protected function main() { $this->set_title(Nw::$site_slogan); $this->set_tpl('mobile/users/login.html'); $this->load_lang_file('users'); // Si le membre est déjà connecté if (is_logged_in()) { redir(Nw::$lang['common']['already_connected'], false, 'mobile-2.html'); } //Si on a soumis le formulaire if (!multi_empty(trim($_POST['nw_nickname']), trim($_POST['nw_password']))) { $array_post = array('pseudo' => $_POST['nw_nickname'], 'remember' => isset($_POST['nw_remember'])); //On vérifie que la paire pseudo/mot de passe existe inc_lib('users/get_info_account'); if ($dn_info_account = get_info_account($_POST['nw_nickname'], $_POST['nw_password'])) { //Si le compte est actif if ($dn_info_account['u_active'] == 1) { $link_redir = 'mobile-2.html'; $connex_auto = 1; inc_lib('users/connect_auto_user'); connect_auto_user($dn_info_account['u_id'], $_POST['nw_password'], $connex_auto); // On redirige le membre redir(sprintf(Nw::$lang['users']['welcome_user'], $_POST['nw_nickname']), true, $link_redir); } else { display_form($array_post, Nw::$lang['users']['not_active']); } return; } else { display_form($array_post, Nw::$lang['users']['account_no_exist']); } return; } display_form(array('pseudo' => '', 'remember' => true)); Nw::$tpl->set('INC_HEAD', empty($_SERVER['HTTP_AJAX'])); }
protected function main() { // Il y a bien tous les paramètres nécessaires à l'éxécution du script if (!is_logged_in() && !empty($_GET['idm']) && is_numeric($_GET['idm']) && !empty($_GET['ca'])) { // Fil ariane $this->set_filAriane(Nw::$lang['users']['title_redef_pass']); $this->set_title(Nw::$lang['users']['title_redef_pass']); $this->set_tpl('membres/redefine_mdp.html'); $this->add_css('forms.css'); // Ce code existe bien avec ce code d'activation inc_lib('users/mbr_act_exists'); if (!mbr_act_exists($_GET['idm'], $_GET['ca'])) { redir(Nw::$lang['users']['redef_mdp_echoue'], false, './'); } //Si on redéfinit if (isset($_POST['submit']) && !multi_empty(trim($_POST['nw_pass1']), trim($_POST['nw_pass2']))) { if ($_POST['nw_pass1'] == $_POST['nw_pass2']) { inc_lib('users/chg_password'); chg_password($_POST['nw_pass1'], $_GET['idm'], $_GET['ca']); redir(Nw::$lang['users']['new_redef_pwd'], true, './'); } else { redir(Nw::$lang['users']['sames_password'], false, $_SERVER['REQUEST_URI']); } } } else { header('Location: ./'); } }
protected function main() { if (!is_logged_in()) { redir(Nw::$lang['common']['need_login'], false, 'users-10.html'); } $this->set_title(Nw::$lang['users']['item_mdp']); $this->set_tpl('membres/options_pass.html'); $this->add_css('forms.css'); $this->set_filAriane(array(Nw::$lang['users']['mes_options_title'] => array('users-60.html'), Nw::$lang['users']['item_mdp'] => array(''))); if (isset($_POST['submit']) && !multi_empty(trim($_POST['old']), trim($_POST['nw_pass1']), trim($_POST['nw_pass2']))) { $bf_token = 'jJ_=éZAç1l'; $ft_token = 'ù%*àè1ç0°dezf'; $pass_membre = insertBD(sha1($bf_token . trim($_POST['old']) . $ft_token)); if ($_POST['nw_pass1'] == $_POST['nw_pass2']) { if (Nw::$dn_mbr['u_password'] == $pass_membre) { inc_lib('users/chg_password'); chg_password($_POST['nw_pass1'], Nw::$dn_mbr['u_id']); if (!empty($_COOKIE['nw_pass'])) { $time_expire = time() + 10 * 365 * 24 * 3600; setcookie('nw_ident', Nw::$dn_mbr['u_id'], $time_expire); setcookie('nw_pass', $pass_membre, $time_expire); } redir(Nw::$lang['users']['mdp_change'], true, 'users-60.html'); } else { redir(Nw::$lang['users']['not_root_password'], false, 'users-63.html'); } } else { redir(Nw::$lang['users']['sames_password'], false, 'users-63.html'); } } }
protected function main() { if (is_logged_in() && check_auth('manage_groups')) { // Edition d'un groupe if (!empty($_GET['id']) && is_numeric($_GET['id'])) { // On cherche les infos du groupe inc_lib('admin/get_info_grp'); $donnees_groupe = get_info_grp($_GET['id']); $form_id = $_GET['id']; $form_name = $donnees_groupe['g_nom']; $form_title = $donnees_groupe['g_titre']; $form_icone = $donnees_groupe['g_icone']; $form_color = $donnees_groupe['g_couleur']; // Fil ariane $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['admin']['fa_grp'] => array('admin-299.html'), $donnees_groupe['g_nom'] => array('admin-300-' . $_GET['id'] . '.html'), Nw::$lang['admin']['fa_edit_grp'] => array(''))); } else { $form_id = 0; $form_name = ''; $form_title = ''; $form_icone = 0; $form_color = 0; // Fil ariane $this->set_filAriane(array(Nw::$lang['admin']['fa_admin'] => array('admin.html'), Nw::$lang['admin']['fa_grp'] => array('admin-299.html'), Nw::$lang['admin']['fa_new_grp'] => array(''))); } $this->set_tpl('admin/edit_grp.html'); $this->add_css('forms.css'); $this->set_title(Nw::$lang['admin']['titre_accueil']); // Formulaire soumis if (isset($_POST['submit'])) { $array_post = array('nom' => $_POST['nom'], 'titre' => $_POST['titre'], 'icone' => $_POST['icone'], 'couleur' => isset($_POST['couleur']) ? 