function tp_renderarticle($intro = '') { global $context, $txt, $scripturl, $boarddir, $smcFunc; // just return if data is missing if (!isset($context['TPortal']['article'])) { return; } echo ' <div class="article_inner">'; // use intro! if ($context['TPortal']['article']['useintro'] == '1' && !$context['TPortal']['single_article'] || !empty($intro)) { if ($context['TPortal']['article']['rendertype'] == 'php') { echo eval(tp_convertphp($context['TPortal']['article']['intro'], true)), ' <p><b><a href="' . $scripturl . '?page=', !empty($context['TPortal']['article']['shortname']) ? $context['TPortal']['article']['shortname'] : $context['TPortal']['article']['id'], '', WIRELESS ? ';' . WIRELESS_PROTOCOL : '', '">' . $txt['tp-readmore'] . '</a></b></p>'; } elseif ($context['TPortal']['article']['rendertype'] == 'bbc' || $context['TPortal']['article']['rendertype'] == 'import') { if (!WIRELESS) { echo parse_bbc($context['TPortal']['article']['intro']), '<p><b><a href="' . $scripturl . '?page=', !empty($context['TPortal']['article']['shortname']) ? $context['TPortal']['article']['shortname'] : $context['TPortal']['article']['id'], '', WIRELESS ? ';' . WIRELESS_PROTOCOL : '', '">' . $txt['tp-readmore'] . '</a></b></p>'; } else { echo parse_bbc($context['TPortal']['article']['intro']); } } else { if (!WIRELESS) { echo $context['TPortal']['article']['intro'], '<p><b><a href="' . $scripturl . '?page=', !empty($context['TPortal']['article']['shortname']) ? $context['TPortal']['article']['shortname'] : $context['TPortal']['article']['id'], '', WIRELESS ? ';' . WIRELESS_PROTOCOL : '', '">' . $txt['tp-readmore'] . '</a></b></p>'; } else { echo $context['TPortal']['article']['intro']; } } } else { if ($context['TPortal']['article']['rendertype'] == 'php') { eval(tp_convertphp($context['TPortal']['article']['body'], true)); } elseif ($context['TPortal']['article']['rendertype'] == 'bbc') { echo parse_bbc($context['TPortal']['article']['body']); } elseif ($context['TPortal']['article']['rendertype'] == 'import') { if (!file_exists($boarddir . '/' . $context['TPortal']['article']['fileimport'])) { echo '<em>', $txt['tp-cannotfetchfile'], '</em>'; } else { include $context['TPortal']['article']['fileimport']; } } else { echo $context['TPortal']['article']['body']; } } echo ' </div>'; return; }
function do_postchecks() { global $context, $txt, $settings, $boarddir, $smcFunc, $sourcedir; // If we have any setting changes add them to this array $updateArray = array(); // which screen do we come frm? if (!empty($_POST['tpadmin_form'])) { // get it $from = $_POST['tpadmin_form']; //news if ($from == 'news') { return 'news'; } elseif ($from == 'blockoverview') { checkSession('post'); isAllowedTo('tp_blocks'); $block = array(); foreach ($_POST as $what => $value) { if (substr($what, 5, 7) == 'tpblock') { // get the id $bid = substr($what, 12); if (!isset($block[$bid])) { $block[$bid] = array(); } if ($value != 'control' && !in_array($value, $block[$bid])) { $block[$bid][] = $value; } } } foreach ($block as $bl => $blo) { $request = $smcFunc['db_query']('', ' SELECT access FROM {db_prefix}tp_blocks WHERE id = {int:blockid}', array('blockid' => $bl)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET access = {string:access} WHERE id = {int:blockid}', array('access' => implode(',', $blo), 'blockid' => $bl)); } } return 'blocks;overview'; } elseif (in_array($from, array('settings', 'frontpage', 'artsettings', 'panels'))) { checkSession('post'); isAllowedTo('tp_settings'); $w = array(); $ssi = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'tp_') { $where = substr($what, 3); $clean = $value; // for frontpage, do some extra if ($from == 'frontpage') { if (substr($what, 0, 20) == 'tp_frontpage_visual_') { $w[] = substr($what, 20); unset($clean); } elseif (substr($what, 0, 21) == 'tp_frontpage_usorting') { $w[] = 'sort_' . $value; unset($clean); } elseif (substr($what, 0, 26) == 'tp_frontpage_sorting_order') { $w[] = 'sortorder_' . $value; unset($clean); } elseif (substr($what, 0, 11) == 'tp_ssiboard') { if ($value != 0) { $ssi[$value] = $value; } } } if ($from == 'settings' && $what == 