function inGroup()
 {
     global $serendipity;
     $checkgroups = explode('^', $this->get_config('registered_only_group'));
     // Not configured, so this shall not apply.
     if ($checkgroups[0] == '') {
         return true;
     }
     if (!isset($serendipity['authorid']) || !is_array($checkgroups)) {
         return false;
     }
     $mygroups =& serendipity_getGroups($serendipity['authorid'], true);
     if (!is_array($mygroups)) {
         return false;
     }
     foreach ($checkgroups as $key => $groupid) {
         if ($groupid == 'all') {
             return true;
         } elseif (in_array($groupid, $mygroups)) {
             return true;
         }
     }
     return false;
 }
 function inGroup()
 {
     global $serendipity;
     $checkgroups = explode('^', $this->get_config('hide_for_authors'));
     if (!isset($serendipity['authorid']) || !is_array($checkgroups)) {
         return false;
     }
     $mygroups =& serendipity_getGroups($serendipity['authorid'], true);
     if (!is_array($mygroups)) {
         return false;
     }
     foreach ($checkgroups as $key => $groupid) {
         if ($groupid == 'all') {
             return true;
         } elseif (in_array($groupid, $mygroups)) {
             return true;
         }
     }
     return false;
 }
/**
 * Cycle a serendipity_traversePath resultset and apply read/write ACLs.
 *
 * @access public
 * @param   array   serendipity_traversePath result array
 * @param   string  ACL type ('read', 'write')
 */
function serendipity_directoryACL(&$paths, $type = 'read')
{
    global $serendipity;
    static $debug = false;
    if ($debug) {
        echo "Applying ACL for mode '{$type}'.<br />\n";
    }
    if (!is_array($paths)) {
        return true;
    }
    $startCount = count($paths);
    if (!isset($serendipity['enableACL']) || $serendipity['enableACL'] == true) {
        // Check if we are a cool superuser. Bail out if we are.
        $logged_in = serendipity_userLoggedIn();
        if ($logged_in && serendipity_checkPermission('adminImagesMaintainOthers') && serendipity_checkPermission('adminImagesDirectories')) {
            if (!$debug) {
                return true;
            }
        }
        // Get list of all ACLs for directories.
        $q = "SELECT a.artifact_index AS directory,\n                     a.groupid\n                FROM {$serendipity['dbPrefix']}access AS a\n               WHERE a.artifact_type = 'directory'\n                 AND a.artifact_mode = '" . serendipity_db_escape_string($type) . "'";
        $allowed = serendipity_db_query($q);
        if (!is_array($allowed)) {
            return true;
        }
        // Get a list of all the groups for this user. Pipe it into a usable array.
        if ($logged_in) {
            $my_groups =& serendipity_getGroups($serendipity['authorid']);
            $acl_allowed_groups = array();
            foreach ($my_groups as $my_group) {
                $acl_allowed_groups[$my_group['id']] = true;
            }
        } else {
            // Only the 'ALL AUTHORS' group is valid for non-logged in authors.
            $acl_allowed_groups = array(0 => true);
        }
        // Iterate every ACL and check if we are allowed to use it. Parse that data into a workable array.
        $acl_allowed = array();
        foreach ($allowed as $row) {
            $acl_allowed[$row['directory']][$row['groupid']] = true;
        }
        // Iterate the input path array and check it against ACL.
        foreach ($paths as $idx => $info) {
            if (!isset($acl_allowed[$info['relpath']])) {
                // ACL for directory not set. Assume we are allowed to access.
                continue;
            }
            $granted = false;
            foreach ($acl_allowed[$info['relpath']] as $groupid => $set) {
                if ($groupid === 0 || isset($acl_allowed_groups[$groupid])) {
                    // We are allowed to access this element
                    $granted = true;
                    break;
                }
            }
            if ($granted === false) {
                // We are not allowed to access this element
                if ($debug) {
                    echo "ACL for " . $info['relpath'] . " DENIED.<br />\n";
                }
                unset($paths[$idx]);
            } else {
                if ($debug) {
                    echo "ACL for " . $info['relpath'] . " granted.<br />\n";
                }
            }
        }
        if (count($paths) < $startCount) {
            if ($debug) {
                echo "ACL denied all.<br />\n";
            }
            return false;
        }
    }
    return true;
}
/**
 * Updates the configuration of permissions of a specific group
 *
 * This function ensures that a group can only be updated from users that have permissions to do so.
 * @access public
 * @param   int     The ID of the group to update
 * @param   array   The associative array of permission names
 * @param   array   The associative array of new values for the permissions. Needs the same associative keys like the $perms array.
 * @param   bool    Indicates if an all new privilege should be inserted (true) or if an existing privilege is going to be checked
 * @param   array   The associative array of plugin permission names
 * @param   array   The associative array of plugin permission hooks
 * @return true
 */
function serendipity_updateGroupConfig($groupid, &$perms, &$values, $isNewPriv = false, $forbidden_plugins = null, $forbidden_hooks = null)
{
    global $serendipity;
    if (!serendipity_checkPermission('adminUsersGroups')) {
        return false;
    }
    if (!serendipity_checkPermission('adminUsersMaintainOthers')) {
        // Only groups should be accessible where a user has access rights.
