function page_delete() { if (ps('name') == 'default') { return page_edit(); } $name = doSlash(ps('name')); safe_delete("txp_page", "name='{$name}'"); page_edit(messenger('page', $name, 'deleted')); }
function thumbnail_create() { extract(doSlash(gpsa(array('id', 'width', 'height')))); // better checking of thumbnail dimensions // don't try and use zeros $width = (int) $width; $height = (int) $height; if ($width == 0 && $height == 0) { image_edit(messenger('invalid_width_or_height', "({$width})/({$height})", ''), $id); return; } else { if ($width == 0) { $width = ''; } if ($height == 0) { $height = ''; } } $crop = gps('crop'); $t = new txp_thumb($id); $t->crop = $crop == '1'; $t->hint = '0'; $t->width = $width; $t->height = $height; if ($t->write()) { global $prefs; $prefs['thumb_w'] = $width; $prefs['thumb_h'] = $height; $prefs['thumb_crop'] = $crop; // hidden prefs set_pref('thumb_w', $width, 'image', 2); set_pref('thumb_h', $height, 'image', 2); set_pref('thumb_crop', $crop, 'image', 2); $message = gTxt('thumbnail_saved', array('{id}' => $id)); update_lastmod(); image_edit($message, $id); } else { $message = gTxt('thumbnail_not_saved', array('{id}' => $id)); image_edit($message, $id); } }
function ign_user_delete() { global $ign_user_db; $user_id = ps('user_id'); $name = fetch('Realname', $ign_user_db, 'user_id', $user_id); if ($name) { $rs = safe_delete($ign_user_db, "user_id = '{$user_id}'"); if ($rs) { ign_admin(messenger('user', $name, 'deleted')); } } }
function file_delete($ids = array()) { global $file_base_path; $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id'))); $fail = array(); $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')'); if ($rs) { while ($a = nextRow($rs)) { extract($a); $filepath = build_file_path($file_base_path, $filename); $rsd = safe_delete('txp_file', "id = {$id}"); $ul = false; if ($rsd && is_file($filepath)) { $ul = unlink($filepath); } if (!$rsd or !$ul) { $fail[] = $id; } } if ($fail) { file_list(messenger(gTxt('file_delete_failed'), join(', ', $fail), '')); } else { file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids)))); } } else { file_list(messenger(gTxt('file_not_found'), join(', ', $ids), '')); } }
function discuss_multi_edit() { $parentid = safe_field("txp_discuss", "parentid", "parentid=" . doSlash(ps('discussid'))); $deleted = event_multi_edit('txp_discuss', 'discussid'); if (!empty($deleted)) { // might as well clean up all comment counts while we're here. clean_comment_counts(); return discuss_list(messenger('comment', $deleted, 'deleted')); } return discuss_list(); }
function list_multi_edit() { global $txp_user; $selected = ps('selected'); if (!$selected or !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); $method = ps('edit_method'); $changed = false; $ids = array(); if ($method == 'delete') { if (!has_privs('article.delete')) { $allowed = array(); if (has_privs('article.delete.own')) { foreach ($selected as $id) { $author = safe_field('AuthorID', 'textpattern', "ID = {$id}"); if ($author == $txp_user) { $allowed[] = $id; } } } $selected = $allowed; } foreach ($selected as $id) { if (safe_delete('textpattern', "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); if ($changed) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})"); } } else { $selected = array_map('assert_int', $selected); $selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')'); $allowed = array(); foreach ($selected as $item) { if ($item['Status'] >= 4 and has_privs('article.edit.published') or $item['Status'] >= 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < 4 and has_privs('article.edit') or $item['Status'] < 4 and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; unset($allowed); switch ($method) { // change author case 'changeauthor': $key = 'AuthorID'; $val = has_privs('article.edit') ? ps('AuthorID') : ''; // do not allow to be set to an empty value if (!