are currently viewing a single post
// We assume the current user will have read the entire post and all its current comments:
$single_Item->update_read_timestamps(true, true);
// Restart the items list:
$MainList->restart();
}
break;
case 'search':
// Searching post, comments and categories
load_funcs('collections/_search.funcs.php');
// Check previous search keywords so it can be displayed in the search input box
param('s', 'string', '', true);
break;
}
// SEO stuff & redirects if necessary:
$seo_page_type = NULL;
switch ($disp) {
// CONTENT PAGES:
case 'single':
case 'page':
case 'terms':
if ($disp == 'terms' && !$Item) {
// Wrong post ID for terms page:
global $disp;
$disp = '404';
$Messages->add(sprintf(T_('Terms not found. (post ID #%s)'), get_param('p')), 'error');
break;
}
if (!$preview && empty($Item)) {
// No Item, incorrect request and incorrect state of the application, a 404 redirect should have already happened
//debug_die( 'Invalid page URL!' );
}
if ($disp == 'single') {
$seo_page_type = 'Single post page';
} else {
$seo_page_type = '"Page" page';
}
if (!$preview) {
// Check if item has a goal to insert a hit into DB
$Item->check_goal();
}
// Check if the post has 'redirected' status:
if (!$preview && $Item->status == 'redirected' && $redir == 'yes') {
// $redir=no here allows to force a 'single post' URL for commenting
// Redirect to the URL specified in the post:
$Debuglog->add('Redirecting to post URL [' . $Item->url . '].');
header_redirect($Item->url, true, true);
}
// Check if we want to redirect to a canonical URL for the post
// Please document encountered problems.
if (!$preview && ($Blog->get_setting('canonical_item_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_item_urls'))) {
// We want to redirect to the Item's canonical URL:
$canonical_url = $Item->get_permanent_url('', '', '&');
if (preg_match('|[&?](page=\\d+)|', $ReqURI, $page_param)) {
// A certain post page has been requested, keep only this param and discard all others:
$canonical_url = url_add_param($canonical_url, $page_param[1], '&');
}
if (preg_match('|[&?](mode=quote&[qcp]+=\\d+)|', $ReqURI, $page_param)) {
// A quote of comment/post, keep only these params and discard all others:
$canonical_url = url_add_param($canonical_url, $page_param[1], '&');
}
if (!is_same_url($ReqURL, $canonical_url)) {
// The requested URL does not look like the canonical URL for this post...
// url difference was resolved
$url_resolved = false;
// Check if the difference is because of an allowed post navigation param
if (preg_match('|[&?]cat=(\\d+)|', $ReqURI, $cat_param)) {
// A category post navigation param is set
$extended_url = '';
if ($post_navigation == 'same_category' && isset($cat_param[1])) {
// navigatie through posts from the same category
$category_ids = postcats_get_byID($Item->ID);
if (in_array($cat_param[1], $category_ids)) {
// cat param is one of this Item categories
$extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $cat_param[1], '&');
// Set MainList navigation target to the requested category
$MainList->nav_target = $cat_param[1];
}
}
$url_resolved = is_same_url($ReqURL, $extended_url);
}
if (preg_match('|[&?]tag=([^&A-Z]+)|', $ReqURI, $tag_param)) {
// A tag post navigation param is set
$extended_url = '';
if ($post_navigation == 'same_tag' && isset($tag_param[1])) {
// navigatie through posts from the same tag
$tag_names = $Item->get_tags();
if (in_array($tag_param[1], $tag_names)) {
// tag param is one of this Item tags
$extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $tag_param[1], '&');
// Set MainList navigation target to the requested tag
$MainList->nav_target = $tag_param[1];
}
}
$url_resolved = is_same_url($ReqURL, $extended_url);
}
if (!$url_resolved && $Blog->get_setting('canonical_item_urls') && $redir == 'yes' && !$Item->check_cross_post_nav('auto', $Blog->ID)) {
// REDIRECT TO THE CANONICAL URL:
$Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].');
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
// EXITED.
}
}
if (!$MainList->result_num_rows) {
// There is nothing to display for this page, don't index it!
$robots_index = false;
}
break;
case 'download':
if (empty($Item)) {
// No Item, incorrect request and incorrect state of the application, a 404 redirect should have already happened
debug_die('Invalid page URL!');
}
$download_link_ID = param('download', 'integer', 0);
// Check if we can allow to download the selected file
$LinkCache =& get_LinkCache();
if (!(($download_Link =& $LinkCache->get_by_ID($download_link_ID, false, false)) && ($LinkItem =& $download_Link->get_LinkOwner()) && ($LinkItem->Item && $LinkItem->Item->ID == $Item->ID) && ($download_File =& $download_Link->get_File()) && $download_File->exists())) {
// Bad request, Redirect to Item permanent url
$Messages->add(T_('The requested file is not available for download.'), 'error');
$canonical_url = $Item->get_permanent_url('', '', '&');
$Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].');
header_redirect($canonical_url, true);
}
// Save the downloading Link to the global vars
$GLOBALS['download_Link'] =& $download_Link;
// Save global $Item to $download_Item, because $Item can be rewritten by function get_featured_Item() in some skins
$GLOBALS['download_Item'] =& $Item;
init_ajax_forms('blog');
// auto requires jQuery
// Initialize JavaScript to download file after X seconds
add_js_headline('
jQuery( document ).ready( function ()
{
jQuery( "#download_timer_js" ).show();
} );
var b2evo_download_timer = ' . intval($Blog->get_setting('download_delay')) . ';
var downloadInterval = setInterval( function()
{
jQuery( "#download_timer" ).html( b2evo_download_timer );
if( b2evo_download_timer == 0 )
{ // Stop timer and download a file
clearInterval( downloadInterval );
jQuery( "#download_help_url" ).show();
}
b2evo_download_timer--;
}, 1000 );');
// Use meta tag to download file when JavaScript is NOT enabled
add_headline('<meta http-equiv="refresh" content="' . intval($Blog->get_setting('download_delay')) . '; url=' . $download_Link->get_download_url(array('type' => 'action')) . '" />');
$seo_page_type = 'Download page';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'posts':
init_ajax_forms('blog');
// auto requires jQuery
// fp> if we add this here, we have to exetnd the inner if()
// init_ratings_js( 'blog' );
// Get list of active filters:
$active_filters = $MainList->get_active_filters();
if (!empty($active_filters)) {
// The current page is being filtered...