        $my_groups = serendipity_getGroups($serendipity['authorid'], true);
        if (!in_array($groupid, $my_groups)) {
            return false;
        }
    }
    $storage =& serendipity_fetchGroup($groupid);
    serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groupconfig WHERE id = " . (int) $groupid);
    foreach ($perms as $perm => $userlevels) {
        if (substr($perm, 0, 2) == 'f_') {
            continue;
        }
        if (isset($values[$perm]) && $values[$perm] == 'true') {
            $value = 'true';
        } elseif (isset($values[$perm]) && $values[$perm] === 'false') {
            $value = 'false';
        } elseif (isset($values[$perm])) {
            $value = $values[$perm];
        } else {
            $value = 'false';
        }
        if ($isNewPriv == false && !serendipity_checkPermission($perm) && $perm != 'hiddenGroup') {
            if (!isset($storage[$perm])) {
                $value = 'false';
            } else {
                $value = $storage[$perm];
            }
        }
        serendipity_db_query(sprintf("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES (%d, '%s', '%s')", (int) $groupid, serendipity_db_escape_string($perm), serendipity_db_escape_string($value)));
    }
    if (is_array($forbidden_plugins)) {
        foreach ($forbidden_plugins as $plugid) {
            serendipity_db_query(sprintf("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES (%d, '%s', 'true')", (int) $groupid, serendipity_db_escape_string('f_' . urldecode($plugid))));
        }
    }
    if (is_array($forbidden_hooks)) {
        foreach ($forbidden_hooks as $hook) {
            serendipity_db_query(sprintf("INSERT INTO {$serendipity['dbPrefix']}groupconfig (id, property, value) VALUES (%d, '%s', 'true')", (int) $groupid, serendipity_db_escape_string('f_' . urldecode($hook))));
        }
    }
    serendipity_db_query("UPDATE {$serendipity['dbPrefix']}groups SET name = '" . serendipity_db_escape_string($values['name']) . "' WHERE id = " . (int) $groupid);
    if (is_array($values['members'])) {
        serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authorgroups WHERE groupid = " . (int) $groupid);
        foreach ($values['members'] as $member) {
            serendipity_db_query(sprintf("INSERT INTO {$serendipity['dbPrefix']}authorgroups (groupid, authorid) VALUES (%d, %d)", (int) $groupid, (int) $member));
        }
    }
    return true;
}
Example #5
0
        echo serendipity_getTemplateFile('admin/img/admin_msg_success.png');
        ?>
" alt="" /><?php 
        echo sprintf(MODIFIED_USER, htmlspecialchars($_POST['realname']));
        ?>
</div>
<?php 
    }
}
?>

<form action="?serendipity[adminModule]=personal&amp;serendipity[adminAction]=save" method="post">
<?php 
echo serendipity_setFormToken();
$template = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
$user = serendipity_fetchUsers($serendipity['authorid']);
$from = $user[0];
$from['groups'] = serendipity_getGroups($serendipity['authorid']);
unset($from['password']);
serendipity_printConfigTemplate($template, $from, true, false);
?>
    <div align="right"><input class="serendipityPrettyButton input_button" type="submit" name="SAVE"   value="<?php 
echo SAVE;
?>
" /></div>
</form>

<?php 
$add = array('internal' => true);
serendipity_plugin_api::hook_event('backend_sidebar_entries_event_display_profiles', $from, $add);
/* vim: set sts=4 ts=4 expandtab : */
    function showBackend($element, $eventData, $is_sticky, $no_frontpage, $hiderss, $access_values, $access, $password, $use_groups, $access_groups, $use_users, $access_users, $more = array())
    {
        global $serendipity;
        switch ($element) {
            case 'sticky':
                ?>
            <div class="entryproperties_sticky adv_opts_box form_check">
                <input id="properties_is_sticky" name="serendipity[properties][is_sticky]" type="checkbox" value="true" <?php 
                echo $is_sticky;
                ?>
>
                <label for="properties_is_sticky"><?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_STICKYPOSTS;
                ?>
</label>
            </div>
<?php 
                return true;
            case 'frontpage':
                ?>
            <div class="entryproperties_frontpage adv_opts_box form_check">
                <input id="properties_no_frontpage" name="serendipity[properties][no_frontpage]" type="checkbox" value="true" <?php 
                echo $no_frontpage;
                ?>
>
                <label for="properties_no_frontpage"><?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_NO_FRONTPAGE;
                ?>
</label>
            </div>
<?php 
                return true;
            case 'hiderss':
                ?>
            <div class="entryproperties_hiderss adv_opts_box form_check">
                <input id="properties_hiderss" name="serendipity[properties][hiderss]" type="checkbox" value="true" <?php 
                echo $hiderss;
                ?>
>
                <label for="properties_hiderss"><?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_HIDERSS;
                ?>
</label>
            </div>
<?php 
                return true;
            case 'access':
                ?>
            <fieldset class="entryproperties_access_list adv_opts_box">
                <span class="wrap_legend"><legend><?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS;
                ?>
:</legend></span>

                <div class="clearfix">
<?php 
                foreach ($access_values as $radio_title => $radio_value) {
                    ?>
                    <div class="form_radio">
                        <input id="properties_access_<?php 
                    echo $radio_value;
                    ?>
" name="serendipity[properties][access]" type="radio" value="<?php 
                    echo $radio_value;
