/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
return PLG_RET_AUTH_FAILED;
}
require_once $_CONF['path_system'] . 'lib-comment.php';
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
// Store the first CATEGORY as the Topic ID
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
// - START: Set all the defaults -
/*
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid',
'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
} */
/* This is a solution for above but the above has issues
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topics selected or available';
return PLG_RET_ERROR;
}
*/
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
// - END: Set all the defaults -
// TEST CODE
/* foreach ($args as $k => $v) {
if (!is_array($v)) {
echo "$k => $v\r\n";
} else {
echo "$k => $v\r\n";
foreach ($v as $k1 => $v1) {
echo " $k1 => $v1\r\n";
}
}
}*/
// exit ();
// END TEST CODE
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
} else {
$args['sid'] = COM_makeSid();
}
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original story to check if it has been modified
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
// This function is also doing the security checks
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
// Check if topics selected if not prompt required field
if ($result == STORY_LOADED_OK) {
if (!TOPIC_checkTopicSelectionControl()) {
$result = STORY_EMPTY_REQUIRED_FIELDS;
}
}
switch ($result) {
case STORY_DUPLICATE_SID:
$output .= COM_errorLog($LANG24[24], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
return PLG_RET_ERROR;
break;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_EMPTY_REQUIRED_FIELDS:
$output .= COM_errorLog($LANG24[31], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output);
return PLG_RET_ERROR;
break;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new Upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $z . '.' . $fextension;
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$output .= '<li>' . $err . '</li>' . LB;
}
$output .= '</ul>' . LB;
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= storyeditor($sid);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s)
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_rdfUpToDateCheck('comment');
STORY_updateLastArticlePublished();
CMT_updateCommentcodes();
if ($story->type == 'submission') {
$output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
require_once $_CONF['path_system'] . 'lib-story.php';
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=85');
} else {
$retval = COM_refresh($storyurl . '&msg=85');
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
return $retval;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85'));
} else {
$retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85'));
}
return $retval;
}
function _createMailStory($sid)
{
global $_CONF, $_TABLES, $LANG_DIRECTION, $LANG01, $LANG08;
USES_lib_story();
$story = new Story();
$args = array('sid' => $sid, 'mode' => 'view');
$output = STORY_LOADED_OK;
$result = PLG_invokeService('story', 'get', $args, $output, $svc_msg);
if ($result == PLG_RET_OK) {
/* loadFromArray cannot be used, since it overwrites the timestamp */
reset($story->_dbFields);
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
if (array_key_exists($fieldname, $output)) {
$story->{$varname} = $output[$fieldname];
}
}
$story->_username = $output['username'];
$story->_fullname = $output['fullname'];
}
if ($output == STORY_PERMISSION_DENIED) {
$display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied'], true, 'error') . COM_siteFooter();
echo $display;
exit;
} elseif ($output == STORY_INVALID_SID) {
COM_404();
} else {
$T = new Template($_CONF['path_layout'] . 'article');
$T->set_file('article', 'mailable.thtml');
list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation();
$T->set_var('direction', $LANG_DIRECTION);
$T->set_var('css_url', $style_cache_url);
$T->set_var('page_title', $_CONF['site_name'] . ': ' . $story->displayElements('title'));
$T->set_var('story_title', $story->DisplayElements('title'));
$T->set_var('story_subtitle', $story->DisplayElements('subtitle'));
$story_image = $story->DisplayElements('story_image');
if ($story_image != '') {
$T->set_var('story_image', $story_image);
} else {
$T->unset_var('story_image');
}
if ($_CONF['hidestorydate'] != 1) {
$T->set_var('story_date', $story->displayElements('date'));
}
if ($_CONF['contributedbyline'] == 1) {
$T->set_var('lang_contributedby', $LANG01[1]);
$authorname = COM_getDisplayName($story->displayElements('uid'));
$T->set_var('author', $authorname);
$T->set_var('story_author', $authorname);
$T->set_var('story_author_username', $story->DisplayElements('username'));
}
$T->set_var('story_introtext', $story->DisplayElements('introtext'));
$T->set_var('story_bodytext', $story->DisplayElements('bodytext'));
$T->set_var('site_name', $_CONF['site_name']);
$T->set_var('site_slogan', $_CONF['site_slogan']);
$T->set_var('story_id', $story->getSid());
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
if ($story->DisplayElements('commentcode') >= 0) {
$commentsUrl = $articleUrl . '#comments';
$comments = $story->DisplayElements('comments');
$numComments = COM_numberFormat($comments);
$T->set_var('story_comments', $numComments);
$T->set_var('comments_url', $commentsUrl);