if (array_diff($active_filters, array('page')) == array()) {
// This is just a follow "paged" page
$disp_detail = 'posts-next';
$seo_page_type = 'Next page';
if ($Blog->get_setting('paged_noindex')) {
// We prefer robots not to index category pages:
$robots_index = false;
}
} elseif (array_diff($active_filters, array('cat_array', 'cat_modifier', 'cat_focus', 'posts', 'page')) == array()) {
// This is a category page
$disp_detail = 'posts-cat';
$seo_page_type = 'Category page';
if ($Blog->get_setting('chapter_noindex')) {
// We prefer robots not to index category pages:
$robots_index = false;
}
global $cat, $catsel;
if (empty($catsel) && preg_match('~^[0-9]+$~', $cat)) {
// We are on a single cat page:
// NOTE: we must have selected EXACTLY ONE CATEGORY through the cat parameter
// BUT: - this can resolve to including children
// - selecting exactly one cat through catsel[] is NOT OK since not equivalent (will exclude children)
// echo 'SINGLE CAT PAGE';
if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_cat_urls')) {
// Check if the URL was canonical:
if (!isset($Chapter)) {
$ChapterCache =& get_ChapterCache();
/**
* @var Chapter
*/
$Chapter =& $ChapterCache->get_by_ID($MainList->filters['cat_array'][0], false);
}
if ($Chapter) {
if ($Chapter->parent_ID) {
// This is a sub-category page (i-e: not a level 1 category)
$disp_detail = 'posts-subcat';
}
$canonical_url = $Chapter->get_permanent_url(NULL, NULL, $MainList->get_active_filter('page'), NULL, '&');
if (!is_same_url($ReqURL, $canonical_url)) {
// fp> TODO: we're going to lose the additional params, it would be better to keep them...
// fp> what additional params actually?
if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canonical":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
} else {
// If the requested chapter was not found display 404 page
$Messages->add(T_('The requested chapter was not found'));
global $disp;
$disp = '404';
break;
}
}
if ($post_navigation == 'same_category') {
// Category is set and post navigation should go through the same category, set navigation target param
$MainList->nav_target = $cat;
}
}
} elseif (array_diff($active_filters, array('tags', 'posts', 'page')) == array()) {
// This is a tag page
$disp_detail = 'posts-tag';
$seo_page_type = 'Tag page';
if ($Blog->get_setting('tag_noindex')) {
// We prefer robots not to index tag pages:
$robots_index = false;
}
if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_tag_urls')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_tag_url($MainList->get_active_filter('tags'), $MainList->get_active_filter('page'), '&');
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
$tag = $MainList->get_active_filter('tags');
if ($post_navigation == 'same_tag' && !empty($tag)) {
// Tag is set and post navigation should go through the same tag, set navigation target param
$MainList->nav_target = $tag;
}
} elseif (array_diff($active_filters, array('ymdhms', 'week', 'posts', 'page')) == array()) {
// This is an archive page
// echo 'archive page';
$disp_detail = 'posts-date';
$seo_page_type = 'Date archive page';
if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_archive_urls')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_archive_url(substr($m, 0, 4), substr($m, 4, 2), substr($m, 6, 2), $w, '&', $MainList->get_active_filter('page'));
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
if ($Blog->get_setting('archive_noindex')) {
// We prefer robots not to index archive pages:
$robots_index = false;
}
} else {
// Other filtered pages:
// pre_dump( $active_filters );
$disp_detail = 'posts-filtered';
$seo_page_type = 'Other filtered page';
if ($Blog->get_setting('filtered_noindex')) {
// We prefer robots not to index other filtered pages:
$robots_index = false;
}
}
} elseif ($Blog->get_setting('front_disp') == 'posts') {
// This is the default blog page only if the 'front_disp' is set to 'posts'
$disp_detail = 'posts-default';
$seo_page_type = 'Default page';
if ($Blog->get_setting('default_noindex')) {
// We prefer robots not to index archive pages:
$robots_index = false;
}
}
break;
case 'search':
$seo_page_type = 'Search page';
if ($Blog->get_setting('filtered_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
// SPECIAL FEATURE PAGES:
// SPECIAL FEATURE PAGES:
case 'feedback-popup':
$seo_page_type = 'Comment popup';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'arcdir':
$seo_page_type = 'Date archive directory';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'catdir':
$seo_page_type = 'Category directory';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'msgform':
global $disp;
// get expected message form type
$msg_type = param('msg_type', 'string', '');
// initialize
$recipient_User = NULL;
$Comment = NULL;
$allow_msgform = NULL;
// get possible params
$recipient_id = param('recipient_id', 'integer', 0, true);
$comment_id = param('comment_id', 'integer', 0, true);
$post_id = param('post_id', 'integer', 0, true);
$subject = param('subject', 'string', '');
// try to init recipient_User
if (!empty($recipient_id)) {
$UserCache =& get_UserCache();
$recipient_User =& $UserCache->get_by_ID($recipient_id);
} elseif (!empty($comment_id)) {
// comment id is set, try to get comment author user
$CommentCache =& get_CommentCache();
$Comment = $CommentCache->get_by_ID($comment_id, false);