                    ?>
" <?php 
                    echo $radio_value == $access ? 'checked="checked"' : '';
                    ?>
>
                        <label for="properties_access_<?php 
                    echo $radio_value;
                    ?>
"><?php 
                    echo $radio_title;
                    ?>
</label>
                    </div>
<?php 
                }
                ?>
                </div>
            </fieldset>
<?php 
                return true;
            case 'password':
                ?>
            <div class="entryproperties_access_pw adv_opts_box adv_opts_box form_field">
                <label for="properties_access_pw"><?php 
                echo PASSWORD;
                ?>
:</label>
                <input type="password" name="ignore_password" value="" style="display:none">
                <input id="properties_access_pw" name="serendipity[properties][entrypassword]" type="password" autocomplete="off" value="<?php 
                echo serendipity_specialchars($password);
                ?>
">
            </div>
<?php 
                return true;
            case 'groups':
                if ($use_groups) {
                    $my_groups = serendipity_getGroups($serendipity['authorid']);
                    ?>
            <div class="entryproperties_access_groups adv_opts_box form_multiselect">
                <label for="properties_access_groups"><?php 
                    echo PERM_READ . ': ' . GROUP;
                    ?>
</label>

                <select id="properties_access_groups" name="serendipity[properties][access_groups][]" multiple="multiple" size="4" onchange="document.getElementById('properties_access_member').checked = true;">
<?php 
                    foreach ($my_groups as $group) {
                        if ('USERLEVEL_' == substr($group['confvalue'], 0, 10)) {
                            $group['name'] = constant($group['confvalue']);
                        }
                        ?>
                    <option value="<?php 
                        echo $group['id'];
                        ?>
" <?php 
                        echo in_array($group['id'], $access_groups) ? 'selected="selected"' : '';
                        ?>
><?php 
                        echo serendipity_specialchars($group['name']);
                        ?>
</option>
<?php 
                    }
                    echo '</select>';
                    echo '</div>';
                }
                return true;
            case 'authors':
                if ($use_users) {
                    ?>
            <div class="entryproperties_access_users adv_opts_box form_multiselect">
                <label for="properties_access_users"><?php 
                    echo PERM_READ . ': ' . AUTHOR;
                    ?>
</label>

                <select id="properties_access_users" name="serendipity[properties][access_users][]" multiple="multiple" size="4" onchange="document.getElementById('properties_access_member').checked = true;">
<?php 
                    $users = serendipity_fetchUsers('', 'hidden');
                    foreach ($users as $user) {
                        ?>
                    <option value="<?php 
                        echo $user['authorid'];
                        ?>
" <?php 
                        echo in_array($user['authorid'], $access_users) ? 'selected="selected"' : '';
                        ?>
><?php 
                        echo serendipity_specialchars($user['realname']);
                        ?>
</option>
<?php 
                    }
                    echo '</select>';
                    echo '</div>';
                }
                return true;
            case 'author':
                ?>
            <div class="entryproperties_access_author adv_opts_box form_select">
                <label for="properties_access_author"><?php 
                echo AUTHOR;
                ?>
:</label>

                <select id="properties_access_author" name="serendipity[change_author]">
                <?php 
                if (isset($serendipity['POST']['change_author'])) {
                    $selected_user = $serendipity['POST']['change_author'];
                } elseif (!empty($eventData['authorid'])) {
                    $selected_user = $eventData['authorid'];
                } else {
                    $selected_user = $serendipity['authorid'];
                }
                $avail_users =& $this->getValidAuthors();
                foreach ($avail_users as $user) {
                    echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . serendipity_specialchars($user['realname']) . '</option>' . "\n";
                }
                ?>
                </select>
            </div>
<?php 
                return true;
            case 'markup':
                ?>
            <div class="entryproperties_markup adv_opts_box form_multiselect">
                <label for="properties_markup"><?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_DISABLE_MARKUP;
                ?>
</label>

                <select id="properties_markup" name="serendipity[properties][disable_markups][]" multiple="multiple" size="4">
<?php 
                $plugins = serendipity_plugin_api::get_event_plugins();
                if (is_array($plugins)) {
                    // foreach() operates on copies of values, but we want to operate on references, so we use while()
                    @reset($plugins);
                    while (list($plugin, $plugin_data) = each($plugins)) {
                        if (!is_array($plugin_data['p']->markup_elements)) {
                            continue;
                        }
                        if (isset($serendipity['POST']['properties']['disable_markups']) && in_array($plugin_data['p']->instance, $serendipity['POST']['properties']['disable_markups'])) {