1 : 0); // Les champs titre & contenu ne sont pas vides if (!multi_empty(trim($_POST['nom']))) { // Edition d'un groupe if (!empty($_GET['id']) && is_numeric($_GET['id'])) { inc_lib('admin/edit_grp'); edit_grp($_GET['id']); redir(Nw::$lang['admin']['confirm_edit_grp'], true, 'admin-300-' . $_GET['id'] . '.html'); } else { inc_lib('admin/add_grp'); $id_new_grp = add_grp(); redir(Nw::$lang['admin']['confirm_new_grp'], true, 'admin-310-' . $id_new_grp . '.html'); } } else { display_form($array_post, Nw::$lang['admin']['nom_grp_obligatoire']); } return; } // On affiche le template display_form(array('id' => $form_id, 'nom' => $form_name, 'titre' => $form_title, 'icone' => $form_icone, 'couleur' => $form_color)); } else { redir(Nw::$lang['admin']['error_cant_see_admin'], false, './'); } }
/** * Formulaire de connexion à l'espace membre * @author Cam * @return tpl */ protected function main() { // Si le membre est déjà connecté if (is_logged_in()) { redir(Nw::$lang['common']['already_connected'], false, './'); } // On modifie le titre de la page $this->set_title(Nw::$lang['users']['title_connexion']); // Pour rediriger le visiteur d'où il est venu if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], Nw::$site_url) !== false && strpos($_SERVER['HTTP_REFERER'], Nw::$site_url . 'users-10.html') === false) { $_SESSION['nw_referer_login'] = $_SERVER['HTTP_REFERER']; } // Affichage du template $this->add_css('forms.css'); $this->set_tpl('membres/login.html'); // Fil ariane $this->set_filAriane(Nw::$lang['users']['fa_connexion']); //Si on a soumis le formulaire if (isset($_POST['submit'])) { $array_post = array('pseudo' => $_POST['nw_nickname'], 'remember' => isset($_POST['nw_remember'])); //On vérifie que les deux champs sont remplis if (!multi_empty(trim($_POST['nw_nickname']), trim($_POST['nw_password']))) { //wtf ? =D //echo 'oook'; //On vérifie que la paire pseudo/mot de passe existe inc_lib('users/get_info_account'); if ($dn_info_account = get_info_account($_POST['nw_nickname'], $_POST['nw_password'])) { //Si le compte est actif if ($dn_info_account['u_active'] == 1) { $link_redir = !empty($_SESSION['nw_referer_login']) ? $_SESSION['nw_referer_login'] : '******'; $connex_auto = (bool) isset($_POST['nw_remember']); inc_lib('users/connect_auto_user'); connect_auto_user($dn_info_account['u_id'], $_POST['nw_password'], $connex_auto); // On redirige le membre redir(sprintf(Nw::$lang['users']['welcome_user'], $_POST['nw_nickname']), true, $link_redir); } else { display_form($array_post, Nw::$lang['users']['not_active']); } return; } else { display_form($array_post, Nw::$lang['users']['account_no_exist']); } return; } else { display_form($array_post, Nw::$lang['users']['champ_obligatoire']); } return; } display_form(array('pseudo' => '', 'remember' => true)); }
protected function main() { // Seuls les membres peuvent créer des brouillons if (!is_logged_in()) { redir(Nw::$lang['common']['need_login'], false, 'users-10.html'); } if (!Nw::$droits['can_create_brouillon']) { redir(Nw::$lang['news']['cant_create_brouillon'], false, 'news-70.html'); } $this->set_title(Nw::$lang['news']['title_create_brouillon']); $this->set_tpl('news/create_brouillon.html'); $this->add_css('forms.css'); $this->add_css('code.css'); $this->add_js(array('write.js', 'jquery.blockUI.js')); $this->add_form('contenu'); // Fil ariane $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), Nw::$lang['news']['title_create_brouillon'] => array(''))); Nw::$tpl->set(array('BAL_CHAMP' => 'contenu')); // Formulaire soumis if (isset($_POST['submit'])) { $array_post = array('is_breve' => isset($_POST['is_breve']) ? $_POST['is_breve'] : '', 'titre_news' => $_POST['titre_news'], 'cat' => isset($_POST['cat']) ? $_POST['cat'] : 0, 'contenu' => $_POST['contenu'], 'tags' => isset($_POST['tags']) ? $_POST['tags'] : '', 'private_news' => isset($_POST['private_news']), 'source' => isset($_POST['source']) ? $_POST['source'] : '', 'source_nom' => isset($_POST['source_nom']) ? $_POST['source_nom'] : ''); // Les champs titre & contenu ne sont pas vides if (!multi_empty(trim($_POST['titre_news']), trim($_POST['contenu']))) { // On créé la news inc_lib('news/add_news_brouillon'); add_news_brouillon(); redir(Nw::$lang['news']['brouillon_cree'], true, 'news-70.html'); } else { display_form($array_post, Nw::$lang['news']['title_content_oblig']); } return; } // Catégories de news foreach (Nw::$cache_categories as $idcs => $donnees_categorie) { Nw::$tpl->setBlock('cats_news', array('ID' => $idcs, 'TITRE' => $donnees_categorie[0])); } // On affiche le template display_form(array('is_breve' => '', 'titre_news' => '', 'cat' => 0, 'contenu' => '', 'tags' => '', 'private_news' => 0, 'source' => '', 'source_nom' => '')); }
