function parse($p1, $p2, $fulltag)
{
global $_TABLES, $_CONF;
$topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($p1) . "'" . COM_getTopicSQL('AND'));
if (empty($topic)) {
return "<b>Unknown Topic</b>";
}
if (!empty($p2) && $p2 != $p1) {
$topic = $p2;
} else {
$topic = $topic;
}
return '<a href="' . $_CONF['site_url'] . '/index.php?topic=' . urlencode($p1) . '">' . htmlspecialchars($topic) . '</a>';
}
/**
* Handles a comment view request
*
* @copyright Vincent Furia 2005
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param boolean $view View or display (true for view)
* @return string HTML (possibly a refresh)
*/
function handleView($view = true)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS;
$display = '';
if ($view) {
$cid = COM_applyFilter($_REQUEST['cid'], true);
} else {
$cid = COM_applyFilter($_REQUEST['pid'], true);
}
if ($cid <= 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}";
$A = DB_fetchArray(DB_query($sql));
$sid = $A['sid'];
$title = $A['title'];
$type = $A['type'];
$format = $_CONF['comment_mode'];
if (isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if ($format != 'threaded' && $format != 'nested' && $format != 'flat') {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
switch ($type) {
case 'article':
$sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
$result = DB_query($sql);
$B = DB_fetchArray($result);
$allowed = $B['count'];
if ($allowed == 1) {
$delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3;
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$page = 0;
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true);
}
$display .= CMT_userComments($sid, $title, $type, $order, $format, $cid, $page, $view, $delete_option, $B['commentcode']);
} else {
$display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
break;
default:
// assume plugin
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$page = 0;
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true);
}
if (!($display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view))) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
}
return COM_siteHeader('menu', $title) . COM_showMessageFromParameter() . $display . COM_siteFooter();
}
function phpblock_storypicker()
{
global $_TABLES, $_CONF, $topic;
$LANG_STORYPICKER = array('choose' => 'Choose a story');
$max_stories = 5;
//how many stories to display in the list
$topicsql = '';
$sid = '';
if (isset($_GET['story'])) {
$sid = COM_applyFilter($_GET['story']);
$stopic = DB_getItem($_TABLES['stories'], 'tid', 'sid = \'' . DB_escapeString($sid) . '\'');
if (!empty($stopic)) {
$topic = $stopic;
} else {
$sid = '';
}
}
if (empty($topic)) {
if (isset($_GET['topic'])) {
$topic = COM_applyFilter($_GET['topic']);
} elseif (isset($_POST['topic'])) {
$topic = COM_applyFilter($_POST['topic']);
} else {
$topic = '';
}
}
if (!empty($topic)) {
$topicsql = " AND tid = '" . DB_escapeString($topic) . "'";
}
if (empty($topicsql)) {
$topic = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if (empty($topic)) {
$topicsql = '';
} else {
$topicsql = " AND tid <> '" . DB_escapeString($topic) . "'";
}
}
$sql = 'SELECT sid, title FROM ' . $_TABLES['stories'] . ' WHERE draft_flag = 0 AND date <= now()' . COM_getPermSQL(' AND') . COM_getTopicSQL(' AND') . $topicsql . ' ORDER BY date DESC LIMIT ' . $max_stories;
$res = DB_query($sql);
$list = '';
while ($A = DB_fetchArray($res)) {
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$list .= '<li><a href=' . $url . '>' . htmlspecialchars(COM_truncate($A['title'], 41, '...')) . "</a></li>\n";
}
return $list;
}
/**
* Displays items needing moderation
*
* Displays the moderation list of items from the submission tables
*
* @type string Type of object to build list for
*
*/
function MODERATE_itemList($type = '', $token)
{
global $_CONF, $_TABLES, $LANG01, $LANG24, $LANG29, $LANG_ADMIN, $_IMAGE_TYPE;
$retval = '';
if (empty($type)) {
COM_errorLog("Submissions Error: Attempted to generate a moderation list for a null item type.");
} else {
switch ($type) {
case 'user':
// user -----------------------------------------------
$result = DB_query("SELECT uid,username,fullname,email,UNIX_TIMESTAMP(regdate) AS day FROM {$_TABLES['users']} WHERE status = 2");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$data_arr = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$A['edit'] = $_CONF['site_admin_url'] . '/user.php?edit=x&uid=' . $A['uid'];
$A['fullname'] = $A['fullname'];
$A['email'] = $A['email'];
