function RenderBody() { global $currentUser; if (!$currentUser || !$currentUser->CanPostInBBS()) return; echo "<form action='add.php' method='post' id='frmBBSPost'>\n"; $csrf = new CSRFProtect(); $csrf->PrintToken(); echo "<div class='content'>\n"; echo " <input type='hidden' name='which' value='".(int)$this->topic."'>\n"; echo " <input type='hidden' name='type' value='post'>\n"; echo " message:\n"; echo " <textarea name='message' id='message'>"; if ($this->topic == FIXMETHREAD_ID && $_GET["from"]) printf("There is a problem with [url=%sprod.php?which=%d]this prod[/url]: ...",POUET_ROOT_URL,$_GET["from"]); echo "</textarea>\n"; echo " <div><a href='faq.php#BB Code'><b>BB Code</b></a> is allowed here</div>\n"; echo "</div>\n"; echo "<div class='foot'>\n"; echo " <script language='JavaScript' type='text/javascript'>\n"; echo " <!--\n"; echo " document.observe('dom:loaded',function(){ AddPreviewButton($('submit')); });\n"; echo " //-->\n"; echo " </script>\n"; echo " <input type='submit' value='Submit' id='submit'>"; echo "</div>\n"; echo "</form>\n"; }
function RenderFooter() { echo " <div class='foot'>"; echo " <form action='".$_SERVER["REQUEST_URI"]."' method='post'>"; $csrf = new CSRFProtect(); $csrf->PrintToken(); echo " <input name='logoID' type='hidden' value='".(int)$this->logo->id."'/>"; echo " <input name='submit' type='submit' value='rulez'/>"; echo " <input name='submit' type='submit' value='sucks'/>"; echo " </form>\n"; echo " </div>\n"; echo "</div>\n"; }
function RenderBody() { global $currentUser; if (!get_login_id()) { require_once("box-login.php"); $box = new PouetBoxLogin(); $box->RenderBody(); } else { if (!$currentUser->CanPostInBBS()) return; echo "<form action='add.php' method='post'>\n"; $csrf = new CSRFProtect(); $csrf->PrintToken(); echo "<div class='content'>\n"; echo " <input type='hidden' name='type' value='bbs'>\n"; echo " <label for='topic'>topic:</label>\n"; echo " <input name='topic' id='topic'/>\n"; echo " <label for='category'>category:</label>\n"; echo " <select name='category' id='category'>\n"; foreach($this->categories as $v) printf("<option value='%s'>%s</option>",_html($v),_html($v)); echo " </select>\n"; echo " <label for='message'>message:</label>\n"; echo " <textarea name='message' id='message'></textarea>\n"; echo " <div><a href='faq.php#BB Code'><b>BB Code</b></a> is allowed here</div>\n"; echo "</div>\n"; echo "<div class='foot'>\n"; echo " <script language='JavaScript' type='text/javascript'>\n"; echo " <!--\n"; echo " document.observe('dom:loaded',function(){ AddPreviewButton($('submit')); });\n"; echo " //-->\n"; echo " </script>\n"; echo " <input type='submit' value='Submit' id='submit'>"; echo "</div>\n"; echo "</form>\n"; } }
function Render() { global $currentUser; echo "\n\n"; echo "<div class='pouettbl' id='".$this->uniqueID."'>\n"; echo "<h2>i'm gonna wreck it !</h2>\n"; echo "<ul class='boxlist'>\n"; $actions = array( "recacheFrontPagePartial" => "flush front page cache", "recacheFrontPage" => "flush entire front page cache", "recacheTopDemos" => "recalculate top demo list", ); foreach($actions as $k=>$v) { echo " <li>"; echo "<form method='post'>"; $csrf = new CSRFProtect(); $csrf->PrintToken(); echo _html($v).": "; $func = "PouetAdmin_".$k."_Form"; if (function_exists($func)) $func(); echo "<input name='".$k."' type='submit' value='submit'/>"; echo "</form>"; echo "</li>\n"; } echo " <li><a href='admin_modification_requests.php'>process modification requests</a></li>"; if ($currentUser->IsModerator()) { echo " <li><a href='admin_faq.php'>edit faq items</a></li>"; } echo "</ul>\n"; echo "</div>\n"; }
