Exemple #1
0
 function parse($p1, $p2, $fulltag)
 {
     global $_TABLES, $_CONF;
     $topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($p1) . "'" . COM_getTopicSQL('AND'));
     if (empty($topic)) {
         return "<b>Unknown Topic</b>";
     }
     if (!empty($p2) && $p2 != $p1) {
         $topic = $p2;
     } else {
         $topic = $topic;
     }
     return '<a href="' . $_CONF['site_url'] . '/index.php?topic=' . urlencode($p1) . '">' . htmlspecialchars($topic) . '</a>';
 }
Exemple #2
0
/**
 * Handles a comment view request
 *
 * @copyright Vincent Furia 2005
 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
 * @param boolean $view View or display (true for view)
 * @return string HTML (possibly a refresh)
 */
function handleView($view = true)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS;
    $display = '';
    if ($view) {
        $cid = COM_applyFilter($_REQUEST['cid'], true);
    } else {
        $cid = COM_applyFilter($_REQUEST['pid'], true);
    }
    if ($cid <= 0) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}";
    $A = DB_fetchArray(DB_query($sql));
    $sid = $A['sid'];
    $title = $A['title'];
    $type = $A['type'];
    $format = $_CONF['comment_mode'];
    if (isset($_REQUEST['format'])) {
        $format = COM_applyFilter($_REQUEST['format']);
    }
    if ($format != 'threaded' && $format != 'nested' && $format != 'flat') {
        if (COM_isAnonUser()) {
            $format = $_CONF['comment_mode'];
        } else {
            $format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
        }
    }
    switch ($type) {
        case 'article':
            $sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
            $result = DB_query($sql);
            $B = DB_fetchArray($result);
            $allowed = $B['count'];
            if ($allowed == 1) {
                $delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3;
                $order = '';
                if (isset($_REQUEST['order'])) {
                    $order = COM_applyFilter($_REQUEST['order']);
                }
                $page = 0;
                if (isset($_REQUEST['page'])) {
                    $page = COM_applyFilter($_REQUEST['page'], true);
                }
                $display .= CMT_userComments($sid, $title, $type, $order, $format, $cid, $page, $view, $delete_option, $B['commentcode']);
            } else {
                $display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            }
            break;
        default:
            // assume plugin
            $order = '';
            if (isset($_REQUEST['order'])) {
                $order = COM_applyFilter($_REQUEST['order']);
            }
            $page = 0;
            if (isset($_REQUEST['page'])) {
                $page = COM_applyFilter($_REQUEST['page'], true);
            }
            if (!($display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view))) {
                return COM_refresh($_CONF['site_url'] . '/index.php');
            }
            break;
    }
    return COM_siteHeader('menu', $title) . COM_showMessageFromParameter() . $display . COM_siteFooter();
}
Exemple #3
0
function phpblock_storypicker()
{
    global $_TABLES, $_CONF, $topic;
    $LANG_STORYPICKER = array('choose' => 'Choose a story');
    $max_stories = 5;
    //how many stories to display in the list
    $topicsql = '';
    $sid = '';
    if (isset($_GET['story'])) {
        $sid = COM_applyFilter($_GET['story']);
        $stopic = DB_getItem($_TABLES['stories'], 'tid', 'sid = \'' . DB_escapeString($sid) . '\'');
        if (!empty($stopic)) {
            $topic = $stopic;
        } else {
            $sid = '';
        }
    }
    if (empty($topic)) {
        if (isset($_GET['topic'])) {
            $topic = COM_applyFilter($_GET['topic']);
        } elseif (isset($_POST['topic'])) {
            $topic = COM_applyFilter($_POST['topic']);
        } else {
            $topic = '';
        }
    }
    if (!empty($topic)) {
        $topicsql = " AND tid = '" . DB_escapeString($topic) . "'";
    }
    if (empty($topicsql)) {
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
        if (empty($topic)) {
            $topicsql = '';
        } else {
            $topicsql = " AND tid <> '" . DB_escapeString($topic) . "'";
        }
    }
    $sql = 'SELECT sid, title FROM ' . $_TABLES['stories'] . ' WHERE draft_flag = 0 AND date <= now()' . COM_getPermSQL(' AND') . COM_getTopicSQL(' AND') . $topicsql . ' ORDER BY date DESC LIMIT ' . $max_stories;
    $res = DB_query($sql);
    $list = '';
    while ($A = DB_fetchArray($res)) {
        $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
        $list .= '<li><a href=' . $url . '>' . htmlspecialchars(COM_truncate($A['title'], 41, '...')) . "</a></li>\n";
    }
    return $list;
}
Exemple #4
0
/**
* Displays items needing moderation
*
* Displays the moderation list of items from the submission tables
*
* @type     string      Type of object to build list for
*
*/
function MODERATE_itemList($type = '', $token)
{
    global $_CONF, $_TABLES, $LANG01, $LANG24, $LANG29, $LANG_ADMIN, $_IMAGE_TYPE;
    $retval = '';
    if (empty($type)) {
        COM_errorLog("Submissions Error: Attempted to generate a moderation list for a null item type.");
    } else {
        switch ($type) {
            case 'user':
                // user -----------------------------------------------
                $result = DB_query("SELECT uid,username,fullname,email,UNIX_TIMESTAMP(regdate) AS day FROM {$_TABLES['users']} WHERE status = 2");
                $nrows = DB_numRows($result);
                if ($nrows > 0) {
                    $data_arr = array();
                    for ($i = 0; $i < $nrows; $i++) {
                        $A = DB_fetchArray($result);
                        $A['edit'] = $_CONF['site_admin_url'] . '/user.php?edit=x&amp;uid=' . $A['uid'];
                        $A['fullname'] = $A['fullname'];
                        $A['email'] = $A['email'];
                        $A['_type_'] = 'user';
                        $A['_key_'] = 'uid';
                        $data_arr[$i] = $A;
                    }
                    $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $LANG29[16], 'field' => 1, 'nowrap' => true), array('text' => $LANG29[17], 'field' => 2), array('text' => $LANG29[18], 'field' => 3, 'nowrap' => true), array('text' => $LANG29[47], 'field' => 4, 'align' => 'center'), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px'));
                    $text_arr = array('has_menu' => false, 'title' => $LANG29[40], 'help_url' => 'ccusersubmission.html', 'no_data' => '', 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
                    $actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/>&nbsp;' . $LANG29[1];
                    $actions .= '&nbsp;&nbsp;&nbsp;&nbsp;';
                    $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/>&nbsp;' . $LANG_ADMIN['delete'];
                    $options = array('chkselect' => true, 'chkfield' => 'uid', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions);
                    $form_arr['bottom'] = '<input type="hidden" name="type" value="user"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="moderation" value="x"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>';
                    $retval = ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token);
                }
                break;
            case 'draftstory':
                // draft story ----------------------------------
                $result = DB_query("SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid,uid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC");
                $nrows = DB_numRows($result);
                if ($nrows > 0) {
                    $data_arr = array();
                    for ($i = 0; $i < $nrows; $i++) {
                        $A = DB_fetchArray($result);
                        $A['edit'] = $_CONF['site_admin_url'] . '/story.php?draft=x&amp;sid=' . $A['id'];
                        $A['title'] = $A['title'];
                        $A['tid'] = $A['tid'];
                        $A['_type_'] = 'draftstory';
                        $A['_key_'] = 'sid';
                        $data_arr[$i] = $A;
                    }
                    $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $LANG29[10], 'field' => 'title'), array('text' => $LANG29[14], 'field' => 'day', 'align' => 'center', 'width' => '15%'), array('text' => $LANG29[15], 'field' => 'tid', 'width' => '20%'), array('text' => $LANG29[46], 'field' => 'uid', 'width' => '15%', 'nowrap' => true), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px'));
                    $text_arr = array('has_menu' => false, 'title' => $LANG29[35] . ' (' . $LANG24[34] . ')', 'help_url' => '', 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
                    $actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/>&nbsp;' . $LANG29[1];
                    $actions .= '&nbsp;&nbsp;&nbsp;&nbsp;';
                    $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/>&nbsp;' . $LANG_ADMIN['delete'];
                    $options = array('chkselect' => true, 'chkfield' => 'id', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions);
                    $form_arr['bottom'] = '<input type="hidden" name="type" value="draftstory"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>';
                    $retval .= ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token);
                }
                break;
                // draftstory
            // draftstory
            default:
                // plugin -------------------------------------------------
                $function = 'plugin_itemlist_' . $type;
                if (function_exists($function)) {
                    $plugin = new Plugin();
                    $plugin = $function($token);
