Example #1
 * Symphony web publishing system
 * Copyright 2004–2006 Twenty One Degrees Pty. Ltd.
 * @version 1.7
 * @licence https://github.com/symphonycms/symphony-1.7/blob/master/LICENCE
if (!defined("__IN_SYMPHONY__")) {
    die("<h2>Symphony Fatal Error</h2><p>You cannot directly access this file</p>");
$done_path = TMP . '/' . md5($settings['auth']['id'] . 'done');
$cDate = new SymDate($settings["region"]["time_zone"], $settings["region"]["date_format"]);
if ($_REQUEST['done'] == 'true') {
    $xml->setValue('Status widget set to viewed');
    @file_put_contents($done_path, $cDate->get(false, false));
} else {
    define('kFULL_MODE', isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'full' ? true : false);
    $done = @file_exists($done_path);
    $last = $db->fetchRow(0, "SELECT UNIX_TIMESTAMP(`last_refresh`) as `last_refresh_timestamp`, UNIX_TIMESTAMP(`last_session`) as `last_session_timestamp` FROM `tbl_authors` WHERE `id` = '" . $settings['auth']['id'] . "' LIMIT 1");
    $lastlogin = $last['last_session_timestamp'];
    $lastrefresh = $last['last_refresh_timestamp'];
    $can_access = $Author->get('allow_sections');
    require_once TOOLKIT . "/class.ajaxaccount.php";
    $entries = $db->fetchCol('id', "SELECT tbl_entries.id\n\t\t\t\t\t\t\t   FROM `tbl_entries`, `tbl_sections`, `tbl_entries2sections` as t2\n\t\t\t\t\t\t\t   WHERE 1 " . ($Author->get('superuser') != 1 ? " AND t2.section_id IN ({$can_access})" : '') . "\n\t\t\t\t\t\t\t   AND `tbl_sections`.id = t2.section_id\n\t\t\t\t\t\t\t   AND `tbl_entries`.id = t2.entry_id\n\t\t\t\t\t\t\t   ORDER BY publish_date_gmt DESC LIMIT 0,6");
    $comments = $db->fetch("SELECT c.*, m.creation_date_gmt, m.referrer\n\t\t\t\t\t\t\t\tFROM `tbl_comments` AS `c`\n\t\t\t\t\t\t\t\tLEFT JOIN `tbl_metadata` AS m ON c.id = m.relation_id AND m.class = 'comment'\n\t\t\t\t\t\t\t\tORDER BY c.id DESC\n\t\t\t\t\t\t\t\tLIMIT 0, 3");
    $account = new ajaxAccount($settings);
    if ($Author->get('owner') == 1 && $Author->get('superuser') == 1) {
        $update = array();
        $data = $account->grab("checkforupdate");
Example #2
    case "boolean":
        $sql = "SELECT DISTINCT t1.entry_id,\n\t\t\t\t  MATCH(t1.value) AGAINST ('{$searchstring}' IN BOOLEAN MODE) AS score\n\t\t\t\t  FROM tbl_entries2customfields AS t1\n\t              LEFT JOIN `tbl_entries` AS t2 ON t1.entry_id = t2.id\n\t\t\t      LEFT JOIN `tbl_entries2sections` AS t3 on t2.id = t3.entry_id\n\t              WHERE 1 AND MATCH(t1.value) AGAINST ('{$searchstring}' IN BOOLEAN MODE)\n\t\t\t\t  " . ($Author->get('superuser') != 1 ? " AND t3.section_id IN ({$can_access})" : '') . "\n\t\t\t\t  ORDER BY score DESC LIMIT 5";
$result = $db->fetchCol('entry_id', $sql);
$result = array_flip($result);
$result = array_flip($result);
if (@count($result) >= 1) {
    $parent =& new ParentShell($db, $config);
    include_once LIBRARY . "/core/class.manager.php";
    include_once LIBRARY . "/core/class.symphonylog.php";
    include_once LIBRARY . "/core/class.textformattermanager.php";
    include_once TOOLKIT . "/class.entrymanager.php";
    $entryManager = new EntryManager($parent);
    foreach ($result as $entry_id) {
        $row = $entryManager->fetchEntriesByID($entry_id, false, true);
        $locked = 'content';
        ##Generate the XML
        $entry = new XMLElement("item");
        $entry->setAttribute("class", $locked);
        $entry->addChild(new XMLElement("title", strip_tags($row['fields'][$row['primary_field']]['value'])));
        $entry->addChild(new XMLElement("date", $cDate->get(true, true, strtotime($row['publish_date_gmt']))));
        $entry->addChild(new XMLElement("link", "?page=/publish/section/edit/&amp;_sid=" . $row['section_id'] . "&amp;id=" . $row['id']));
        $entry->addChild(new XMLElement("handle", $row['primary_field']));
        if (isset($row['fields']['body']) && $row['fields']['body']['type'] == 'textarea') {
            $entry->addChild(new XMLElement("description", General::limitWords(strip_tags($row['fields']['body']['value']), 100, true, false)));
if (!defined("__IN_SYMPHONY__")) {
    die("<h2>Symphony Fatal Error</h2><p>You cannot directly access this file</p>");
$cDate = new SymDate($settings["region"]["time_zone"], "d");
$month = isset($_REQUEST['month']) || $_REQUEST['month'] != "" ? $_REQUEST['month'] : date("F", time());
$year = isset($_REQUEST['year']) || $_REQUEST['year'] != "" ? $_REQUEST['year'] : date("Y", time());
$startdate = strtotime("1 " . $month . " " . $year);
$enddate = mktime(0, 0, 0, date("m", $startdate) + 1, 1, $year);