protected function main() { if (!is_logged_in()) { redir(Nw::$lang['common']['need_login'], false, 'users-10.html'); } if (!Nw::$droits['can_post_comment']) { redir(Nw::$lang['news']['acn_droit_comment'], false, './'); } // Si le paramètre ID manque if (empty($_GET['id']) || !is_numeric($_GET['id'])) { header('Location: ./'); } inc_lib('news/news_exists'); $edit = false; if (news_exists($_GET['id']) == false) { redir(Nw::$lang['news']['news_not_exist'], false, 'news-70.html'); } inc_lib('news/get_info_news'); $donnees_news = get_info_news($_GET['id']); $this->set_title(sprintf(Nw::$lang['news']['title_cmt_news'], $donnees_news['n_titre'])); $this->set_tpl('news/post_cmt.html'); $this->add_css('forms.css'); $this->add_css('code.css'); $this->add_js('ajax.js'); $this->add_js('write.js'); $this->add_form('contenu'); inc_lib('bbcode/unparse'); inc_lib('bbcode/parse'); $content_defaut_cmt = ''; $title_last_cmts = ''; $edition_invisible = false; $last_item_fa = Nw::$lang['news']['nv_cmt_fil_ariane']; $id2 = 0; $donnees_antiflood = array(); /** * Édition de commentaire **/ if (!empty($_GET['id2']) && is_numeric($_GET['id2'])) { // Le commentaire existe-t-il ? inc_lib('news/cmt_news_exists'); if (cmt_news_exists($_GET['id2']) == true) { inc_lib('news/get_info_cmt_news'); $donnees_cmt = get_info_cmt_news($_GET['id2']); // Le membre a le droit d'éditer le commentaire? if (Nw::$droits['can_edit_my_comments'] && $donnees_cmt['c_id_membre'] == Nw::$dn_mbr['u_id'] || Nw::$droits['can_edit_all_comments']) { if (Nw::$droits['edit_hidden_comments']) { $edition_invisible = true; } $edit = true; $content_defaut_cmt = unparse($donnees_cmt['c_texte']); $id2 = $_GET['id2']; $last_item_fa = Nw::$lang['news']['update_comment']; } else { redir(Nw::$lang['news']['no_drt_edit_cmt'], false, 'news-10-' . $_GET['id'] . '-' . $_GET['id2'] . '.html#c' . $_GET['id2']); } } else { redir(Nw::$lang['news']['cmt_no_exist'], false, $donnees_news['c_rewrite'] . '/' . rewrite($donnees_news['n_titre']) . '-' . $_GET['id'] . '/'); } } /** * Citation d'un commentaire **/ if (!empty($_GET['qid']) && is_numeric($_GET['qid'])) { // Le commentaire existe-t-il ? inc_lib('news/cmt_news_exists'); if (cmt_news_exists($_GET['qid']) == true) { inc_lib('news/get_info_cmt_news'); $donnees_cmt = get_info_cmt_news($_GET['qid']); $content_defaut_cmt = '<citation auteur="' . $donnees_cmt['u_pseudo'] . '">' . unparse($donnees_cmt['c_texte']) . '</citation>'; } } // Fil ariane $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), $donnees_news['c_nom'] => array($donnees_news['c_rewrite'] . '/'), $donnees_news['n_titre'] => array($donnees_news['c_rewrite'] . '/' . rewrite($donnees_news['n_titre']) . '-' . $_GET['id'] . '/'), $last_item_fa => array(''))); // On affiche les x derniers commentaires if (!$edit) { inc_lib('news/get_list_cmt_news'); $page = 1; $list_cmts = get_list_cmt_news($_GET['id'], 'c_date DESC', $page, Nw::$pref['nb_cmts_page']); $com_cours = 0; $title_last_cmts = sprintf(Nw::$lang['news']['title_last_cmts'], Nw::$pref['nb_cmts_page']); // Affichage de tous les commentaires de la page foreach ($list_cmts as $donnees_cmts) { if (count($donnees_antiflood) == 0) { $donnees_antiflood = array('c_id' => $donnees_cmts['c_id'], 'c_id_membre' => $donnees_cmts['u_id'], 'c_texte' => $donnees_cmts['c_texte']); } ++$com_cours; $droit_edit = false; $droit_delete = false; if (is_logged_in()) { $droit_edit = (bool) (Nw::$droits['can_edit_my_comments'] && $donnees_cmts['u_id'] == Nw::$dn_mbr['u_id']) || Nw::$droits['can_edit_all_comments']; $droit_delete = (bool) (Nw::$droits['can_del_my_comments'] && $donnees_cmts['u_id'] == Nw::$dn_mbr['u_id']) || Nw::$droits['can_del_all_comments']; } $date_cmt = date_sql($donnees_cmts['date'], $donnees_cmts['heures_date'], $donnees_cmts['jours_date']); $masque_motif = ''; if ($donnees_cmts['c_masque']) { $date_cmt = sprintf(Nw::$lang['news']['del_cmt_with_reason'], strtolower(date_sql($donnees_cmts['date'], $donnees_cmts['heures_date'], $donnees_cmts['jours_date']))); if (!empty($donnees_cmts['c_masque_raison'])) { $masque_motif = ' (' . sprintf(Nw::$lang['news']['motif_delete_cmt'], $donnees_cmts['c_masque_raison']) . ')'; } } Nw::$tpl->setBlock('cmt', array('ID' => $donnees_cmts['c_id'], 'NUM' => ($page - 1) * Nw::$pref['nb_cmts_page'] + $com_cours, 'DATE' => $date_cmt, 'AVATAR' => $donnees_cmts['u_avatar'], 'LANG_AVATAR' => sprintf(Nw::$lang['news']['lang_avatar'], $donnees_cmts['u_pseudo']), 'AUTEUR' => $donnees_cmts['u_pseudo'], 'AUTEUR_ID' => $donnees_cmts['u_id'], 'AUTEUR_ALIAS' => $donnees_cmts['u_alias'], 'TEXTE' => $donnees_cmts['c_texte'], 'PLUSSOIE' => $donnees_cmts['c_plussoie'], 'GRP_TITRE' => $donnees_cmts['g_titre'], 'GRP_ICON' => $donnees_cmts['g_icone'], 'IP' => long2ip($donnees_cmts['c_ip']), 'MASQUE' => $donnees_cmts['c_masque'], 'MASQUE_MOTIF' => $masque_motif, 'EDIT' => $droit_edit, 'DELETE' => $droit_delete)); } } // Formulaire soumis if (isset($_POST['submit'])) { $array_post = array('contenu' => $_POST['contenu']); // Les champs titre & contenu ne sont pas vides if (!multi_empty(trim($_POST['contenu']))) { /** * Edition d'un commentaire **/ if ($edit) { inc_lib('news/edit_cmt_news'); edit_cmt_news($_GET['id'], $_GET['id2']); redir(Nw::$lang['news']['msg_edit_cmt'], true, 'news-10-' . $_GET['id'] . '-' . $_GET['id2'] . '.html#c' . $_GET['id2']); } else { $contenu_cmt = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($_POST['contenu'])))); // Si le dernier commentaire est exactement le même que celui que le membre est en train de poster : on affiche un message d'erreur if (count($donnees_antiflood) > 0 && $donnees_antiflood['c_texte'] == $contenu_cmt && $donnees_antiflood['c_id_membre'] == Nw::$dn_mbr['u_id']) { redir(Nw::$lang['news']['antispam_post_cmt'], false, $donnees_news['c_rewrite'] . '/' . rewrite($donnees_news['n_titre']) . '-' . $_GET['id'] . '/comment/' . $donnees_antiflood['c_id'] . '/#c' . $donnees_antiflood['c_id']); } // On édite la news inc_lib('news/add_cmt_news'); $id_new_comment = add_cmt_news($_GET['id']); redir(Nw::$lang['news']['msg_new_cmt'], true, $donnees_news['c_rewrite'] . '/' . rewrite($donnees_news['n_titre']) . '-' . $_GET['id'] . '/comment/' . $id_new_comment . '/#c' . $id_new_comment); } } } Nw::$tpl->set(array('ID' => $_GET['id'], 'ID2' => $id2, 'TITRE' => $donnees_news['n_titre'], 'REWRITE' => rewrite($donnees_news['n_titre']), 'CAT_REWRITE' => $donnees_news['c_rewrite'], 'ID_CAT' => $donnees_news['n_id_cat'], 'NB_COMS' => $donnees_news['n_nbr_coms'], 'LST_CMTS' => $title_last_cmts, 'BAL_CHAMP' => 'contenu', 'EDIT' => $edit, 'EDIT_HIDDEN' => $edition_invisible)); // On affiche le template display_form(array('contenu' => $content_defaut_cmt)); }
function edit_news($id, $author = false) { inc_lib('bbcode/parse'); inc_lib('bbcode/clearer'); $add_champs_sql = array(); $content_news = $_POST['contenu']; $requete_news = Nw::$DB->query('SELECT n_etat, n_titre FROM ' . Nw::$prefix_table . 'news WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__); $donnees_news = $requete_news->fetch_assoc(); /** * Le membre peut-il changer l'état de la news et mettre à jour sa date ? **/ if (Nw::$droits['mod_news_status']) { if (isset($_POST['maj_dat'])) { $add_champs_sql[] = 'n_date = NOW()'; Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 3, NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__); } // Si on change l'état if ($_POST['etat'] != $donnees_news['n_etat']) { $texte_log = sprintf(Nw::$lang['news']['log_chg_etat'], Nw::$lang['news']['log_etat_' . $donnees_news['n_etat']], Nw::$lang['news']['log_etat_' . $_POST['etat']]); Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 1' . intval($_POST['etat']) . ', \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__); $add_champs_sql[] = 'n_etat = ' . intval($_POST['etat']); } if (isset($_POST['maj_dat']) && $_POST['etat'] != $donnees_news['n_etat'] && $_POST['etat'] == 3) { inc_lib('admin/post_twitt_news'); $return_alias = post_twitt_news($id); if (!empty($return_alias) && strlen(trim($return_alias)) > 0) { $add_champs_sql[] = 'n_miniurl = \'' . insertBD($return_alias) . '\''; } } // Suppression des commentaires if (isset($_POST['delete_comments'])) { inc_lib('news/delete_all_cmt'); delete_all_cmt($id); } } /** * Si c'est l'auteur, le membre peut modifier le titre, la catégorie et * les tags **/ if ($author) { $news_private = isset($_POST['private_news']) ? 