$val) { $selected = array(); } break; // change category1 // change category1 case 'changecategory1': $key = 'Category1'; $val = ps('Category1'); break; // change category2 // change category2 case 'changecategory2': $key = 'Category2'; $val = ps('Category2'); break; // change comments // change comments case 'changecomments': $key = 'Annotate'; $val = (int) ps('Annotate'); break; // change section // change section case 'changesection': $key = 'Section'; $val = ps('Section'); // do not allow to be set to an empty value if (!$val) { $selected = array(); } break; // change status // change status case 'changestatus': $key = 'Status'; $val = ps('Status'); if (!has_privs('article.publish') && $val >= 4) { $val = 3; } // do not allow to be set to an empty value if (!$val) { $selected = array(); } break; default: $key = ''; $val = ''; break; } if ($selected and $key) { foreach ($selected as $id) { if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); } } if ($changed) { update_lastmod(); return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified')); } return list_list(); }
function author_delete() { $user_id = ps('user_id'); $name = fetch('Realname', 'txp_users', 'user_id', $user_id); if ($name) { $rs = safe_delete("txp_users", "user_id = '{$user_id}'"); if ($rs) { admin(messenger('author', $name, 'deleted')); } } }
function file_delete() { global $txpcfg, $file_base_path; extract($txpcfg); $id = ps('id'); $rs = safe_row("*", "txp_file", "id='{$id}'"); if ($rs) { extract($rs); $filepath = build_file_path($file_base_path, $filename); $rsd = safe_delete("txp_file", "id='{$id}'"); $ul = false; if ($rsd && is_file($filepath)) { $ul = unlink($filepath); } if ($rsd && $ul) { file_list(messenger(gTxt('file'), $filename, gTxt('deleted'))); return; } else { file_list(messenger(gTxt('file_delete_failed'), $filename, '')); } } else { file_list(messenger(gTxt('file_not_found'), $filename, '')); } }
function css_delete() { $name = ps('name'); if ($name != 'default') { safe_delete("txp_css", "name = '{$name}'"); css_edit(messenger('css', $name, 'deleted')); } else { echo gTxt('cannot_delete_default_css') . '.'; } }
function list_multi_edit() { global $txp_user, $statuses, $all_cats, $all_authors, $all_sections; // Empty entry to permit clearing the categories $categories = array(''); foreach ($all_cats as $row) { $categories[] = $row['name']; } $selected = ps('selected'); if (!$selected or !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); $method = ps('edit_method'); $changed = false; $ids = array(); $key = ''; if ($method == 'delete') { if (!has_privs('article.delete')) { $allowed = array(); if (has_privs('article.delete.own')) { $allowed = safe_column_num('ID', 'textpattern', 'ID in(' . join(',', $selected) . ') and AuthorID=\'' . doSlash($txp_user) . '\''); } $selected = $allowed; } foreach ($selected as $id) { if (safe_delete('textpattern', "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); if ($changed) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid in({$changed})"); callback_event('articles_deleted', '', 0, $ids); } } else { $selected = safe_rows('ID, AuthorID, Status', 'textpattern', 'ID in (' . implode(',', $selected) . ')'); $allowed = array(); foreach ($selected as $item) { if ($item['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $item['Status'] >= STATUS_LIVE and $item['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $item['Status'] < STATUS_LIVE and has_privs('article.edit') or $item['Status'] < STATUS_LIVE and $item['AuthorID'] == $txp_user and has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; unset($allowed); switch ($method) { // change author case 'changeauthor': $val = has_privs('article.edit') ? ps('AuthorID') : ''; if (in_array($val, $all_authors)) { $key = 'AuthorID'; } break; // change category1 // change category1 case 