$A['_type_'] = 'user';
$A['_key_'] = 'uid';
$data_arr[$i] = $A;
}
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $LANG29[16], 'field' => 1, 'nowrap' => true), array('text' => $LANG29[17], 'field' => 2), array('text' => $LANG29[18], 'field' => 3, 'nowrap' => true), array('text' => $LANG29[47], 'field' => 4, 'align' => 'center'), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px'));
$text_arr = array('has_menu' => false, 'title' => $LANG29[40], 'help_url' => 'ccusersubmission.html', 'no_data' => '', 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
$actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/> ' . $LANG29[1];
$actions .= ' ';
$actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete'];
$options = array('chkselect' => true, 'chkfield' => 'uid', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions);
$form_arr['bottom'] = '<input type="hidden" name="type" value="user"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="moderation" value="x"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>';
$retval = ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token);
}
break;
case 'draftstory':
// draft story ----------------------------------
$result = DB_query("SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid,uid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$data_arr = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$A['edit'] = $_CONF['site_admin_url'] . '/story.php?draft=x&sid=' . $A['id'];
$A['title'] = $A['title'];
$A['tid'] = $A['tid'];
$A['_type_'] = 'draftstory';
$A['_key_'] = 'sid';
$data_arr[$i] = $A;
}
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $LANG29[10], 'field' => 'title'), array('text' => $LANG29[14], 'field' => 'day', 'align' => 'center', 'width' => '15%'), array('text' => $LANG29[15], 'field' => 'tid', 'width' => '20%'), array('text' => $LANG29[46], 'field' => 'uid', 'width' => '15%', 'nowrap' => true), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px'));
$text_arr = array('has_menu' => false, 'title' => $LANG29[35] . ' (' . $LANG24[34] . ')', 'help_url' => '', 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
$actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/> ' . $LANG29[1];
$actions .= ' ';
$actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete'];
$options = array('chkselect' => true, 'chkfield' => 'id', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions);
$form_arr['bottom'] = '<input type="hidden" name="type" value="draftstory"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>';
$retval .= ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token);
}
break;
// draftstory
// draftstory
default:
// plugin -------------------------------------------------
$function = 'plugin_itemlist_' . $type;
if (function_exists($function)) {
$plugin = new Plugin();
$plugin = $function($token);
// if the plugin returns a string, it wants to control it's own
// moderation. as far as I can tell - no plugin has used this yet
// it appears to be a feature that was added in glFusion 1.1.0rc1
// but never actually used
if (is_string($plugin) && !empty($plugin)) {
return '<div class="block-box">' . $plugin . '</div>';
// otherwise this is a plugin object (historical approach)
} elseif (is_object($plugin)) {
$helpfile = $plugin->submissionhelpfile;
$sql = $plugin->getsubmissionssql;
$H = $plugin->submissionheading;
$section_title = $plugin->submissionlabel;
$section_help = $helpfile;
$isplugin = true;
}
}
// this needs to be removed when story moves into a plugin
if ($type == 'story') {
$isplugin = false;
}
// we really only need the id from this list, so that we know key/id field name
list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
// the first 4 columns default to Title, Date, Topic and Submitted By unless otherwise
// specified. not sure I like this approach - but whatever - it's not
// breaking anything at the momemnt
if (!isset($H[0]) || empty($H[0])) {
$H[0] = $LANG29[10];
}
if (!isset($H[1]) || empty($H[1])) {
$H[1] = $LANG29[14];
}
if (!isset($H[2]) || empty($H[2])) {
$H[2] = $LANG29[15];
}
if (!isset($H[3]) || empty($H[3])) {
$H[3] = $LANG29[46];
}
// run SQL but this time ignore any errors. note that the max items for
// each type that can be moderated is limited to 50
if (!empty($sql)) {
$sql .= ' LIMIT 50';
// quick'n'dirty workaround to prevent timeouts
$result = DB_query($sql, 1);
}
if (empty($sql) || DB_error()) {
$nrows = 0;
// more than likely a plugin that doesn't need moderation