                    // if the plugin returns a string, it wants to control it's own
                    // moderation.  as far as I can tell - no plugin has used this yet
                    // it appears to be a feature that was added in glFusion 1.1.0rc1
                    // but never actually used
                    if (is_string($plugin) && !empty($plugin)) {
                        return '<div class="block-box">' . $plugin . '</div>';
                        // otherwise this is a plugin object (historical approach)
                    } elseif (is_object($plugin)) {
                        $helpfile = $plugin->submissionhelpfile;
                        $sql = $plugin->getsubmissionssql;
                        $H = $plugin->submissionheading;
                        $section_title = $plugin->submissionlabel;
                        $section_help = $helpfile;
                        $isplugin = true;
                    }
                }
                // this needs to be removed when story moves into a plugin
                if ($type == 'story') {
                    $isplugin = false;
                }
                // we really only need the id from this list, so that we know key/id field name
                list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
                // the first 4 columns default to Title, Date, Topic and Submitted By unless otherwise
                // specified.  not sure I like this approach - but whatever - it's not
                // breaking anything at the momemnt
                if (!isset($H[0]) || empty($H[0])) {
                    $H[0] = $LANG29[10];
                }
                if (!isset($H[1]) || empty($H[1])) {
                    $H[1] = $LANG29[14];
                }
                if (!isset($H[2]) || empty($H[2])) {
                    $H[2] = $LANG29[15];
                }
                if (!isset($H[3]) || empty($H[3])) {
                    $H[3] = $LANG29[46];
                }
                // run SQL but this time ignore any errors.  note that the max items for
                // each type that can be moderated is limited to 50
                if (!empty($sql)) {
                    $sql .= ' LIMIT 50';
                    // quick'n'dirty workaround to prevent timeouts
                    $result = DB_query($sql, 1);
                }
                if (empty($sql) || DB_error()) {
                    $nrows = 0;
                    // more than likely a plugin that doesn't need moderation
                } else {
                    $nrows = DB_numRows($result);
                }
                if ($nrows > 0) {
                    // only generate list html if there are items to moderate
                    $data_arr = array();
                    for ($i = 0; $i < $nrows; $i++) {
                        $A = DB_fetchArray($result);
                        if ($isplugin) {
                            $A['edit'] = $_CONF['site_admin_url'] . '/plugins/' . $type . '/index.php?moderate=x' . '&amp;' . $key . '=' . $A[0];
                        } else {
                            $A['edit'] = $_CONF['site_admin_url'] . '/' . $type . '.php?moderate=x' . '&amp;' . $key . '=' . $A[0];
                        }
                        $A['_type_'] = $type;
                        // type of item
                        $A['_key_'] = $key;
                        // name of key/id field
                        $data_arr[$i] = $A;
                        // push row data into array
                    }
                    $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $H[0], 'field' => 1), array('text' => $H[1], 'field' => 2, 'align' => 'center', 'width' => '15%'), array('text' => $H[2], 'field' => 3, 'width' => '20%'), array('text' => $H[3], 'field' => 4, 'width' => '15%', 'nowrap' => true), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px'));
                    $text_arr = array('has_menu' => false, 'title' => $section_title, 'help_url' => $section_help, 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
                    $actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/>&nbsp;' . $LANG29[1];
                    $actions .= '&nbsp;&nbsp;&nbsp;&nbsp;';
                    $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/>&nbsp;' . $LANG_ADMIN['delete'];
                    $options = array('chkselect' => true, 'chkfield' => 'id', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions);
                    $form_arr['bottom'] = '<input type="hidden" name="type" value="' . $type . '"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="moderation" value="x"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>';
                    $retval .= ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token);
                }
                break;
                // plugin
        }
        // switch ($type)
    }
    // !empty($type)
    return $retval;
}
 /**
  * Performs search on all stories
  *
  * @return object plugin object
  *
  */
 private function _searchStories()
 {
     global $_TABLES, $_DB_dbms, $LANG09;
     // Make sure the query is SQL safe
     $query = trim(DB_escapeString($this->_query));
     $sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
     $sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
     $sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
     $sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta ';
     $sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
     $sql .= 'AND ta.type = \'article\' AND ta.id = sid ';
     $sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . COM_getLangSQL('sid', 'AND') . ' ';
     if (!empty($this->_topic)) {
         // Retrieve list of inherited topics
         if ($this->_topic == TOPIC_ALL_OPTION) {
             // Stories do not have an all option so just return all stories that meet the requirements and permissions
             //$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
         } else {
             $tid_list = TOPIC_getChildList($this->_topic);
             $sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
         }
     }
     if (!empty($this->_author)) {
         $sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
     }
     $search_s = new SearchCriteria('stories', $LANG09[65]);
     $columns = array('title' => 'title', 'introtext', 'bodytext');
     $sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $sql .= " GROUP BY s.sid";
     $search_s->setSQL($sql);
     $search_s->setFTSQL($ftsql);
     $search_s->setRank(5);
     $search_s->setURLRewrite(true);
     // Search Story Comments
     $sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
     $sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, \'0\' AS hits, ';
     // MSSQL has a problem when concatenating numeric values
     if ($_DB_dbms == 'mssql') {
         $sql .= '\'/comment.php?mode=view&amp;cid=\' + CAST(c.cid AS varchar(10)) AS url ';
     } else {
         $sql .= 'CONCAT(\'/comment.php?mode=view&amp;cid=\',c.cid) AS url ';
     }
     $sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta, ' . $_TABLES['comments'] . ' AS c ';
     $sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
     $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
     $sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
     $sql .= 'AND ta.type = \'article\' AND ta.id = s.sid ' . COM_getTopicSQL('AND', 0, 'ta');
     if (!empty($this->_topic)) {
         if ($this->_topic == TOPIC_ALL_OPTION) {
             // Stories do not have an all option so just return all story comments that meet the requirements and permissions
             //$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
         } else {
             $sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
         }
     }
     if (!empty($this->_author)) {
         $sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
     }
     $search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
     $columns = array('title' => 'c.title', 'comment');
     $sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $sql .= " GROUP BY id";
     $search_c->setSQL($sql);
     $search_c->setFTSQL($ftsql);
     $search_c->setRank(2);
     return array($search_s, $search_c);
 }
Exemple #6
0
/**
 * article: display [a] comment[s]
 *
 * @param   string  $id     Unique idenifier for item comment belongs to
 * @param   int     $cid    Comment id to display (possibly including sub-comments)
 * @param   string  $title  Page/comment title
 * @param   string  $order  'ASC' or 'DESC' or blank
 * @param   string  $format 'threaded', 'nested', or 'flat'
 * @param   int     $page   Page number of comments to display
 * @param   boolean $view   True to view comment (by cid), false to display (by $pid)
 * @return  mixed   results of calling the plugin_displaycomment_ function
 */
function plugin_displaycomment_article($id, $cid, $title, $order, $format, $page, $view)
{
    global $_TABLES, $LANG_ACCESS;
    $retval = '';
    $sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE (sid = '{$id}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW()) AND ta.type = "article" AND ta.id = sid ' . COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . ' GROUP BY sid, owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
    $result = DB_query($sql);
    $A = DB_fetchArray($result);
    $allowed = $A['count'];
    if ($allowed > 0) {
        // Was equal 1 but when multiple topics in play the comment could belong to more than onetopic creating a higher count
        $delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3;
        $retval .= CMT_userComments($id, $title, 'article', $order, $format, $cid, $page, $view, $delete_option, $A['commentcode']);
    } else {
        $retval .= COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied']);
    }
    return $retval;
}
Exemple #7
0
/**
* Creates older stuff block
*
* Creates the olderstuff block for display.