if ($Comment = $CommentCache->get_by_ID($comment_id, false)) {
$recipient_User =& $Comment->get_author_User();
if (empty($recipient_User) && $Comment->allow_msgform && is_email($Comment->get_author_email())) {
// set allow message form to email because comment author (not registered) accepts email
$allow_msgform = 'email';
param('recipient_address', 'string', $Comment->get_author_email());
param('recipient_name', 'string', $Comment->get_author_name());
}
}
} else {
// Recipient was not defined, try set the blog owner as recipient
global $Blog;
if (empty($Blog)) {
// Blog is not set, this is an invalid request
debug_die('Invalid send message request!');
}
$recipient_User = $Blog->get_owner_User();
}
if ($recipient_User) {
// recipient User is set
// get_msgform_possibility returns NULL (false), only if there is no messaging option between current_User and recipient user
$allow_msgform = $recipient_User->get_msgform_possibility();
if ($msg_type == 'email' && $recipient_User->get_msgform_possibility(NULL, 'email') != 'email') {
// User doesn't want to receive email messages, Restrict if this was requested by wrong url:
$msg_type = '';
}
if ($allow_msgform == 'login') {
// user must login first to be able to send a message to this User
$disp = 'login';
param('action', 'string', 'req_login');
// override redirect to param
param('redirect_to', 'url', regenerate_url(), true, true);
if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) {
// Redirect to special blog for messaging actions if it is defined in general settings
header_redirect(url_add_param($msg_Blog->get('msgformurl', array('glue' => '&')), 'redirect_to=' . rawurlencode($redirect_to), '&'));
}
$Messages->add(T_('You must log in before you can contact this user'));
} elseif ($allow_msgform == 'PM' && check_user_status('can_be_validated')) {
// user is not activated
if ($recipient_User->accepts_email()) {
// recipient User accepts email allow to send email
$allow_msgform = 'email';
$msg_type = 'email';
$activateinfo_link = 'href="' . get_activate_info_url(NULL, '&') . '"';
$Messages->add(sprintf(T_('You must activate your account before you can send a private message to %s. However you can send them an email if you\'d like. <a %s>More info »</a>'), $recipient_User->get('login'), $activateinfo_link), 'warning');
} else {
// Redirect to the activate info page for not activated users
$Messages->add(T_('You must activate your account before you can contact a user. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
} elseif ($msg_type == 'PM' && $allow_msgform == 'email') {
// only email is allowed but user expect private message form
if (!empty($current_User) && $recipient_id == $current_User->ID) {
$Messages->add(T_('You cannot send a private message to yourself. However you can send yourself an email if you\'d like.'), 'warning');
} else {
$Messages->add(sprintf(T_('You cannot send a private message to %s. However you can send them an email if you\'d like.'), $recipient_User->get('login')), 'warning');
}
} elseif ($msg_type != 'email' && $allow_msgform == 'PM') {
// private message form should be displayed, change display to create new individual thread with the given recipient user
// check if creating new PM is allowed
if (check_create_thread_limit(true)) {
// thread limit reached
header_redirect();
// exited here
}
global $edited_Thread, $edited_Message, $recipients_selected;
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
// Set global variable to auto define the FB autocomplete plugin field
$recipients_selected = array(array('id' => $recipient_User->ID, 'title' => $recipient_User->login));
init_tokeninput_js('blog');
$disp = 'threads';
$edited_Thread = new Thread();
$edited_Message = new Message();
$edited_Message->Thread =& $edited_Thread;
$edited_Thread->recipients = $recipient_User->login;
param('action', 'string', 'new', true);
param('thrdtype', 'string', 'individual', true);
}
if ($allow_msgform == 'email') {
// set recippient user param
set_param('recipient_id', $recipient_User->ID);
}
}
if ($allow_msgform == NULL) {
// should be Prevented by UI
if (!empty($recipient_User)) {
$Messages->add(sprintf(T_('The user "%s" does not want to be contacted through the message form.'), $recipient_User->get('login')), 'error');
} elseif (!empty($Comment)) {
$Messages->add(T_('This commentator does not want to get contacted through the message form.'), 'error');
}
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to 'msgform' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'msgform' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
// exited here
}
if ($allow_msgform == 'PM' || $allow_msgform == 'email') {
// Some message form is available
// Get the suggested subject for the email:
if (empty($subject)) {
// no subject provided by param:
global $DB;
if (!empty($comment_id)) {
// fp>TODO there should be NO SQL in this file. Make a $ItemCache->get_by_comment_ID().
$row = $DB->get_row('
SELECT post_title
FROM T_items__item, T_comments
WHERE comment_ID = ' . $DB->quote($comment_id) . '
AND post_ID = comment_item_ID');
if ($row) {
$subject = T_('Re:') . ' ' . sprintf(T_('Comment on %s'), $row->post_title);
}
}
if (empty($subject) && !empty($post_id)) {
// fp>TODO there should be NO SQL in this file. Use $ItemCache->get_by_ID.