} else {
$nrows = DB_numRows($result);
}
if ($nrows > 0) {
// only generate list html if there are items to moderate
$data_arr = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if ($isplugin) {
$A['edit'] = $_CONF['site_admin_url'] . '/plugins/' . $type . '/index.php?moderate=x' . '&' . $key . '=' . $A[0];
} else {
$A['edit'] = $_CONF['site_admin_url'] . '/' . $type . '.php?moderate=x' . '&' . $key . '=' . $A[0];
}
$A['_type_'] = $type;
// type of item
$A['_key_'] = $key;
// name of key/id field
$data_arr[$i] = $A;
// push row data into array
}
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0, 'align' => 'center', 'width' => '25px'), array('text' => $H[0], 'field' => 1), array('text' => $H[1], 'field' => 2, 'align' => 'center', 'width' => '15%'), array('text' => $H[2], 'field' => 3, 'width' => '20%'), array('text' => $H[3], 'field' => 4, 'width' => '15%', 'nowrap' => true), array('text' => $LANG29[1], 'field' => 'approve', 'align' => 'center', 'width' => '35px'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'align' => 'center', 'width' => '35px'));
$text_arr = array('has_menu' => false, 'title' => $section_title, 'help_url' => $section_help, 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
$actions = '<input name="approve" type="image" src="' . $_CONF['layout_url'] . '/images/admin/accept.' . $_IMAGE_TYPE . '" style="vertical-align:bottom;" title="' . $LANG29[44] . '" onclick="return confirm(\'' . $LANG29[45] . '\');"' . '/> ' . $LANG29[1];
$actions .= ' ';
$actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete'];
$options = array('chkselect' => true, 'chkfield' => 'id', 'chkname' => 'selitem', 'chkminimum' => 0, 'chkall' => false, 'chkactions' => $actions);
$form_arr['bottom'] = '<input type="hidden" name="type" value="' . $type . '"/>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>' . LB . '<input type="hidden" name="moderation" value="x"/>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"/>';
$retval .= ADMIN_simpleList('MODERATE_getListField', $header_arr, $text_arr, $data_arr, $options, $form_arr, $token);
}
break;
// plugin
}
// switch ($type)
}
// !empty($type)
return $retval;
}
/**
* Performs search on all stories
*
* @return object plugin object
*
*/
private function _searchStories()
{
global $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(DB_escapeString($this->_query));
$sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
$sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
$sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
$sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta ';
$sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
$sql .= 'AND ta.type = \'article\' AND ta.id = sid ';
$sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . COM_getLangSQL('sid', 'AND') . ' ';
if (!empty($this->_topic)) {
// Retrieve list of inherited topics
if ($this->_topic == TOPIC_ALL_OPTION) {
// Stories do not have an all option so just return all stories that meet the requirements and permissions
//$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
} else {
$tid_list = TOPIC_getChildList($this->_topic);
$sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
}
}
if (!empty($this->_author)) {
$sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
}
$search_s = new SearchCriteria('stories', $LANG09[65]);
$columns = array('title' => 'title', 'introtext', 'bodytext');
$sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$sql .= " GROUP BY s.sid";
$search_s->setSQL($sql);
$search_s->setFTSQL($ftsql);
$search_s->setRank(5);
$search_s->setURLRewrite(true);
// Search Story Comments
$sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
$sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, \'0\' AS hits, ';
// MSSQL has a problem when concatenating numeric values
if ($_DB_dbms == 'mssql') {
$sql .= '\'/comment.php?mode=view&cid=\' + CAST(c.cid AS varchar(10)) AS url ';
} else {
$sql .= 'CONCAT(\'/comment.php?mode=view&cid=\',c.cid) AS url ';
}
$sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta, ' . $_TABLES['comments'] . ' AS c ';
$sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
$sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
$sql .= 'AND ta.type = \'article\' AND ta.id = s.sid ' . COM_getTopicSQL('AND', 0, 'ta');
if (!empty($this->_topic)) {
if ($this->_topic == TOPIC_ALL_OPTION) {
// Stories do not have an all option so just return all story comments that meet the requirements and permissions
