function section_save()
{
global $txpcfg;
$in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
extract(doSlash($in));
if (empty($title)) {
$title = $name;
}
//Prevent non url chars on section names
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$textile = new Textile();
$title = $textile->TextileThis($title, 1);
$name = dumbDown($textile->TextileThis($name, 1));
$name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name));
if ($name == 'default') {
safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'");
} else {
if ($is_default) {
// note this means 'selected by default' not 'default page'
safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
}
safe_update("txp_section", "name = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss = '{$in_rss}',\n\t\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'");
safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
}
sec_section_list(messenger('section', $name, 'updated'));
}
function start_import()
{
global $event, $vars;
extract(psa($vars));
$insert_into_section = $Section;
$insert_with_status = $type;
$default_comment_invite = $comments_invite;
include_once txpath . '/include/import/import_' . $import_tool . '.php';
$ini_time = ini_get('max_execution_time');
@ini_set('max_execution_time', 300 + intval($ini_time));
switch ($import_tool) {
case 'mtdb':
$out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
rebuild_tree('root', 1, 'article');
break;
case 'mt':
$file = check_import_file();
if (!empty($file)) {
$out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite);
//Rebuilding category tree
rebuild_tree('root', 1, 'article');
} else {
$out = 'Import file not found';
}
break;
case 'b2':
$out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
break;
case 'wp':
$out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite);
rebuild_tree('root', 1, 'article');
break;
case 'blogger':
$file = check_import_file();
if (!empty($file)) {
$out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite);
} else {
$out = gTxt('import_file_not_found');
}
break;
}
$out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out;
pagetop(gTxt('txp_import'));
$content = '<div id="' . $event . '_container" class="txp-container txp-list">';
$content .= startTable('list');
$content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
$content .= tr(td($out));
$content .= endTable();
$content .= '</div>';
echo $content;
$rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid');
if (mysql_num_rows($rs) > 0) {
while ($a = nextRow($rs)) {
safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']);
}
}
}
/**
* Saves pane visibility.
*/
public function visible()
{
extract(psa(array('pane', 'visible', 'origin')));
send_xml_response();
if ($this->valid_token($pane) && preg_match('/^[a-z0-9_-]+$/i', $pane)) {
set_pref("pane_{$pane}_visible", (int) ($visible === 'true'), $origin, PREF_HIDDEN, 'yesnoradio', 0, PREF_PRIVATE);
return;
}
trigger_error('invalid_pane', E_USER_WARNING);
}
function section_save()
{
$in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
extract(doSlash($in));
if ($is_default) {
safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
}
safe_update("txp_section", "name = '{$name}',\n\t\t\tpage = '{$page}',\n\t\t\tcss = '{$css}',\n\t\t\tis_default = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss = '{$in_rss}',\n\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'");
safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
section_list(messenger('section', $name, 'updated'));
}
function start_import()
{
global $vars;
extract(psa($vars));
$insert_into_section = $Section;
$insert_with_status = $type;
$default_comment_invite = $comments_invite;
include_once txpath . '/include/import/import_' . $import_tool . '.php';
$ini_time = ini_get('max_execution_time');
@ini_set('max_execution_time', 300 + intval($ini_time));
switch ($import_tool) {
case 'mtdb':
$out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
rebuild_tree('root', 1, 'article');
break;
case 'mt':
$file = check_import_file();
if (!empty($file)) {
$out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite);
//Rebuilding category tree
rebuild_tree('root', 1, 'article');
} else {
$out = 'Import file not found';
}
break;
case 'b2':
$out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
break;
case 'wp':
$out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite);
rebuild_tree('root', 1, 'article');
break;
case 'blogger':
$file = check_import_file();
if (!empty($file)) {
$out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite);
} else {
$out = gTxt('import_file_not_found');
}
break;
}
$out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out;
pagetop(gTxt('txp_import'));
$content = startTable('list');
$content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
$content .= tr(td($out));
$content .= endTable();
echo $content;
}
function author_save_new()
{
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$pw = generate_password(6);
$nonce = md5(uniqid(rand(), true));
if ($name) {
$rs = safe_insert("txp_users", "privs = '{$privs}',\n\t\t\t\t name = '{$name}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass = password(lower('{$pw}')),\n\t\t\t\t nonce = '{$nonce}'");
}
if ($rs) {
send_password($pw, $email);
admin(gTxt('password_sent_to') . sp . $email);
} else {
admin(gTxt('error_adding_new_author'));
}
}
function author_save_new()
{
require_privs('admin.edit');
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$privs = assert_int($privs);
$length = function_exists('mb_strlen') ? mb_strlen($name, '8bit') : strlen($name);