function RenderAverage() { $p = "isok"; if ($this->prod->voteavg < 0) $p = "sucks"; if ($this->prod->voteavg > 0) $p = "rulez"; echo "<ul id='avgstats'>"; echo "<li><img src='".POUET_CONTENT_URL."gfx/".$p.".gif' alt='".$p."' /> ".sprintf("%.2f",$this->prod->voteavg)."</li>\n"; $cdcs = count($this->userCDCs); if ($this->isPouetCDC) $cdcs++; if ($cdcs) { echo "<li><img src='".POUET_CONTENT_URL."gfx/titles/coupdecoeur.gif' alt='cdcs' /> ".$cdcs."</li>\n"; } global $currentUser; if ($currentUser) { echo "<li>"; echo "<form action='prod.php?which=".$this->prod->id."' method='post' id='watchlistFrm'>"; $csrf = new CSRFProtect(); $csrf->PrintToken(); $row = SQLLib::SelectRow(sprintf_esc("select * from watchlist where prodID = %d and userID = %d",$this->prod->id,$currentUser->id)); if ($row) { echo "<input type='hidden' name='wlAction' value='removeFromWatchlist'>"; echo "<input type='submit' value='remove from watchlist' class='remove'/>"; } else { echo "<input type='hidden' name='wlAction' value='addToWatchlist'>"; echo "<input type='submit' value='add to watchlist' class='add'/>"; } echo "</form>"; ?> <script type="text/javascript"> <!-- document.observe("dom:loaded",function(){ $("watchlistFrm").observe("submit",function(e){ e.stop(); var opt = Form.serializeElements( $("watchlistFrm").select("input"), {hash:true} ); opt["partial"] = true; new Ajax.Request( $("watchlistFrm").action, { method: "post", parameters: opt, onSuccess: function(transport) { if (transport.responseText.length) { fireSuccessOverlay( opt["wlAction"] == "addToWatchlist" ? "added to watchlist !" : "removed from watchlist !" ); $("watchlistFrm").update( transport.responseText ); } else { fireErrorOverlay(); } } }); }); }); //--> </script> <? echo "</li>\n"; } echo "</ul>"; printf("<div id='alltimerank'>alltime top: %s</div>",$this->prod->rank ? "#".(int)$this->prod->rank : "n/a"); }
function Render() { global $REQUESTTYPES; echo "<table id='".$this->uniqueID."' class='boxtable'>\n"; echo " <tr>\n"; echo " <th colspan='6'>".$this->title."</th>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <th>date</th>\n"; echo " <th>user</th>\n"; echo " <th>item</th>\n"; echo " <th>request</th>\n"; echo " <th>details</th>\n"; echo " <th> </th>\n"; echo " </tr>\n"; foreach($this->requests as $r) { echo " <tr>\n"; echo " <td>".$r->requestDate."</td>\n"; echo " <td>".$r->user->PrintLinkedAvatar()." ".$r->user->PrintLinkedName()."</td>\n"; echo " <td>".$r->itemType.": "; switch ($r->itemType) { case "prod": if ($r->prod) echo $r->prod->RenderSingleRowShort(); } echo "</td>\n"; echo " <td>".$REQUESTTYPES[$r->requestType]::Describe()."</td>\n"; echo " <td>"; $data = unserialize($r->requestBlob); global $REQUESTTYPES; if ($REQUESTTYPES[$r->requestType]) echo $REQUESTTYPES[$r->requestType]::Display($r->itemID,$data); echo "</td>\n"; echo "<td>"; printf("<form action='%s' method='post' enctype='multipart/form-data'>\n",_html(selfPath())); $csrf = new CSRFProtect(); $csrf->PrintToken(); printf(" <input type='hidden' name='requestID' value='%d'/>",$r->id); printf(" <input type='submit' name='requestAccept' value='accept !'/>"); printf(" <input type='submit' name='requestDeny' value='deny !'/>"); printf(" <input type='hidden' name='%s' value='%s'/>\n",PouetFormProcessor::fieldName,"adminModReq"); printf("</form>\n\n\n"); echo "</td>\n"; echo " </tr>\n"; } echo "</table>\n"; ?> <script type="text/javascript"> <!