                            $selected = true;
                        } elseif (isset($eventData['properties']['ep_disable_markup_' . $plugin_data['p']->instance])) {
                            $selected = true;
                        } else {
                            $selected = false;
                        }
                        // automatically mark nl2br markup parser as disabled, when WYSIWYG is active
                        if (!$selected && $serendipity['wysiwyg'] && $plugin_data['p']->act_pluginPath == 'serendipity_event_nl2br') {
                            $selected = true;
                        }
                        echo '<option ' . ($selected ? 'selected="selected"' : '') . ' value="' . $plugin_data['p']->instance . '">' . serendipity_specialchars($plugin_data['p']->title) . '</option>' . "\n";
                    }
                }
                ?>
                </select>
            </div>
<?php 
                return true;
            case 'customfields':
                ?>
            <div class="entryproperties_customfields adv_opts_box">
<?php 
                $fields = trim($this->get_config('customfields'));
                // Capture special characters for "," and ":"
                $special_from = array('\\,', '\\:');
                $special_to = array(chr(0x1), chr(0x2));
                $special_read = array(',', ':');
                $fields = str_replace($special_from, $special_to, $fields);
                if (!empty($fields)) {
                    $fields = explode(',', $fields);
                }
                if (is_array($fields) && count($fields) > 0) {
                    ?>

                <h4><?php 
                    echo PLUGIN_EVENT_ENTRYPROPERTIES_CUSTOMFIELDS;
                    ?>
</h4>

                <span><?php 
                    echo PLUGIN_EVENT_ENTRYPROPERTIES_CUSTOMFIELDS_DESC1 . sprintf(PLUGIN_EVENT_ENTRYPROPERTIES_CUSTOMFIELDS_DESC3, 'serendipity_admin.php?serendipity[adminModule]=plugins&amp;serendipity[plugin_to_conf]=' . $this->instance);
                    ?>
</span>

                <div class="serendipity_customfields clearfix">
<?php 
                    foreach ($fields as $fieldname) {
                        $fieldparts = explode(':', $fieldname);
                        $fieldname = $fieldparts[0];
                        $_fieldname = serendipity_specialchars(trim($fieldname));
                        if (isset($serendipity['POST']['properties'][$_fieldname])) {
                            $value = $serendipity['POST']['properties'][$_fieldname];
                        } elseif (!empty($eventData['properties']['ep_' . $_fieldname])) {
                            $value = $eventData['properties']['ep_' . $_fieldname];
                        } else {
                            $value = trim(str_replace($special_to, $special_read, $fieldparts[1]));
                        }
                        ?>
                    <div id="ep_column_<?php 
                        echo $_fieldname;
                        ?>
" class="clearfix form_area media_choose">
                        <label for="prop<?php 
                        echo $_fieldname;
                        ?>
"><?php 
                        echo $_fieldname;
                        ?>
</label>
                        <textarea id="prop<?php 
                        echo $_fieldname;
                        ?>
" class="change_preview" name="serendipity[properties][<?php 
                        echo $_fieldname;
                        ?>
]" data-configitem="prop<?php 
                        echo $_fieldname;
                        ?>
"><?php 
                        echo serendipity_specialchars($value);
                        ?>
</textarea>
                        <button class="customfieldMedia" type="button" name="insImage" title="<?php 
                        echo MEDIA;
                        ?>
"><span class="icon-picture"></span><span class="visuallyhidden"><?php 
                        echo MEDIA;
                        ?>
</span></button>
                        <?php 
                        if (preg_match('/(\\.jpg|\\.png|\\.bmp)$/', $value)) {
                            ?>
                        <figure id="prop<?php 
                            echo $_fieldname;
                            ?>
_preview">
                            <figcaption><?php 
                            echo PREVIEW;
                            ?>
</figcaption>
                            <img src="<?php 
                            echo $value;
                            ?>
"  alt=""/>
                        </figure>
                        <?php 
                        }
                        ?>
                    </div>
<?php 
                    }
                    ?>
                </div>
<?php 
                }
                ?>
            </div>
<?php 
                return true;
        }
    }
    function event_hook($event, &$bag, &$eventData, $addData = null)
    {
        global $serendipity;
        static $analytics_anonymizeIp = null;
        static $analytics_track_adsense = null;
        static $analytics_track_external = null;
        static $analytics_track_downloads = null;
        static $analytics_enh_link_attr = null;
        static $analytics_exclude_groups = null;
        static $usergroup = false;
        $hooks =& $bag->get('event_hooks');
        if ($analytics_anonymizeIp === null) {
            $analytics_anonymizeIp = serendipity_db_bool($this->get_config('analytics_anonymizeIp', false));
        }
        if ($analytics_track_adsense === null) {
            $analytics_track_adsense = serendipity_db_bool($this->get_config('analytics_track_adsense', false));
        }
        if ($analytics_track_downloads === null) {
            $analytics_track_downloads = serendipity_db_bool($this->get_config('analytics_track_downloads', true));