if ($name and $length <= 64 and is_valid_email($email)) {
$exists = safe_field('name', 'txp_users', "name = '" . $name . "'");
if ($exists) {
author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
return;
}
$password = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($password));
$nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
$rs = safe_insert('txp_users', "\n\t\t\t\tprivs = {$privs},\n\t\t\t\tname = '{$name}',\n\t\t\t\temail = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce = '{$nonce}',\n\t\t\t\tpass = '******'\n\t\t\t");
if ($rs) {
send_password($RealName, $name, $email, $password);
author_list(gTxt('password_sent_to') . sp . $email);
return;
}
}
author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}
function comments_preview($atts)
{
global $has_comments_preview;
if (!ps('preview')) {
return;
}
extract(lAtts(array('form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
assert_article();
$preview = psa(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
$preview['time'] = time();
$preview['discussid'] = 0;
$preview['name'] = strip_tags($preview['name']);
$preview['email'] = clean_url($preview['email']);
if ($preview['message'] == '') {
$in = getComment();
$preview['message'] = $in['message'];
}
$preview['message'] = markup_comment(substr(trim($preview['message']), 0, 65535));
// it is called 'message', not 'novel'
$preview['web'] = clean_url($preview['web']);
$GLOBALS['thiscomment'] = $preview;
$comments = parse_form($form) . n;
unset($GLOBALS['thiscomment']);
$out = doTag($comments, $wraptag, $class);
# set a flag, to tell the comments_form tag that it doesn't have to show a preview
$has_comments_preview = true;
return $out;
}
function section_save()
{
global $app_mode;
$in = array_map('assert_string', psa(array('name', 'title', 'old_name', 'section_page', 'css')));
if (empty($in['title'])) {
$in['title'] = $in['name'];
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$in['title'] = $textile->TextileThis($in['title'], 1);
$in['name'] = strtolower(sanitizeForUrl($in['name']));
extract($in);
$in = doSlash($in);
extract($in, EXTR_PREFIX_ALL, 'safe');
if ($name != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
// Invalid input. Halt all further processing (e.g. plugin event handlers).
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
// modal_halt($message);
sec_section_list($message);
return;
}
}
$ok = false;
if ($name == 'default') {
$ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}'", "name = 'default'");
} else {
if ($name) {
extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
if ($safe_old_name) {
$ok = safe_update('txp_section', "\n\t\t\t\t\tname = '{$safe_name}',\n\t\t\t\t\ttitle = '{$safe_title}',\n\t\t\t\t\tpage = '{$safe_section_page}',\n\t\t\t\t\tcss = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss = {$in_rss},\n\t\t\t\t\tsearchable = {$searchable}\n\t\t\t\t\t", "name = '{$safe_old_name}'");
// Manually maintain referential integrity
if ($ok) {
$ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
}
} else {
$ok = safe_insert('txp_section', "\n\t\t\t\t\tname = '{$safe_name}',\n\t\t\t\t\ttitle = '{$safe_title}',\n\t\t\t\t\tpage = '{$safe_section_page}',\n\t\t\t\t\tcss = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss = {$in_rss},\n\t\t\t\t\tsearchable = {$searchable}");
}
}
}
if ($ok) {
update_lastmod();
}
if ($ok) {
sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
} else {
sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
}
}
/**
* Saves or clones a page template.
*/
function page_save()
{
extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy')))));
$name = sanitizeForPage(assert_string(ps('name')));
$newname = sanitizeForPage(assert_string(ps('newname')));
$save_error = false;
$message = '';
if (!$newname) {
$message = array(gTxt('page_name_invalid'), E_ERROR);
$save_error = true;
} else {
if ($copy && $name === $newname) {
$newname .= '_copy';
$_POST['newname'] = $newname;
}
$exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'");
if ($newname !== $name && $exists !== false) {
$message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR);
if ($savenew) {
$_POST['newname'] = '';
}
$save_error = true;
} else {
if ($savenew or $copy) {
if ($newname) {
if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) {
update_lastmod('page_created', compact('newname', 'name', 'html'));
$message = gTxt('page_created', array('{name}' => $newname));
} else {
$message = array(gTxt('page_save_failed'), E_ERROR);
$save_error = true;
}
} else {
$message = array(gTxt('page_name_invalid'), E_ERROR);
$save_error = true;
}
} else {
if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'");
update_lastmod('page_saved', compact('newname', 'name', 'html'));
$message = gTxt('page_updated', array('{name}' => $name));
} else {
$message = array(gTxt('page_save_failed'), E_ERROR);
$save_error = true;
}
}
}
}
if ($save_error === true) {
$_POST['save_error'] = '1';
} else {
callback_event('page_saved', '', 0, $name, $newname);
}
page_edit($message);
}
function getComment()
{
// comment spam filter plugins: call this function to fetch comment contents
$c = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'remember'));
$n = array();
foreach (stripPost() as $k => $v) {
if (preg_match('#^[A-Fa-f0-9]{32}$#', $k . $v)) {
$n[] = doSlash($k . $v);
}
}
$c['nonce'] = '';
$c['secret'] = '';
if (!empty($n)) {
$rs = safe_row('nonce, secret', 'txp_discuss_nonce', "nonce in ('" . join("','", $n) . "')");
$c['nonce'] = $rs['nonce'];
$c['secret'] = $rs['secret'];
}
$c['message'] = ps(md5('message' . $c['secret']));
return $c;
}
/**
* Saves a category from HTTP POST data.