* Actually updates the olderstuff record in the gl_blocks database.
* @return   void
*/
function COM_olderStuff()
{
    global $_TABLES, $_CONF;
    $sql['mysql'] = "SELECT sid,tid,title,comments,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
    $sql['mssql'] = "SELECT sid,tid,title,comments,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
    $sql['pgsql'] = "SELECT sid,tid,title,comments,date_part('epoch',date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        $dateonly = $_CONF['dateonly'];
        if (empty($dateonly)) {
            $dateonly = '%d-%b';
            // fallback: day - abbrev. month name
        }
        $day = 'noday';
        $string = '';
        for ($i = 0; $i < $nrows; $i++) {
            $A = DB_fetchArray($result);
            $daycheck = strftime('%A', $A['day']);
            if ($day != $daycheck) {
                if ($day != 'noday') {
                    $daylist = COM_makeList($oldnews, 'list-older-stories');
                    $daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
                    $string .= $daylist . '<br' . XHTML . '>';
                }
                $day2 = strftime($dateonly, $A['day']);
                $string .= '<h3>' . $daycheck . ' <small>' . $day2 . '</small></h3>' . LB;
                $oldnews = array();
                $day = $daycheck;
            }
            $oldnews_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
            $oldnews[] = COM_createLink($A['title'], $oldnews_url) . ' (' . COM_numberFormat($A['comments']) . ')';
        }
        if (!empty($oldnews)) {
            $daylist = COM_makeList($oldnews, 'list-older-stories');
            $daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
            $string .= $daylist;
            $string = addslashes($string);
            DB_query("UPDATE {$_TABLES['blocks']} SET content = '{$string}' WHERE name = 'older_stories'");
        }
    }
}
Exemple #8
0
 /**
  * Performs search on all stories
  *
  * @access private
  * @return object plugin object
  *
  */
 function _searchStories()
 {
     global $_TABLES, $_DB_dbms, $LANG09;
     // Make sure the query is SQL safe
     $query = trim(addslashes($this->_query));
     $sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
     $sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
     $sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
     $sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u ';
     $sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
     $sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND') . COM_getLangSQL('sid', 'AND') . ' ';
     if (!empty($this->_topic)) {
         $sql .= 'AND (s.tid = \'' . $this->_topic . '\') ';
     }
     if (!empty($this->_author)) {
         $sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
     }
     $search_s = new SearchCriteria('stories', $LANG09[65]);
     $columns = array('title' => 'title', 'introtext', 'bodytext');
     $sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $search_s->setSQL($sql);
     $search_s->setFTSQL($ftsql);
     $search_s->setRank(5);
     $search_s->setURLRewrite(true);
     // Search Story Comments
     $sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
     $sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, ';
     // MSSQL has a problem when concatenating numeric values
     if ($_DB_dbms == 'mssql') {
         $sql .= '\'/comment.php?mode=view&amp;cid=\' + CAST(c.cid AS varchar(10)) AS url ';
     } else {
         $sql .= 'CONCAT(\'/comment.php?mode=view&amp;cid=\',c.cid) AS url ';
     }
     $sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['comments'] . ' AS c ';
     $sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
     $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
     $sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
     if (!empty($this->_topic)) {
         $sql .= 'AND (s.tid = \'' . $this->_topic . '\') ';
     }
     if (!empty($this->_author)) {
         $sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
     }
     $search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
     $columns = array('title' => 'c.title', 'comment');
     $sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $search_c->setSQL($sql);
     $search_c->setFTSQL($ftsql);
     $search_c->setRank(2);
     return array($search_s, $search_c);
 }
Exemple #9
0
     $pageBody .= COM_showMessageText($LANG03[7] . $last . $LANG03[8] . $goBack, $LANG12[26], true, 'error');
 } else {
     $sid = isset($_REQUEST['sid']) ? COM_sanitizeID(COM_applyFilter($_REQUEST['sid'])) : '';
     $type = isset($_REQUEST['type']) ? COM_applyFilter($_REQUEST['type']) : '';
     $title = isset($_REQUEST['title']) ? strip_tags($_REQUEST['title']) : '';
     $postmode = $_CONF['comment_postmode'];
     $pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0;
     if ($type != 'article') {
         if (!in_array($type, $_PLUGINS)) {
             $type = '';
         }
     }
     if (!empty($sid) && !empty($type)) {
         if (empty($title)) {
             if ($type == 'article') {
                 $title = DB_getItem($_TABLES['stories'], 'title', "sid = '" . DB_escapeString($sid) . "'" . COM_getPermSQL('AND') . COM_getTopicSQL('AND'));
             }
             // CMT_commentForm expects non-htmlspecial chars for title...
             $title = str_replace('&amp;', '&', $title);
             $title = str_replace('&quot;', '"', $title);
             $title = str_replace('&lt;', '<', $title);
             $title = str_replace('&gt;', '>', $title);
         }
         if (isset($_CONF['comment_engine']) && $_CONF['comment_engine'] != 'internal') {
             $pageBody = PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0);
         } else {
             $outputHandle = outputHandler::getInstance();
             $outputHandle->addMeta('name', 'robots', 'noindex');
             $pageBody .= PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, '', $sid, $pid, $type, $mode, $postmode);
         }
     } else {
Exemple #10
0
/**
 * article: display comment(s)
 *
 * @param   string  $id     Unique idenifier for item comment belongs to
 * @param   int     $cid    Comment id to display (possibly including sub-comments)
 * @param   string  $title  Page/comment title
 * @param   string  $order  'ASC' or 'DESC' or blank
 * @param   string  $format 'threaded', 'nested', or 'flat'
 * @param   int     $page   Page number of comments to display
 * @param   boolean $view   True to view comment (by cid), false to display (by $pid)
 * @return  mixed   results of calling the plugin_displaycomment_ function
*/
function plugin_displaycomment_article($id, $cid, $title, $order, $format, $page, $view)
{
    global $_CONF, $_TABLES, $LANG_ACCESS;
    USES_lib_story();
    USES_class_story();
    $retval = '';
    // display story
    $sql = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . "u.uid, u.username, u.fullname, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s LEFT JOIN {$_TABLES['users']} AS u ON s.uid=u.uid " . "LEFT JOIN {$_TABLES['topics']} AS t on s.tid=t.tid " . "WHERE (sid = '" . DB_escapeString($id) . "') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 't') . ' GROUP BY sid,owner_id, group_id, perm_owner, s.perm_group,s.perm_members, s.perm_anon ';
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($A = DB_fetchArray($result)) {
        $story = new Story();
        $story->loadFromArray($A);
        $retval .= STORY_renderArticle($story, 'n');
    }
    // end
    $sql = 'SELECT COUNT(*) AS count, commentcode, uid, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} " . "WHERE (sid = '" . DB_escapeString($id) . "') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
    $result = DB_query($sql);
    $B = DB_fetchArray($result);
    $allowed = $B['count'];
    if ($allowed == 1) {
        $delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3;
        $retval .= CMT_userComments($id, $title, 'article', $order, $format, $cid, $page, $view, $delete_option, $B['commentcode'], $B['uid']);
    } else {
        $retval .= COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied'], true);
    }
    return $retval;
}
Exemple #11
0
/**
* Creates older stuff block
*
* Creates the olderstuff block for display.