        }
        if ($analytics_track_external === null) {
            $analytics_track_external = serendipity_db_bool($this->get_config('analytics_track_external', true));
        }
        if ($analytics_enh_link_attr === null) {
            $analytics_enh_link_attr = serendipity_db_bool($this->get_config('analytics_enh_link_attr', false));
        }
        if ($analytics_exclude_groups === null) {
            $analytics_exclude_groups = explode("^", $this->get_config('analytics_exclude_groups', true));
            if (!empty($analytics_exclude_groups)) {
                $_groups = serendipity_getGroups($serendipity['authorid']);
                if (is_array($_groups)) {
                    foreach ($_groups as $group) {
                        $usergroup[] = $group['id'];
                    }
                } else {
                    $usergroup = false;
                }
            } else {
                $usergroup = false;
            }
        }
        if (isset($hooks[$event])) {
            switch ($event) {
                case 'frontend_header':
                    $analytics_enh_link_attr ? $analytics_enh_link_attr_code = "var pluginUrl = '//www.google-analytics.com/plugins/ga/inpage_linkid.js'; _gaq.push(['_require', 'inpage_linkid', pluginUrl]);" : ($analytics_enh_link_attr_code = '');
                    $analytics_anonymizeIp ? $analytics_anonymizeIp_code = "_gaq.push(['_gat._anonymizeIp']);\r  " : ($analytics_anonymizeIp_code = '');
                    $analytics_track_adsense ? $analytics_track_adsense_code = "\r<script type=\"text/javascript\">\rwindow.google_analytics_uacct = \"UA-" . $this->get_config('analytics_account_number') . "\";\r</script>\r" : ($analytics_track_adsense_code = '');
                    if ($serendipity['authorid'] === null || !$this->in_array_loop($usergroup, $analytics_exclude_groups)) {
                        echo $analytics_track_adsense_code;
                        echo '
<script type="text/javascript">
  var _gaq = _gaq || [];' . $analytics_enh_link_attr_code . '_gaq.push([\'_setAccount\', \'UA-' . $this->get_config('analytics_account_number') . '\']);
  ' . $analytics_anonymizeIp_code . '_gaq.push([\'_trackPageview\']);

  (function() {
    var ga = document.createElement(\'script\'); ga.type = \'text/javascript\'; ga.async = true;
    ga.src = (\'https:\' == document.location.protocol ? \'https://ssl\' : \'http://www\') + \'.google-analytics.com/ga.js\';
    (document.getElementsByTagName(\'head\')[0] || document.getElementsByTagName(\'body\')[0]).appendChild(ga);
  })();
</script>';
                    }
                    return true;
                    break;
                case 'frontend_display':
                    if ($serendipity['authorid'] && $usergroup !== false && $this->in_array_loop($usergroup, $analytics_exclude_groups)) {
                        return true;
                    }
                    foreach ($this->markup_elements as $temp) {
                        if (serendipity_db_bool($this->get_config($temp['name'], true)) && isset($eventData[$temp['element']]) && !$eventData['properties']['ep_disable_markup_' . $this->instance] && !isset($serendipity['POST']['properties']['disable_markup_' . $this->instance]) && ($analytics_track_downloads || $analytics_track_external)) {
                            $element = $temp['element'];
                            $eventData[$element] = preg_replace_callback("#<a (.*)href=(\"|')(http://|https://|)([^\"']+)(\"|')([^>]*)>#isUm", array($this, 'analytics_tracker_callback'), $eventData[$element]);
                        }
                    }
                    return true;
                    break;
                default:
                    return false;
            }
        } else {
            return false;
        }
    }
    function admin_print_sidebar(&$sidebar, $side, $plugin_list)
    {
        global $serendipity;
        $i = 0;
        $viewlist = unserialize($this->get_config('view_list'));
        $category_viewlist = unserialize($this->get_config('category_view_list'));
        $usergroups_viewlist = unserialize($this->get_config('usergroups_view_list'));
        $mygroups = serendipity_getGroups($serendipity['authorid']);
        $enabled = serendipity_db_bool($this->get_config('enable'));
        foreach ($sidebar as $plugin_data) {
            $plugin =& serendipity_plugin_api::load_plugin($plugin_data['name'], $plugin_data['authorid'], $plugin_data['path']);
            if (is_object($plugin)) {
                $checked = "";
                $checked_member = "";
                $checked_myself = "";
                $checked_everyone = "";
                if ($plugin_list[$side] && !$plugin_list[$side][$i]) {
                    $checked = "checked='checked'";
                }
                if ($viewlist[$plugin->instance] == 'member') {
                    $checked_member = "checked='checked'";
                } elseif ($viewlist[$plugin->instance] == 'myself' || $viewlist[$plugin->instance] == $serendipity['authorid']) {
                    $checked_myself = "checked='checked'";
                } elseif ($viewlist[$plugin->instance] == 'everyone') {
                    $checked_everyone = "checked='checked'";
                } else {
                    $checked_everyone = "checked='checked'";
                }
                $title = '';
                ob_start();
                $show_plugin = $plugin->generate_content($title);
                $content = ob_get_contents();
                ob_end_clean();
                if (empty($title)) {
                    $title = $plugin->get_config('backend_title');
                }
                echo "<div class='serendipitySideBarItem' style='margin-top:10px;margin-bottom:20px;'>\n";
                echo "<h3 class='serendipitySideBarTitle'>{$title}</h3>\n";