*
* @param string $event Type of category
* @param string $table Affected database table
*/
function cat_event_category_save($event, $table_name)
{
extract(doSlash(array_map('assert_string', psa(array('id', 'name', 'description', 'old_name', 'parent', 'title')))));
$id = assert_int($id);
$rawname = $name;
$name = sanitizeForUrl($rawname);
// Make sure the name is valid.
if (!$name) {
$message = array(gTxt($event . '_category_invalid', array('{name}' => $rawname)), E_ERROR);
return cat_event_category_edit($event, $message);
}
// Don't allow rename to clobber an existing category.
$existing_id = safe_field("id", 'txp_category', "name = '{$name}' AND type = '{$event}'");
if ($existing_id and $existing_id != $id) {
$message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
return cat_event_category_edit($event, $message);
}
// TODO: validate parent?
$parent = $parent ? $parent : 'root';
$message = array(gTxt('category_save_failed'), E_ERROR);
if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}', description = '{$description}'", "id = {$id}") && safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}' AND type = '{$event}'")) {
rebuild_tree_full($event);
if ($event == 'article') {
if (safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'") && safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'")) {
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
}
} else {
if (safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'")) {
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
}
}
}
cat_category_list($message);
}
/**
* Processes multi-edit actions.
*/
function list_multi_edit()
{
global $txp_user, $statuses, $all_cats, $all_authors, $all_sections;
extract(psa(array('selected', 'edit_method')));
if (!$selected || !is_array($selected)) {
return list_list();
}
$selected = array_map('assert_int', $selected);
// Empty entry to permit clearing the categories.
$categories = array('');
foreach ($all_cats as $row) {
$categories[] = $row['name'];
}
$allowed = array();
$field = $value = '';
switch ($edit_method) {
// Delete.
case 'delete':
if (!has_privs('article.delete')) {
if (has_privs('article.delete.own')) {
$allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'");
}
$selected = $allowed;
}
if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) {
safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")");
callback_event('articles_deleted', '', 0, $selected);
callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value'));
update_lastmod('articles_deleted', $selected);
now('posted', true);
now('expires', true);
return list_list(messenger('article', join(', ', $selected), 'deleted'));
}
return list_list();
break;
// Change author.
// Change author.
case 'changeauthor':
$value = ps('AuthorID');
if (has_privs('article.edit') && in_array($value, $all_authors, true)) {
$field = 'AuthorID';
}
break;
// Change category1.
// Change category1.
case 'changecategory1':
$value = ps('Category1');
if (in_array($value, $categories, true)) {
$field = 'Category1';
}
break;
// Change category2.
// Change category2.
case 'changecategory2':
$value = ps('Category2');
if (in_array($value, $categories, true)) {
$field = 'Category2';
}
break;
// Change comment status.
// Change comment status.
case 'changecomments':
$field = 'Annotate';
$value = (int) ps('Annotate');
break;
// Change section.
// Change section.
case 'changesection':
$value = ps('Section');
if (in_array($value, $all_sections, true)) {
$field = 'Section';
}
break;
// Change status.
// Change status.
case 'changestatus':
$value = (int) ps('Status');
if (array_key_exists($value, $statuses)) {
$field = 'Status';
}
if (!has_privs('article.publish') && $value >= STATUS_LIVE) {
$value = STATUS_PENDING;
}
break;
}
$selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")");
foreach ($selected as $item) {
if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) {
$allowed[] = $item['ID'];
}
}
$selected = $allowed;
if ($selected) {
$message = messenger('article', join(', ', $selected), 'modified');
if ($edit_method === 'duplicate') {
$rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")");
if ($rs) {
while ($a = nextRow($rs)) {
unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']);
$a['uid'] = md5(uniqid(rand(), true));
$a['AuthorID'] = $txp_user;
foreach ($a as $name => &$value) {
$value = "`{$name}` = '" . doSlash($value) . "'";
}
if ($id = (int) safe_insert('textpattern', join(',', $a))) {
safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n url_title = CONCAT(url_title, '-', {$id}),\n Posted = NOW(),\n feed_time = NOW()", "ID = {$id}");
}
}
}
$message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected)));
} elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) {
return list_list();
}
update_lastmod('articles_updated', compact('selected', 'field', 'value'));
now('posted', true);
now('expires', true);
callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value'));
return list_list($message);
}
return list_list();
}
/**
* Saves the active language.