$row = $DB->get_row('
SELECT post_title
FROM T_items__item
WHERE post_ID = ' . $post_id);
if ($row) {
$subject = T_('Re:') . ' ' . $row->post_title;
}
}
}
if ($allow_msgform == 'PM' && isset($edited_Thread)) {
$edited_Thread->title = $subject;
} else {
param('subject', 'string', $subject, true);
}
}
if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) {
// Redirect to special blog for messaging actions if it is defined in general settings
header_redirect($msg_Blog->get('msgformurl', array('glue' => '&')));
}
$seo_page_type = 'Contact form';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'messages':
case 'contacts':
case 'threads':
switch ($disp) {
case 'messages':
// Actions ONLY for disp=messages
// fp> The correct place to get thrd_ID is here, because we want it in redirect_to in case we need to ask for login.
$thrd_ID = param('thrd_ID', 'integer', '', true);
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in to read your messages.'));
header_redirect(get_login_url('cannot see messages'), 302);
// will have exited
}
// check if user status allow to view messages
if (!$current_User->check_status('can_view_messages')) {
// user status does not allow to view messages
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account is not activate yet
$Messages->add(T_('You must activate your account before you can read & send messages. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add('You are not allowed to view Messages!');
header_redirect($Blog->gen_blogurl(), 302);
// will have exited
}
// check if user permissions allow to view messages
if (!$current_User->check_perm('perm_messaging', 'reply')) {
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Messages!');
header_redirect($Blog->gen_blogurl(), 302);
// will have exited
}
if (!empty($thrd_ID)) {
// if this thread exists and current user is part of this thread update status because won't be any unread messages on this conversation
// we need to mark this early to make sure the unread message count will be correct in the evobar
mark_as_read_by_user($thrd_ID, $current_User->ID);
}
if (($unsaved_message_params = get_message_params_from_session()) !== NULL) {
// set Message and Thread saved params from Session
global $edited_Message, $action;
load_class('messaging/model/_message.class.php', 'Message');
$edited_Message = new Message();
$edited_Message->text = $unsaved_message_params['message'];
$edited_Message->original_text = $unsaved_message_params['message_original'];
$edited_Message->set_renderers($unsaved_message_params['renderers']);
$edited_Message->thread_ID = $thrd_ID;
$action = $unsaved_message_params['action'];
}
break;
case 'contacts':
// Actions ONLY for disp=contacts
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in to manage your contacts.'));
header_redirect(get_login_url('cannot see contacts'), 302);
// will have exited
}
if (!$current_User->check_status('can_view_contacts')) {
// user is logged in, but his status doesn't allow to view contacts
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account was not activated yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can manage your contacts. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Contacts!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'contacts' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'contacts' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
}
if (has_cross_country_restriction('any') && empty($current_User->ctry_ID)) {
// User may browse/contact other users only from the same country
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
}
// Get action parameter from request:
$action = param_action();
if (!$current_User->check_perm('perm_messaging', 'reply')) {
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Contacts!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'contacts' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'contacts' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
// will have exited
}
switch ($action) {
case 'add_user':
// Add user to contacts list
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$user_ID = param('user_ID', 'integer', 0);
if ($user_ID > 0) {
// Add user to contacts
if (create_contacts_user($user_ID)) {
// Add user to the group
$group_ID = param('group_ID', 'string', '');
if ($result = create_contacts_group_users($group_ID, $user_ID, 'group_ID_combo')) {
// User has been added to the group
$Messages->add(sprintf(T_('User has been added to the «%s» group.'), $result['group_name']), 'success');
} else {
// User has been added ONLY to the contacts list
$Messages->add('User has been added to your contacts.', 'success');
}
}
header_redirect($Blog->get('userurl', array('url_suffix' => 'user_ID=' . $user_ID, 'glue' => '&')));
}
break;
case 'unblock':
// Unblock user
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$user_ID = param('user_ID', 'integer', 0);
if ($user_ID > 0) {
set_contact_blocked($user_ID, 0);
$Messages->add(T_('Contact was unblocked.'), 'success');
}
break;
case 'remove_user':
// Remove user from contacts group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$view = param('view', 'string', 'profile');
$user_ID = param('user_ID', 'integer', 0);
$group_ID = param('group_ID', 'integer', 0);
if ($user_ID > 0 && $group_ID > 0) {
// Remove user from selected group
if (remove_contacts_group_user($group_ID, $user_ID)) {
// User has been removed from the group
if ($view == 'contacts') {
// Redirect to the contacts list
header_redirect($Blog->get('contactsurl', array('glue' => '&')));
} else {
// Redirect to the user profile page
header_redirect($Blog->get('userurl', array('url_suffix' => 'user_ID=' . $user_ID, 'glue' => '&')));
}
}
}
break;
case 'add_group':
// Add users to the group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$group = param('group', 'string', '');
$users = param('users', 'string', '');
if ($result = create_contacts_group_users($group, $users)) {
// Users have been added to the group
$Messages->add(sprintf(T_('%d contacts have been added to the «%s» group.'), $result['count_users'], $result['group_name']), 'success');
$redirect_to = $Blog->get('contactsurl', array('glue' => '&'));
$item_ID = param('item_ID', 'integer', 0);
if ($item_ID > 0) {
$redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&');
}
header_redirect($redirect_to);
}
break;
case 'rename_group':
// Rename the group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$group_ID = param('group_ID', 'integer', true);
if (rename_contacts_group($group_ID)) {
$item_ID = param('item_ID', 'integer', 0);
$redirect_to = url_add_param($Blog->get('contactsurl', array('glue' => '&')), 'g=' . $group_ID, '&');
if ($item_ID > 0) {
$redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&');
}
$Messages->add(T_('The group has been renamed.'), 'success');
header_redirect($redirect_to);
}
break;
case 'delete_group':
// Delete the group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$group_ID = param('group_ID', 'integer', true);
if (delete_contacts_group($group_ID)) {
$item_ID = param('item_ID', 'integer', 0);
$redirect_to = $Blog->get('contactsurl', array('glue' => '&'));
if ($item_ID > 0) {
$redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&');
}
$Messages->add(T_('The group has been deleted.'), 'success');
header_redirect($redirect_to);
}
break;
}
modules_call_method('switch_contacts_actions', array('action' => $action));
break;
case 'threads':
// Actions ONLY for disp=threads
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in to read your messages.'));
header_redirect(get_login_url('cannot see messages'), 302);
// will have exited
}
if (!$current_User->check_status('can_view_threads')) {
// user status does not allow to view threads
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account is not activate yet
$Messages->add(T_('You must activate your account before you can read & send messages. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add('You are not allowed to view Messages!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'threads' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'threads' ? url_add_param($blogurl, 'disp=404', '&') : $blogurl;
header_redirect($redirect_to, 302);
// will have exited
}
if (!$current_User->check_perm('perm_messaging', 'reply')) {
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Messages!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'threads' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'threads' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
// will have exited
}
$action = param('action', 'string', 'view');
if ($action == 'new') {
// Before new message form is displayed ...