'tp_frontpage_title') { $updateArray['frontpage_title'] = $clean; } else { if (isset($clean)) { $updateArray[$where] = $clean; } } } } // check the frontpage visual setting.. if ($from == 'frontpage') { $updateArray['frontpage_visual'] = implode(',', $w); $updateArray['SSI_board'] = implode(',', $ssi); } updateTPSettings($updateArray); return $from; } elseif ($from == 'categories') { checkSession('post'); isAllowedTo('tp_articles'); foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'tp_') { // for frontpage, do some extra if ($from == 'categories') { if (substr($what, 0, 19) == 'tp_category_value2_') { $where = tp_sanitize(substr($what, 19)); //make sure parent are not its own parent $request = $smcFunc['db_query']('', ' SELECT value2 FROM {db_prefix}tp_variables WHERE id = {string:varid} LIMIT 1', array('varid' => $value)); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if ($row['value2'] == $where) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {string:varid} LIMIT 1', array('val2' => '0', 'varid' => $value)); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {string:varid} LIMIT 1', array('val2' => $value, 'varid' => $where)); } } } } return $from; } elseif ($from == 'articles') { checkSession('post'); isAllowedTo('tp_articles'); foreach ($_POST as $what => $value) { if (substr($what, 0, 14) == 'tp_article_pos') { $where = tp_sanitize(substr($what, 14)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET parse = {int:parse} WHERE id = {int:artid} LIMIT 1', array('parse' => $value, 'artid' => $where)); } } if (isset($_POST['tpadmin_form_category']) && is_numeric($_POST['tpadmin_form_category'])) { return $from . ';cu=' . $_POST['tpadmin_form_category']; } else { return $from; } } elseif ($from == 'modules') { checkSession('post'); isAllowedTo('tp_settings'); foreach ($_POST as $what => $value) { if ($what == 'tp_show_download') { $updateArray['show_download'] = $value; } elseif (substr($what, 0, 14) == 'tpmodule_state') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_modules SET active = {int:active} WHERE id = {int:modid}', array('active' => $value, 'modid' => substr($what, 14))); } } updateTPSettings($updateArray); return $from; } elseif ($from == 'menuitems') { checkSession('post'); isAllowedTo('tp_blocks'); $all = explode(',', $context['TPortal']['sitemap_items']); foreach ($_POST as $what => $value) { if (substr($what, 0, 8) == 'menu_pos') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET subtype = {string:subtype} WHERE id = {int:varid}', array('subtype' => tp_sanitize($value), 'varid' => substr($what, 8))); } elseif (substr($what, 0, 8) == 'menu_sub') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value4 = {string:val4} WHERE id = {int:varid}', array('val4' => tp_sanitize($value), 'varid' => substr($what, 8))); } elseif (substr($what, 0, 15) == 'tp_menu_sitemap') { $new = substr($what, 15); if ($value == 0 && in_array($new, $all)) { foreach ($all as $key => $value) { if ($all[$key] == $new) { unset($all[$key]); } } } elseif ($value == 1 && !in_array($new, $all)) { $all[] = $new; } $updateArray['sitemap_items'] = implode(',', $all); } } updateTPSettings($updateArray); redirectexit('action=tpadmin;sa=menubox;mid=' . $_POST['tp_menuid']); } elseif ($from == 'menus') { checkSession('post'); isAllowedTo('tp_blocks'); foreach ($_POST as $what => $value) { if (substr($what, 0, 12) == 'tp_menu_name') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE id = {int:varid}', array('val1' => tp_sanitize($value), 'varid' => substr($what, 12))); } } redirectexit('action=tpadmin;sa=menubox'); } elseif ($from == 'singlemenuedit') { checkSession('post'); isAllowedTo('tp_blocks'); $where = isset($_POST['tpadmin_form_id']) ? $_POST['tpadmin_form_id'] : 0; foreach ($_POST as $what => $value) { if ($what == 'tp_menu_name') { // make sure special charachters can't be done $value = preg_replace('~&#\\d+$~', '', $value); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE id = {int:varid}', array('val1' => $value, 'varid' => $where)); } elseif ($what == 'tp_menu_newlink') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:var2} WHERE id = {int:varid}', array('var2' => $value, 'varid' => $where)); } elseif ($what == 'tp_menu_menuid') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET subtype2 = {int:subtype2} WHERE id = {int:varid}', array('subtype2' => $value, 'varid' => $where)); } elseif ($what == 'tp_menu_type') { if ($value == 'cats') { $idtype = 'cats' . $_POST['tp_menu_category']; } elseif ($value == 'arti') { $idtype = 'arti' . $_POST['tp_menu_article']; } elseif ($value == 'link') { $idtype = $_POST['tp_menu_link']; } elseif ($value == 'head') { $idtype = 'head'; } elseif ($value == 'spac') { $idtype = 'spac'; } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value3 = {string:val3} WHERE id = {int:varid}', array('val3' => $idtype, 'varid' => $where)); } elseif ($what == 'tp_menu_sub') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value4 = {string:val4} WHERE id = {int:varid}', array('val4' => $value, 'varid' => $where)); } elseif (substr($what, 0, 15) == 'tp_menu_newlink') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = WHERE id = {int:varid}', array('val2' => $value, 'varid' => $where)); } } redirectexit('action=tpadmin;linkedit=' . $where . ';' . $context['session_var'] . '=' . $context['session_id']); } elseif ($from == 'addcategory') { checkSession('post'); isAllowedTo('tp_articles'); $name = !empty($_POST['tp_cat_name']) ? $_POST['tp_cat_name'] : $txt['tp-noname']; $parent = !empty($_POST['tp_cat_parent']) ? $_POST['tp_cat_parent'] : '0'; $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array(strip_tags($name), $parent, '', 'category', '', 0, '', 'catlayout=1|layout=1', 0, 0), array('id')); $go = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id'); redirectexit('action=tpadmin;sa=categories;cu=' . $go); } elseif ($from == 'clist') { checkSession('post'); isAllowedTo('tp_articles'); $cats = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 8) == 'tp_clist') { $cats[] = $value; } } if (sizeof($cats) > 0) { $catnames = implode(',', $cats); } else { $catnames = ''; } $updateArray['cat_list'] = $catnames; updateTPSettings($updateArray); return $from; } elseif ($from == 'editcategory') { checkSession('post'); isAllowedTo('tp_articles'); $options = array(); $groups = array(); $where = $_POST['tpadmin_form_id']; foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'tp_') { $clean = tp_sanitize($value); $param = substr($what, 12); if (in_array($param, array('value5', 'value6', 'value8'))) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET ' . $param . ' = {string:val} WHERE id = {int:varid} LIMIT 1', array('val' => $value, 'varid' => $where)); } elseif ($param == 'value2') { //make sure parent are not its own parent $request = $smcFunc['db_query']('', ' SELECT value2 FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $value)); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if ($row['value2'] == $where) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {int:varid} LIMIT 1', array('val2' => '0', 'varid' => $value)); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {int:varid} LIMIT 1', array('val2' => $value, 'varid' => $where)); } elseif ($param == 'value1') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE id = {int:varid} LIMIT 1', array('val1' => strip_tags($value), 'varid' => $where)); } elseif ($param == 'value4') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value4 = {string:val4} WHERE id = {int:varid} LIMIT 1', array('val4' => $value, 'varid' => $where)); } elseif ($param == 'value9') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value9 = {string:val9} WHERE id = {int:varid} LIMIT 1', array('val9' => $value, 'varid' => $where)); } elseif (substr($param, 0, 6) == 'group_') { $groups[] = substr($param, 6); } else { $options[] = $param . '=' . $value; } } } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value3 = {string:val3}, value7 = {string:val7} WHERE id = {int:varid} LIMIT 1', array('val3' => implode(',', $groups), 'val7' => implode('|', $options), 'varid' => $where)); $from = 'categories;cu=' . $where; return $from; } elseif ($from == 'strays') { checkSession('post'); isAllowedTo('tp_articles'); $ccats = array(); // check if we have some values foreach ($_POST as $what => $value) { if (substr($what, 0, 16) == 