*/
function save_language()
{
global $textarray, $locale;
extract(psa(array('language')));
if (safe_field("lang", 'txp_lang', "lang = '" . doSlash($language) . "' LIMIT 1")) {
$locale = $prefs['locale'] = Txp::get('\\Textpattern\\L10n\\Locale')->getLanguageLocale($language);
Txp::get('\\Textpattern\\L10n\\Locale')->setLocale(LC_ALL, $language);
set_pref('locale', $locale);
set_pref('language', $language);
$textarray = load_lang($language);
list_languages(gTxt('preferences_saved'));
return;
}
list_languages(array(gTxt('language_not_installed', array('{name}' => $language)), E_ERROR));
}
function createTxp()
{
$GLOBALS['textarray'] = setup_load_lang(ps('lang'));
if (ps('name') == '') {
echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('name_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
exit;
}
if (!ps('pass')) {
echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('pass_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
exit;
}
if (!is_valid_email(ps('email'))) {
echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('email_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
exit;
}
global $txpcfg;
if (!isset($txpcfg['db'])) {
require txpath . '/config.php';
}
$ddb = $txpcfg['db'];
$duser = $txpcfg['user'];
$dpass = $txpcfg['pass'];
$dhost = $txpcfg['host'];
$dclient_flags = isset($txpcfg['client_flags']) ? $txpcfg['client_flags'] : 0;
$dprefix = $txpcfg['table_prefix'];
$dbcharset = $txpcfg['dbcharset'];
$siteurl = str_replace("http://", '', ps('siteurl'));
$siteurl = rtrim($siteurl, "/");
$urlpath = preg_replace('#^[^/]+#', '', $siteurl);
define("PFX", trim($dprefix));
define('TXP_INSTALL', 1);
include_once txpath . '/lib/txplib_update.php';
include txpath . '/setup/txpsql.php';
// This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
extract(doSlash(psa(array('name', 'pass', 'RealName', 'email', 'theme'))));
$nonce = md5(uniqid(rand(), true));
$hash = doSlash(txp_hash_password($pass));
mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}','{$hash}','{$RealName}','{$email}',1,now(),'{$nonce}')");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
mysql_query("update `" . PFX . "textpattern` set Body = replace(Body, 'siteurl', '" . doSlash($urlpath) . "'), Body_html = replace(Body_html, 'siteurl', '" . doSlash($urlpath) . "') WHERE ID = 1");
// cf. update/_to_4.2.0.php.
// TODO: Position might need altering when prefs panel layout is altered
$theme = $theme ? $theme : 'classic';
mysql_query("insert `" . PFX . "txp_prefs` set prefs_id = 1, name = 'theme_name', val = '" . doSlash($theme) . "', type = '1', event = 'admin', html = 'themename', position = '160'");
echo fbCreate();
}
/**
* Creates a new user.
*/
function author_save_new()
{
require_privs('admin.edit');
extract(psa(array('privs', 'name', 'email', 'RealName')));
$privs = assert_int($privs);
if (is_valid_username($name) && is_valid_email($email)) {
if (user_exists($name)) {
author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
return;
}
$password = generate_password(PASSWORD_LENGTH);
$rs = create_user($name, $email, $password, $RealName, $privs);
if ($rs) {
send_password($RealName, $name, $email, $password);
author_list(gTxt('password_sent_to') . sp . $email);
return;
}
}
author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}
function author_save_new()
{
require_privs('admin.edit');
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$privs = assert_int($privs);
if ($name && is_valid_email($email)) {
$password = doSlash(generate_password(6));
$nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
$rs = safe_insert('txp_users', "\n\t\t\t\tprivs = {$privs},\n\t\t\t\tname = '{$name}',\n\t\t\t\temail = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce = '{$nonce}',\n\t\t\t\tpass = password(lower('{$password}'))\n\t\t\t");
if ($rs) {
send_password($RealName, $name, $email, $password);
admin(gTxt('password_sent_to') . sp . $email);
return;
}
}
admin(gTxt('error_adding_new_author'));
}
function section_save()
{
global $txpcfg;
extract(doSlash(psa(array('page', 'css', 'old_name'))));
extract(psa(array('name', 'title')));
if (empty($title)) {
$title = $name;
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = doSlash($textile->TextileThis($title, 1));
$name = doSlash(sanitizeForUrl($name));
if ($old_name && strtolower($name) != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$name}'")) {
$message = gTxt('section_name_already_exists', array('{name}' => $name));
sec_section_list($message);
return;
}
}
if ($name == 'default') {
safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
update_lastmod();
} else {
extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
// note this means 'selected by default' not 'default page'
if ($is_default) {
safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
}
safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'");
safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
update_lastmod();
}
$message = gTxt('section_updated', array('{name}' => $name));
sec_section_list($message);
}
/**
* Saves a form template.