'changecategory1': $val = ps('Category1'); if (in_array($val, $categories)) { $key = 'Category1'; } break; // change category2 // change category2 case 'changecategory2': $val = ps('Category2'); if (in_array($val, $categories)) { $key = 'Category2'; } break; // change comments // change comments case 'changecomments': $key = 'Annotate'; $val = (int) ps('Annotate'); break; // change section // change section case 'changesection': $val = ps('Section'); if (in_array($val, $all_sections)) { $key = 'Section'; } break; // change status // change status case 'changestatus': $val = (int) ps('Status'); if (array_key_exists($val, $statuses)) { $key = 'Status'; } if (!has_privs('article.publish') && $val >= STATUS_LIVE) { $val = STATUS_PENDING; } break; default: $key = ''; $val = ''; break; } if ($selected and $key) { foreach ($selected as $id) { if (safe_update('textpattern', "{$key} = '" . doSlash($val) . "'", "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); } } if ($changed) { update_lastmod(); return list_list(messenger('article', $changed, $method == 'delete' ? 'deleted' : 'modified')); } return list_list(); }
function discuss_multi_edit() { $selected = ps('selected'); if ($selected) { // Get all articles for which we have to update the count foreach ($selected as $id) { $to_delete[] = intval($id); } $parentids = safe_rows("DISTINCT parentid", "txp_discuss", "discussid IN (" . implode(',', $to_delete) . ")"); foreach ($parentids as $key => $value) { $parentids[$key] = $value['parentid']; } // Delete and if succesful update commnet count $deleted = event_multi_edit('txp_discuss', 'discussid'); if (!empty($deleted)) { // might as well clean up all comment counts while we're here. clean_comment_counts($parentids); return discuss_list(messenger('comment', $deleted, 'deleted')); } } return discuss_list(); }
function product_multi_edit() { global $txp_user; $selected = ps('selected'); if (!$selected) { return products_list(); } $method = ps('edit_method'); $changed = false; $ids = array(); if ($method == 'delete') { if (!has_privs('article.delete')) { $allowed = array(); if (has_privs('article.delete.own')) { foreach ($selected as $id) { $id = assert_int($id); $author = safe_field('AuthorID', 'textpattern', "ID = {$id}"); if ($author == $txp_user) { $allowed[] = $id; } } } $selected = $allowed; } foreach ($selected as $id) { $id = assert_int($id); if (safe_delete('textpattern', "ID = {$id}")) { $ids[] = $id; } } $changed = join(', ', $ids); } if ($changed) { return products_list(messenger('Product', $changed, $method == 'delete' ? 'deleted' : 'modified')); } return products_list(); }
function event_category_save($evname, $table_name) { global $txpcfg; //Prevent non url chars on category names include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $in = psa(array('id', 'name', 'old_name', 'parent', 'title')); extract(doSlash($in)); $title = $textile->TextileThis($title, 1); $name = dumbDown($textile->TextileThis($name, 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); $parent = $parent ? $parent : 'root'; safe_update("txp_category", "name='{$name}',parent='{$parent}',title='{$title}'", "id={$id}"); rebuild_tree('root', 1, $evname); if ($evname == 'article') { safe_update("textpattern", "Category1='{$name}'", "Category1 = '{$old_name}'"); safe_update("textpattern", "Category2='{$name}'", "Category2 = '{$old_name}'"); } else { safe_update($table_name, "category='{$name}'", "category='{$old_name}'"); } category_list(messenger($evname . '_category', stripslashes($name), 'saved')); }
function form_save() { global $vars; extract(doSlash(gpsa($vars))); if ($savenew) { if (safe_insert("txp_form", "Form='{$Form}', type='{$type}', name='{$name}'")) { form_edit(messenger('form', $name, 'created')); } else { form_edit(messenger('form', $name, 'already_exists')); } } else { safe_update("txp_form", "Form='{$Form}',type='{$type}',name='{$name}'", "name='{$oldname}'"); form_edit(messenger('form', $name, 'updated')); } }
