/**
* Display 'Entry' page.
*/
function pageEntry()
{
global $PIVOTX;
// check if the user has the required userlevel to view this page.
$PIVOTX['session']->minLevel(PIVOTX_UL_NORMAL);
if ($_GET['uid'] == "") {
$PIVOTX['template']->assign('title', __('New Entry'));
} else {
$PIVOTX['template']->assign('title', __('Edit Entry'));
}
$currentuser = $PIVOTX['users']->getUser($PIVOTX['session']->currentUsername());
if (!empty($_GET['uid'])) {
// Editing an entry.. Get it from the DB..
$entry = $PIVOTX['db']->read_entry(intval($_GET['uid']));
$PIVOTX['events']->add('edit_entry', intval($_GET['uid']), $entry['title']);
if (!$PIVOTX['users']->allowEdit('entry', $entry['user'])) {
$PIVOTX['template']->assign('heading', __("PivotX encountered an error"));
$PIVOTX['template']->assign('html', "<p>" . __("You are not allowed to edit this entry.") . "</p>");
renderTemplate('generic.tpl');
return;
}
// Make sure we tweak the </textarea> in the intro or body text (since
// that would break our own textarea, if we didn't)..
$entry['introduction'] = str_replace("<textarea", "<textarea", $entry['introduction']);
$entry['introduction'] = str_replace("</textarea", "</textarea", $entry['introduction']);
$entry['body'] = str_replace("<textarea", "<textarea", $entry['body']);
$entry['body'] = str_replace("</textarea", "</textarea", $entry['body']);
// If the entry was written in 'convert LB', 'textile' or 'markdown', and is now
// being edited in 'Plain XHTML' or 'WYSIWYG', we must convert it.
if (($entry['convert_lb'] == "1" || $entry['convert_lb'] == "2" || $entry['convert_lb'] == "3") && ($currentuser['text_processing'] == "0" || $currentuser['text_processing'] == "5")) {
$entry['introduction'] = parse_intro_or_body($entry['introduction'], false, $entry['convert_lb'], true);
$entry['body'] = parse_intro_or_body($entry['body'], false, $entry['convert_lb'], true);
}
// Otherwise, if the entry was written in 'Plain XHTML' or 'WYSIWYG', and is now
// being edited in 'convert LB', 'textile' or 'markdown', there is not much more we
// can do than strip out the <p> and <br/> tags to replace with linebreaks.
if (($entry['convert_lb'] == "0" || $entry['convert_lb'] == "5") && ($currentuser['text_processing'] == "1" || $currentuser['text_processing'] == "2" || $currentuser['text_processing'] == "3")) {
$entry['introduction'] = unparse_intro_or_body($entry['introduction']);
$entry['body'] = unparse_intro_or_body($entry['body']);
}
list($entry['link'], $entry['link_end']) = explode($entry['uri'], $entry['link']);
} else {
// Make a new entry.
$entry = array();
if ($PIVOTX['config']->get('default_category') != "") {
$entry['category'] = array($PIVOTX['config']->get('default_category'));
}
if ($PIVOTX['config']->get('allow_comments') != "") {
$entry['allow_comments'] = $PIVOTX['config']->get('allow_comments');
}
if ($PIVOTX['config']->get('default_post_status') != "") {
$entry['status'] = $PIVOTX['config']->get('default_post_status');
}
$entry['user'] = $currentuser['username'];
$entry['link'] = makeFileLink(array('uri' => 'xxx', 'date' => date("Y-m-d-H-i-s")), "", "");
list($entry['link'], $entry['link_end']) = explode('xxx', $entry['link']);
}
// Make sure we only show the allowed categories.. Superadmins can always
// see and use all categories..
$categories = $PIVOTX['categories']->getCategories();
if ($currentuser['userlevel'] < PIVOTX_UL_SUPERADMIN) {
$allowedcats = $PIVOTX['categories']->allowedCategories($currentuser['username']);
foreach ($categories as $key => $value) {
if (!in_array($value['name'], $allowedcats)) {
unset($categories[$key]);
}
}
}
if ($_SERVER['REQUEST_METHOD'] == "GET") {
// Ignore URI if we aren't using mod_rewrite.
if ($PIVOTX['config']->get('mod_rewrite') == 0) {
unset($entry['uri']);
}
$PIVOTX['extensions']->executeHook('entry_edit_beforeedit', $entry);
// Show the screen..