1 : 0; // Si on change le titre if ($_POST['titre_news'] != $donnees_news['n_titre']) { $texte_log = Nw::$DB->real_escape_string(sprintf(Nw::$lang['news']['log_chg_titre'], $donnees_news['n_titre'], $_POST['titre_news'])); Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 4, \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__); $add_champs_sql[] = 'n_titre = \'' . insertBD(trim($_POST['titre_news'])) . '\''; } $add_champs_sql[] = 'n_id_cat = ' . intval($_POST['cat']); $add_champs_sql[] = 'n_private = ' . $news_private; /** * Sources **/ $nbr_sources = 0; Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'news_src WHERE src_id_news = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__); if (count($_POST['sources']) > 0) { foreach ($_POST['sources'] as $id_src => $value) { if (!multi_empty(trim($_POST['sources_nom'][$id_src]), trim($_POST['sources'][$id_src]))) { ++$nbr_sources; Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_src (src_id_news, src_media, src_url, src_order) VALUES(' . intval($id) . ', \'' . insertBD(trim($_POST['sources_nom'][$id_src])) . '\', \'' . insertBD(trim($_POST['sources'][$id_src])) . '\', ' . $nbr_sources . ')') or Nw::$DB->trigger(__LINE__, __FILE__); } } } $add_champs_sql[] = 'n_nb_src = ' . $nbr_sources; // Tags if (!empty($_POST['tags']) && strlen(trim($_POST['tags'])) > 0) { Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'tags WHERE t_id_news = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__); $tags_news = explode(',', $_POST['tags']); $num_tag = 0; inc_lib('news/add_tag_news'); foreach ($tags_news as $tag) { if (!empty($tag) && strlen(trim($tag)) > 0) { ++$num_tag; add_tag_news($id, $tag, $num_tag); } } } /** * Associer une image à la news (si celle -ci est remplie) **/ if (!empty($_FILES['file']['name'])) { inc_lib('news/add_img_news'); $id_last_image = add_img_news($id); if ($id_last_image) { $add_champs_sql[] = 'n_id_image = ' . intval($id_last_image); } } } $count_flag = Nw::$DB->query('SELECT f_type FROM ' . Nw::$prefix_table . 'news_flags WHERE f_id_news = ' . intval($id) . ' AND f_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__); $donnees_count = $count_flag->fetch_assoc(); // Si le membre n'a pas déjà contribé à la news, on lui met le flag if ($donnees_count['f_type'] != 3 && $donnees_count['f_type'] != 2) { Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_flags (f_id_news, f_id_membre, f_type) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 2)') or Nw::$DB->trigger(__LINE__, __FILE__); } $contenu_version = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($content_news)))); /** * On recherche la dernière version de la news **/ $donnees_version = Nw::$DB->query('SELECT v_texte, v_nb_mots, v_number FROM ' . Nw::$prefix_table . 'news_versions WHERE v_id_news = ' . intval($id) . ' ORDER BY v_date DESC LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__); $last_version = $donnees_version->fetch_assoc(); // Si le texte de l'ancienne version n'est pas le même que celui proposé if ($last_version['v_texte'] != parse(htmlspecialchars(trim($content_news)))) { $raison_edition = Nw::$DB->real_escape_string(htmlspecialchars($_POST['raison'])); $version_mineure = isset($_POST['mini_contrib']) ? 1 : 0; $nb_mots = strlen(htmlspecialchars(trim($content_news))); $diff_mots = $nb_mots - $last_version['v_nb_mots']; // On créé une entrée dans la table des versions Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_versions (v_id_news, v_id_membre, v_texte, v_date, v_ip, v_raison, v_nb_mots, v_diff_mots, v_number, v_mineure) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . $contenu_version . '\', NOW(), \'' . get_ip() . '\', \'' . $raison_edition . '\', \'' . $nb_mots . '\', \'' . $diff_mots . '\', ' . ($last_version['v_number'] + 1) . ', ' . $version_mineure . ')') or Nw::$DB->trigger(__LINE__, __FILE__); $id_version_news = Nw::$DB->insert_id; Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members_stats SET s_nb_contrib = s_nb_contrib + 1 WHERE s_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__); $contenu_extrait = Nw::$DB->real_escape_string(CoupeChar(clearer(parse(htmlspecialchars(trim($content_news)))), '...', Nw::$pref['long_intro_news'])); //die('<br />'.$contenu_extrait); $add_champs_sql[] = 'n_resume = \'' . $contenu_extrait . '\''; $add_champs_sql[] = 'n_last_version = ' . intval($id_version_news); $add_champs_sql[] = 'n_last_mod = NOW()'; $add_champs_sql[] = 'n_nb_versions = n_nb_versions + 1'; } if (count($add_champs_sql) > 0) { // On met à jour l'entrée de la news avec l'id de la version Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news SET ' . implode(', ', $add_champs_sql) . ' WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__); if ($donnees_news['n_etat'] == 3 || $_POST['etat'] == 3) { generate_news_sitemap(); generate_categories_sitemap(); } } }