-- document.observe("dom:loaded",function(){ $$("#pouetbox_adminreq input[type='submit']").invoke("observe","click",function(e){ e.element().setAttribute("clicked","true"); }); $$("#pouetbox_adminreq form").invoke("observe","submit",function(e){ e.stop(); var reqAction = e.element().select("input[type='submit'][clicked='true']").first().name; var reason = null; if (reqAction == "requestDeny") { reason = prompt("Enter the reason why you want to deny this request"); if (reason == null || !reason.length) return; } e.element().select("input[type='submit']").invoke("setAttribute","disabled",true); var opt = Form.serializeElements( e.element().select("input[type='hidden']"), {hash:true} ); opt["partial"] = true; opt["comment"] = reason; opt[ reqAction ] = true; new Ajax.Request( e.element().action, { method: e.element().method, parameters: opt, onSuccess: function(transport) { if (transport.responseJSON.success) { e.element().up("tr").remove(); fireSuccessOverlay( transport.responseJSON.success == "accepted" ? "request accepted !" : "request denied !"); } else { fireErrorOverlay( transport.responseJSON.errors.join("<br/>") ); } } }); }); }); //--> </script> <? }
function RenderEditRowEnd($row) { echo "<td>"; $csrf = new CSRFProtect(); $csrf->PrintToken(); if ($row->id) echo "<input type='hidden' name='edit".static::$slug."ID' value='".$row->id."'/>"; echo "<input type='submit' value='Submit'/>"; echo "</td>\n"; }
function Display() { $showBox = true; if (count($this->errors)) { $msg = new PouetBoxModalMessage( true ); $msg->classes[] = "errorbox"; $msg->title = "An error has occured:"; $msg->message = "<ul><li>".implode("</li><li>",$this->errors)."</li></ul>"; $msg->Render(); } else { if ($_POST[ self::fieldName ] && $this->objects[$_POST[ self::fieldName ]]) { $msg = new PouetBoxModalMessage( true ); $msg->classes[] = "successbox"; $msg->title = "Success!"; if ($this->successURL) $msg->message = "<a href='"._html($this->successURL)."'>".$this->successMessage."</a>"; else $msg->message = "<a href='".POUET_ROOT_URL."'>go back to the front page</a>"; $msg->Render(); $showBox = false; } } if ($showBox) { foreach($this->objects as $key=>$object) { $object->Load(); if ($this->renderForm) { printf("<form action='%s' method='post' enctype='multipart/form-data'>\n",_html(selfPath())); $csrf = new CSRFProtect(); $csrf->PrintToken(); } $object->Render(); if ($this->renderForm) { printf(" <input type='hidden' name='%s' value='%s'/>\n",self::fieldName,_html($key)); printf("</form>\n\n\n"); } } } }
} break; case "bbs": { $box = new PouetBoxBBSOpen(); $thing = "bbs"; $data = $_POST["message"]; $message->returnPage = "index.php"; } break; default: { $message->message = "not implemented!"; } break; } } if ($box) { $csrf = new CSRFProtect(); if (!$csrf->ValidateToken()) { $message->classes[] = "errorbox"; $message->message = "who are you and where did you come from ?"; } else { $errormessage = $box->ParsePostMessage($_POST); if (!$errormessage) { $message->title = "You've successfully added the following ".$thing.":"; $message->message = $data; if ($box instanceof PouetBoxCachable) $box->ForceCacheUpdate(); } else { $message->classes[] = "errorbox";