$PIVOTX['template']->assign('entry', $entry);
$PIVOTX['template']->assign('categories', $categories);
$PIVOTX['template']->assign('pivotxsession', $PIVOTX['session']->getCSRF());
$PIVOTX['template']->assign('users', $PIVOTX['users']->getUsers());
$PIVOTX['template']->assign('entryuser', $PIVOTX['users']->getUser($entry['user']));
renderTemplate('editentry.tpl');
} else {
if ($_POST['code'] != $_GET['uid']) {
$PIVOTX['events']->add('fatal_error', intval($_GET['uid']), "Tried to fake editing an entry");
echo "Code is wrong! B0rk!";
die;
}
// Make sure the current user is properly logged in, and that the request is legitimate
$PIVOTX['session']->checkCSRF($_POST['pivotxsession']);
// Sanitize the $_POST into an entry we can store
$entry = sanitizePostedEntry($entry);
$PIVOTX['extensions']->executeHook('entry_edit_beforesave', $entry);
$entry = $PIVOTX['db']->set_entry($entry);
if ($PIVOTX['db']->save_entry(TRUE)) {
$PIVOTX['messages']->addMessage(sprintf(__('Your entry "%s" was successfully saved.'), '<em>' . trimText($entry['title'], 25) . '</em>'));
$PIVOTX['extensions']->executeHook('entry_edit_aftersave', $entry);
} else {
$PIVOTX['messages']->addMessage(sprintf(__('Your entry "%s" was NOT successfully saved.'), '<em>' . trimText($entry['title'], 25) . '</em>'));
$PIVOTX['extensions']->executeHook('entry_edit_aftersave_failed', $entry);
}
// Remove the compiled/parsed pages from the cache.
if ($PIVOTX['config']->get('smarty_cache')) {
$PIVOTX['template']->clear_cache();
}
// only trigger the ping if it's a new entry..
if ($entry['code'] == ">" && $entry['status'] == "publish") {
$ping = TRUE;
} else {
$ping = FALSE;
}
// only notify if entry is published, and is either new or status changed to publish.
if ($entry['status'] == "publish" && !$PIVOTX['config']->get('disable_new_entry_notifications')) {
if ($entry['code'] == ">" || $entry['oldstatus'] != "publish") {
$notified = sendMailNotification('entry', $PIVOTX['db']->entry);
$notified = "<br /><br />" . $notified;
}
}
// perhaps send a trackback ping.
if ($_POST['tb_url'] != "" && $entry['status'] == "publish") {
require_once 'includes/send_trackback.php';
$weblogs = $PIVOTX['weblogs']->getWeblogsWithCat($PIVOTX['db']->entry['category']);
$entry_url = $PIVOTX['paths']['host'] . makeFileLink($PIVOTX['db']->entry['code'], $weblogs[0], '');
$weblogdata = $PIVOTX['weblogs']->getWeblog($weblogs[0]);
$weblog_title = $weblogdata['name'];
$excerpt = parse_intro_or_body($entry['introduction'], false, $entry['convert_lb']);
$excerpt = trimText(strip_tags($excerpt), 255);
$tb_urls = explode("\n", $_POST['tb_url']);
foreach ($tb_urls as $tb_url) {
$tb_url = trim($tb_url);
if (isUrl($tb_url)) {
$PIVOTX['messages']->addMessage(sprintf(__('A trackback ping has been sent to "%s".'), $tb_url));
trackback_send($tb_url, $entry_url, $entry['title'], $weblog_title, $excerpt);
}
}
}
// TODO: check input for valid categories for user
// If we use 'save and continue' on a new Entry, we need to redirect to the page
// for editing, or we can stop displaying stuff here.. We redirect to
// that entry, because otherwise we would end up with several double entries.
if ($_POST['postedfrom'] == "continue") {
if ($_POST['code'] == "") {
// New entry..
echo "<script type='text/javascript'>";
echo "window.top.location.href ='index.php?page=entry&uid=" . $PIVOTX['db']->entry['uid'] . "';";
echo "</script>";
} else {
// nothing..
}
} else {
// Redirect to the listing page
header('Location: ' . makeAdminPageLink('entries'));
exit;
}
}
}
/**
* Function: add
* Adds a post to the database.