* Actually updates the olderstuff record in the blocks table.
* @return   void
*/
function COM_olderStuff()
{
    global $_TABLES, $_CONF;
    $sql = "SELECT sid,tid,title,comments,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        $dateonly = $_CONF['dateonly'];
        if (empty($dateonly)) {
            $dateonly = 'd-M';
            // fallback: day - abbrev. month name
        }
        $day = 'noday';
        $string = '';
        $dt = new Date();
        for ($i = 0; $i < $nrows; $i++) {
            $A = DB_fetchArray($result);
            $dt->setTimestamp($A['day']);
            $daycheck = $dt->format("z", true);
            if ($day != $daycheck) {
                if ($day != 'noday') {
                    $daylist = COM_makeList($oldnews, 'list-older-stories');
                    $daylist = str_replace(array("\r", "\n"), '', $daylist);
                    $string .= $daylist;
                    // . '<br/>';
                }
                $day2 = $dt->format($_CONF['dateonly'], true);
                $string .= '<h3>' . $dt->format('l', true) . ' <small>' . $day2 . '</small></h3>' . LB;
                $oldnews = array();
                $day = $daycheck;
            }
            $oldnews_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
            $oldnews[] = COM_createLink(COM_truncate($A['title'], $_CONF['title_trim_length'], '...'), $oldnews_url, array('title' => htmlspecialchars($A['title'], ENT_COMPAT, COM_getEncodingt()))) . ' (' . COM_numberFormat($A['comments']) . ')';
        }
        if (!empty($oldnews)) {
            $daylist = COM_makeList($oldnews, 'list-older-stories');
            $daylist = str_replace(array("\r", "\n"), '', $daylist);
            $string .= $daylist;
            $string = DB_escapeString($string);
            DB_query("UPDATE {$_TABLES['blocks']} SET content = '{$string}' WHERE name = 'older_stories'");
        }
    }
}
Exemple #12
0
/**
* Returns SQL & Language texts to moderation.php
*
* @return   mixed   Plugin object or void if not allowed
*
*/
function plugin_itemlist_story_draft()
{
    global $_TABLES, $LANG24, $LANG29;
    if (SEC_hasRights('story.edit')) {
        $plugin = new Plugin();
        $plugin->submissionlabel = $LANG29[35] . ' (' . $LANG24[34] . ')';
        $plugin->submissionhelpfile = 'ccdraftsubmission.html';
        $plugin->getsubmissionssql = "SELECT sid AS id,title,date,tid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC";
        $plugin->addSubmissionHeading($LANG29[10]);
        $plugin->addSubmissionHeading($LANG29[14]);
        $plugin->addSubmissionHeading($LANG29[15]);
        return $plugin;
    }
}
/**
 * Shows any new information in a block
 * Return the HTML that shows any new stories, comments, etc
 *
 * @param    string $help     Help file for block
 * @param    string $title    Title used in block header
 * @param    string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
 * @return   string           Return the HTML that shows any new stories, comments, etc
 */
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
    global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW;
    if ($_CONF['whatsnew_cache_time'] > 0) {
        $cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_CONF['theme'];
        $retval = CACHE_check_instance($cacheInstance);
        if ($retval) {
            $lu = CACHE_get_instance_update($cacheInstance);
            $now = time();
            if ($now - $lu < $_CONF['whatsnew_cache_time']) {
                return $retval;
            }
        }
    }
    $retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
    $topicSql = '';
    if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $topicSql = COM_getTopicSQL('AND', 0, 'ta');
    }
    if ($_CONF['hidenewstories'] == 0) {
        $where_sql = " AND ta.type = 'article' AND ta.id = sid";
        $archiveTid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if (!empty($archiveTid)) {
            $where_sql .= " AND (ta.tid <> '{$archiveTid}')";
        }
        // Find the newest stories
        $sql['mysql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n            GROUP BY sid, title, date ORDER BY date DESC";
        $sql['pgsql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n            GROUP BY sid, title, date ORDER BY date DESC";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
        if (empty($title)) {
            $title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
        }
        // Any late breaking news stories?
        $retval .= '<h3>' . $LANG01[99] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newstoriesinterval']) . '</small></h3>';
        if ($numRows > 0) {
            $newArticles = array();
            for ($x = 0; $x < $numRows; $x++) {
                $A = DB_fetchArray($result);
                $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titleToUse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $anchorText = str_replace('$', '&#36;', $titleToUse);
                $anchorText = str_replace(' ', '&nbsp;', $anchorText);
                $newArticles[] = COM_createLink($anchorText, $url, $attr);
            }
            $retval .= COM_makeList($newArticles, 'list-new-plugins');
        } else {
            $retval .= $LANG01[100] . '<br' . XHTML . '>' . LB;
            // No new stories
        }
        if ($_CONF['hidenewcomments'] == 0 || $_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
            $retval .= '<div class="divider-whats-new"></div>';
        }
    }
    if ($_CONF['hidenewcomments'] == 0) {
        // Go get the newest comments
        $retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
        $new_plugin_comments = PLG_getWhatsNewComment();
        if (!empty($new_plugin_comments)) {
            // Sort array by element lastdate newest to oldest
            foreach ($new_plugin_comments as $k => $v) {
                $b[$k] = strtolower($v['lastdate']);
            }
            arsort($b);
            $temp = array();
            foreach ($b as $key => $val) {
                $temp[] = $new_plugin_comments[$key];
            }
            $new_plugin_comments = $temp;
            $newComments = array();
            $count = 0;
            foreach ($new_plugin_comments as $A) {
                $count .= +1;
                $url = '';
                $info = PLG_getItemInfo($A['type'], $A['sid'], 'url');
                if (!empty($info)) {
                    $url = $info . '#comments';
                }
                // Check to see if url (plugin may not support PLG_getItemInfo
                if (!empty($url)) {
                    $title = COM_undoSpecialChars(stripslashes($A['title']));
                    $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                    if ($title != $titleToUse) {
                        $attr = array('title' => htmlspecialchars($title));
                    } else {
                        $attr = array();
                    }
                    $anchorComment = str_replace('$', '&#36;', $titleToUse);
                    $anchorComment = str_replace(' ', '&nbsp;', $anchorComment);
                    if ($A['dups'] > 1) {
                        $anchorComment .= ' [+' . $A['dups'] . ']';
                    }
                    $newComments[] = COM_createLink($anchorComment, $url, $attr);
                    if ($count == 15) {
                        break;
                    }
                }
            }
            $retval .= COM_makeList($newComments, 'list-new-comments');
        } else {
            $retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
            $retval .= '<div class="divider-whats-new"></div>';
        }
    }
    if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
        $retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
        $sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n            FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n            GROUP BY t.sid, s.title\n            ORDER BY lastdate DESC LIMIT 15";
        $sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n            FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n            GROUP BY t.sid, s.title\n            ORDER BY lastdate DESC LIMIT 15";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
        if ($numRows > 0) {
            $newComments = array();
            for ($i = 0; $i < $numRows; $i++) {
                $A = DB_fetchArray($result);
                $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
                $title = COM_undoSpecialChars(stripslashes($A['title']));
                $titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
                if ($title != $titleToUse) {
                    $attr = array('title' => htmlspecialchars($title));
                } else {
                    $attr = array();
                }
                $anchorComment = str_replace('$', '&#36;', $titleToUse);
                $anchorComment = str_replace(' ', '&nbsp;', $anchorComment);
                if ($A['count'] > 1) {
                    $anchorComment .= ' [+' . $A['count'] . ']';
                }
                $newComments[] = COM_createLink($anchorComment, $url, $attr);
            }
            $retval .= COM_makeList($newComments, 'list-new-trackbacks');