'tp_article_stray') { $ccats[] = substr($what, 16); } elseif ($what == 'tp_article_cat') { $straycat = $value; } elseif ($what == 'tp_article_new') { $straynewcat = $value; } } // update if (isset($straycat) && sizeof($ccats) > 0) { $category = $straycat; if ($category == 0 && !empty($straynewcat)) { $request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'type' => 'string'), array(strip_tags($straynewcat), '0', 'category'), array('id')); $newcategory = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id'); $smcFunc['db_free_result']($request); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET category = {int:cat} WHERE id IN ({array_int:artid})', array('cat' => !empty($newcategory) ? $newcategory : $category, 'artid' => $ccats)); } return $from; } elseif ($from == 'articons') { checkSession('post'); isAllowedTo('tp_articles'); // any icons sent? if (file_exists($_FILES['tp_article_newicon']['tmp_name'])) { TPuploadpicture('tp_article_newicon', '', '300', 'jpg,gif,png', 'tp-files/tp-articles/icons'); } if (file_exists($_FILES['tp_article_newillustration']['tmp_name'])) { $name = TPuploadpicture('tp_article_newillustration', '', '500', 'jpg,gif,png', 'tp-files/tp-articles/illustrations'); tp_createthumb('tp-files/tp-articles/illustrations/' . $name, 128, 128, 'tp-files/tp-articles/illustrations/s_' . $name); unlink('tp-files/tp-articles/illustrations/' . $name); } // how about deleted? foreach ($_POST as $what => $value) { if (substr($what, 0, 7) == 'articon') { unlink($boarddir . '/tp-files/tp-articles/icons/' . $value); } elseif (substr($what, 0, 15) == 'artillustration') { unlink($boarddir . '/tp-files/tp-articles/illustrations/' . $value); } } return $from; } elseif ($from == 'menuadd') { checkSession('post'); isAllowedTo('tp_blocks'); if (!empty($_POST['tp_menu_title'])) { $mtitle = strip_tags($_POST['tp_menu_title']); $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'type' => 'string'), array($mtitle, 'menus'), array('id')); redirectexit('action=tpadmin;sa=menubox'); } } elseif ($from == 'menuaddsingle') { checkSession('post'); isAllowedTo('tp_blocks'); $mid = $_POST['tp_menu_menuid']; $mtitle = strip_tags($_POST['tp_menu_title']); if ($mtitle == '') { $mtitle = $txt['tp-no_title']; } $mtype = $_POST['tp_menu_type']; $mcat = isset($_POST['tp_menu_category']) ? $_POST['tp_menu_category'] : ''; $mart = isset($_POST['tp_menu_article']) ? $_POST['tp_menu_article'] : ''; $mlink = isset($_POST['tp_menu_link']) ? $_POST['tp_menu_link'] : ''; $mhead = isset($_POST['tp_menu_head']) ? $_POST['tp_menu_head'] : ''; $mnewlink = isset($_POST['tp_menu_newlink']) ? $_POST['tp_menu_newlink'] : '0'; if ($mtype == 'cats') { $mtype = 'cats' . $mcat; } elseif ($mtype == 'arti') { $mtype = 'arti' . $mart; } elseif ($mtype == 'head') { $mtype = 'head' . $mhead; } elseif ($mtype == 'spac') { $mtype = 'spac'; } else { $mtype = $mlink; } $msub = $_POST['tp_menu_sub']; $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype2' => 'int'), array($mtitle, $mnewlink, $mtype, 'menubox', $msub, -1, $mid), array('id')); redirectexit('action=tpadmin;sa=menubox;mid=' . $mid); } elseif ($from == 'submission') { checkSession('post'); isAllowedTo('tp_articles'); $ccats = array(); // check if we have some values foreach ($_POST as $what => $value) { if (substr($what, 0, 21) == 'tp_article_submission') { $ccats[] = substr($what, 21); } elseif ($what == 'tp_article_cat') { $straycat = $value; } elseif ($what == 'tp_article_new') { $straynewcat = $value; } } // update if (isset($straycat) && sizeof($ccats) > 0) { $category = $straycat; if ($category == 0 && !empty($straynewcat)) { $request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'type' => 'string'), array($straynewcat, '0', 'category'), array('id')); $newcategory = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id'); $smcFunc['db_free_result']($request); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET approved = {int:approved}, category = {int:cat} WHERE id IN ({array_int:artid})', array('approved' => 1, 'cat' => !empty($newcategory) ? $newcategory : $category, 'artid' => $ccats)); $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_variables