function RenderFooter() { global $currentUser; if (!$currentUser) { echo " <div class='foot'><a href='oneliner.php'>more</a>...</div>\n"; } else { //$funnytext = "have fun"; //$funnytext = "get a cookie coz u'll need one to post"; //$funnytext = "demo my ipod me beautiful!"; //$funnytext = "bbcode and unicode doesnt work on oneliner"; //$funnytext = "Most people including myself have some sensibility"; //$funnytext = "### song, people dancing ###"; //$funnytext = "PANTS OFF!"; //$funnytext = "The world may now !"; //$funnytext = "Captain: I'm in Mensa."; //$funnytext = "SHOW US YOUR"; //$funnytext = "remember: NO CAPES!"; //$funnytext = "NO THURSDAY ARRIVALS!"; //$funnytext = "if garfield was a criminal, we would purchase him until afghanistan."; //$funnytext = "crashes indeed.. but wow! NOOON.."; //$funnytext = "time is to unicode on the onliner"; $funnytext = "pou\303\253t 2.0: \303\274nic\303\270de \320\270ow \321\210\305\221rks in the \317\203neli\316\256er"; echo " <div class='foot loggedin'>\n"; echo " <span><a href='oneliner.php'>more</a>...</span>\n"; echo " <form id='frmIndexOneliner' action='add.php' method='post'>\n"; $csrf = new CSRFProtect(); $csrf->PrintToken(); echo " <input type='hidden' name='type' value='oneliner'>\n"; // we dont use placeholder="" because we want people to be able to post the default nonsense echo " <input type='text' name='message' value='"._html($funnytext)."' id='onelinermsg' maxlength='300'/>\n"; echo " <input type='submit' value='Submit'/>\n"; echo " </form>\n"; echo " </div>\n"; ?> <script type="text/javascript"> var onelinerClicked = false; $("onelinermsg").observe("focus",function(){ if (!onelinerClicked) $("onelinermsg").value = ""; onelinerClicked = true; }); $("frmIndexOneliner").observe("submit",function(ev){ if ($("onelinermsg").value.indexOf("[url")!=-1) { alert("BBCode doesn't work in the oneliner!"); ev.stop(); } }); </script> <? } echo "</div>\n"; }
function RenderBody() { global $currentUser; if (!$currentUser) { require_once("box-login.php"); $box = new PouetBoxLogin(); $box->RenderBody(); } else { if (!$currentUser->CanPostInProdComments()) return; echo "<form action='add.php' method='post' id='frmProdComment'>\n"; $csrf = new CSRFProtect(); $csrf->PrintToken(); echo "<div class='content'>\n"; echo " <input type='hidden' name='which' value='".(int)$this->prod."'>\n"; echo " <input type='hidden' name='type' value='comment'>\n"; if (!$this->myVote) { echo " <div id='prodvote'>\n"; echo " this prod\n"; echo " <input type='radio' name='rating' id='ratingrulez' value='rulez'/> <label for='ratingrulez'>rulez</label>\n"; echo " <input type='radio' name='rating' id='ratingpig' value='isok' checked='true'/> <label for='ratingpig'>is ok</label>\n"; echo " <input type='radio' name='rating' id='ratingsucks' value='sucks'/> <label for='ratingsucks'>sucks</label>\n"; echo " </div>\n"; } echo " <textarea name='comment' id='comment'></textarea>\n"; echo " <div><a href='faq.php#BB Code'><b>BB Code</b></a> is allowed here</div>\n"; echo "</div>\n"; echo "<div class='foot'>\n"; echo " <input type='submit' value='Submit' id='submit'>"; echo "</div>\n"; echo "</form>\n"; ?> <script language="JavaScript" type="text/javascript"> <!-- document.observe("dom:loaded",function(){ $$(".tools").each(function(item){ var cid = item.readAttribute("data-cid"); item.update("<a href='#'>quote</a> |"); item.down("a").observe("click",function(e){ e.stop(); new Ajax.Request("ajax_prodcomment.php",{ "method":"post", "parameters":$H({"id":cid}).toQueryString(), "onSuccess":function(transport){ $("comment").value += "[quote]" + transport.responseJSON.comment.strip() + "[/quote]"; try { $("comment").scrollTo(); } catch(ex) {} // needs try-catch because of some dumbass popup blockers } }); }); }); AddPreviewButton($('submit')); PreparePostForm( $$("#pouetbox_prodpost form").first() ); }); //--> </script> <? } }