                echo "<div class='serendipitySideBarContent'><table>";
                if ($enabled) {
                    echo "<tr>\n";
                    echo "<td>" . PLUGIN_SIDEBAR_HIDER_CONF_HIDDEN . "</td>\n";
                    echo "<td><input class='input_checkbox' type='checkbox' name='plugin_" . $side . "_" . $i . "' {$checked} /></td>\n";
                    echo "</tr>";
                }
                //--JAM: 2005-10-18 Added "everyone" value to clear members and myself values
                echo "<tr>\n";
                echo "<td>" . PLUGIN_SIDEBAR_HIDER_CONF_EVERYONE . "</td>\n";
                echo "<td><input class='input_radio' type='radio' name='plugin_view[" . base64_encode($plugin->instance) . "]' value='everyone' {$checked_everyone} /></td>\n";
                echo "</tr>";
                echo "<tr>\n";
                echo "<td>" . PLUGIN_SIDEBAR_HIDER_CONF_MEMBERS . "</td>\n";
                echo "<td><input class='input_radio' type='radio' name='plugin_view[" . base64_encode($plugin->instance) . "]' value='member' {$checked_member} /></td>\n";
                echo "</tr>";
                echo "<tr>\n";
                echo "<td>" . PLUGIN_SIDEBAR_HIDER_CONF_MYSELF . "</td>\n";
                echo "<td><input class='input_radio' type='radio' name='plugin_view[" . base64_encode($plugin->instance) . "]' value='myself' {$checked_myself} /></td>\n";
                echo "</tr>";
                echo "<tr>\n";
                echo "<td colspan='2'>" . GROUP . "<br >\n";
                echo "<select name='plugin_usergroups_view[" . base64_encode($plugin->instance) . "][]' multiple='multiple'>\n";
                $selected_groups = explode(',', $usergroups_viewlist[$plugin->instance]);
                foreach ($mygroups as $group) {
                    if ('USERLEVEL_' == substr($group['confvalue'], 0, 10)) {
                        $group['name'] = constant($group['confvalue']);
                    }
                    ?>
                    <option value="<?php 
                    echo $group['id'];
                    ?>
" <?php 
                    echo in_array($group['id'], $selected_groups) ? 'selected="selected"' : '';
                    ?>
><?php 
                    echo function_exists('serendipity_specialchars') ? serendipity_specialchars($group['name']) : htmlspecialchars($group['name'], ENT_COMPAT, LANG_CHARSET);
                    ?>
</option>
<?php 
                }
                echo "</select></td>\n";
                echo "</tr>";
                echo "<tr>\n";
                echo "<td colspan='2'>" . PLUGIN_SIDEBAR_HIDER_CONF_CATEGORIES . "<br />\n";
                echo "\n";
                $selected = explode(',', $category_viewlist[$plugin->instance]);
                echo "<select name='plugin_category_view[" . base64_encode($plugin->instance) . "][]' multiple='multiple'>\n";
                // --JAM: 2005-10-18: The front page selection goes on the top
                echo '<option value="" ' . (in_array('', $selected) ? 'selected="selected"' : '') . '>' . (function_exists('serendipity_specialchars') ? serendipity_specialchars(ALL_CATEGORIES) : htmlspecialchars(ALL_CATEGORIES, ENT_COMPAT, LANG_CHARSET)) . '</option>' . "\n";
                echo '<option value="' . PLUGIN_SIDEBAR_HIDER_FRONTPAGE_ID . '" ' . (in_array(PLUGIN_SIDEBAR_HIDER_FRONTPAGE_ID, $selected) ? 'selected="selected"' : '') . '>' . (function_exists('serendipity_specialchars') ? serendipity_specialchars(PLUGIN_SIDEBAR_HIDER_FRONTPAGE_DESC) : htmlspecialchars(PLUGIN_SIDEBAR_HIDER_FRONTPAGE_DESC, ENT_COMPAT, LANG_CHARSET)) . '</option>' . "\n";
                // Now add regular categories to the selection list
                $cats = serendipity_fetchCategories();
                if (is_array($cats)) {
                    $cats = serendipity_walkRecursive($cats, 'categoryid', 'parentid', VIEWMODE_THREADED);
                    foreach ($cats as $cat) {
                        echo '<option value="' . $cat['categoryid'] . '" ' . (in_array($cat['categoryid'], $selected) ? 'selected="selected"' : '') . '>' . str_repeat('&nbsp;', $cat['depth']) . (function_exists('serendipity_specialchars') ? serendipity_specialchars($cat['category_name']) : htmlspecialchars($cat['category_name'], ENT_COMPAT, LANG_CHARSET)) . '</option>' . "\n";
                    }
                }
                echo "</select></td>\n";
                echo "</tr>";
                echo "</table></div>\n";
                echo "</div>\n";
            } else {
                echo ERROR . ': ' . $plugin_data['name'] . '<br />';
            }
            $i++;
        }
    }
    function showBackend($element, $eventData, $is_sticky, $no_frontpage, $hiderss, $access_values, $access, $password, $use_groups, $access_groups, $use_users, $access_users, $more = array())
    {
        global $serendipity;
        switch ($element) {
            case 'sticky':
                ?>
            <div class="entryproperties_sticky">
                <input class="input_checkbox" type="checkbox" name="serendipity[properties][is_sticky]" id="properties_is_sticky" value="true" <?php 
                echo $is_sticky;
                ?>
 />
                    <label title="<?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_STICKYPOSTS;
                ?>
" for="properties_is_sticky">&nbsp;<?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_STICKYPOSTS;
                ?>
&nbsp;&nbsp;</label>
            </div>
<?php 
                return true;
            case 'frontpage':
                ?>
            <div class="entryproperties_frontpage">
                <input class="input_checkbox" type="checkbox" name="serendipity[properties][no_frontpage]" id="properties_no_frontpage" value="true" <?php 
                echo $no_frontpage;
                ?>
 />