        } else {
            $retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
        }
        if ($_CONF['hidenewplugins'] == 0) {
            $retval .= '<div class="divider-whats-new"></div>';
        }
    }
    if ($_CONF['hidenewplugins'] == 0) {
        list($headlines, $smallHeadlines, $content) = PLG_getWhatsNew();
        $plugins = count($headlines);
        if ($plugins > 0) {
            for ($i = 0; $i < $plugins; $i++) {
                $retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallHeadlines[$i] . '</small></h3>';
                if (is_array($content[$i])) {
                    $retval .= COM_makeList($content[$i], 'list-new-plugins');
                } else {
                    $retval .= $content[$i];
                }
                if ($i + 1 < $plugins) {
                    $retval .= '<div class="divider-whats-new"></div>';
                }
            }
        }
    }
    $retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
    if ($_CONF['whatsnew_cache_time'] > 0) {
        CACHE_create_instance($cacheInstance, $retval);
    }
    return $retval;
}
 public function parse($p1, $p2 = '', $fulltag)
 {
     global $_CONF, $_TABLES, $_USER, $LANG01;
     USES_lib_comments();
     $retval = '';
     $skip = 0;
     $dt = new Date('now', $_USER['tzid']);
     // topic = specific topic or 'all'
     // display = how many stories to display, if 0, then all
     // meta = show meta data (i.e.; who when etc)
     // titleLink - make title a hot link
     // featured - 0 = show all, 1 = only featured, 2 = all except featured
     // frontpage - 1 = show only items marked for frontpage - 0 = show all
     // cols - number of columns to show
     // template - the template name
     $topic = $p1;
     if ($topic == 'all') {
         $topic = '';
     }
     $uniqueID = md5($p1 . $p2);
     $display = 10;
     // display 10 articles
     $meta = 0;
     // do not display meta data
     $titleLink = 0;
     // do not use links in title
     $featured = 0;
     // 0 = show all, 1 = only featured, 2 = all except featured
     $frontpage = 0;
     // only show items marked for frontpage
     $cols = 3;
     // number of columns
     $truncate = 0;
     // maximum number of characters to include in story text
     $template = 'headlines.thtml';
     $px = explode(' ', trim($p2));
     if (is_array($px)) {
         foreach ($px as $part) {
             if (substr($part, 0, 8) == 'display:') {
                 $a = explode(':', $part);
                 $display = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 5) == 'meta:') {
                 $a = explode(':', $part);
                 $meta = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 10) == 'titlelink:') {
                 $a = explode(':', $part);
                 $titleLink = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'featured:') {
                 $a = explode(':', $part);
                 $featured = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 10) == 'frontpage:') {
                 $a = explode(':', $part);
                 $frontpage = (int) $a[1];
                 $skip++;
             } elseif (substr($part, 0, 5) == 'cols:') {
                 $a = explode(':', $part);
                 $cols = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'template:') {
                 $a = explode(':', $part);
                 $template = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'truncate:') {
                 $a = explode(':', $part);
                 $truncate = (int) $a[1];
                 $skip++;
             } else {
                 break;
             }
         }
         if ($skip != 0) {
             if (count($px) > $skip) {
                 for ($i = 0; $i < $skip; $i++) {
                     array_shift($px);
                 }
                 $caption = trim(implode(' ', $px));
             } else {
                 $caption = '';
             }
         }
     } else {
         $caption = trim($p2);
     }
     if ($display < 0) {
         $display = 3;
     }
     $hash = CACHE_security_hash();
     $instance_id = 'whatsnew_headlines_' . $uniqueID . '_' . $hash . '_' . $_USER['theme'];
     if (($cache = CACHE_check_instance($instance_id, 0)) !== FALSE) {
         return $cache;
     }
     $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
     $sql = " (date <= NOW()) AND (draft_flag = 0)";
     if (empty($topic)) {
         $sql .= COM_getLangSQL('tid', 'AND', 's');
     }
     // if a topic was provided only select those stories.
     if (!empty($topic)) {
         $sql .= " AND s.tid = '" . DB_escapeString($topic) . "' ";
     }
     if ($featured == 1) {
         $sql .= " AND s.featured = 1 ";
     } else {
         if ($featured == 2) {
             $sql .= " AND s.featured = 0 ";
         }
     }
     if ($frontpage == 1) {
         $sql .= " AND frontpage = 1 ";
     }
     if ($topic != $archivetid) {
         $sql .= " AND s.tid != '{$archivetid}' ";
     }
     $sql .= COM_getPermSQL('AND', 0, 2, 's');
     $sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
     $userfields = 'u.uid, u.username, u.fullname';
     if ($_CONF['allow_user_photo'] == 1) {
         $userfields .= ', u.photo';
         if ($_CONF['use_gravatar']) {
             $userfields .= ', u.email';
         }
     }
     $orderBy = ' date DESC ';
     $headlinesSQL = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC," . $orderBy;
     if ($display > 0) {
         $headlinesSQL .= " LIMIT " . $display;
     }
     $result = DB_query($headlinesSQL);
     $numRows = DB_numRows($result);
     if ($numRows < $cols) {
         $cols = $numRows;
     }
     if ($cols > 6) {
         $cols = 6;
     }
     if ($numRows > 0) {
         $T = new Template($_CONF['path'] . 'system/autotags/');
         $T->set_file('page', $template);
         $T->set_var('columns', $cols);
         $T->set_block('page', 'headlines', 'hl');
         $newstories = array();
         while ($A = DB_fetchArray($result)) {
             $T->unset_var('readmore_url');
             $T->unset_var('lang_readmore');
             if ($A['attribution_author'] != '') {
                 $author = $A['attribution_author'];
             } else {
                 $author = $A['username'];
             }
             $title = COM_undoSpecialChars($A['title']);
             $title = str_replace('&nbsp;', ' ', $title);
             $subtitle = COM_undoSpecialChars($A['subtitle']);
             if ($A['story_image'] != '') {
                 $story_image = $_CONF['site_url'] . $A['story_image'];
             } else {
                 $story_image = '';
             }
             $A['introtext'] = STORY_renderImages($A['sid'], $A['introtext']);
             if (!empty($A['bodytext'])) {
                 $closingP = strrpos($A['introtext'], "</p>");
                 if ($closingP !== FALSE) {
                     $text = substr($A['introtext'], 0, $closingP);
                     $A['introtext'] = $text;
                 }
                 // adds the read more link
                 $T->set_var('readmore_url', COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']));
                 $T->set_var('lang_readmore', $LANG01['continue_reading']);
             }
             if ($truncate > 0) {
                 $A['introtext'] = $this->truncateHTML($A['introtext'], $truncate, '...');
             }
             $topicurl = $_CONF['site_url'] . '/index.php?topic=' . $A['tid'];
             $dt->setTimestamp($A['unixdate']);
             if ($A['commentcode'] >= 0) {
                 $cmtLinkArray = CMT_getCommentLinkWithCount('article', $A['sid'], $_CONF['site_url'] . '/article.php?story=' . $A['sid'], $A['comments'], 1);
                 $T->set_var(array('lang_comments' => '', 'comments_count' => $cmtLinkArray['comment_count'], 'comments_url' => $cmtLinkArray['url'], 'comments_url_extra' => $cmtLinkArray['url_extra']));
             } else {
                 $T->unset_var('lang_comments');
                 $T->unset_var('comments_count');
                 $T->unset_var('comments_url');
                 $T->unset_var('comments_url_extra');
             }
             $T->set_var(array('titlelink' => $titleLink ? TRUE : '', 'meta' => $meta ? TRUE : '', 'lang_by' => $LANG01[95], 'lang_posted_in' => $LANG01['posted_in'], 'story_topic_url' => $topicurl, 'title' => $title, 'subtitle' => $subtitle, 'story_image' => $story_image, 'text' => PLG_replaceTags($A['introtext']), 'date' => $A['date'], 'time' => $dt->format('Y-m-d', true) . 'T' . $dt->format('H:i:s', true), 'topic' => $A['topic'], 'tid' => $A['tid'], 'author' => $author, 'author_id' => $A['uid'], 'sid' => $A['sid'], 'short_date' => $dt->format($_CONF['shortdate'], true), 'date_only' => $dt->format($_CONF['dateonly'], true), 'date' => $dt->format($dt->getUserFormat(), true), 'url' => COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']), 'attribution_url' => $A['attribution_url'], 'attribution_name' => $A['attribution_name']));
             $T->parse('hl', 'headlines', true);
         }
         $retval = $T->finish($T->parse('output', 'page'));
         CACHE_create_instance($instance_id, $retval, 0);
     }
     return $retval;
 }
/**
* Check if a feed for stories from a topic needs to be updated.