protected function main() { // Seuls les membres peuvent créer des brouillons if (!is_logged_in()) { redir(Nw::$lang['common']['need_login'], false, 'users-10.html'); } // Si le paramètre ID manque if (empty($_GET['id']) || !is_numeric($_GET['id'])) { header('Location: news-70.html'); } inc_lib('news/news_exists'); $count_news_existe = news_exists($_GET['id']); if ($count_news_existe == 0) { redir(Nw::$lang['news']['news_not_exist'], false, 'news-70.html'); } inc_lib('news/get_info_news'); $donnees_news = get_info_news($_GET['id']); // Ce membre a le droit d'éditer la news ? inc_lib('news/can_edit_news'); if (!can_edit_news($donnees_news['n_id_auteur'], $donnees_news['n_etat'])) { redir(Nw::$lang['news']['not_edit_news_perm'], false, 'news-70.html'); } // Est-ce que le membre peut éditer le titre, la catégorie et les tags de la news ? inc_lib('news/can_edit_news_related'); $edit_related = can_edit_news_related($donnees_news['n_id_auteur'], $donnees_news['n_etat']); $edition_grilled = false; $this->set_title(sprintf(Nw::$lang['news']['title_edit_news'], $donnees_news['n_titre'])); $this->set_tpl('news/edit_news.html'); $this->add_css('forms.css'); $this->add_css('code.css'); $this->add_js('write.js'); $this->add_form('contenu'); // Pour rediriger le visiteur d'où il est venu if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], Nw::$site_url) !== false && strpos($_SERVER['HTTP_REFERER'], Nw::$site_url . 'news-60-' . $_GET['id'] . '.html') === false) { $_SESSION['nw_referer_edit'] = $_SERVER['HTTP_REFERER']; } $link_redir = !empty($_SESSION['nw_referer_edit']) ? $_SESSION['nw_referer_edit'] : 'news-60-' . intval($_GET['id']) . '.html'; // Fil ariane $this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), $donnees_news['c_nom'] => array($donnees_news['c_rewrite'] . '/'), $donnees_news['n_titre'] => array($donnees_news['c_rewrite'] . '/' . rewrite($donnees_news['n_titre']) . '-' . $_GET['id'] . '/'), Nw::$lang['news']['edit_fil_ariane'] => array(''))); $array_status = array(3 => Nw::$lang['news']['etat_news_3'], 2 => Nw::$lang['news']['etat_news_2'], 1 => Nw::$lang['news']['etat_news_1'], 0 => Nw::$lang['news']['etat_news_0']); $list_src = array(); $list_src_url = array(); $position = 0; if ($donnees_news['n_nb_src'] > 0) { inc_lib('news/get_list_src'); $donnees_src = get_list_src($_GET['id']); foreach ($donnees_src as $donnees) { ++$position; $list_src[$position] = $donnees['src_media']; $list_src_url[$position] = $donnees['src_url']; Nw::$tpl->setBlock('src', array('ID' => $position)); } } Nw::$tpl->set(array('ID' => $_GET['id'], 'TITRE' => $donnees_news['n_titre'], 'REWRITE' => rewrite($donnees_news['n_titre']), 'CAT_REWRITE' => $donnees_news['c_rewrite'], 'ID_CAT' => $donnees_news['n_id_cat'], 'IMAGE_ID' => $donnees_news['i_id'], 'IMAGE_NOM' => $donnees_news['i_nom'], 'LINK_NB_CONTRIB' => sprintf(Nw::$lang['news']['edit_nb_contrib'], $donnees_news['n_nb_versions']), 'LAST_VERSION' => $donnees_news['n_last_version'], 'BAL_CHAMP' => 'contenu', 'ETAT_ACTUEL' => $donnees_news['n_etat'], 'ETATS_NEWS' => $array_status, 'EDIT_RELATED' => $edit_related, 'MOD_STATUS' => Nw::$droits['mod_news_status'], 'GRILLED' => false, 'MAX_SRC' => $position == 0 ? $position + 1 : $position)); // Formulaire soumis if (isset($_POST['submit'])) { $array_post = array('titre_news' => $_POST['titre_news'], 'cat' => isset($_POST['cat']) ? $_POST['cat'] : 0, 'contenu' => $_POST['contenu'], 'tags' => isset($_POST['tags']) ? $_POST['tags'] : '', 'private_news' => isset($_POST['private_news']), 'sources' => isset($_POST['sources']) ? $_POST['sources'] : '', 'sources_nom' => isset($_POST['sources_nom']) ? $_POST['sources_nom'] : ''); $var_titre = trim($_POST['titre_news']); $var_content = trim($_POST['contenu']); // Les champs titre & contenu & source ne sont pas vides if ($edit_related && !multi_empty($var_titre, $var_content) || !