*/
function form_save()
{
global $essential_forms, $form_types;
extract(doSlash(array_map('assert_string', psa(array('savenew', 'Form', 'type', 'copy')))));
$name = sanitizeForPage(assert_string(ps('name')));
$newname = sanitizeForPage(assert_string(ps('newname')));
$save_error = false;
$message = '';
if (in_array($name, $essential_forms)) {
$newname = $name;
$type = fetch('type', 'txp_form', 'name', $newname);
$_POST['newname'] = $newname;
}
if (!$newname) {
$message = array(gTxt('form_name_invalid'), E_ERROR);
$save_error = true;
} else {
if (!isset($form_types[$type])) {
$message = array(gTxt('form_type_missing'), E_ERROR);
$save_error = true;
} else {
if ($copy && $name === $newname) {
$newname .= '_copy';
$_POST['newname'] = $newname;
}
$exists = safe_field('name', 'txp_form', "name = '" . doSlash($newname) . "'");
if ($newname !== $name && $exists !== false) {
$message = array(gTxt('form_already_exists', array('{name}' => $newname)), E_ERROR);
if ($savenew) {
$_POST['newname'] = '';
}
$save_error = true;
} else {
if ($savenew or $copy) {
if ($newname) {
if (safe_insert('txp_form', "Form = '{$Form}',\n type = '{$type}',\n name = '" . doSlash($newname) . "'")) {
update_lastmod();
$message = gTxt('form_created', array('{name}' => $newname));
} else {
$message = array(gTxt('form_save_failed'), E_ERROR);
$save_error = true;
}
} else {
$message = array(gTxt('form_name_invalid'), E_ERROR);
$save_error = true;
}
} else {
if (safe_update('txp_form', "Form = '{$Form}',\n type = '{$type}',\n name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
update_lastmod();
$message = gTxt('form_updated', array('{name}' => $name));
} else {
$message = array(gTxt('form_save_failed'), E_ERROR);
$save_error = true;
}
}
}
}
}
if ($save_error === true) {
$_POST['save_error'] = '1';
} else {
callback_event('form_saved', '', 0, $name, $newname);
}
form_edit($message);
}
/**
* Creates a new user.
*/
function author_save_new()
{
require_privs('admin.edit');
extract(psa(array('privs', 'name', 'email', 'RealName')));
$privs = assert_int($privs);
if (is_valid_username($name) && is_valid_email($email)) {
if (user_exists($name)) {
author_edit(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
return;
}
$password = Txp::get('\\Textpattern\\Password\\Random')->generate(PASSWORD_LENGTH);
$rs = create_user($name, $email, $password, $RealName, $privs);
if ($rs) {
$message = send_account_activation($name);
author_list($message);
return;
}
}
author_edit(array(gTxt('error_adding_new_author'), E_ERROR));
}
function article_save()
{
global $txp_user, $vars, $txpcfg, $txpac;
extract(get_prefs());
extract($txpac);
$incoming = psa($vars);
$oldstatus = fetch('Status', 'textpattern', 'ID', $incoming['ID']);
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$textile = new Textile();
if ($use_textile == 0 or !$incoming['textile_body']) {
$incoming['Body_html'] = trim($incoming['Body']);
} else {
if ($use_textile == 1) {
$incoming['Body_html'] = nl2br(trim($incoming['Body']));
} else {
if ($use_textile == 2 && $incoming['textile_body']) {
$incoming['Body_html'] = $textile->TextileThis($incoming['Body']);
$incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1);
}
}
}
if ($incoming['textile_excerpt']) {
$incoming['Excerpt'] = $textile->TextileThis($incoming['Excerpt'], 1);
}
$myprivs = fetch('privs', 'txp_users', 'name', $txp_user);
if ($myprivs == 5 && $Status == 4) {
$Status = 3;
}
extract(doSlash($incoming));
if ($reset_time) {
$whenposted = "Posted=now()";
} else {
$when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - $timeoffset;
$when = "from_unixtime({$when})";
$whenposted = "Posted={$when}";
}
$textile_body = !$textile_body ? 0 : 1;
$textile_excerpt = !$textile_excerpt ? 0 : 1;
safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = '{$Status}',\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = '{$Annotate}',\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'");
if ($Status == 4) {
if ($oldstatus < 4) {
include_once $txpcfg['txpath'] . '/lib/IXRClass.php';
if ($ping_textpattern_com) {
$tx_client = new IXR_Client('http://textpattern.com/xmlrpc/');
$tx_client->query('ping.Textpattern', $sitename, $siteurl);
}
if ($ping_weblogsdotcom == 1) {
$wl_client = new IXR_Client('http://rpc.weblogs.com/RPC2');
$wl_client->query('weblogUpdates.ping', $sitename, 'http://' . $siteurl);
}
}
safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'");
$message = gTxt("article_saved");
} else {
if ($Status == 3) {
$message = gTxt("article_saved_pending");
} else {
if ($Status == 2) {
$message = gTxt("article_saved_hidden");
} else {
if ($Status == 1) {
$message = gTxt("article_saved_draft");
}
}
}
}
article_edit($message);
}
function cat_event_category_save($event, $table_name)
{
global $txpcfg;
extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title'))));
$id = assert_int($id);
$name = sanitizeForUrl($name);
// make sure the name is valid
if (!$name) {
$message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR);
return cat_category_list($message);
}
// don't allow rename to clobber an existing category
$existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'");
if ($existing_id and $existing_id != $id) {
$message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
return cat_category_list($message);
}
$parent = $parent ? $parent : 'root';
if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) {
safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'");
}
rebuild_tree_full($event);
if ($event == 'article') {
safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'");
safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'");
} else {
safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'");
}
$message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
cat_category_list($message);
}
function article_save()
{
global $txp_user, $vars, $txpcfg;
extract(get_prefs());
$incoming = psa($vars);
$oldArticle = safe_row('Status, url_title, Title', 'textpattern', 'ID = ' . (int) $incoming['ID']);
if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
// Not allowed, you silly rabbit, you shouldn't even be here.