$sql = "SELECT t1.*, t2.section_id, t3.value_raw as `title`,\n\t\t\tUNIX_TIMESTAMP(t1.publish_date_gmt) as `timestamp_gmt`\n\t\t\tFROM `tbl_entries` as t1, `tbl_sections` as t4, `tbl_entries2sections` as t2, `tbl_entries2customfields` as t3\n\t\t\tWHERE UNIX_TIMESTAMP(t1.publish_date) >= '{$startdate}'\n\t\t\tAND UNIX_TIMESTAMP(t1.publish_date) <= '{$enddate}'\n\t\t\tAND t1.`id` = t2.entry_id\n\t\t\tAND t1.`id` = t3.entry_id AND t4.primary_field = t3.field_id\n\t\t\tAND t2.section_id = t4.id\n\t\t\tORDER BY t1.publish_date DESC ";
$result = $db->fetch($sql);
$xml->addChild(new XMLElement("month", $month . " " . $year));
if (@count($result) >= 1) {
    $final = array();
    foreach ($result as $row) {
        if ($Author->canAccessSection($row['section_id'])) {
            $final[$cDate->get(true, true, $row['timestamp_gmt'])][] = $row;
    foreach ($final as $date => $entries) {
        $item = new XMLElement("item");
        $item->addChild(new XMLElement("date", intval($date)));
        foreach ($entries as $row) {
            $locked = 'content';
            $entry = new XMLElement("entry");
            $entry->setAttribute("class", $locked);
            $entry->addChild(new XMLElement("title", General::limitWords(strip_tags($row['title']), 32, true, true)));
            $entry->addChild(new XMLElement("link", "?page=/publish/section/edit/&amp;_sid=" . $row['section_id'] . "&amp;id=" . $row['id']));
Example #4
 function __initialisePageParam()
     $doctor = new XMLRepair();
     $cDate = new SymDate($this->getConfigVar("time_zone", "region"), "Y-m-d");
     $this->_param = array();
     $this->_param['root'] = URL;
     $this->_param['workspace'] = URL . "/workspace";
     $this->_param['current-page'] = $this->_page;
     $this->_param['page-title'] = $doctor->entities2hexadecimal($this->_pageTitle);
     $this->_param['parent-page'] = $this->_parentPath;
     $this->_param['today'] = $cDate->get(true, true, time() - date("Z"));
     $this->_param['website-name'] = $this->getConfigVar("sitename", "general");
     $this->_param['symphony-build'] = $this->getConfigVar("build", "symphony");
     if (is_array($_GET) && !empty($_GET)) {
         foreach ($_GET as $key => $val) {
             if ($key != 'page') {
                 $this->_param['url-' . $key] = $val;
 $required = array('name', 'source');
 for ($i = 0; $i < count($required); $i++) {
     if (trim($fields[$required[$i]]) == "") {
         $errors[$required[$i]] = true;
 if (is_array($errors)) {
     define("__SYM_ENTRY_MISSINGFIELDS__", true);
 } else {
     $defines = array();
     $fields['name'] = str_replace(array('\'', '"'), "", $fields['name']);
     $handle = General::createFileName($fields['name'], $Admin->getConfigVar('handle_length', 'admin'), '_');
     $rootelement = General::createFileName($fields['name'], $Admin->getConfigVar('handle_length', 'admin'), '-');
     $classname = ucfirst($handle);
     $source = $fields['source'];
     $var = array('HANDLE' => $handle, 'ROOT-ELEMENT' => $rootelement, 'CLASS NAME' => $classname, 'NAME' => $fields['name'], 'DESCRIPTION' => "", 'AUTHOR-NAME' => $Admin->getAuthorName(), 'AUTHOR-WEBSITE' => General::validateURL(URL), 'AUTHOR-EMAIL' => $Admin->getAuthorEmail(), 'VERSION' => "1.0", 'RELEASE DATE' => date("Y-m-d H:i:s", $date->get(true, false)));
     $xml_elements = array();
     if (is_array($fields['xml-elements']) && !empty($fields['xml-elements'])) {
         foreach ($fields['xml-elements'] as $f) {
             $f = trim($f, '[]');
             $bits = preg_split('/\\]\\[/i', $f, -1, PREG_SPLIT_NO_EMPTY);
             list($group, $element) = $bits;
             $xml_elements[$group][] = $element;
     switch ($source) {
         case "authors":
             $defines['status'] = $fields['status'];
             $defines['username'] = $fields['username'];
         case "comments":
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

	<title>Symphony &ndash; <?php 
print $GLOBALS['pageTitle'];
	<link rel="stylesheet" type="text/css" media="screen" href="assets/debug.css" />
	<script type="text/javascript" src="assets/main.js"></script>

	<body id="view">
print $date->get(true, true, strtotime($_REQUEST["_l"]));

			<ol id="xml">
foreach ($log as $line) {
    print "\t\t\t\t<li><code>{$line}</code></li>\n";

        print $entries_count;
					<td><a href="mailto:<?php 
        print $a->get('email');
" title="Email this author"><?php 
        print $a->get('email');
        print $a->get('last_session') == NULL ? ' class="inactive"' : '';
        print $a->get('last_session') == NULL ? 'Unknown' : $date->get(true, true, strtotime($a->get('last_session')));

        $bEven = !$bEven;
} else {
    print '<tr><td colspan="4" class="inactive">None found.</td></tr>';