*
* Most of the function arguments will fall back to various POST values.
*
* Calls the @add_post@ trigger with the inserted post and extra options.
*
* Note: The default parameter values are empty here so that the fallbacks work properly.
*
* Parameters:
* $values - The data to insert.
* $clean - The sanitized URL (or empty to default to "(feather).(new post's id)").
* $url - The unique URL (or empty to default to "(feather).(new post's id)").
* $feather - The feather to post as.
* $user - <User> to set as the post's author.
* $pinned - Pin the post?
* $status - Post status
* $created_at - New @created_at@ timestamp for the post.
* $updated_at - New @updated_at@ timestamp for the post, or @false@ to not updated it.
* $trackbacks - URLs separated by " " to send trackbacks to.
* $pingbacks - Send pingbacks?
* $options - Options for the post.
*
* Returns:
* The newly created <Post>.
*
* See Also:
* <update>
*/
static function add($values = array(), $clean = "", $url = "", $feather = null, $user = null, $pinned = null, $status = "", $created_at = null, $updated_at = null, $trackbacks = "", $pingbacks = true, $options = array())
{
$user_id = $user instanceof User ? $user->id : $user;
$sql = SQL::current();
$visitor = Visitor::current();
$trigger = Trigger::current();
fallback($feather, oneof(@$_POST['feather'], ""));
fallback($user_id, oneof(@$_POST['user_id'], Visitor::current()->id));
fallback($pinned, !empty($_POST['pinned']));
fallback($status, isset($_POST['draft']) ? "draft" : oneof(@$_POST['status'], "public"));
fallback($created_at, (!empty($_POST['created_at']) and (!isset($_POST['original_time']) or $_POST['created_at'] != $_POST['original_time'])) ? datetime($_POST['created_at']) : datetime());
fallback($updated_at, oneof(@$_POST['updated_at'], null));
fallback($trackbacks, oneof(@$_POST['trackbacks'], ""));
fallback($options, oneof(@$_POST['option'], array()));
if (isset($clean) and !isset($url)) {
$url = self::check_url($clean);
}
if (isset($_POST['bookmarklet'])) {
$trigger->filter($values, "bookmarklet_submit_values");
$trigger->filter($options, "bookmarklet_submit_options");
}
$new_values = array("feather" => $feather, "user_id" => $user_id, "pinned" => (int) $pinned, "status" => $status, "clean" => $clean, "url" => $url, "created_at" => $created_at, "updated_at" => $updated_at);
$trigger->filter($new_values, "before_add_post");
$sql->insert("posts", $new_values);
$id = $sql->latest("posts");
if (empty($clean) or empty($url)) {
$sql->update("posts", array("id" => $id), array("clean" => $feather . "." . $id, "url" => $feather . "." . $id));
}
# Insert the post attributes.
foreach (array_merge($values, $options) as $name => $value) {
$sql->insert("post_attributes", array("post_id" => $id, "name" => $name, "value" => $value));
}
$post = new self($id, array("drafts" => true));
if ($trackbacks !== "") {
$trackbacks = explode(",", $trackbacks);
$trackbacks = array_map("trim", $trackbacks);
$trackbacks = array_map("strip_tags", $trackbacks);
$trackbacks = array_unique($trackbacks);
$trackbacks = array_diff($trackbacks, array(""));
foreach ($trackbacks as $url) {
trackback_send($post, $url);
}
}
if (Config::current()->send_pingbacks and $pingbacks) {
foreach ($values as $key => $value) {
send_pingbacks($value, $post);
}
}
$post->redirect = isset($_POST['bookmarklet']) ? url("/admin/?action=bookmarklet&done") : $post->url();
$trigger->call("add_post", $post, $options);
return $post;
}
/**
* The screen you'll see after submitting an entry. It stores the entry, updates the indices (pivot's
* content indices, and the search index), rebuilds the frontpage and XML & Atom feeds, and then it
* displays a list of the latest entries.