//$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
} else {
$sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
}
}
if (!empty($this->_author)) {
$sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
}
$search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
$columns = array('title' => 'c.title', 'comment');
$sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$sql .= " GROUP BY id";
$search_c->setSQL($sql);
$search_c->setFTSQL($ftsql);
$search_c->setRank(2);
return array($search_s, $search_c);
}
/**
* article: display [a] comment[s]
*
* @param string $id Unique idenifier for item comment belongs to
* @param int $cid Comment id to display (possibly including sub-comments)
* @param string $title Page/comment title
* @param string $order 'ASC' or 'DESC' or blank
* @param string $format 'threaded', 'nested', or 'flat'
* @param int $page Page number of comments to display
* @param boolean $view True to view comment (by cid), false to display (by $pid)
* @return mixed results of calling the plugin_displaycomment_ function
*/
function plugin_displaycomment_article($id, $cid, $title, $order, $format, $page, $view)
{
global $_TABLES, $LANG_ACCESS;
$retval = '';
$sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE (sid = '{$id}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW()) AND ta.type = "article" AND ta.id = sid ' . COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . ' GROUP BY sid, owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
$result = DB_query($sql);
$A = DB_fetchArray($result);
$allowed = $A['count'];
if ($allowed > 0) {
// Was equal 1 but when multiple topics in play the comment could belong to more than onetopic creating a higher count
$delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3;
$retval .= CMT_userComments($id, $title, 'article', $order, $format, $cid, $page, $view, $delete_option, $A['commentcode']);
} else {
$retval .= COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied']);
}
return $retval;
}
/**
* Creates older stuff block
*
* Creates the olderstuff block for display.
* Actually updates the olderstuff record in the gl_blocks database.
* @return void
*/
function COM_olderStuff()
{
global $_TABLES, $_CONF;
$sql['mysql'] = "SELECT sid,tid,title,comments,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
$sql['mssql'] = "SELECT sid,tid,title,comments,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
$sql['pgsql'] = "SELECT sid,tid,title,comments,date_part('epoch',date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$dateonly = $_CONF['dateonly'];
if (empty($dateonly)) {
$dateonly = '%d-%b';
// fallback: day - abbrev. month name
}
$day = 'noday';
$string = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$daycheck = strftime('%A', $A['day']);
if ($day != $daycheck) {
if ($day != 'noday') {
$daylist = COM_makeList($oldnews, 'list-older-stories');
$daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
$string .= $daylist . '<br' . XHTML . '>';
}
$day2 = strftime($dateonly, $A['day']);
$string .= '<h3>' . $daycheck . ' <small>' . $day2 . '</small></h3>' . LB;
$oldnews = array();
$day = $daycheck;
}
$oldnews_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$oldnews[] = COM_createLink($A['title'], $oldnews_url) . ' (' . COM_numberFormat($A['comments']) . ')';
}
if (!empty($oldnews)) {
$daylist = COM_makeList($oldnews, 'list-older-stories');
$daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
$string .= $daylist;
$string = addslashes($string);
DB_query("UPDATE {$_TABLES['blocks']} SET content = '{$string}' WHERE name = 'older_stories'");
}
}
}
/**
* Performs search on all stories
*
* @access private
* @return object plugin object
*
*/
function _searchStories()
{
global $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(addslashes($this->_query));
$sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
$sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
$sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
$sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u ';
$sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
$sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND') . COM_getLangSQL('sid', 'AND') . ' ';
if (!empty($this->_topic)) {
$sql .= 'AND (s.tid = \'' . $this->_topic . '\') ';
}
if (!empty($this->_author)) {
$sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
}
$search_s = new SearchCriteria('stories', $LANG09[65]);
$columns = array('title' => 'title', 'introtext', 'bodytext');
$sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$search_s->setSQL($sql);
$search_s->setFTSQL($ftsql);
$search_s->setRank(5);
$search_s->setURLRewrite(true);
// Search Story Comments
$sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
$sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, ';
// MSSQL has a problem when concatenating numeric values
if ($_DB_dbms == 'mssql') {
$sql .= '\'/comment.php?mode=view&cid=\' + CAST(c.cid AS varchar(10)) AS url ';
} else {
$sql .= 'CONCAT(\'/comment.php?mode=view&cid=\',c.cid) AS url ';
}
$sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['comments'] . ' AS c ';
$sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
$sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
if (!empty($this->_topic)) {
$sql .= 'AND (s.tid = \'' . $this->_topic . '\') ';
}
if (!empty($this->_author)) {
$sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
}
$search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
$columns = array('title' => 'c.title', 'comment');
$sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$search_c->setSQL($sql);
$search_c->setFTSQL($ftsql);
$search_c->setRank(2);
return array($search_s, $search_c);
}
$pageBody .= COM_showMessageText($LANG03[7] . $last . $LANG03[8] . $goBack, $LANG12[26], true, 'error');
} else {
$sid = isset($_REQUEST['sid']) ? COM_sanitizeID(COM_applyFilter($_REQUEST['sid'])) : '';
$type = isset($_REQUEST['type']) ? COM_applyFilter($_REQUEST['type']) : '';
$title = isset($_REQUEST['title']) ? strip_tags($_REQUEST['title']) : '';
$postmode = $_CONF['comment_postmode'];
$pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0;
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
if (!empty($sid) && !empty($type)) {
if (empty($title)) {
if ($type == 'article') {
$title = DB_getItem($_TABLES['stories'], 'title', "sid = '" . DB_escapeString($sid) . "'" . COM_getPermSQL('AND') . COM_getTopicSQL('AND'));
}
// CMT_commentForm expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
if (isset($_CONF['comment_engine']) && $_CONF['comment_engine'] != 'internal') {
$pageBody = PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0);
} else {
$outputHandle = outputHandler::getInstance();
$outputHandle->addMeta('name', 'robots', 'noindex');
$pageBody .= PLG_displayComment($type, $sid, 0, $title, '', 'nobar', 0, 0) . CMT_commentForm($title, '', $sid, $pid, $type, $mode, $postmode);
}
} else {
/**
* article: display comment(s)
*
* @param string $id Unique idenifier for item comment belongs to
* @param int $cid Comment id to display (possibly including sub-comments)
* @param string $title Page/comment title
* @param string $order 'ASC' or 'DESC' or blank
* @param string $format 'threaded', 'nested', or 'flat'
* @param int $page Page number of comments to display
* @param boolean $view True to view comment (by cid), false to display (by $pid)
* @return mixed results of calling the plugin_displaycomment_ function
*/
function plugin_displaycomment_article($id, $cid, $title, $order, $format, $page, $view)
{
global $_CONF, $_TABLES, $LANG_ACCESS;
USES_lib_story();
USES_class_story();
$retval = '';
// display story
$sql = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . "u.uid, u.username, u.fullname, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s LEFT JOIN {$_TABLES['users']} AS u ON s.uid=u.uid " . "LEFT JOIN {$_TABLES['topics']} AS t on s.tid=t.tid " . "WHERE (sid = '" . DB_escapeString($id) . "') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 't') . ' GROUP BY sid,owner_id, group_id, perm_owner, s.perm_group,s.perm_members, s.perm_anon ';
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($A = DB_fetchArray($result)) {
$story = new Story();
$story->loadFromArray($A);
$retval .= STORY_renderArticle($story, 'n');
}
// end
$sql = 'SELECT COUNT(*) AS count, commentcode, uid, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} " . "WHERE (sid = '" . DB_escapeString($id) . "') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
$result = DB_query($sql);
$B = DB_fetchArray($result);
$allowed = $B['count'];
if ($allowed == 1) {
$delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3;
$retval .= CMT_userComments($id, $title, 'article', $order, $format, $cid, $page, $view, $delete_option, $B['commentcode'], $B['uid']);
} else {
$retval .= COM_showMessageText($LANG_ACCESS['storydenialmsg'], $LANG_ACCESS['accessdenied'], true);
}
return $retval;
}
/**
* Creates older stuff block
*
* Creates the olderstuff block for display.