*
* @param    string  $tid            topic id
* @param    string  $update_info    list of story ids
* @param    string  $limit          number of entries or number of hours
* @param    string  $updated_topic  (optional) topic to be updated
* @param    string  $updated_id     (optional) entry id to be updated
* @return   boolean                 false = feed needs to be updated
*
*/
function SYND_feedUpdateCheckTopic($tid, $update_info, $limit, $updated_topic = '', $updated_id = '')
{
    global $_CONF, $_TABLES, $_SYND_DEBUG;
    $where = '';
    if (!empty($limit)) {
        if (substr($limit, -1) == 'h') {
            $limitsql = '';
            $hours = substr($limit, 0, -1);
            $where = " AND date >= DATE_SUB(NOW(),INTERVAL {$hours} HOUR)";
        } else {
            $limitsql = ' LIMIT ' . $limit;
        }
    } else {
        $limitsql = ' LIMIT 10';
    }
    // "SELECT sid FROM {$_TABLES['stories']} WHERE draft_flag = 0 AND date <= NOW() AND tid = '$tid'" . COM_getTopicSQL('AND', 1) . " AND perm_anon > 0 ORDER BY date DESC $limitsql"
    $sql = "SELECT sid\n        FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n        WHERE draft_flag = 0 AND date <= NOW() AND perm_anon > 0\n        AND ta.type = 'article' AND ta.id = sid\n        AND ta.tid = '{$tid}'" . COM_getTopicSQL('AND', 1, 'ta') . "\n        GROUP BY sid\n        ORDER BY date DESC {$limitsql}";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    $sids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $A = DB_fetchArray($result);
        if ($A['sid'] == $updated_id) {
            // no need to look any further - this feed has to be updated
            return false;
        }
        $sids[] = $A['sid'];
    }
    $current = implode(',', $sids);
    if ($_SYND_DEBUG) {
        COM_errorLog("Update check for topic {$tid}: comparing new list ({$current}) with old list ({$update_info})", 1);
    }
    return $current != $update_info ? false : true;
}
function MYCALJP_showStoriesIntro()
{
    global $_CONF, $_TABLES, $_MYCALJP2_CONF;
    if (!$_MYCALJP2_CONF['showstoriesintro']) {
        return '';
    }
    $retval = '';
    $_dateStart = COM_applyFilter($_GET['datestart']);
    $_dateEnd = COM_applyFilter($_GET['dateend']);
    if (!empty($_dateStart) && !empty($_dateEnd)) {
        $ds = explode("-", $_dateStart);
        $de = explode("-", $_dateEnd);
        $startdate = mktime(0, 0, 0, $ds[1], $ds[2], $ds[0]);
        $enddate = mktime(23, 59, 59, $de[1], $de[2], $de[0]);
        $sql = "AND (UNIX_TIMESTAMP(date) BETWEEN '{$startdate}' AND '{$enddate}') ";
    }
    $sql .= "AND (draft_flag = 0) ";
    $sql .= COM_getPermSQL('AND', 0, 2, 's') . ' ';
    $sql .= COM_getTopicSQL('AND', 0, 'ta') . ' ';
    $sql .= COM_getLangSQL('sid', 'AND', 's') . ' ';
    $userfields = 'u.username, u.fullname';
    if ($_CONF['allow_user_photo'] == 1) {
        $userfields .= ', u.photo';
        if ($_CONF['use_gravatar']) {
            $userfields .= ', u.email';
        }
    }
    $msql = array();
    $msql['mysql'] = "SELECT DISTINCT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . "UNIX_TIMESTAMP(s.expire) AS expireunix, " . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta " . "WHERE (ta.type = 'article') AND (ta.tdefault = 1) AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (s.sid = ta.id) " . $sql . "ORDER BY featured DESC, date DESC";
    /*
        $msql['mssql']="SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, cast(s.introtext as text) as introtext, cast(s.bodytext as text) as bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.in_transit, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode, "
                 . " UNIX_TIMESTAMP(s.date) AS unixdate, "
                 . 'UNIX_TIMESTAMP(s.expire) as expireunix, '
                 . $userfields . ", t.topic, t.imageurl "
                 . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, "
                 . "{$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta "
                 . "WHERE (ta.type = 'article') AND (ta.tdefault = 1) AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (s.sid = ta.id) "
                 . $sql . "ORDER BY featured DESC, date DESC";
    */
    $result = DB_query($msql);
    require_once $_CONF['path_system'] . 'lib-story.php';
    $story = new Story();
    while ($A = DB_fetchArray($result)) {
        $story->loadFromArray($A);
        $retval .= STORY_renderArticle($story, 'y');
    }
    return $retval;
}
Exemple #17
0
/**
* Displays a list of all the stories that have the 'draft' flag set.
*
* When enabled, this will list all the stories that have been marked as
* 'draft'. Approving a story from this list will clear the draft flag and
* thus publish the story.
*
* @param    string  $token  CSRF token
* @return   string          HTML for the list of draft stories
*
*/
function draftlist($token)
{
    global $_CONF, $_TABLES, $LANG24, $LANG29, $LANG_ADMIN;
    require_once $_CONF['path_system'] . 'lib-admin.php';
    $retval = '';
    $result = DB_query("SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC");
    $nrows = DB_numRows($result);
    $data_arr = array();
    for ($i = 0; $i < $nrows; $i++) {
        $A = DB_fetchArray($result);
        $A['edit'] = $_CONF['site_admin_url'] . '/story.php?mode=edit&amp;sid=' . $A['id'];
        $A['row'] = $i;
        $A['title'] = stripslashes($A['title']);
        $A['tid'] = stripslashes($A['tid']);
        $data_arr[$i] = $A;
    }
    $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0), array('text' => $LANG29[10], 'field' => 'title'), array('text' => $LANG29[14], 'field' => 'day'), array('text' => $LANG29[15], 'field' => 'tid'), array('text' => $LANG29[2], 'field' => 'delete'), array('text' => $LANG29[1], 'field' => 'approve'));
    $text_arr = array('has_menu' => false, 'title' => $LANG29[35] . ' (' . $LANG24[34] . ')', 'help_url' => '', 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
    $form_arr = array("bottom" => '', "top" => '');
    if ($nrows > 0) {
        $form_arr['bottom'] = '<input type="hidden" name="type" value="draft"' . XHTML . '>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"' . XHTML . '>' . LB . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>' . '<p align="center"><input type="submit" value="' . $LANG_ADMIN['submit'] . '"' . XHTML . '></p>' . LB;
    }
    $listoptions = array('chkdelete' => true, 'chkfield' => 'id');
    $table = ADMIN_simpleList('ADMIN_getListField_moderation', $header_arr, $text_arr, $data_arr, $listoptions, $form_arr);
    $retval .= $table;
    return $retval;
}
Exemple #18
0
/**
* Returns SQL & Language texts to moderation.php
*
* @return   mixed   Plugin object or void if not allowed
*
*/
function plugin_itemlist_story()
{
    global $_TABLES, $LANG29;
    if (plugin_ismoderator_story()) {
        $plugin = new Plugin();
        $plugin->submissionlabel = $LANG29[35];
        $plugin->submissionhelpfile = 'ccstorysubmission.html';
        $plugin->getsubmissionssql = "SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid,uid" . " FROM {$_TABLES['storysubmission']}" . COM_getTopicSQL('WHERE') . " ORDER BY date ASC";
        $plugin->addSubmissionHeading($LANG29[10]);
        $plugin->addSubmissionHeading($LANG29[14]);
        $plugin->addSubmissionHeading($LANG29[15]);
        $plugin->addSubmissionHeading($LANG29[46]);
        return $plugin;
    }
}
Exemple #19
0
 /**
  * Saves a story submission.