if (has_cross_country_restriction('contact') && empty($current_User->ctry_ID)) {
// Cross country contact restriction is enabled, but user country is not set yet
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
} elseif (check_create_thread_limit(true)) {
// don't allow to create new thread, because the new thread limit was already reached
set_param('action', 'view');
}
}
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
// Get action parameter from request:
$action = param_action('view');
switch ($action) {
case 'new':
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
global $edited_Thread, $edited_Message;
$edited_Thread = new Thread();
$edited_Message = new Message();
$edited_Message->Thread =& $edited_Thread;
modules_call_method('update_new_thread', array('Thread' => &$edited_Thread));
if (($unsaved_message_params = get_message_params_from_session()) !== NULL) {
// set Message and Thread saved params from Session
$edited_Message->text = $unsaved_message_params['message'];
$edited_Message->original_text = $unsaved_message_params['message_original'];
$edited_Message->set_renderers($unsaved_message_params['renderers']);
$edited_Thread->title = $unsaved_message_params['subject'];
$edited_Thread->recipients = $unsaved_message_params['thrd_recipients'];
$edited_Message->Thread = $edited_Thread;
global $thrd_recipients_array, $thrdtype, $action, $creating_success;
$thrd_recipients_array = $unsaved_message_params['thrd_recipients_array'];
$thrdtype = $unsaved_message_params['thrdtype'];
$action = $unsaved_message_params['action'];
$creating_success = !empty($unsaved_message_params['creating_success']) ? $unsaved_message_params['creating_success'] : false;
} else {
if (empty($edited_Thread->recipients)) {
$edited_Thread->recipients = param('thrd_recipients', 'string', '');
}
if (empty($edited_Thread->title)) {
$edited_Thread->title = param('subject', 'string', '');
}
}
break;
default:
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
break;
}
break;
}
// Actions for disp = messages, contacts, threads:
if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) {
// Redirect to special blog for messaging actions if it is defined in general settings
$blog_url_params = array('glue' => '&');
if (!empty($thrd_ID)) {
// Don't forget the important param on redirect
$blog_url_params['url_suffix'] = 'thrd_ID=' . $thrd_ID;
}
header_redirect($msg_Blog->get($disp . 'url', $blog_url_params));
}
// just in case some robot would be logged in:
$seo_page_type = 'Messaging module';
$robots_index = false;
// Display messages depending on user email status
display_user_email_status_message();
break;
case 'login':
global $Plugins, $transmit_hashed_password;
if (is_logged_in()) {
// User is already logged in
if ($current_User->check_status('can_be_validated')) {
// account is not active yet, redirect to the account activation page
$Messages->add(T_('You are logged in but your account is not activated. You will find instructions about activating your account below:'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// User is already logged in, redirect to "redirect_to" page
$Messages->add(T_('You are already logged in.'), 'note');
$redirect_to = param('redirect_to', 'url', NULL);
if (empty($redirect_to)) {
// If empty redirect to referer page
$redirect_to = '';
}
header_redirect($redirect_to, 302);
// will have exited
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('loginurl', array('glue' => '&')));
}
$seo_page_type = 'Login form';
$robots_index = false;
break;
case 'register':
if (is_logged_in()) {
// If user is logged in the register form should not be displayed. In this case redirect to the blog home page.
$Messages->add(T_('You are already logged in.'), 'note');
header_redirect($Blog->gen_blogurl(), false);
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('registerurl', array('glue' => '&')));
}
$seo_page_type = 'Register form';
$robots_index = false;
// Check invitation code if it exists and registration is enabled
global $display_invitation;
$display_invitation = check_invitation_code();
break;
case 'lostpassword':
if (is_logged_in()) {
// If user is logged in the lost password form should not be displayed. In this case redirect to the blog home page.