WHERE type = {string:type} AND value5 IN ({array_int:val5})', array('type' => 'art_not_approved', 'val5' => $ccats)); } return $from; } elseif ($from == 'blocks') { checkSession('post'); isAllowedTo('tp_blocks'); foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'pos') { $where = substr($what, 3); if (is_numeric($where)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET pos = {int:pos} WHERE id = {int:blockid}', array('pos' => $value, 'blockid' => $where)); } } elseif (substr($what, 0, 6) == 'addpos') { $where = substr($what, 6); if (is_numeric($where)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET pos = (pos + 11) WHERE id = {int:blockid}', array('blockid' => $where)); } } elseif (substr($what, 0, 6) == 'subpos') { $where = substr($what, 6); if (is_numeric($where)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET pos = (pos - 11) WHERE id = {int:blockid}', array('blockid' => $where)); } } elseif (substr($what, 0, 4) == 'type') { $where = substr($what, 4); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET type = {int:type} WHERE id = {int:blockid}', array('type' => $value, 'blockid' => $where)); } elseif (substr($what, 0, 5) == 'title') { $where = strip_tags(substr($what, 5)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET title = {string:title} WHERE id = {int:blockid}', array('title' => $value, 'blockid' => $where)); } elseif (substr($what, 0, 9) == 'blockbody') { $where = tp_sanitize(substr($what, 9)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET body = {string:body} WHERE id = {int:blockid}', array('body' => $value, 'blockid' => $where)); } } redirectexit('action=tpadmin;sa=blocks'); } elseif ($from == 'addblock') { checkSession('post'); isAllowedTo('tp_blocks'); $title = empty($_POST['tp_addblocktitle']) ? '-no title-' : $_POST['tp_addblocktitle']; $panel = $_POST['tp_addblockpanel']; $type = $_POST['tp_addblock']; if (!is_numeric($type)) { if (substr($type, 0, 3) == 'mb_') { $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_blocks WHERE id = {int:blockid}', array('blockid' => substr($type, 3))); if ($smcFunc['db_num_rows']($request) > 0) { $cp = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); } } else { $od = TPparseModfile(file_get_contents($boarddir . '/tp-files/tp-blockcodes/' . $type . '.blockcode'), array('code')); } } if (isset($od['code'])) { $body = tp_convertphp($od['code']); $type = 10; } else { $body = ''; } if (isset($cp)) { $smcFunc['db_insert']('INSERT', '{db_prefix}tp_blocks', array('type' => 'int', 'frame' => 'string', 'title' => 'string', 'body' => 'string', 'access' => 'string', 'bar' => 'int', 'pos' => 'int', 'off' => 'int', 'visible' => 'string', 'var1' => 'int', 'var2' => 'int', 'lang' => 'string', 'access2' => 'string', 'editgroups' => 'string'), array($cp['type'], $cp['frame'], $title, $cp['body'], $cp['access'], $panel, 0, 1, 1, $cp['var1'], $cp['var2'], $cp['lang'], $cp['access2'], $cp['editgroups']), array('id')); } else { $smcFunc['db_insert']('INSERT', '{db_prefix}tp_blocks', array('type' => 'int', 'frame' => 'string', 'title' => 'string', 'body' => 'string', 'access' => 'string', 'bar' => 'int', 'pos' => 'int', 'off' => 'int', 'visible' => 'string', 'var1' => 'int', 'var2' => 'int', 'lang' => 'string', 'access2' => 'string', 'editgroups' => 'string'), array($type, 'theme', $title, $body, '-1,0,1', $panel, 0, 1, 1, 0, 0, '', 'actio=allpages', ''), array('id')); } $where = $smcFunc['db_insert_id']('{db_prefix}tp_blocks', 'id'); if (!empty($where)) { redirectexit('action=tpadmin;blockedit=' . $where . ';sesc=' . $context['session_id']); } else { redirectexit('action=tpadmin;sa=blocks'); } } elseif ($from == 'blockedit') { checkSession('post'); isAllowedTo('tp_blocks'); $where = is_numeric($_POST['tpadmin_form_id']) ? $_POST['tpadmin_form_id'] : 0; $tpgroups = array(); $editgroups = array(); $access = array(); $lang = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 9) == 'tp_block_') { $setting = substr($what, 9); if ($setting == 'body') { // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['tp_block_body_mode']) && isset($_REQUEST['tp_block_body'])) { require_once $sourcedir . '/Subs-Editor.php'; $_REQUEST['tp_block_body'] = html_to_bbc($_REQUEST['tp_block_body']); // We need to unhtml it now as it gets done shortly. $_REQUEST['tp_block_body'] = un_htmlspecialchars($_REQUEST['tp_block_body']); // We need this for everything else. $value = $_POST['tp_block_body'] = $_REQUEST['tp_block_body']; } // PHP block? if ($_POST['tp_block_type'] == 10) { $value = tp_convertphp($value); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET ' . $setting . ' = {string:value} WHERE id = {int:blockid}', array('value' => $value, 'blockid' => $where)); } elseif ($setting == 'title') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET title = {string:title} WHERE id = {int:blockid}', array('title' => $value, 'blockid' => $where)); } elseif ($setting == 'body_mode' || $setting == 'body_choice' || $setting == 'body_pure') { $go = ''; } elseif ($setting == 'frame') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET frame = {string:val} WHERE id = {int:blockid}', array('val' => $value, 'blockid' => $where)); } else { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET ' . $setting . ' = {raw:val} WHERE id = {int:blockid}', array('val' => $value, 'blockid' => $where)); } } elseif (substr($what, 0, 8) == 'tp_group') { $tpgroups[] = substr($what, 8); } elseif (substr($what, 0, 12) == 'tp_editgroup') { $editgroups[] = substr($what, 12); } elseif (substr($what, 0, 10) == 'actiontype') { $access[] = 'actio=' . $value; } elseif (substr($what, 0, 9) == 'boardtype') { $access[] = 'board=' . $value; } elseif (substr($what, 0, 11) == 'articletype') { $access[] = 'tpage=' . $value; } elseif (substr($what, 0, 12) == 'categorytype') { $access[] = 'tpcat=' . $value; } elseif (substr($what, 0, 8) == 'langtype') { $access[] = 'tlang=' . $value; } elseif (substr($what, 0, 9) == 'dlcattype') { $access[] = 'dlcat=' . $value; } elseif (substr($what, 0, 9) == 'tpmodtype') { $access[] = 'tpmod=' . $value; } elseif (substr($what, 0, 9) == 'custotype' && !empty($value)) { $items = explode(',', $value); foreach ($items as $iti => $it) { $access[] = 'actio=' . $it; } } elseif (substr($what, 0, 8) == 'tp_lang_') { if (substr($what, 8) != '') { $lang[] = substr($what, 8) . '|' . $value; } } elseif (substr($what, 0, 18) == 'tp_userbox_options') { if (!isset($userbox)) { $userbox = array(); } $userbox[] = $value; } elseif (substr($what, 0, 8) == 'tp_theme') { $theme = substr($what, 8); if (!isset($themebox)) { $themebox = array(); } // get the path too if (isset($_POST['tp_path' . $theme])) { $tpath = $_POST['tp_path' . $theme]; } else { $tpath = ''; } $themebox[] = $theme . '|' . $value . '|' . $tpath; } } // construct the access++ $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET access2 = {string:acc2}, access = {string:acc}, lang = {string:lang}, editgroups = {string:editgrp} WHERE id = {int:blockid}', array('acc2' => implode(',', $access), 'acc' => implode(',', $tpgroups), 'lang' => implode('|', $lang), 'editgrp' => implode(',', $editgroups), 'blockid' => $where)); if (isset($userbox)) { $updateArray['userbox_options'] = implode(',', $userbox); } if (isset($themebox)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET body = {string:body} WHERE id = {int:blockid}', array('body' => implode(',', $themebox), 'blockid' => $where)); } // anything from PHP block? if (isset($_POST['blockcode_overwrite'])) { // get the blockcode $newval = TPparseModfile(file_get_contents($boarddir . '/tp-files/tp-blockcodes/' . $_POST['tp_blockcode'] . '.blockcode'), array('code')); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET body = {string:body} WHERE id = {int:blockid}', array('body' => $newval['code'], 'blockid' => $where)); } // check if uploadad picture if (isset($_FILES['qup_blockbody']) && file_exists($_FILES['qup_blockbody']['tmp_name'])) { $name = TPuploadpicture('qup_blockbody', $context['user']['id'] . 