$edit_related && !empty($var_content)) { // On édite la news inc_lib('news/count_anti_grille'); inc_lib('news/edit_news'); $anti_grille = count_anti_grille($_GET['id'], $_POST['last_version']); if ($anti_grille['count']) { inc_lib('bbcode/parse'); inc_lib('bbcode/unparse'); inc_lib('news/get_info_vrs'); $output_compare = ''; $dn_vrs_grilled = get_info_vrs($donnees_news['n_last_version']); $news_vrs1 = $dn_vrs_grilled['v_texte']; $news_vrs2 = parse($_POST['contenu']); function clean_cache_file($content) { $content = explode("\r", trim($content)); $array_return = array(); foreach ($content as $texte_trim) { if (strlen(trim($texte_trim)) > 0) { $array_return[] = trim($texte_trim); } } return $array_return; } include_once 'Text/Diff.php'; include_once 'Text/Diff/Renderer/unified.php'; $lines1 = clean_cache_file(unparse($news_vrs1, 0)); $lines2 = clean_cache_file(unparse($news_vrs2, 0)); $diff = new Text_Diff($lines1, $lines2); $renderer = new Text_Diff_Renderer_unified(); $array_compare = explode("\n", $renderer->render($diff)); foreach ($array_compare as $donnees) { $first_cararacter = ''; $style_line = ''; if (isset($donnees[0]) && in_array($donnees[0], array('-', '+'))) { if ($donnees[0] == '-') { $style_line = ' style="background-color: #ffcccc;"'; } elseif ($donnees[0] == '+') { $style_line = ' style="background-color: #ccffcc;"'; } $first_cararacter = $donnees[0]; $ligne_changee = substr($donnees, 1); } else { $ligne_changee = $donnees; } if (!in_array(substr($donnees, 0, 2), array('@@')) && strlen(trim($ligne_changee)) > 0) { $output_compare .= '<tr> <td class="line_statut">' . $first_cararacter . '</td> <td' . $style_line . '>' . trim($ligne_changee) . '</td> </tr>'; } } display_form($array_post); Nw::$tpl->set(array('GRILLED' => true, 'COMPARAISON' => $output_compare, 'TEXTE_GRILLED' => sprintf(Nw::$lang['news']['mbr_grilled_edit'], $dn_vrs_grilled['u_alias'], $dn_vrs_grilled['u_pseudo']))); } else { edit_news($_GET['id'], $edit_related); redir(Nw::$lang['news']['msg_news_edit'], true, $link_redir); } } else { display_form($array_post, Nw::$lang['news']['title_content_oblig']); } return; } // Si l'auteur veut supprimer la news if (isset($_GET['imgdel']) && is_numeric($_GET['imgdel']) && $edit_related) { inc_lib('news/delete_img_news'); delete_img_news($_GET['imgdel'], $_GET['id']); redir(Nw::$lang['news']['msg_image_delete'], true, 'news-60-' . $_GET['id'] . '.html'); } // Catégories de news foreach (Nw::$cache_categories as $idcs => $donnees_categorie) { Nw::$tpl->setBlock('cats_news', array('ID' => $idcs, 'TITRE' => $donnees_categorie[0])); } inc_lib('news/get_list_tags_news'); $list_tags = get_list_tags_news(0, $_GET['id']); $list_tags_html = ''; foreach ($list_tags as $dn_tags) { $list_tags_html .= $dn_tags['t_tag'] . ', '; } // On affiche le template inc_lib('bbcode/unparse'); display_form(array('titre_news' => $donnees_news['n_titre'], 'cat' => 0, 'contenu' => unparse($donnees_news['v_texte']), 'tags' => substr($list_tags_html, 0, -2), 'private_news' => $donnees_news['n_private'], 'sources' => $list_src_url, 'sources_nom' => $list_src)); }
/** * Formulaire d'inscription au site * @author Cam * @return tpl */ protected function main() { // Si le membre est déjà connecté if (is_logged_in()) { redir(Nw::$lang['common']['already_connected'], false, './'); } // On modifie le titre de la page $this->set_title(Nw::$lang['users']['title_inscription']); $this->add_css('forms.css'); $this->set_tpl('membres/register.html'); // Fil ariane $this->set_filAriane(Nw::$lang['users']['fa_inscription']); Nw::$tpl->set(array('ACCEPT_RULES' => sprintf(Nw::$lang['users']['accept_rules'], Nw::$site_name))); //Si on a soumis le formulaire if (isset($_POST['submit'])) { $array_post = array('nw_nickname' => $_POST['nw_nickname'], 'nw_pass1' => $_POST['nw_pass1'], 'nw_pass2' => $_POST['nw_pass2'], 'nw_email' => $_POST['nw_email'], 'code_cap' => $_POST['code_cap'], 'ac_rules' => isset($_POST['ac_rules'])); //On vérifie que les deux champs sont remplis if (multi_empty(trim($_POST['nw_nickname']), trim($_POST['nw_pass1']), trim($_POST['nw_pass2']), trim($_POST['nw_email']), trim($_POST['code_cap']))) { display_form($array_post, Nw::$lang['users']['champ_obligatoire']); return; } // Les mots de passe doivent être identiques if ($_POST['nw_pass1'] != $_POST['nw_pass2']) { display_form($array_post, Nw::$lang['users']['sames_password']); return; } // Le code anti-spam est mauvais if (trim($_POST['code_cap']) != $_SESSION['cap_nw']) { display_form($array_post, Nw::$lang['users']['wrong_antispam']); return; } // L'email est bien sous la bonne forme (name@domain.tld) if (!filter_var($_POST['nw_email'], FILTER_VALIDATE_EMAIL)) { display_form($array_post, Nw::$lang['users']['format_email_false']); return; } // On vérifie bien que cet email n'a jamais utilisé lors de l'inscription (doubles comptes) inc_lib('users/email_exists'); if (email_exists($_POST['nw_email']) == true) { display_form($array_post, Nw::$lang['users']['email_already_used']); return; } // On vérifie que le pseudo demandé est disponible inc_lib('users/pseudo_exists'); if (pseudo_exists($_POST['nw_nickname']) == true) { display_form($array_post, Nw::$lang['users']['nickname_used']); return; } // L'internaute a bien accepté les règles if (!isset($_POST['ac_rules'])) { display_form($array_post, Nw::$lang['users']['accept_rules_msg']); return; } // Si on est arrivé jusque là, on inscrit le nouvel utilisateur inc_lib('users/add_mbr'); add_mbr($_POST['nw_nickname'], $_POST['nw_pass1'], $_POST['nw_email']); redir(Nw::$lang['users']['success_register'], true, './'); } // On affiche le template display_form(array('nw_nickname' => '', 'nw_pass1' => '', 'nw_pass2' => '', 'nw_email' => '', 'code_cap' => '', 'ac_rules' => false)); }
function add_news_brouillon($etat = 1) { inc_lib('bbcode/clearer'); inc_lib('bbcode/parse'); $news_private = isset($_POST['private_news']) ? 1 : 0; $categorie_news = isset($_POST['cat']) ? $_POST['cat'] : 0; $mod_news_sql = ''; $contenu_version = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($_POST['contenu'])))); $contenu_extrait = Nw::$DB->real_escape_string(CoupeChar(clearer(parse(htmlspecialchars(trim($_POST['contenu'])))), '...', Nw::$pref['long_intro_news'])); /** * Enregistrement de la news **/ $is_breve = isset($_POST['is_breve']) ? $_POST['is_breve'] : 0; Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news (n_id_auteur, n_id_cat, n_titre, n_date, n_last_mod, n_etat, n_private, n_nb_versions, n_resume, n_breve) VALUES(' . intval(Nw::$dn_mbr['u_id']) . ', ' . intval($categorie_news) . ', \'' . insertBD(trim($_POST['titre_news'])) . '\', NOW(), NOW(), ' . $etat . ', ' . $news_private . ', 1, \'' . $contenu_extrait . '\', ' . $is_breve . ')') or Nw::$DB->trigger(__LINE__, __FILE__); $id_last_news = Nw::$DB->insert_id; Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_flags (f_id_news, f_id_membre, f_type) VALUES(' . intval($id_last_news) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 3)') or Nw::$DB->trigger(__LINE__, __FILE__); Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_titre, l_action, l_date, l_ip) VALUES(' . intval($id_last_news) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . insertBD(trim($_POST['titre_news'])) . '\', 1, NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__); /** * Sources **/ if (count($_POST['sources']) > 0) { $nbr_sources = 0; foreach ($_POST['sources'] as $id => $value) { if (!multi_empty(trim($_POST['sources_nom'][$id]), trim($_POST['sources'][$id]))) { ++$nbr_sources; Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_src (src_id_news, src_media, src_url, src_order) VALUES(' . intval($id_last_news) . ', \'' . insertBD(trim($_POST['sources_nom'][$id])) . '\', \'' . insertBD(trim($_POST['sources'][$id])) . '\', ' . $nbr_sources . ')') or Nw::$DB->trigger(__LINE__, __FILE__); } } $mod_news_sql .= 'n_nb_src = ' . $nbr_sources . ', '; } /** * On créé une entée dans la table des versions **/ $nb_mots = strlen(htmlspecialchars(trim($_POST['contenu']))); Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_versions (v_id_news, v_id_membre, v_texte, v_date, v_ip, v_nb_mots, v_number, v_raison) VALUES(' . intval($id_last_news) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . $contenu_version . '\', NOW(), \'' . get_ip() . '\', \'' . $nb_mots . '\', 1, \'' . Nw::$lang['news']['motif_debut'] . '\')') or Nw::$DB->trigger(__LINE__, __FILE__); $id_version_news = Nw::$DB->insert_id; /** * Associer une image à la news (si celle -ci est remplie) **/ if (!empty($_FILES['file']['name'])) { inc_lib('news/add_img_news'); $id_last_image = add_img_news($id_last_news); if ($id_last_image) { $mod_news_sql .= 'n_id_image = ' . intval($id_last_image) . ', '; } } Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news SET ' . $mod_news_sql . 'n_last_version = ' . intval($id_version_news) . ' WHERE n_id = ' . intval($id_last_news)) or Nw::$DB->trigger(__LINE__, __FILE__); Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members_stats SET s_nb_news = s_nb_news + 1 WHERE s_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__); /** * Tags **/ if (!empty($_POST['tags']) && strlen(trim($_POST['tags'])) > 0) { $tags_news = explode(',', $_POST['tags']); $position_tag = 0; inc_lib('news/add_tag_news'); foreach ($tags_news as $tag) { if (!empty($tag) && strlen(trim($tag)) > 0) { ++$position_tag; add_tag_news($id_last_news, $tag, $position_tag); } } } }