                    <label title="<?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_NO_FRONTPAGE;
                ?>
" for="properties_no_frontpage">&nbsp;<?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_NO_FRONTPAGE;
                ?>
&nbsp;&nbsp;</label>
            </div>
<?php 
                return true;
            case 'hiderss':
                ?>
            <div class="entryproperties_hiderss">
                <input class="input_checkbox" type="checkbox" name="serendipity[properties][hiderss]" id="properties_hiderss" value="true" <?php 
                echo $hiderss;
                ?>
 />
                    <label title="<?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_HIDERSS_DESC;
                ?>
" for="properties_hiderss">&nbsp;<?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_HIDERSS;
                ?>
&nbsp;&nbsp;</label>
            </div>
<?php 
                return true;
            case 'access':
                ?>
            <br /><?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_ACCESS;
                ?>
:<br />
            <div class="entryproperties_access_list" style="margin-left: 10px">
<?php 
                foreach ($access_values as $radio_title => $radio_value) {
                    ?>
                <input class="input_radio" type="radio" name="serendipity[properties][access]" id="properties_access_<?php 
                    echo $radio_value;
                    ?>
" value="<?php 
                    echo $radio_value;
                    ?>
" <?php 
                    echo $radio_value == $access ? 'checked="checked"' : '';
                    ?>
 />
                    <label title="<?php 
                    echo $radio_title;
                    ?>
" for="properties_access_<?php 
                    echo $radio_value;
                    ?>
">&nbsp;<?php 
                    echo $radio_title;
                    ?>
&nbsp;&nbsp;</label>
<?php 
                }
                ?>
            </div>
<?php 
                return true;
            case 'password':
                ?>
            <br /><?php 
                echo PASSWORD;
                ?>
:<br />
            <div style="margin-left: 10px" class="entryproperties_access_pw">
                <input autocomplete="off" class="input_textbox" type="password" name="serendipity[properties][entrypassword]" value="<?php 
                echo htmlspecialchars($password);
                ?>
" />
            </div>
<?php 
                return true;
            case 'groups':
                if ($use_groups) {
                    $my_groups = serendipity_getGroups($serendipity['authorid']);
                    ?>
            <br /><?php 
                    echo PERM_READ . ': <em>' . GROUP . '</em>';
                    ?>
<br />
            <select class="entryproperties_access_groups" onchange="document.getElementById('properties_access_member').checked = true;" style="margin-left: 5px" multiple="multiple" name="serendipity[properties][access_groups][]" size="4">
<?php 
                    foreach ($my_groups as $group) {
                        if ('USERLEVEL_' == substr($group['confvalue'], 0, 10)) {
                            $group['name'] = constant($group['confvalue']);
                        }
                        ?>
                <option value="<?php 
                        echo $group['id'];
                        ?>
" <?php 
                        echo in_array($group['id'], $access_groups) ? 'selected="selected"' : '';
                        ?>
><?php 
                        echo htmlspecialchars($group['name']);
                        ?>
</option>
<?php 
                    }
                    echo '</select><br />';
                }
                return true;
            case 'authors':
                if ($use_users) {
                    ?>
            <br /><?php 
                    echo PERM_READ . ': <em>' . AUTHOR . '</em>';
                    ?>
<br />
            <select class="entryproperties_access_users" onchange="document.getElementById('properties_access_member').checked = true;" style="margin-left: 5px" multiple="multiple" name="serendipity[properties][access_users][]" size="4">
<?php 
                    $users = serendipity_fetchUsers('', 'hidden');
                    foreach ($users as $user) {
                        ?>
                <option value="<?php 
                        echo $user['authorid'];
                        ?>
" <?php 
                        echo in_array($user['authorid'], $access_users) ? 'selected="selected"' : '';
                        ?>
><?php 
                        echo htmlspecialchars($user['realname']);
                        ?>
</option>
<?php 
                    }
                    echo '</select><br />';
                }
                return true;
            case 'author':
                ?>
            <br /><?php 
                echo AUTHOR;
                ?>
:<br />
            <div class="entryproperties_access_author" style="margin-left: 10px">
                <select name="serendipity[change_author]">
                <?php 
                if (isset($serendipity['POST']['change_author'])) {
                    $selected_user = $serendipity['POST']['change_author'];
                } elseif (!empty($eventData['authorid'])) {
                    $selected_user = $eventData['authorid'];
                } else {
                    $selected_user = $serendipity['authorid'];
                }
                $avail_users =& $this->getValidAuthors();
                foreach ($avail_users as $user) {
                    echo '<option value="' . $user['authorid'] . '" ' . ($selected_user == $user['authorid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($user['realname']) . '</option>' . "\n";
                }
                ?>
                </select>