function permlinks_multi_edit() { $method = gps('edit_method') ? gps('edit_method') : gps('method'); // Up to Txp 4.0.3 switch ($method) { case 'delete': foreach (gps('selected') as $id) { $deleted[] = $this->parent->remove_permlink($id); } break; } $this->parent->message = isset($deleted) && is_array($deleted) && count($deleted) ? messenger('', join(', ', $deleted), 'deleted') : messenger('an error occurred', '', ''); }
function thumbnail_create_post() { $id = $this->psi('id'); extract(doSlash(gpsa(array('thumbnail_clear_settings', 'thumbnail_delete', 'width', 'height', 'crop')))); if ($thumbnail_clear_settings) { $message = $this->thumbnail_clear_settings($id); } elseif ($thumbnail_delete) { $message = $this->thumbnail_delete($id); } else { $width = (int) $width; $height = (int) $height; if ($width != 0 || $height != 0) { if (img_makethumb($id, $width, $height, $crop)) { global $prefs; if ($width == 0) { $width = ''; } if ($height == 0) { $height = ''; } $prefs['thumb_w'] = $width; $prefs['thumb_h'] = $height; $prefs['thumb_crop'] = $crop; // hidden prefs set_pref('thumb_w', $width, 'image', 2); set_pref('thumb_h', $height, 'image', 2); set_pref('thumb_crop', $crop, 'image', 2); update_lastmod(); $message = gTxt('thumbnail_saved', array('{id}' => $id)); } else { $message = gTxt('thumbnail_not_saved', array('{id}' => $id)); } } else { $message = messenger('invalid_width_or_height', "({$width})/({$height})", ''); } } $this->_message($message); $this->_set_view('edit', $id); }
function link_multi_edit() { $method = ps('method'); $things = ps('selected'); if ($things) { if ($method == 'delete') { foreach ($things as $id) { if (safe_delete('txp_link', "id='{$id}'")) { $ids[] = $id; } } link_edit(messenger('link', join(', ', $ids), 'deleted')); } else { link_edit(); } } else { link_edit(); } }
function div_save() { extract(gpsa(array('html_array', 'html', 'start_pos', 'stop_pos', 'name'))); $html_array = unserialize($html_array); $repl_array = preg_split("/(<.*>)/U", $html, -1, PREG_SPLIT_DELIM_CAPTURE); array_splice($html_array, $start_pos, $stop_pos - $start_pos + 1, $repl_array); $html = doSlash(join('', $html_array)); safe_update("txp_page", "user_html='{$html}'", "name='{$name}'"); page_edit(messenger('page', $name, 'updated')); # print_r($html_array); }
function discuss_multi_edit() { //FIXME, this method needs some refactoring $selected = ps('selected'); $method = ps('method'); $done = array(); if ($selected) { // Get all articles for which we have to update the count foreach ($selected as $id) { $ids[] = "'" . intval($id) . "'"; } $parentids = safe_column("DISTINCT parentid", "txp_discuss", "discussid IN (" . implode(',', $ids) . ")"); $rs = safe_rows_start('*', 'txp_discuss', "discussid IN (" . implode(',', $ids) . ")"); while ($row = nextRow($rs)) { extract($row); $id = intval($discussid); $parentids[] = $parentid; if ($method == 'delete') { // Delete and if succesful update commnet count if (safe_delete('txp_discuss', "discussid='{$id}'")) { $done[] = $id; } } elseif ($method == 'ban') { // Ban the IP and hide all messages by that IP if (!safe_field('ip', 'txp_discuss_ipban', "ip='" . doSlash($ip) . "'")) { safe_insert("txp_discuss_ipban", "ip = '" . doSlash($ip) . "',\n\t\t\t\t\t\t\tname_used = '" . doSlash($name) . "',\n\t\t\t\t\t\t\tbanned_on_message = '" . doSlash($discussid) . "',\n\t\t\t\t\t\t\tdate_banned = now()\n\t\t\t\t\t\t"); safe_update('txp_discuss', "visible = " . SPAM, "ip='" . doSlash($ip) . "'"); } $done[] = $id; } elseif ($method == 'spam') { if (safe_update('txp_discuss', "visible = " . SPAM, "discussid = {$id}")) { $done[] = $id; } } elseif ($method == 'unmoderated') { if (safe_update('txp_discuss', "visible = " . MODERATE, "discussid = {$id}")) { $done[] = $id; } } elseif ($method == 'visible') { if (safe_update('txp_discuss', "visible = " . VISIBLE, "discussid = {$id}")) { $done[] = $id; } } } $done = join(', ', $done); if (!empty($done)) { // might as well clean up all comment counts while we're here. clean_comment_counts($parentids); $messages = array('delete' => messenger('comment', $done, 'deleted'), 'ban' => messenger('comment', $done, 'banned'), 'spam' => gTxt('comment') . ' ' . strong($done) . ' ' . gTxt('marked_as') . ' ' . gTxt('spam'), 'unmoderated' => gTxt('comment') . ' ' . strong($done) . ' ' . gTxt('marked_as') . ' ' . gTxt('unmoderated'), 'visible' => gTxt('comment') . ' ' . strong($done) . ' ' . gTxt('marked_as') . ' ' . gTxt('visible')); return discuss_list($messages[$method]); } } return discuss_list(); }
function discuss_multi_edit() { $method = ps('method'); $things = ps('selected'); if ($things) { if ($method == 'delete') { foreach ($things as $discussid) { if (safe_delete('txp_discuss', "discussid='{$discussid}'")) { $ids[] = $id; } } discuss_list(messenger('comment', join(', ', $ids), 'deleted')); } else { discuss_list(); } } else { discuss_list(); } }
/** * Processes multi-edit actions. */ function list_multi_edit() { global $txp_user, $statuses, $all_cats, $all_authors, $all_sections; extract(psa(array('selected', 'edit_method'))); if (!$selected || !is_array($selected)) { return list_list(); } $selected = array_map('assert_int', $selected); // Empty entry to permit clearing the categories. $categories = array(''); foreach ($all_cats as $row) { $categories[] = $row['name']; } $allowed = array(); $field = $value = ''; switch ($edit_method) { // Delete. case 'delete': if (!has_privs('article.delete')) { if (has_privs('article.delete.own')) { $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'"); } $selected = $allowed; } if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) { safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")"); callback_event('articles_deleted', '', 0, $selected); callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value')); update_lastmod('articles_deleted', $selected); now('posted', true); now('expires', true); return list_list(messenger('article', join(', ', $selected), 'deleted')); } return list_list(); break; // Change author. // Change author. case 'changeauthor': $value = ps('AuthorID'); if (has_privs('article.edit') && in_array($value, $all_authors, true)) { $field = 'AuthorID'; } break; // Change category1. // Change category1. case 'changecategory1': $value = ps('Category1'); if (in_array($value, $categories, true)) { $field = 'Category1'; } break; // Change category2. // Change category2. case 'changecategory2': $value = ps('Category2'); if (in_array($value, $categories, true)) { $field = 'Category2'; } break; // Change comment status. // Change comment status. case 'changecomments': $field = 'Annotate'; $value = (int) ps('Annotate'); break; // Change section. // Change section. case 'changesection': $value = ps('Section'); if (in_array($value, $all_sections, true)) { $field = 'Section'; } break; // Change status. // Change status. case 'changestatus': $value = (int) ps('Status'); if (array_key_exists($value, $statuses)) { $field = 'Status'; } if (!has_privs('article.publish') && $value >= STATUS_LIVE) { $value = STATUS_PENDING; } break; } $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")"); foreach ($selected as $item) { if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) { $allowed[] = $item['ID']; } } $selected = $allowed; if ($selected) { $message = messenger('article', join(', ', $selected), 'modified'); if ($edit_method === 'duplicate') { $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")"); if ($rs) { while ($a = nextRow($rs)) { unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']); $a['uid'] = md5(uniqid(rand(), true)); $a['AuthorID'] = $txp_user; foreach ($a as $name => &$value) { $value = "`{$name}` = '" . doSlash($value) . "'"; } if ($id = (int) safe_insert('textpattern', join(',', $a))) { safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}"); } } } $message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected))); } elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) { return list_list(); } update_lastmod('articles_updated', compact('selected', 'field', 'value')); now('posted', true); now('expires', true); callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value')); return list_list($message); } return list_list(); }
function plugin_install() { $plugin = ps('plugin64'); if (isset($plugin)) { if ($plugin = unserialize(base64_decode($plugin))) { if (is_array($plugin)) { extract(doSlash($plugin)); if (empty($type)) { $type = 0; } $exists = fetch('name', 'txp_plugin', 'name', $name); if ($exists) { $rs = safe_update("txp_plugin", "status = 0,\n\t\t\t\t\t\t\ttype = '{$type}',\n\t\t\t\t\t\t\tauthor = '{$author}',\n\t\t\t\t\t\t\tauthor_uri = '{$author_uri}',\n\t\t\t\t\t\t\tversion = '{$version}',\n\t\t\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\t\t\thelp = '{$help}',\n\t\t\t\t\t\t\tcode = '{$code}',\n\t\t\t\t\t\t\tcode_restore = '{$code}',\n\t\t\t\t\t\t\tcode_md5 = '{$md5}'", "name = '{$name}'"); } else { $rs = safe_insert("txp_plugin", "name = '{$name}',\n\t\t\t\t\t\t\tstatus = 0,\n\t\t\t\t\t\t\ttype = '{$type}',\n\t\t\t\t\t\t\tauthor = '{$author}',\n\t\t\t\t\t\t\tauthor_uri = '{$author_uri}',\n\t\t\t\t\t\t\tversion = '{$version}',\n\t\t\t\t\t\t\tdescription = '{$description}',\n\t\t\t\t\t\t\thelp = '{$help}',\n\t\t\t\t\t\t\tcode = '{$code}',\n\t\t\t\t\t\t\tcode_restore = '{$code}',\n\t\t\t\t\t\t\tcode_md5 = '{$md5}'"); } if ($rs and $code) { plugin_list(messenger('plugin', $name, 'installed')); } else { plugin_list('plugin install failed'); } } } else { plugin_list(gTxt('bad_plugin_code')); } } }
function file_delete($ids = array()) { global $file_base_path, $txp_user; $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id'))); $message = ''; if (!has_privs('file.delete')) { if (has_privs('file.delete.own')) { $ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\''); } else { $ids = array(); } } if (!empty($ids)) { $fail = array(); $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')'); if ($rs) { while ($a = nextRow($rs)) { extract($a); $filepath = build_file_path($file_base_path, $filename); $rsd = safe_delete('txp_file', "id = {$id}"); $ul = false; if ($rsd && is_file($filepath)) { $ul = unlink($filepath); } if (!$rsd or !$ul) { $fail[] = $id; } } if ($fail) { $message = messenger(gTxt('file_delete_failed'), join(', ', $fail), ''); } else { update_lastmod(); $message = gTxt('file_deleted', array('{name}' => join(', ', $ids))); } } else { $message = messenger(gTxt('file_not_found'), join(', ', $ids), ''); } } file_list($message); }
function image_data($file, $category = '', $id = '', $uploaded = true) { global $txpcfg, $extensions, $txp_user; extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); } list($w, $h, $extension) = getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = substr($name, 0, strrpos($name, '.')); $name .= $ext; $name2db = doSlash($name); $q = "w = '{$w}',\n\t\t\t\t h = '{$h}',\n\t\t\t\t ext = '{$ext}',\n\t\t\t\t name = '{$name2db}',\n\t\t\t\t date = now(),\n\t\t\t\t caption = '',\n\t\t\t\t author = '{$txp_user}'"; if (empty($id)) { $q .= ", category = '{$category}'"; $rs = safe_insert("txp_image", $q); $id = mysql_insert_id(); } else { $id = doSlash($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { safe_delete("txp_image", "id='{$id}'"); safe_alter("txp_image", "auto_increment={$id}"); return $newpath . sp . gTxt('upload_dir_perms'); } else { chmod($newpath, 0755); return array(messenger('image', $name, 'uploaded'), $id); } } } else { if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