$Messages->add(T_('You are already logged in.'), 'note');
header_redirect($Blog->gen_blogurl(), false);
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('lostpasswordurl', array('glue' => '&')));
}
$seo_page_type = 'Lost password form';
$robots_index = false;
break;
case 'activateinfo':
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in before you can activate your account.'));
header_redirect(get_login_url('cannot see messages'), 302);
// will have exited
}
if (!$current_User->check_status('can_be_validated')) {
// don't display activateinfo screen
$after_email_validation = $Settings->get('after_email_validation');
if ($after_email_validation == 'return_to_original') {
// we want to return to original page after account activation
// check if Session 'validatemail.redirect_to' param is still set
$redirect_to = $Session->get('core.validatemail.redirect_to');
if (empty($redirect_to)) {
// Session param is empty try to get general redirect_to param
$redirect_to = param('redirect_to', 'url', '');
} else {
// cleanup validateemail.redirect_to param from session
$Session->delete('core.validatemail.redirect_to');
}
} else {
// go to after email validation url which is set in the user general settings form
$redirect_to = $after_email_validation;
}
if (empty($redirect_to) || preg_match('#disp=activateinfo#', $redirect_to)) {
// redirect_to is pointing to the activate info display or is empty
// redirect to referer page
$redirect_to = '';
}
if ($current_User->check_status('is_validated')) {
$Messages->add(T_('Your account has already been activated.'));
}
header_redirect($redirect_to, 302);
// will have exited
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('activateinfourl', array('glue' => '&')));
}
break;
case 'profile':
case 'avatar':
$action = param_action();
if ($action == 'crop' && is_logged_in()) {
// Check data for crop action:
global $current_User, $cropped_File;
$file_ID = param('file_ID', 'integer');
if (!($cropped_File = $current_User->get_File_by_ID($file_ID, $error_code))) {
// Current user cannot crop this file
set_param('action', '');
}
}
case 'pwdchange':
case 'userprefs':
case 'subs':
$seo_page_type = 'Special feature page';
if ($Blog->get_setting('special_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
// Display messages depending on user email status
display_user_email_status_message();
break;
case 'users':
if (!is_logged_in() && !$Settings->get('allow_anonymous_user_list')) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$Messages->add(T_('You must log in to view the user directory.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
if (is_logged_in() && !check_user_status('can_view_users')) {
// user status doesn't permit to view users list
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view the user directory. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// set where to redirect
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
$Messages->add(T_('Your account status currently does not permit to view the user directory.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (has_cross_country_restriction('users', 'list') && empty($current_User->ctry_ID)) {
// User may browse other users only from the same country
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
}
$seo_page_type = 'Users list';
$robots_index = false;
break;
case 'user':
// get user_ID because we want it in redirect_to in case we need to ask for login.
$user_ID = param('user_ID', 'integer', '', true);
// set where to redirect in case of error
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$user_available_by_group_level = true;
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
if ($User =& $UserCache->get_by_ID($user_ID, false)) {
// If user exists we can check if the anonymous users have an access to view the user by group level limitation
$User->get_Group();
$user_available_by_group_level = $User->Group->level >= $Settings->get('allow_anonymous_user_level_min') && $User->Group->level <= $Settings->get('allow_anonymous_user_level_max');
}
}
if (!$Settings->get('allow_anonymous_user_profiles') || !$user_available_by_group_level || empty($user_ID)) {
// If this user is not available for anonymous users
$Messages->add(T_('You must log in to view this user profile.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
}
if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) {
// user is logged in, but his/her status doesn't permit to view user profile
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add(T_('Your account status currently does not permit to view this user profile.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($user_ID, false);
if (empty($User)) {
$Messages->add(T_('The requested user does not exist!'));
header_redirect($error_redirect_to);
// will have exited
}
if ($User->check_status('is_closed')) {
$Messages->add(T_('The requested user account is closed!'));
header_redirect($error_redirect_to);
// will have exited
}
if (has_cross_country_restriction('any')) {
if (empty($current_User->ctry_ID)) {
// Current User country is not set
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
// will have exited
}
if (has_cross_country_restriction('users', 'profile') && $current_User->ctry_ID !== $User->ctry_ID) {
// Current user country is different then edited user country and cross country user browsing is not enabled.
$Messages->add(T_('You don\'t have permission to view this user profile.'));
header_redirect(url_add_param($error_redirect_to, 'disp=403', '&'));
// will have exited
}
}
}
// Initialize users list from session cache in order to display prev/next links:
// It is used to navigate between users
load_class('users/model/_userlist.class.php', 'UserList');
global $UserList;
$UserList = new UserList();
$UserList->memorize = false;
$UserList->load_from_Request();
$seo_page_type = 'User display';
break;
case 'edit':
global $current_User, $post_ID;
// Post ID, go from $_GET when we edit a post from Front-office
// or from $_POST when we switch from Back-office
$post_ID = param('p', 'integer', empty($post_ID) ? 0 : $post_ID, true);
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=edit');
$Messages->add(T_('You must log in to create & edit posts.'));
header_redirect(get_login_url('cannot edit posts', $redirect_to), 302);
// will have exited
}
if (!$current_User->check_status('can_edit_post')) {
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account was not activated yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can create & edit posts. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// Redirect to the blog url for users without messaging permission
$Messages->add(T_('You are not allowed to create & edit posts!'));
header_redirect($Blog->gen_blogurl(), 302);
}
// user logged in and the account was activated
check_item_perm_edit($post_ID);
if (!blog_has_cats($Blog->ID)) {
// No categories are in this blog
$error_message = T_('Since this blog has no categories, you cannot post into it.');
if ($current_User->check_perm('blog_cats', 'edit', false, $Blog->ID)) {
// If current user has a permission to create a category
global $admin_url;
$error_message .= ' ' . sprintf(T_('You must <a %s>create categories</a> first.'), 'href="' . $admin_url . '?ctrl=chapters&blog=' . $Blog->ID . '"');
}
$Messages->add($error_message, 'error');
header_redirect($Blog->gen_blogurl(), 302);
}
// Prepare the 'In-skin editing':
init_inskin_editing();
break;
case 'edit_comment':
global $current_User, $edited_Comment, $comment_Item, $Item, $comment_title, $comment_content, $display_params;
// comment ID
$comment_ID = param('c', 'integer', 0, true);
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=edit_comment');
$Messages->add(T_('You must log in to edit comments.'));
header_redirect(get_login_url('cannot edit comments', $redirect_to), 302);
// will have exited
}
if (!$current_User->check_status('can_edit_comment')) {
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account was not activated yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can edit comments. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to edit comments!');
header_redirect($Blog->gen_blogurl(), 302);
}
if (empty($comment_ID)) {
// Can't edit a not exisiting comment
$Messages->add('Invalid comment edit URL!');
global $disp;
$disp = 404;
break;
}
$CommentCache =& get_CommentCache();
$edited_Comment = $CommentCache->get_by_ID($comment_ID);
$comment_Item = $edited_Comment->get_Item();
if (!$current_User->check_perm('comment!CURSTATUS', 'edit', false, $edited_Comment)) {
// If User has no permission to edit comments with this comment status:
$Messages->add('You are not allowed to edit the previously selected comment!');
header_redirect($Blog->gen_blogurl(), 302);
}
$comment_title = '';
$comment_content = htmlspecialchars_decode($edited_Comment->content);
// Format content for editing, if we were not already in editing...