// Show default editing screen.
article_edit();
return;
}
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$textile = new Textile();
$incoming['Title_plain'] = $incoming['Title'];
if ($use_textile == 0 or !$incoming['textile_body']) {
$incoming['Body_html'] = trim($incoming['Body']);
} else {
if ($use_textile == 1) {
$incoming['Body_html'] = nl2br(trim($incoming['Body']));
} else {
if ($use_textile == 2 && $incoming['textile_body']) {
$incoming['Body_html'] = $textile->TextileThis($incoming['Body']);
$incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1);
}
}
}
if ($incoming['textile_excerpt']) {
$incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt']);
} else {
$incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt'], 1);
}
extract(doSlash($incoming));
if (!has_privs('article.publish') && $Status >= 4) {
$Status = 3;
}
if ($reset_time) {
$whenposted = "Posted=now()";
} else {
$when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - tz_offset();
$when = "from_unixtime({$when})";
$whenposted = "Posted={$when}";
}
$textile_body = !$textile_body ? 0 : 1;
$textile_excerpt = !$textile_excerpt ? 0 : 1;
if (empty($url_title)) {
$url_title = stripSpace($Title_plain, 1);
} elseif ($oldArticle['Status'] < 4 && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1)) {
$url_title = stripSpace($Title_plain, 1);
}
safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = '{$Status}',\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = '{$Annotate}',\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'");
if ($Status >= 4) {
if ($oldArticle['Status'] < 4) {
include_once $txpcfg['txpath'] . '/lib/IXRClass.php';
if ($ping_textpattern_com) {
$tx_client = new IXR_Client('http://textpattern.com/xmlrpc/');
$tx_client->query('ping.Textpattern', $sitename, $siteurl);
}
if ($ping_weblogsdotcom == 1) {
$wl_client = new IXR_Client('http://rpc.pingomatic.com/');
$wl_client->query('weblogUpdates.ping', $sitename, hu);
}
}
safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'");
$message = gTxt("article_saved");
} else {
if ($Status == 3) {
$message = gTxt("article_saved_pending");
} else {
if ($Status == 2) {
$message = gTxt("article_saved_hidden");
} else {
if ($Status == 1) {
$message = gTxt("article_saved_draft");
}
}
}
}
$message .= check_url_title($url_title);
article_edit($message);
}
/**
* Processes sent forms and updates existing articles.
*/
function article_save()
{
global $txp_user, $vars, $prefs;
extract($prefs);
$incoming = array_map('assert_string', psa($vars));
$oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n UNIX_TIMESTAMP(Posted) AS sPosted,\n UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']);
if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) {
// Not allowed, you silly rabbit, you shouldn't even be here.
// Show default editing screen.
article_edit();
return;
}
if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true);
return;
}
if (!has_privs('article.set_markup')) {
$incoming['textile_body'] = $oldArticle['textile_body'];
$incoming['textile_excerpt'] = $oldArticle['textile_excerpt'];
}
$incoming = textile_main_fields($incoming);
extract(doSlash($incoming));
extract(array_map('assert_int', psa(array('ID', 'Status'))));
// Comments may be on, off, or disabled.
$Annotate = (int) $Annotate;
if (!has_privs('article.publish') && $Status >= STATUS_LIVE) {
$Status = STATUS_PENDING;
}
// Set and validate article timestamp.
if ($reset_time) {
$whenposted = "Posted = NOW()";
$when_ts = time();
} else {
if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) {
$ts = false;
} else {
$ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
}
if ($ts === false || $ts < 0) {
$when = $when_ts = $oldArticle['sPosted'];
$msg = array(gTxt('invalid_postdate'), E_ERROR);
} else {
$when = $when_ts = $ts - tz_offset($ts);
}
$whenposted = "Posted = FROM_UNIXTIME({$when})";
}
// Set and validate expiry timestamp.
if (empty($exp_year)) {
$expires = 0;
} else {
if (empty($exp_month)) {
$exp_month = 1;
}
if (empty($exp_day)) {
$exp_day = 1;
}
if (empty($exp_hour)) {
$exp_hour = 0;
}
if (empty($exp_minute)) {
$exp_minute = 0;
}
if (empty($exp_second)) {
$exp_second = 0;
}
$ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second);
if ($ts === false || $ts < 0) {
$expires = $oldArticle['sExpires'];
$msg = array(gTxt('invalid_expirydate'), E_ERROR);
} else {
$expires = $ts - tz_offset($ts);
}
}
if ($expires && $expires <= $when_ts) {
$expires = $oldArticle['sExpires'];
$msg = array(gTxt('article_expires_before_postdate'), E_ERROR);
}
if ($expires) {
$whenexpires = "Expires = FROM_UNIXTIME({$expires})";
} else {
$whenexpires = "Expires = " . NULLDATETIME;
}
// Auto-update custom-titles according to Title, as long as unpublished and
// NOT customised.