*
*/
function entrysubmit_screen()
{
global $db, $config_array, $Pivot_Vars, $entry, $Cfg, $Users, $Paths, $Weblogs, $filtered_words;
// check against unauthorised direct access.
check_csrf();
$db = new db();
$entry = get_entry_from_post();
if (!$entry['title'] == "" || !$entry['introduction'] == "" || !$entry['user'] == "") {
// in this part, we remove the entry from the categories in which
// the current user is not allowed to post entries
foreach ($entry['category'] as $my_cat) {
$allowed = explode("|", $Cfg['cat-' . $my_cat]);
if (in_array($Pivot_Vars['user'], $allowed)) {
$allowed_cats[] = $my_cat;
} else {
$message .= '<br />';
$message .= sprintf(lang('entries', 'entry_catnopost'), $m_cat);
debug("not in category: " . $my_cat);
}
}
$entry['category'] = $allowed_cats;
$db->set_entry($entry);
if ($db->save_entry(TRUE)) {
$message = sprintf(lang('entries', 'entry_saved_ok') . $message, '<i>' . trimtext($entry['title'], 25) . '</i>');
} else {
$message = sprintf(lang('entries', 'entry_saved_ok'), '<i>' . trimtext($entry['title'], 25) . '</i>');
}
// only trigger the ping if it's a new entry..
if ($entry['code'] == ">" && $entry['status'] == "publish") {
$ping = TRUE;
} else {
$ping = FALSE;
}
// only notify if entry is published, and is either new or status changed to publish.
if ($entry['status'] == "publish") {
if ($entry['code'] == ">" || $entry['oldstatus'] != "publish") {
$notified = notify_new('entry', $db->entry);
$notified = "<br /><br />" . $notified;
}
}
// if the global index as they are made var is set - can continue
if ('1' == $Cfg['search_index']) {
/*
2004/10/16 =*=*= JM
an entry should only be indexed if both are true:
- 'publish'==$entry['status']
- current date is at least equal to $entry['publish_date']
I lie, there is another case...
it is conceivable that this is a timed publish AND the time has come
I will leave this to timed publish routines - if I can find them...
-> pvLib ... it's flagged
and of course, providing that there is at least one
category where it would be indexed...
something else that can't be tested... if the user changes a normal
publish to a timed-publish, or puts on hold when it was previously
normal. user should reindex in this case
*/
// check status and date
if ('publish' == $entry['status'] || 'timed' == $entry['status'] && $entry['publish_date'] <= date('Y-m-d-H-i')) {
// categories...
if (can_search_cats(cfg_cat_nosearchindex(), $entry['category'])) {
include_once 'modules/module_search.php';
update_index($db->entry);
debug('update search index: ' . $db->entry['code']);
}
}
}
// perhaps send a trackback ping.
if ($Pivot_Vars['tb_url'] != "" && $entry['status'] == "publish") {
debug("tburl: " . $Pivot_Vars['tb_url']);
require_once 'includes/send_trackback.php';
$weblogs = find_weblogs_with_cat($db->entry['category']);
if (isset($Weblogs[$weblogs[0]])) {
$my_url = $Paths['host'] . make_filelink($db->entry['code'], $weblogs[0], '');
$weblog_title = $Weblogs[$weblogs[0]]['name'];
debug("TRACKBACK ping: {$my_url}");
$message .= '<br />';
$message .= sprintf(lang('entries', 'entry_ping_sent'), $Pivot_Vars['tb_url']);
$tb_urls = explode("\n", $Pivot_Vars['tb_url']);
// make the contents of what to send with the trackback..
$tb_contents = parse_step4($entry['introduction']);
if ($Pivot_Vars['convert_lb'] == 2) {
$tb_contents = pivot_textile($tb_contents);
} else {
if ($Pivot_Vars['convert_lb'] == 3 || $Pivot_Vars['convert_lb'] == 4) {
$tb_contents = pivot_markdown($tb_contents, $Pivot_Vars['convert_lb']);
}
}
$tb_contents = trimtext(strip_tags($tb_contents), 255);
foreach ($tb_urls as $tb_url) {
$tb_url = trim($tb_url);
if (isurl($tb_url)) {
trackback_send($Pivot_Vars['tb_url'], $my_url, $entry['title'], $weblog_title, $tb_contents);
}
}
}
}
// Update the tags for this entry if it's published and remove the old tags if not
if ($db->entry['status'] == 'publish') {
writeTags($db->entry['keywords'], $_POST['f_keywords_old'], $db->entry['code']);
} else {
deleteTags($_POST['f_keywords_old'], $db->entry['code']);
}
}
generate_pages($db->entry['code'], TRUE, TRUE, TRUE, $ping);
entries_screen($message . $notified);
}