$Plugins_admin =& get_Plugins_admin();
$comment_Item->load_Blog();
$params = array('object_type' => 'Comment', 'object_Blog' => &$comment_Item->Blog);
$Plugins_admin->unfilter_contents($comment_title, $comment_content, $edited_Comment->get_renderers_validated(), $params);
$Item = $comment_Item;
$display_params = array();
break;
case 'useritems':
case 'usercomments':
global $display_params, $viewed_User;
// get user_ID because we want it in redirect_to in case we need to ask for login.
$user_ID = param('user_ID', 'integer', true, true);
if (empty($user_ID)) {
bad_request_die(sprintf(T_('Parameter «%s» is required!'), 'user_ID'));
}
// set where to redirect in case of error
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$Messages->add(T_('You must log in to view this user profile.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) {
// user is logged in, but his/her status doesn't permit to view user profile
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add(T_('Your account status currently does not permit to view this user profile.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
$viewed_User = $UserCache->get_by_ID($user_ID, false);
if (empty($viewed_User)) {
$Messages->add(T_('The requested user does not exist!'));
header_redirect($error_redirect_to);
// will have exited
}
if ($viewed_User->check_status('is_closed')) {
$Messages->add(T_('The requested user account is closed!'));
header_redirect($error_redirect_to);
// will have exited
}
}
$display_params = !empty($Skin) ? $Skin->get_template('Results') : NULL;
if ($disp == 'useritems') {
// Init items list
global $user_ItemList;
$useritems_Blog = NULL;
$user_ItemList = new ItemList2($useritems_Blog, NULL, NULL, NULL, 'ItemCache', 'useritems_');
$user_ItemList->load_from_Request();
$user_ItemList->set_filters(array('authors' => $user_ID), true, true);
$user_ItemList->query();
} else {
// Init comments list
global $user_CommentList;
$user_CommentList = new CommentList2(NULL, NULL, 'CommentCache', 'usercmts_');
$user_CommentList->load_from_Request();
$user_CommentList->set_filters(array('author_IDs' => $user_ID), true, true);
$user_CommentList->query();
}
break;
case 'comments':
if (!$Blog->get_setting('comments_latest')) {
// If latest comments page is disabled - Display 404 page with error message
$Messages->add(T_('This feature is disabled.'), 'error');
global $disp;
$disp = '404';
}
break;
case 'closeaccount':
global $current_User;
if (!$Settings->get('account_close_enabled') || is_logged_in() && $current_User->check_perm('users', 'edit', false) || !is_logged_in() && !$Session->get('account_closing_success')) {
// If an account closing page is disabled - Display 404 page with error message
// Don't allow admins close own accounts from front office
// Don't display this message for not logged in users, except of one case to display a bye message after account closing
global $disp;
$disp = '404';
} elseif ($Session->get('account_closing_success')) {
// User has closed the account
global $account_closing_success;
$account_closing_success = $Session->get('account_closing_success');
// Unset this temp session var to don't display the message twice
$Session->delete('account_closing_success');
if (is_logged_in()) {
// log out current User
logout();
}
}
break;
case 'tags':
$seo_page_type = 'Tags';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
}
$Debuglog->add('skin_init: $disp=' . $disp . ' / $disp_detail=' . $disp_detail . ' / $seo_page_type=' . $seo_page_type, 'skins');
// Make this switch block special only for 404 page
switch ($disp) {
case '404':
// We have a 404 unresolved content error
// How do we want do deal with it?
skin_404_header();
// This MAY or MAY not have exited -- will exit on 30x redirect, otherwise will return here.
// Just in case some dumb robot needs extra directives on this:
$robots_index = false;
break;
}
global $Hit, $check_browser_version;
if ($check_browser_version && $Hit->get_browser_version() > 0 && $Hit->is_IE(9, '<')) {
// Display info message if browser IE < 9 version and it is allowed by config var:
global $debug;
$Messages->add(T_('Your web browser is too old. For this site to work correctly, we recommend you use a more recent browser.'), 'note');
if ($debug) {
$Messages->add('User Agent: ' . $Hit->get_user_agent(), 'note');
}
}
// dummy var for backward compatibility with versions < 2.4.1 -- prevents "Undefined variable"
global $global_Cache, $credit_links;
$credit_links = $global_Cache->get('creds');
$Timer->pause('skin_init');
// Check if user is logged in with a not active account, and display an error message if required
check_allow_disp($disp);
// initialize Blog enabled widgets, before displaying anything
init_blog_widgets($Blog->ID);
// Initialize displaying....