$T->set_var('comments_text', $numComments . ' ' . $LANG01[3]);
$T->set_var('comments_count', $numComments);
$T->set_var('lang_comments', $LANG01[3]);
$comments_with_count = sprintf($LANG01[121], $numComments);
if ($comments > 0) {
$comments_with_count = COM_createLink($comments_with_count, $commentsUrl);
}
$T->set_var('comments_with_count', $comments_with_count);
}
$T->set_var('lang_full_article', $LANG08[33]);
$T->set_var('article_url', $articleUrl);
COM_setLangIdAndAttribute($T);
$T->parse('output', 'article');
$htmlMsg = $T->finish($T->get_var('output'));
return $htmlMsg;
}
}
}
$story->_username = $output['username'];
$story->_fullname = $output['fullname'];
}
if ($output == STORY_PERMISSION_DENIED) {
$display .= COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . COM_siteFooter();
} elseif ($output == STORY_INVALID_SID) {
$display .= COM_refresh($_CONF['site_url'] . '/index.php');
} elseif ($mode == 'print' && $_CONF['hideprintericon'] == 0) {
$story_template = COM_newTemplate($_CONF['path_layout'] . 'article');
$story_template->set_file('article', 'printable.thtml');
if (XHTML != '') {
$story_template->set_var('xmlns', ' xmlns="http://www.w3.org/1999/xhtml"');
}
$story_template->set_var('direction', $LANG_DIRECTION);
$story_template->set_var('page_title', $story->DisplayElements('page_title'));
$story_template->set_var('story_title', $story->DisplayElements('title'));
header('Content-Type: text/html; charset=' . COM_getCharset());
if (!empty($_CONF['frame_options'])) {
header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']);
}
$story_template->set_var('story_date', $story->displayElements('date'));
if ($_CONF['contributedbyline'] == 1) {
$story_template->set_var('lang_contributedby', $LANG01[1]);
$authorname = COM_getDisplayName($story->displayElements('uid'));
$story_template->set_var('author', $authorname);
$story_template->set_var('story_author', $authorname);
$story_template->set_var('story_author_username', $story->DisplayElements('username'));
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$story->_fullname = $output['fullname'];
}
if ($output == STORY_PERMISSION_DENIED) {
$display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied'], true, 'error') . COM_siteFooter();
echo $display;
exit;
} elseif ($output == STORY_INVALID_SID) {
COM_404();
} elseif ($mode == 'print' && $_CONF['hideprintericon'] == 0) {
$story_template = new Template($_CONF['path_layout'] . 'article');
$story_template->set_file('article', 'printable.thtml');
list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation();
$story_template->set_var('direction', $LANG_DIRECTION);
$story_template->set_var('css_url', $style_cache_url);
$story_template->set_var('page_title', $_CONF['site_name'] . ': ' . $story->displayElements('title'));
$story_template->set_var('story_title', $story->DisplayElements('title'));
if ($_CONF['hidestorydate'] != 1) {
$story_template->set_var('story_date', $story->displayElements('date'));
}
if ($_CONF['contributedbyline'] == 1) {
$story_template->set_var('lang_contributedby', $LANG01[1]);
$authorname = COM_getDisplayName($story->displayElements('uid'));
$story_template->set_var('author', $authorname);
$story_template->set_var('story_author', $authorname);
$story_template->set_var('story_author_username', $story->DisplayElements('username'));
}
$story_template->set_var('story_introtext', $story->DisplayElements('introtext'));
$story_template->set_var('story_bodytext', $story->DisplayElements('bodytext'));
$story_template->set_var('site_name', $_CONF['site_name']);
$story_template->set_var('site_slogan', $_CONF['site_slogan']);
$story_template->set_var('story_id', $story->getSid());
}
$msql = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s LEFT JOIN {$_TABLES['users']} AS u ON s.uid=u.uid " . "LEFT JOIN {$_TABLES['topics']} AS t on s.tid=t.tid WHERE " . $sql . "ORDER BY featured DESC," . $orderBy . " LIMIT {$offset}, {$limit}";
$result = DB_query($msql);
$nrows = DB_numRows($result);
$data = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} AS s WHERE" . $sql);
$D = DB_fetchArray($data);
$num_pages = ceil($D['count'] / $limit);
$articleCounter = 0;
if ($A = DB_fetchArray($result)) {
$story = new Story();
$story->loadFromArray($A);
if ($_CONF['showfirstasfeatured'] == 1) {
$story->_featured = 1;
}
// display first article
if ($story->DisplayElements('featured') == 1) {
$pageBody .= STORY_renderArticle($story, 'y');
$pageBody .= PLG_showCenterblock(CENTERBLOCK_AFTER_FEATURED, $page, $topic);
} else {
$pageBody .= PLG_showCenterblock(CENTERBLOCK_AFTER_FEATURED, $page, $topic);
$pageBody .= STORY_renderArticle($story, 'y');
}
$articleCounter++;
// get remaining stories
while ($A = DB_fetchArray($result)) {
$pageBody .= PLG_displayAdBlock('story', $articleCounter);
$story = new Story();
$story->loadFromArray($A);
$pageBody .= STORY_renderArticle($story, 'y');
$articleCounter++;
}
$story->_fullname = $output['fullname'];
}
if ($output == STORY_PERMISSION_DENIED) {
$display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied'], true, 'error') . COM_siteFooter();
echo $display;
exit;
} elseif ($output == STORY_INVALID_SID) {
COM_404();
} elseif ($mode == 'print' && $_CONF['hideprintericon'] == 0) {
$story_template = new Template($_CONF['path_layout'] . 'article');