if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) {
$url_title = stripSpace($Title_plain, 1);
}
$Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
$user = doSlash($txp_user);
$description = doSlash($description);
$cfq = array();
$cfs = getCustomFields();
foreach ($cfs as $i => $cf_name) {
$custom_x = "custom_{$i}";
$cfq[] = "custom_{$i} = '" . ${$custom_x} . "'";
}
$cfq = join(', ', $cfq);
$rs = compact($vars);
if (article_validate($rs, $msg)) {
if (safe_update('textpattern', "Title = '{$Title}',\n Body = '{$Body}',\n Body_html = '{$Body_html}',\n Excerpt = '{$Excerpt}',\n Excerpt_html = '{$Excerpt_html}',\n Keywords = '{$Keywords}',\n description = '{$description}',\n Image = '{$Image}',\n Status = {$Status},\n LastMod = NOW(),\n LastModID = '{$user}',\n Section = '{$Section}',\n Category1 = '{$Category1}',\n Category2 = '{$Category2}',\n Annotate = {$Annotate},\n textile_body = '{$textile_body}',\n textile_excerpt = '{$textile_excerpt}',\n override_form = '{$override_form}',\n url_title = '{$url_title}',\n AnnotateInvite = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n {$whenexpires}", "ID = {$ID}")) {
if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) {
do_pings();
}
if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) {
update_lastmod('article_saved', $rs);
}
now('posted', true);
now('expires', true);
callback_event('article_saved', '', false, $rs);
if (empty($msg)) {
$s = check_url_title($url_title);
$msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0);
}
} else {
$msg = array(gTxt('article_save_failed'), E_ERROR);
}
}
article_edit($msg, false, true);
}
function ign_userSaveNew()
{
global $ign_user_db;
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$pw = ign_generatePassword(8);
$nonce = md5(uniqid(rand(), true));
if ($name) {
$rs = safe_insert($ign_user_db, "privs\t\t\t = '{$privs}',\n\t\t\t\t name\t\t\t\t = '{$name}',\n\t\t\t\t email\t\t\t = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass\t\t\t\t =\t password(lower('{$pw}')),\n\t\t\t\t nonce\t\t\t = '{$nonce}'");
}
if ($name && $rs) {
ign_send_password($pw, $email);
ign_admin(gTxt('password_sent_to') . sp . $email);
} else {
ign_admin(ign_gTxt('error_adding_new_user'));
}
}
function section_save()
{
global $txpcfg, $app_mode;
extract(doSlash(psa(array('page', 'css', 'old_name'))));
extract(psa(array('name', 'title')));
$prequel = '';
$sequel = '';
if (empty($title)) {
$title = $name;
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = doSlash($textile->TextileThis($title, 1));
$name = doSlash(sanitizeForUrl($name));
if ($old_name && strtolower($name) != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$name}'")) {
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
if ($app_mode == 'async') {
// TODO: Better/themeable popup
send_script_response('window.alert("' . escape_js(strip_tags(gTxt('section_name_already_exists', array('{name}' => $name)))) . '")');
} else {
sec_section_list($message);
return;
}
}
}
if ($name == 'default') {
safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
update_lastmod();
} else {
extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
// note this means 'selected by default' not 'default page'
if ($is_default) {
safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
// switch off $is_default for all sections in async app_mode
if ($app_mode == 'async') {
$prequel = '$("input[name=\\"is_default\\"][value=\\"1\\"]").attr("checked", false);' . '$("input[name=\\"is_default\\"][value=\\"0\\"]").attr("checked", true);';
}
}
safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'");
safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
update_lastmod();
}
$message = gTxt('section_updated', array('{name}' => $name));
if ($app_mode == 'async') {
// Caveat: Use unslashed params for DTO
$s = psa(array('name', 'title', 'page', 'css')) + compact('is_default', 'on_frontpage', 'in_rss', 'searchable');
$s = section_detail_partial($s);
send_script_response($prequel . '$("#section-form-' . $name . '").replaceWith("' . escape_js($s) . '");' . $sequel);
} else {
sec_section_list($message);
}
}
function article_save()
{
global $txp_user, $vars, $txpcfg, $prefs;
extract($prefs);
$incoming = psa($vars);
$oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']);
if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
// Not allowed, you silly rabbit, you shouldn't even be here.