$Timer->start('Skin:display_init');
$Skin->display_init();
$Timer->pause('Skin:display_init');
// Send default headers:
// See comments inside of this function:
headers_content_mightcache('text/html');
// In most situations, you do NOT want to cache dynamic content!
// Never allow Messages to be cached!
if ($Messages->count() && !empty($PageCache)) {
// Abort PageCache collect
$PageCache->abort_collect();
}
}
function user_pm($user_ID, $user_login)
{
global $current_User;
if ($user_ID == $current_User->ID) {
return ' ';
}
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($user_ID);
if ($User && $User->get_msgform_possibility() == 'PM') {
// return new pm link only, if current User may send private message to User
return action_icon(T_('Private Message') . ': ' . $user_login, 'comments', '?ctrl=threads&action=new&user_login='******'';
}
if (!$current_User->check_perm('users', 'view')) {
// User has no permissions to view: he can only edit his profile
if (isset($user_ID) && $user_ID != $current_User->ID) {
// User is trying to edit something he should not: add error message (Should be prevented by UI)
$Messages->add(T_('You have no permission to view other users!'), 'error');
}
// Make sure the user only edits himself:
$user_ID = $current_User->ID;
if (!in_array($action, array('update', 'edit', 'default_settings', 'change_admin_skin'))) {
header_redirect(regenerate_url('ctrl,action', 'ctrl=user&action=edit&user_ID=' . $user_ID, '', '&'));
}
}
/*
* Load editable objects and set $action (while checking permissions)
*/
$UserCache =& get_UserCache();
if (!is_null($user_ID)) {
// User selected
if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) {
// We could not find the User to edit:
unset($edited_User);
forget_param('user_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('User')), 'error');
$action = 'list';
} elseif ($action == 'list') {
// 'list' is default, $user_ID given
if ($user_ID == $current_User->ID || $current_User->check_perm('users', 'edit')) {
$action = 'edit';
} else {
$action = 'view';
}
/**
* Load blogs a user has permissions for.
*
* @param string permission: 'member' (default), 'browse' (files)
* @param string
* @param integer user ID
* @return array The blog IDs
*/
function load_user_blogs($permname = 'blog_ismember', $permlevel = 'view', $user_ID = NULL, $order_by = '', $order_dir = '', $limit = NULL)
{
global $DB, $Settings, $Debuglog;
$Debuglog->add("Loading <strong>{$this->objtype}(permission: {$permname})</strong> into cache", 'dataobjects');
if ($order_by == '') {
// Use default value from settings
$order_by = $Settings->get('blogs_order_by');
}
if ($order_dir == '') {
// Use default value from settings
$order_dir = $Settings->get('blogs_order_dir');
}
if (is_null($user_ID)) {
global $current_User;
$user_ID = $current_User->ID;
$for_User = $current_User;
} else {
$UserCache =& get_UserCache();
$for_User =& $UserCache->get_by_ID($user_ID);
}
$for_User->get_Group();
// ensure Group is set
$Group = $for_User->Group;
// First check if we have a global access perm:
if ($Group->check_perm('blogs', $permlevel)) {
// If group grants a global permission:
$this->load_all($order_by, $order_dir);
return $this->get_ID_array();
}
// Note: We only JOIN in the advanced perms if any given blog has them enabled,
// otherwise they are ignored!
$sql = "SELECT DISTINCT T_blogs.*\n\t\t FROM T_blogs LEFT JOIN T_coll_user_perms ON (blog_advanced_perms <> 0\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND blog_ID = bloguser_blog_ID\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND bloguser_user_ID = {$user_ID} )\n\t\t \t\t LEFT JOIN T_coll_group_perms ON (blog_advanced_perms <> 0\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND blog_ID = bloggroup_blog_ID\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND bloggroup_group_ID = {$Group->ID} )\n\t\t WHERE ";
if ($permname != 'blog_admin') {
// Only the admin perm is not convered by being the owner of the blog:
$sql .= "blog_owner_user_ID = {$user_ID} ";
}
switch ($permname) {
case 'blog_ismember':
$sql .= "OR bloguser_ismember <> 0\n\t\t\t\t\t\t\t\t OR bloggroup_ismember <> 0";
break;
case 'blog_post_statuses':
$sql .= "OR bloguser_perm_poststatuses <> ''\n\t\t\t\t\t\t\t OR bloggroup_perm_poststatuses <> ''";
break;
case 'blog_comments':
// user needs to have permission for at least one kind of comments
$sql .= "OR bloguser_perm_cmtstatuses <> ''\n\t\t\t\t\t\tOR bloggroup_perm_cmtstatuses <> ''";
break;
case 'stats':
$permname = 'blog_properties';
// TEMP
// TEMP
case 'blog_cats':
case 'blog_properties':
case 'blog_admin':
case 'blog_media_browse':
$short_permname = substr($permname, 5);
$sql .= "OR bloguser_perm_{$short_permname} <> 0\n\t\t\t\t\t\t\t\t OR bloggroup_perm_{$short_permname} <> 0";
break;
default:
debug_die('BlogCache::load_user_blogs() : Unsupported perm [' . $permname . ']!');
}
$sql .= " ORDER BY " . gen_order_clause($order_by, $order_dir, $this->dbprefix, $this->dbIDname);
if ($limit) {
$sql .= " LIMIT {$limit}";
}
foreach ($DB->get_results($sql, OBJECT, 'Load user blog list') as $row) {
// Instantiate a custom object
$this->instantiate($row);
}
return $DB->get_col(NULL, 0);
}