            </div>
<?php 
                return true;
            case 'markup':
                ?>
            <br /><div class="entryproperties_markup">
            <?php 
                echo PLUGIN_EVENT_ENTRYPROPERTIES_DISABLE_MARKUP;
                ?>
<br />
            <div style="margin-left: 10px">
                <select name="serendipity[properties][disable_markups][]" multiple="multiple" size="4">
                <?php 
                $plugins = serendipity_plugin_api::get_event_plugins();
                if (is_array($plugins)) {
                    // foreach() operates on copies of values, but we want to operate on references, so we use while()
                    @reset($plugins);
                    while (list($plugin, $plugin_data) = each($plugins)) {
                        if (!is_array($plugin_data['p']->markup_elements)) {
                            continue;
                        }
                        if (isset($serendipity['POST']['properties']['disable_markups']) && in_array($plugin_data['p']->instance, $serendipity['POST']['properties']['disable_markups'])) {
                            $selected = true;
                        } elseif (isset($eventData['properties']['ep_disable_markup_' . $plugin_data['p']->instance])) {
                            $selected = true;
                        } else {
                            $selected = false;
                        }
                        echo '<option ' . ($selected ? 'selected="selected"' : '') . ' value="' . $plugin_data['p']->instance . '">' . htmlspecialchars($plugin_data['p']->title) . '</option>' . "\n";
                    }
                }
                ?>
                </select>
            </div>
        </div>
<?php 
                return true;
            case 'customfields':
                ?>
        <br /><div class="entryproperties_customfields">
            <?php 
                $fields = trim($this->get_config('customfields'));
                if (!empty($fields)) {
                    $fields = explode(',', $fields);
                }
                if (is_array($fields) && count($fields) > 0) {
                    ?>
            <br />
            <?php 
                    echo PLUGIN_EVENT_ENTRYPROPERTIES_CUSTOMFIELDS;
                    ?>
:<br />
            <em><?php 
                    echo PLUGIN_EVENT_ENTRYPROPERTIES_CUSTOMFIELDS_DESC1 . '<br />' . sprintf(PLUGIN_EVENT_ENTRYPROPERTIES_CUSTOMFIELDS_DESC3, 'serendipity_admin.php?serendipity[adminModule]=plugins&amp;serendipity[plugin_to_conf]=' . $this->instance);
                    ?>
</em><br />
            <div style="margin-left: 10px">
                <table id="serendipity_customfields">
            <?php 
                    foreach ($fields as $fieldname) {
                        $fieldname = htmlspecialchars(trim($fieldname));
                        if (isset($serendipity['POST']['properties'][$fieldname])) {
                            $value = $serendipity['POST']['properties'][$fieldname];
                        } elseif (!empty($eventData['properties']['ep_' . $fieldname])) {
                            $value = $eventData['properties']['ep_' . $fieldname];
                        } else {
                            $value = '';
                        }
                        ?>
                <tr>
                    <td class="customfield_<?php 
                        echo $fieldname;
                        ?>
 customfield_name"><strong><?php 
                        echo $fieldname;
                        ?>
</strong></td>
                    <td class="customfield_<?php 
                        echo $fieldname;
                        ?>
 customfield_value"><textarea id="prop<?php 
                        echo htmlspecialchars($fieldname);
                        ?>
" name="serendipity[properties][<?php 
                        echo htmlspecialchars($fieldname);
                        ?>
]"><?php 
                        echo htmlspecialchars($value);
                        ?>
</textarea></td>
                    <td valign="top"><script type="text/javascript" language="JavaScript">document.write('<input class="serendipityPrettyButton input_button" type="button" name="insImage" value="<?php 
                        echo MEDIA;
                        ?>
" onclick="window.open(\'serendipity_admin_image_selector.php?serendipity[htmltarget]=prop<?php 
                        echo htmlspecialchars($fieldname);
                        ?>
&amp;serendipity[filename_only]=true\', \'ImageSel\', \'width=800,height=600,toolbar=no,scrollbars=1,scrollbars,resize=1,resizable=1\');" class="serendipityPrettyButton" />');</script></td>
                </tr>
            <?php 
                    }
                    ?>
                </table>
            </div>
            <?php 
                }
                ?>
        </div>
<?php 
                return true;
        }
    }
Example #10
0
        } else {
            echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong><br />';
            echo EDIT;
            $from = array();
        }
    } else {
        echo CREATE;
        $from = array();
    }
    ?>
    </h3>

<?php 
    $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE);
    if (!empty($serendipity['GET']['userid'])) {
        $from['groups'] = serendipity_getGroups($serendipity['GET']['userid']);
    } else {
        $from['groups'] = array();
    }
    serendipity_printConfigTemplate($config, $from, true, false, true, true);
    if ($serendipity['GET']['adminAction'] == 'edit') {
        ?>
        <input type="submit" name="SAVE_EDIT"   value="<?php 
        echo SAVE;
        ?>
" class="serendipityPrettyButton input_button" />
<?php 
    } else {
        ?>
        <input type="submit" name="SAVE_NEW" value="<?php 
        echo CREATE_NEW_USER;