// Show default editing screen.
article_edit();
return;
}
if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE);
return;
}
$incoming = textile_main_fields($incoming, $use_textile);
extract(doSlash($incoming));
extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt'))));
$Annotate = (int) $Annotate;
if (!has_privs('article.publish') && $Status >= 4) {
$Status = 3;
}
if ($reset_time) {
$whenposted = "Posted=now()";
$when_ts = time();
} else {
$when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset();
$whenposted = "Posted=from_unixtime({$when})";
}
if (empty($exp_year)) {
$expires = 0;
$whenexpires = "Expires=" . NULLDATETIME;
} else {
if (empty($exp_month)) {
$exp_month = 1;
}
if (empty($exp_day)) {
$exp_day = 1;
}
if (empty($exp_hour)) {
$exp_hour = 0;
}
if (empty($exp_minute)) {
$exp_minute = 0;
}
if (empty($exp_second)) {
$exp_second = 0;
}
$expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset();
$whenexpires = "Expires=from_unixtime({$expires})";
}
if ($expires) {
if ($expires <= $when_ts) {
article_edit(gTxt('article_expires_before_postdate'));
return;
}
}
//Auto-Update custom-titles according to Title, as long as unpublished and NOT customized
if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) {
$url_title = stripSpace($Title_plain, 1);
}
$Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}");
if ($Status >= 4) {
if ($oldArticle['Status'] < 4) {
do_pings();
}
update_lastmod();
}
article_edit(get_status_message($Status) . check_url_title($url_title));
}
function saveComment()
{
global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
$ref = serverset('HTTP_REFERRER');
$in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
extract($in);
if (!checkCommentsAllowed($parentid)) {
exit(graf(gTxt('comments_closed')));
}
if ($prefs['comments_require_name']) {
if (!trim($name)) {
exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if ($prefs['comments_require_email']) {
if (!trim($email)) {
exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
}
if (!trim($message)) {
exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
}
$ip = serverset('REMOTE_ADDR');
$message = trim($message);
$blacklisted = is_blacklisted($ip);
$name = doSlash(strip_tags(deEntBrackets($name)));
$web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
$email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
$message2db = doSlash(markup_comment($message));
$isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
if (checkBan($ip)) {
if ($blacklisted == false) {
if (!$isdup) {
if (checkNonce($nonce)) {
$visible = $comments_moderate ? 0 : 1;
$rs = safe_insert("txp_discuss", "parentid = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t\t\t ip\t\t = '{$ip}',\n\t\t\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t\t\t visible = {$visible},\n\t\t\t\t\t\t\t posted\t = now()");
if ($rs) {
safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
if ($prefs['comment_means_site_updated']) {
safe_update("txp_prefs", "val=now()", "name='lastmod'");
}
if ($comments_sendmail) {
mail_comment($message, $name, $email, $web, $parentid);
}
$updated = update_comments_count($parentid);
ob_start();
$backpage = substr($backpage, 0, $prefs['max_url_len']);
$backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
$backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
if ($comments_moderate) {
header('Location: ' . $backpage . '#txpCommentInputForm');
} else {
header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
}
}
}
// end check nonce
}
// end check dup
} else {
exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
}
// end check blacklist
} else {
exit(gTxt('you_have_been_banned'));
}
// end check site ban
}
function createTxp()
{
$GLOBALS['textarray'] = setup_load_lang(ps('lang'));
if (!is_valid_email(ps('email'))) {
exit(graf(gTxt('email_required')));
}
require txpath . '/config.php';
$ddb = $txpcfg['db'];
$duser = $txpcfg['user'];
$dpass = $txpcfg['pass'];
$dhost = $txpcfg['host'];
$dprefix = $txpcfg['table_prefix'];
$dbcharset = $txpcfg['dbcharset'];
$siteurl = str_replace("http://", '', ps('siteurl'));
$siteurl = rtrim($siteurl, "/");
define("PFX", trim($dprefix));
define('TXP_INSTALL', 1);
include_once txpath . '/lib/txplib_update.php';
include txpath . '/setup/txpsql.php';
// This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
extract(doSlash(psa(array('name', 'pass', 'RealName', 'email'))));
$nonce = md5(uniqid(rand(), true));
mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
echo fbCreate();
}
/**
* Processes multi-edit actions.
*/
function section_multi_edit()
{
global $txp_user, $all_pages, $all_styles;
extract(psa(array('edit_method', 'selected')));
if (!$selected || !is_array($selected)) {
return sec_section_list();
}
$key = $val = '';
switch ($edit_method) {
case 'delete':
return section_delete();
break;
case 'changepage':
$val = ps('uses_page');
if (in_array($val, $all_pages, true)) {
$key = 'page';
}
break;
case 'changecss':
$val = ps('css');
if (in_array($val, $all_styles, true)) {
$key = 'css';
}
break;
case 'changeonfrontpage':
$key = 'on_frontpage';
$val = (int) ps('on_frontpage');
break;
case 'changesyndicate':
$key = 'in_rss';
$val = (int) ps('in_rss');
break;
case 'changesearchable':
$key = 'searchable';
$val = (int) ps('searchable');
break;
}
$sections = safe_column('name', 'txp_section', "name in (" . join(',', quote_list($selected)) . ")");
if ($key && $sections) {
if (safe_update('txp_section', "{$key} = '" . doSlash($val) . "'", "name in (" . join(',', quote_list($sections)) . ")")) {
sec_section_list(gTxt('section_updated', array('{name}' => join(', ', $sections))));
return;
}
}
sec_section_list();
}