  *
  * @return  integer result code explaining behaviour.
  */
 function saveSubmission()
 {
     global $_USER, $_CONF, $_TABLES;
     $this->_sid = COM_makeSid();
     if (COM_isAnonUser()) {
         $this->_uid = 1;
     } else {
         $this->_uid = $_USER['uid'];
     }
     $tmptid = addslashes(COM_sanitizeID($this->_tid));
     $result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND'));
     if (DB_numRows($result) == 0) {
         // user doesn't have access to this topic - bail
         return STORY_NO_ACCESS_TOPIC;
     }
     $T = DB_fetchArray($result);
     if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
         $this->_sid = addslashes($this->_sid);
         $this->_tid = $tmptid;
         $this->_title = addslashes($this->_title);
         $this->_introtext = addslashes($this->_introtext);
         $this->_bodytext = addslashes($this->_bodytext);
         $this->_postmode = addslashes($this->_postmode);
         DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'");
         return STORY_SAVED_SUBMISSION;
     } else {
         // post this story directly. First establish the necessary missing data.
         $this->_sanitizeData();
         if (!isset($_CONF['show_topic_icon'])) {
             $_CONF['show_topic_icon'] = 1;
         }
         if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) {
             $this->_frontpage = 0;
         } elseif (isset($_CONF['frontpage'])) {
             $this->_frontpage = $_CONF['frontpage'];
         } else {
             $this->_frontpage = 1;
         }
         $this->_oldsid = $this->_sid;
         $this->_date = mktime();
         $this->_featured = 0;
         $this->_commentcode = $_CONF['comment_code'];
         $this->_trackbackcode = $_CONF['trackback_code'];
         $this->_statuscode = 0;
         $this->_show_topic_icon = $_CONF['show_topic_icon'];
         if (COM_isAnonUser()) {
             $this->_owner_id = 1;
         } else {
             $this->_owner_id = $_USER['uid'];
         }
         $this->_group_id = $T['group_id'];
         $this->_perm_owner = $T['perm_owner'];
         $this->_perm_group = $T['perm_group'];
         $this->_perm_members = $T['perm_members'];
         $this->_perm_anon = $T['perm_anon'];
         $this->saveToDatabase();
         PLG_itemSaved($this->_sid, 'article');
         COM_rdfUpToDateCheck();
         COM_olderStuff();
         return STORY_SAVED;
     }
 }
Exemple #20
0
/**
 * Display main view (list of years)
 * Displays an overview of all the years and months, starting with the first
 * year for which a story has been posted. Can optionally display a list of
 * the stories for the current month at the top of the page.
 *
 * @param    Template $template  reference of the template
 * @param    string   $dir_topic current topic
 * @return   string                list of all the years in the db
 */
function DIR_displayAll($template, $dir_topic)
{
    global $_TABLES, $LANG_DIR;
    $retval = '';
    $yearsql = array();
    $yearsql['mysql'] = "SELECT DISTINCT YEAR(date) AS year, date\n        FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n        WHERE (draft_flag = 0) AND (date <= NOW())\n        AND ta.type = 'article' AND ta.id = sid\n        " . COM_getTopicSQL('AND', 0, 'ta') . COM_getPermSql('AND') . COM_getLangSQL('sid', 'AND');
    $yearsql['pgsql'] = "SELECT EXTRACT(YEAR from date) AS year\n        FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n        WHERE (draft_flag = 0) AND (date <= NOW())\n        AND ta.type = 'article' AND ta.id = sid\n        " . COM_getTopicSQL('AND', 0, 'ta') . COM_getPermSql('AND') . COM_getLangSQL('sid', 'AND');
    $ySql = array();
    $ySql['mysql'] = $yearsql['mysql'] . " GROUP BY year, date ORDER BY date DESC";
    $ySql['pgsql'] = $yearsql['pgsql'] . " GROUP BY year, date ORDER BY year DESC";
    $yResult = DB_query($ySql);
    $numYears = DB_numRows($yResult);
    if ($numYears > 0) {
        for ($i = 0; $i < $numYears; $i++) {
            $Y = DB_fetchArray($yResult);
            if (TEMPLATE_EXISTS) {
                $template->set_var('section_title', $Y['year']);
                $retval .= $template->parse('title', 'section-title') . LB;
            } else {
                $retval .= '<h3>' . $Y['year'] . '</h3>' . LB;
            }
            $retval .= DIR_displayYear($template, $dir_topic, $Y['year']);
        }
    } else {
        if (TEMPLATE_EXISTS) {
            $retval .= $template->parse('message', 'no-articles') . LB;
        } else {
            $retval .= '<p>' . $LANG_DIR['no_articles'] . '</p>' . LB;
        }
    }
    return $retval;
}
/**
* Shows older story information in a block
*
* Return the HTML that shows any older stories
*
* @param    string  $help     Help file for block
* @param    string  $title    Title used in block header
* @param    string  $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return   string  Return the HTML that shows any new stories, comments, etc
*
*/
function COM_olderStoriesBlock($help = '', $title = '', $position = '')
{
    global $_TABLES, $_CONF;
    $cacheInstance = 'olderarticles__' . CACHE_security_hash() . '__' . $_CONF['theme'];
    $retval = CACHE_check_instance($cacheInstance);
    if (empty($retval)) {
        $retval = COM_startBlock($title, $help, COM_getBlockTemplate('older_stories_block', 'header', $position));
        $sql['mysql'] = "SELECT sid,ta.tid,title,comments,UNIX_TIMESTAMP(date) AS day\n            FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = 'article' AND ta.id = sid " . COM_getLangSQL('sid', 'AND') . "\n            AND (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1, 'ta') . "\n            GROUP BY sid\n            ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
        $sql['mssql'] = $sql['mysql'];
        $sql['pgsql'] = "SELECT sid,ta.tid,title,comments,date_part('epoch',date) AS day\n            FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE ta.type = 'article' AND ta.id = sid  " . COM_getLangSQL('sid', 'AND') . "\n            AND (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1, 'ta') . "\n            GROUP BY sid, ta.tid, title, comments, day\n            ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $dateonly = $_CONF['dateonly'];
            if (empty($dateonly)) {
                $dateonly = '%d-%b';
                // fallback: day - abbrev. month name
            }
            $day = 'noday';
            $string = '';
            for ($i = 0; $i < $nrows; $i++) {
                $A = DB_fetchArray($result);
                $daycheck = strftime('%A', $A['day']);
                if ($day != $daycheck) {
                    if ($day != 'noday') {
                        $daylist = COM_makeList($oldnews, 'list-older-stories');
                        $daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
                        $string .= $daylist . '<div class="divider-older-stories"></div>';
                    }
                    $day2 = strftime($dateonly, $A['day']);
                    $string .= '<h3>' . $daycheck . ' <small>' . $day2 . '</small></h3>' . LB;
                    $oldnews = array();
                    $day = $daycheck;
                }
                $oldnews_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
                $oldnews[] = COM_createLink($A['title'], $oldnews_url) . ' (' . COM_numberFormat($A['comments']) . ')';
            }
            if (!empty($oldnews)) {
                $daylist = COM_makeList($oldnews, 'list-older-stories');
                $daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
                $string .= $daylist;
                $retval .= $string;
            }
        }
        $retval .= COM_endBlock(COM_getBlockTemplate('older_stories_block', 'footer', $position));
        CACHE_create_instance($cacheInstance, $retval);
    }
    return $retval;
}
Exemple #22
0
if (!empty($topic)) {
    $sql .= " AND s.tid = '{$topic}' ";
} elseif (!$newstories) {