$story_template->set_file('article', 'printable.thtml');
list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation();
$story_template->set_var('direction', $LANG_DIRECTION);
$story_template->set_var('css_url', $style_cache_url);
$story_template->set_var('page_title', $_CONF['site_name'] . ': ' . $story->displayElements('title'));
$story_template->set_var('story_title', $story->DisplayElements('title'));
$story_template->set_var('story_subtitle', $story->DisplayElements('subtitle'));
$story_image = $story->DisplayElements('story_image');
if ($story_image != '') {
$story_template->set_var('story_image', $story_image);
} else {
$story_template->unset_var('story_image');
}
if ($_CONF['hidestorydate'] != 1) {
$story_template->set_var('story_date', $story->displayElements('date'));
}
if ($_CONF['contributedbyline'] == 1) {
$story_template->set_var('lang_contributedby', $LANG01[1]);
$authorname = COM_getDisplayName($story->displayElements('uid'));
$story_template->set_var('author', $authorname);
$story_template->set_var('story_author', $authorname);
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
/* Store the first CATEGORY as the Topic ID */
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
/* Apply filters to the parameters passed by the webservice */
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
/* - START: Set all the defaults - */
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
}
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
$args['alternate_id'] = NULL;
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
/* Permissions */
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
/* - END: Set all the defaults - */
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
/* First load the original story to check if it has been modified */
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
/* This function is also doing the security checks */
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
switch ($result) {
case STORY_DUPLICATE_SID:
if (!$args['gl_svc']) {
if (isset($args['type']) && $args['type'] == 'submission') {
$output .= STORY_edit($sid, 'moderate');
} else {
$output .= STORY_edit($sid, 'error');
}
}
return PLG_RET_ERROR;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_EMPTY_REQUIRED_FIELDS:
if (!$args['gl_svc']) {
$output .= STORY_edit($sid, 'error');
}
return PLG_RET_ERROR;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
$upload->setFieldName('file');
//@TODO - better error handling...
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$output .= COM_siteFooter();
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
$curfile['name'] = '';
if (isset($_FILES['file']['name'][$z])) {
$curfile['name'] = $_FILES['file']['name'][$z];
}
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
$ai_img_num++;
} else {
$filenames[] = '';
}
}
$upload->setFileNames($filenames);
$upload->uploadFiles();
//@TODO - better error handling
if ($upload->areErrors()) {
$retval = COM_siteHeader('menu', $LANG24[30]);
$retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$retval .= STORY_edit($sid, 'error');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
if ($filenames[$z] != '') {
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
}
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkImages();
if (count($errors) > 0) {
$output = COM_siteHeader('menu', $LANG24[54]);
$eMsg = $LANG24[55] . '<p>';
for ($i = 1; $i <= count($errors); $i++) {
$eMsg .= current($errors) . '<br />';
next($errors);
}
//@TODO - use return here...
$output .= COM_showMessageText($eMsg, $LANG24[54], true);
$output .= STORY_edit($sid, 'error');
$output .= COM_siteFooter();
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_olderStuff();
if ($story->type == 'submission') {
COM_setMessage(9);
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
$story->_username = $output['username'];
$story->_fullname = $output['fullname'];
}
if ($output == STORY_PERMISSION_DENIED) {
$display = COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied']);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_ACCESS['accessdenied']));
} elseif ($output == STORY_INVALID_SID) {
COM_handle404();
} elseif ($mode === 'print' && $_CONF['hideprintericon'] == 0) {
$story_template = COM_newTemplate($_CONF['path_layout'] . 'article');
$story_template->set_file('article', 'printable.thtml');
if (XHTML != '') {
$story_template->set_var('xmlns', ' xmlns="http://www.w3.org/1999/xhtml"');
}
$story_template->set_var('direction', $LANG_DIRECTION);
$story_template->set_var('page_title', $story->DisplayElements('page_title'));
$story_template->set_var('story_title', $story->DisplayElements('title'));
header('Content-Type: text/html; charset=' . COM_getCharset());
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
if (!empty($_CONF['frame_options'])) {
header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']);
}
$story_template->set_var('story_date', $story->displayElements('date'));
if ($_CONF['contributedbyline'] == 1) {
$story_template->set_var('lang_contributedby', $LANG01[1]);
$authorname = COM_getDisplayName($story->displayElements('uid'));
$story_template->set_var('author', $authorname);
$story_template->set_var('story_author', $authorname);
$story_template->set_var('story_author_username', $story->DisplayElements('username'));
}