'uid'); tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name); } updateTPSettings($updateArray); redirectexit('action=tpadmin;blockedit=' . $where . ';' . $context['session_var'] . '=' . $context['session_id']); } elseif (substr($from, 0, 11) == 'editarticle') { checkSession('post'); isAllowedTo('tp_articles'); $new = false; $where = substr($from, 11); if (empty($where)) { // we need to create one first $smcFunc['db_insert']('INSERT', '{db_prefix}tp_articles', array('date' => 'int'), array(time()), array('id')); $where = $smcFunc['db_insert_id']('{db_prefix}tp_articles', 'id'); $new = true; $from = 'editarticle' . $where; } // check if uploads are there if (file_exists($_FILES['tp_article_illupload']['tmp_name'])) { $name = TPuploadpicture('tp_article_illupload', '', '180', 'jpg,gif,png', 'tp-files/tp-articles/illustrations'); tp_createthumb('tp-files/tp-articles/illustrations/' . $name, 128, 128, 'tp-files/tp-articles/illustrations/s_' . $name); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET illustration = {string:ill} WHERE id = {int:artid} LIMIT 1', array('ill' => 's_' . $name, 'artid' => $where)); } // check if uploadad picture if (isset($_FILES['qup_tp_article_body']) && file_exists($_FILES['qup_tp_article_body']['tmp_name'])) { $name = TPuploadpicture('qup_tp_article_body', $context['user']['id'] . 'uid'); tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name); } $options = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 11) == 'tp_article_' && !empty($where)) { $setting = substr($what, 11); if ($setting == 'authorid') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET author_id = {int:auth} WHERE id = {int:artid} LIMIT 1', array('auth' => $value, 'artid' => $where)); } elseif ($setting == 'idtheme') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET id_theme = {int:id_theme} WHERE id = {int:artid} LIMIT 1', array('id_theme' => $value, 'artid' => $where)); } elseif ($setting == 'subject') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET subject = {string:subject} WHERE id = {int:artid} LIMIT 1', array('subject' => $value, 'artid' => $where)); } elseif ($setting == 'shortname') { $value = htmlspecialchars(str_replace(' ', '-', $value), ENT_QUOTES); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET shortname = {string:shortname} WHERE id = {int:artid} LIMIT 1', array('shortname' => $value, 'artid' => $where)); } elseif ($setting == 'category') { // for the event, get the allowed $request = $smcFunc['db_query']('', ' SELECT value3 FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $value)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $allowed = $row['value3']; $smcFunc['db_free_result']($request); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET category = {int:cat} WHERE id = {int:artid} LIMIT 1', array('cat' => $value, 'artid' => $where)); } elseif (in_array($setting, array('body', 'intro'))) { // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['tp_article_body_mode']) && isset($_REQUEST['tp_article_body'])) { require_once $sourcedir . '/Subs-Editor.php'; $_REQUEST['tp_article_body'] = html_to_bbc($_REQUEST['tp_article_body']); // We need to unhtml it now as it gets done shortly. $_REQUEST['tp_article_body'] = un_htmlspecialchars($_REQUEST['tp_article_body']); // We need this for everything else. if ($setting == 'body') { $value = $_POST['tp_article_body'] = $_REQUEST['tp_article_body']; } elseif ($settings == 'intro') { $value = $_POST['tp_article_intro'] = $_REQUEST['tp_article_intro']; } } // in case of HTML article we need to check it if (isset($_POST['tp_article_body_pure']) && isset($_POST['tp_article_body_choice'])) { if ($_POST['tp_article_body_choice'] == 0) { if ($setting == 'body') { $value = $_POST['tp_article_body_pure']; } elseif ($setting == 'intro') { $value = $_POST['tp_article_intro']; } } // save the choice too $request = $smcFunc['db_query']('', ' SELECT id FROM {db_prefix}tp_variables WHERE subtype2 = {int:sub2} AND type = {string:type} LIMIT 1', array('sub2' => $where, 'type' => 'editorchoice')); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE subtype2 = {int:sub2} AND type = {string:type}', array('val1' => $_POST['tp_article_body_choice'], 'sub2' => $where, 'type' => 'editorchoice')); } else { $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'type' => 'string', 'subtype2' => 'int'), array($_POST['tp_article_body_choice'], 'editorchoice', $where), array('id')); } } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET ' . $setting . ' = {string:val} WHERE id = {int:artid} LIMIT 1', array('val' => $value, 'artid' => $where)); } elseif (in_array($setting, array('day', 'month', 'year', 'minute', 'hour', 'timestamp'))) { $timestamp = mktime($_POST['tp_article_hour'], $_POST['tp_article_minute'], 0, $_POST['tp_article_month'], $_POST['tp_article_day'], $_POST['tp_article_year']); if (!isset($savedtime)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET date = {int:date} WHERE id = {int:artid} LIMIT 1', array('date' => $timestamp, 'artid' => $where)); } $savedtime = 1; } elseif (in_array($setting, array('pubstartday', 'pubstartmonth', 'pubstartyear', 'pubstartminute', 'pubstarthour', 'pub_start'))) { // are all zero? then skip if (empty($_POST['tp_article_pubstarthour']) && empty($_POST['tp_article_pubstartminute']) && empty($_POST['tp_article_pubstartmonth']) && empty($_POST['tp_article_pubstartday']) && empty($_POST['tp_article_pubstartyear'])) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_start = {int:start} WHERE id = {int:artid} LIMIT 1', array('start' => 0, 'artid' => $where)); } else { $timestamp = mktime($_POST['tp_article_pubstarthour'], $_POST['tp_article_pubstartminute'], 0, $_POST['tp_article_pubstartmonth'], $_POST['tp_article_pubstartday'], $_POST['tp_article_pubstartyear']); } if (!isset($pubstart)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_start = {int:start} WHERE id = {int:artid} LIMIT 1', array('start' => $timestamp, 'artid' => $where)); } $pubstart = 1; } elseif (in_array($setting, array('pubendday', 'pubendmonth', 'pubendyear', 'pubendminute', 'pubendhour', 'pub_start'))) { // are all zero? then skip if (empty($_POST['tp_article_pubendhour']) && empty($_POST['tp_article_pubendminute']) && empty($_POST['tp_article_pubendmonth']) && empty($_POST['tp_article_pubendday']) && empty($_POST['tp_article_pubendyear'])) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_end = {int:end} WHERE id = {int:artid} LIMIT 1', array('end' => 0, 'artid' => $where)); } else { $timestamp = mktime($_POST['tp_article_pubendhour'], $_POST['tp_article_pubendminute'], 0, $_POST['tp_article_pubendmonth'], $_POST['tp_article_pubendday'], $_POST['tp_article_pubendyear']); } if (!isset($pubend)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_end = {int:end} WHERE id = {int:artid} LIMIT 1', array('end' => $timestamp, 'artid' => $where)); } $pubend = 1; } elseif (substr($setting, 0, 8) == 'options_') { if (substr($setting, 0, 19) == 'options_lblockwidth' || substr($setting, 0, 19) == 'options_rblockwidth') { $options[] = substr($setting, 8) . $value; } else { $options[] = substr($setting, 8); } } elseif (in_array($setting, array('body_mode', 'intro_mode', 'illupload', 'body_pure', 'body_choice'))) { // ignore it continue; } elseif ($setting == 'approved') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET approved = {int:approved} WHERE id = {int:artid} LIMIT 1', array('approved' => $value, 'artid' => $where)); if ($value == 1) { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_variables WHERE type = {string:type} AND value5 = {int:val5}', array('type' => 'art_not_approved', 'val5' => $where)); } elseif ($new) { $smcFunc['db_insert']('replace', '{db_prefix}tp_variables', array('type' => 'string', 'value5' => 'int'), array('art_not_approved', $where), array('id')); } } else { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET ' . $setting . ' = {string:val} WHERE id = {int:artid} LIMIT 1', array('val' => $value, 'artid' => $where)); } } } // if this was a new article if ($_POST['tp_article_approved'] == 1 && $_POST['tp_article_off'] == 0) { tp_recordevent($timestamp, $_POST['tp_article_authorid'], 'tp-createdarticle', 'page=' . $where, 'Creation of new article.', isset($allowed) ? $allowed : 0, $where); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET options = {string:opt} WHERE id = {int:artid} LIMIT 1', array('opt' => implode(',', $options), 'artid' => $where)); } } else { return; } }
function TPortal_phpbox() { global $context; // execute what is in the block, no echoing if (!empty($context['TPortal']['phpboxbody'])) { } eval(tp_convertphp($context['TPortal']['phpboxbody'], true)); }