function link_delete() { $id = ps('id'); $rs = safe_delete("txp_link", "id={$id}"); if ($rs) { link_edit(messenger('link', '', 'deleted')); } }
function section_delete() { $name = ps('name'); safe_delete("txp_section", "name='{$name}'"); section_list(messenger('section', $name, 'deleted')); }
function article_delete() { $dID = ps('dID'); $rs = safe_delete("textpattern", "ID={$dID}"); if ($rs) { article_list(messenger('article', $dID, 'deleted'), 1); } }
function list_multi_edit() { global $txp_user; if (ps('selected') and !has_privs('article.delete')) { $ids = array(); if (has_privs('article.delete.own')) { foreach (ps('selected') as $id) { $author = safe_field('AuthorID', 'textpattern', "ID='" . doSlash($id) . "'"); if ($author == $txp_user) { $ids[] = $id; } } } $_POST['selected'] = $ids; } $deleted = event_multi_edit('textpattern', 'ID'); if (!empty($deleted)) { $method = ps('method'); return list_list(messenger('article', $deleted, $method == 'delete' ? 'deleted' : 'modified')); } return list_list(); }
function nav_form($event, $page, $numPages, $sort, $dir, $crit, $search_method, $total = 0, $limit = 0) { if ($crit && $total > 1) { $out[] = messenger(gTxt('showing_search_results', array('{from}' => ($page - 1) * $limit + 1, '{to}' => min($total, $page * $limit), '{total}' => $total))); } if ($numPages > 1) { $option_list = array(); for ($i = 1; $i <= $numPages; $i++) { if ($i == $page) { $option_list[] = '<option value="' . $i . '" selected="selected">' . "{$i}/{$numPages}" . '</option>'; } else { $option_list[] = '<option value="' . $i . '">' . "{$i}/{$numPages}" . '</option>'; } } $nav = array(); $nav[] = $page > 1 ? PrevNextLink($event, $page - 1, gTxt('prev'), 'prev', $sort, $dir, $crit, $search_method) . sp : tag('‹ ' . gTxt('prev'), 'span', ' class="navlink-disabled"') . sp; $nav[] = '<select name="page" class="list" onchange="submit(this.form);">'; $nav[] = n . join(n, $option_list); $nav[] = n . '</select>'; $nav[] = '<noscript> <input type="submit" value="' . gTxt('go') . '" class="smallerbox" /></noscript>'; $nav[] = $page != $numPages ? sp . PrevNextLink($event, $page + 1, gTxt('next'), 'next', $sort, $dir, $crit, $search_method) : sp . tag(gTxt('next') . ' ›', 'span', ' class="navlink-disabled"'); $out[] = '<form class="prev-next" method="get" action="index.php">' . n . eInput($event) . ($sort ? n . hInput('sort', $sort) . n . hInput('dir', $dir) : '') . ($crit ? n . hInput('crit', $crit) . n . hInput('search_method', $search_method) : '') . join('', $nav) . '</form>'; } else { $out[] = graf($page . '/' . $numPages, ' class="prev-next"'); } return join(n, $out); }
function file_delete($ids = array()) { global $file_base_path, $txp_user; $ids = $ids ? array_map('assert_int', $ids) : array(assert_int(ps('id'))); if (!has_privs('file.delete')) { if (has_privs('file.delete.own')) { $ids = safe_column('id', 'txp_file', 'id IN (' . join(',', $ids) . ') AND author=\'' . doSlash($txp_user) . '\''); } else { $ids = array(); } } if (!empty($ids)) { $fail = array(); $rs = safe_rows_start('id, filename', 'txp_file', 'id IN (' . join(',', $ids) . ')'); if ($rs) { while ($a = nextRow($rs)) { extract($a); $filepath = build_file_path($file_base_path, $filename); // Notify plugins of pending deletion, pass file's id and path. callback_event('file_deleted', '', false, $id, $filepath); $rsd = safe_delete('txp_file', "id = {$id}"); $ul = false; if ($rsd && is_file($filepath)) { $ul = unlink($filepath); } if (!$rsd or !$ul) { $fail[] = $id; } } if ($fail) { file_list(array(messenger(gTxt('file_delete_failed'), join(', ', $fail)), E_ERROR)); return; } else { update_lastmod('file_deleted', $ids); file_list(gTxt('file_deleted', array('{name}' => join(', ', $ids)))); return; } } else { file_list(array(messenger(gTxt('file_not_found'), join(', ', $ids), ''), E_ERROR)); return; } } file_list(); }