    $sql .= " AND frontpage = 1 ";
}
if ($topic != $archivetid) {
    $sql .= " AND s.tid != '{$archivetid}' ";
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
if (!empty($U['aids'])) {
    $sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
}
if (!empty($U['tids'])) {
    $sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
}
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
if ($newstories) {
    $sql .= "AND (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) ";
}
$offset = ($page - 1) * $limit;
$userfields = 'u.uid, u.username, u.fullname';
if ($_CONF['allow_user_photo'] == 1) {
    $userfields .= ', u.photo';
    if ($_CONF['use_gravatar']) {
        $userfields .= ', u.email';
    }
}
$msql = array();
$msql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT {$offset}, {$limit}";
$msql['mssql'] = "SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, cast(s.introtext as text) as introtext, cast(s.bodytext as text) as bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode, " . " UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT {$offset}, {$limit}";
$result = DB_query($msql);
Exemple #23
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        // Topic Permissions
        $topic_perms = COM_getTopicSQL('', 0, 'ta');
        if ($topic_perms != "") {
            $topic_perms = " AND (" . $topic_perms . "";
            if (COM_onFrontpage()) {
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            } else {
                // $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            }
        }
        $topic_perms .= " GROUP BY sp_id";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            $page = $output['sp_id'];
            // reset page id so case mimics id perfectly since this affects the cache file and canonical link
            // WE ASSUME $output doesn't have any confidential fields
            // Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
            if (!isset($args['template'])) {
                $output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
                    $create_page = true;
                }
            }
            if (!$create_page) {
                if (empty($page)) {
                    $failflg = 0;
                } else {
                    $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
                }
                if ($failflg) {
                    $output .= SEC_loginRequiredForm();
                    if ($mode !== 'autotag') {
                        $output = COM_createHTMLDocument($output, array('rightblock' => true));
                    }
                } else {
                    if ($mode !== 'autotag') {
                        COM_handle404();
                    }
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['created']));
            $output['updated'] = date('c', strtotime($output['modified']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['page_title'] = $output['sp_page_title'];
            $output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' WHERE ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY modified DESC";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count++;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['created']));
                $output_item['updated'] = date('c', strtotime($output_item['modified']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['page_title'] = $output_item['sp_page_title'];
                //$output_item['category']     = array($output_item['sp_tid']);
                $output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
                //$output_item['content']      = $output_item['sp_content'];
                $output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
                $output_item['content_type'] = 'html';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Exemple #24
0
 /**
  * Performs search on all comments
  *
  * @author Tony Bibbs <tony AT geeklog DOT net>
  *         Sami Barakat <s.m.barakat AT gmail DOT com>
  * @access private
  * @return object plugin object
  *
  */
 function _searchComments()
 {
     global $_CONF, $_TABLES, $_DB_dbms, $LANG09;
     // Make sure the query is SQL safe
     $query = trim(DB_escapeString(htmlspecialchars($this->_query)));
     $sql = "SELECT s.sid AS id, c.title AS title, c.comment AS description, UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, '0' AS hits, ";
     if ($_CONF['url_rewrite']) {
         $sql .= "CONCAT('/article.php/',s.sid,'#comments') AS url ";
     } else {
         $sql .= "CONCAT('/article.php?story=',s.sid,'#comments') AS url ";
     }
     $sql .= "FROM {$_TABLES['users']} AS u, {$_TABLES['comments']} AS c ";
     $sql .= "LEFT JOIN {$_TABLES['stories']} AS s ON ((s.sid = c.sid) ";
     $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ") ";
     $sql .= "WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ";
     if (!empty($this->_topic)) {
         $sql .= "AND (s.tid = '" . DB_escapeString($this->_topic) . "') ";
     }
     if (!empty($this->_author)) {
         $sql .= "AND (c.uid = " . (int) $this->_author . ") ";
     }
     $search = new SearchCriteria('comments', $LANG09[65] . ' > ' . $LANG09[66]);
     $columns = array('comment', 'c.title');
     $sql .= $search->getDateRangeSQL('AND', 'UNIX_TIMESTAMP(c.date)', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $search->setSQL($sql);
     $search->setFTSQL($ftsql);
     $search->setRank(2);
     return $search;
 }
/**
* Common function to be called from phpblock_lastarticles() and
* phpblock_lastarticles2()
*/
function phpblock_lastarticles_common($numrows = 10, $length = 50, $additional_sql = '')
{
    global $_CONF, $_TABLES;
    if (!defined('XHTML')) {
        define('XHTML', '');
    }
    $numrows = intval($numrows);
    if ($numrows < 1) {
        $numrows = 10;
    }
    $length = intval($length);
    if ($length < 1) {
        $length = 50;
    }
    $sql = "SELECT STRAIGHT_JOIN " . LB;
    $sql .= " s.sid";
    $sql .= " , t.tid";
    $sql .= " , s.title, s.date, s.group_id " . LB;
    $sql .= " , s.introtext, s.bodytext, t.topic " . LB;
    $sql .= "  FROM {$_TABLES['stories']} AS s" . LB;
    $sql .= ", {$_TABLES['topics']} AS t " . LB;
    //FOR GL2.0.0
    if (COM_versionCompare(VERSION, "2.0.0", '>=')) {
        $sql .= " ,{$_TABLES['topic_assignments']} AS t2" . LB;
    }
    $sql .= "  WHERE " . LB;
    $sql .= " (s.title <> '') " . LB;
    //FOR GL2.0.0
    if (COM_versionCompare(VERSION, "2.0.0", '>=')) {
        $sql .= "  AND s.sid = t2.id" . LB;
        $sql .= "  AND t2.tid = t.tid" . LB;
    } else {
        $sql .= " AND (s.tid = t.tid) " . LB;
    }
    $sql .= " AND (s.draft_flag = 0) " . LB;
    $sql .= " AND (s.date <= NOW()) " . LB;
    $sql .= COM_getTopicSQL('AND', 0, 't') . LB;
    if (function_exists('COM_getLangSQL')) {
        $sql .= COM_getLangSQL('sid', 'AND', 's') . LB;
    }
    $sql .= $additional_sql . LB . "ORDER BY s.date DESC " . "LIMIT " . $numrows;
    $result = DB_query($sql);
    $template = LASTARTICLES_getTemplate();
    $encoding = LASTARTICLES_getEncoding();
    $retval = '';
    while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
        $introtext = PLG_replaceTags(stripslashes($A['introtext']));
        $bodytext = PLG_replaceTags(stripslashes($A['bodytext']));
        $article = mb_strimwidth(strip_tags($introtext), 0, LASTARTICLES_ARTICLE_LENGTH, '...', $encoding);
        $date = date(LASTARTICLES_DATE_FORMAT, strtotime($A['date']));
        $img = LASTARTICLES_renderImageTag($introtext . $bodytext);
        $link = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
        $title = mb_strimwidth(stripslashes($A['title']), 0, $length, '...', $encoding);
        $topic = LASTARTICLES_esc($A['topic']);
        $retval .= str_replace(array('{article}', '{date}', '{img}', '{link}', '{title}', '{topic}', '{xhtml}'), array($article, $date, $img, $link, $title, $topic, XHTML), $template);
    }
    return $retval;
}