* Actually updates the olderstuff record in the blocks table.
* @return void
*/
function COM_olderStuff()
{
global $_TABLES, $_CONF;
$sql = "SELECT sid,tid,title,comments,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1) . " ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$dateonly = $_CONF['dateonly'];
if (empty($dateonly)) {
$dateonly = 'd-M';
// fallback: day - abbrev. month name
}
$day = 'noday';
$string = '';
$dt = new Date();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$dt->setTimestamp($A['day']);
$daycheck = $dt->format("z", true);
if ($day != $daycheck) {
if ($day != 'noday') {
$daylist = COM_makeList($oldnews, 'list-older-stories');
$daylist = str_replace(array("\r", "\n"), '', $daylist);
$string .= $daylist;
// . '<br/>';
}
$day2 = $dt->format($_CONF['dateonly'], true);
$string .= '<h3>' . $dt->format('l', true) . ' <small>' . $day2 . '</small></h3>' . LB;
$oldnews = array();
$day = $daycheck;
}
$oldnews_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$oldnews[] = COM_createLink(COM_truncate($A['title'], $_CONF['title_trim_length'], '...'), $oldnews_url, array('title' => htmlspecialchars($A['title'], ENT_COMPAT, COM_getEncodingt()))) . ' (' . COM_numberFormat($A['comments']) . ')';
}
if (!empty($oldnews)) {
$daylist = COM_makeList($oldnews, 'list-older-stories');
$daylist = str_replace(array("\r", "\n"), '', $daylist);
$string .= $daylist;
$string = DB_escapeString($string);
DB_query("UPDATE {$_TABLES['blocks']} SET content = '{$string}' WHERE name = 'older_stories'");
}
}
}
/**
* Returns SQL & Language texts to moderation.php
*
* @return mixed Plugin object or void if not allowed
*
*/
function plugin_itemlist_story_draft()
{
global $_TABLES, $LANG24, $LANG29;
if (SEC_hasRights('story.edit')) {
$plugin = new Plugin();
$plugin->submissionlabel = $LANG29[35] . ' (' . $LANG24[34] . ')';
$plugin->submissionhelpfile = 'ccdraftsubmission.html';
$plugin->getsubmissionssql = "SELECT sid AS id,title,date,tid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC";
$plugin->addSubmissionHeading($LANG29[10]);
$plugin->addSubmissionHeading($LANG29[14]);
$plugin->addSubmissionHeading($LANG29[15]);
return $plugin;
}
}
/**
* Shows any new information in a block
* Return the HTML that shows any new stories, comments, etc
*
* @param string $help Help file for block
* @param string $title Title used in block header
* @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return string Return the HTML that shows any new stories, comments, etc
*/
function COM_whatsNewBlock($help = '', $title = '', $position = '')
{
global $_CONF, $_TABLES, $LANG01, $LANG_WHATSNEW;
if ($_CONF['whatsnew_cache_time'] > 0) {
$cacheInstance = 'whatsnew__' . CACHE_security_hash() . '__' . $_CONF['theme'];
$retval = CACHE_check_instance($cacheInstance);
if ($retval) {
$lu = CACHE_get_instance_update($cacheInstance);
$now = time();
if ($now - $lu < $_CONF['whatsnew_cache_time']) {
return $retval;
}
}
}
$retval = COM_startBlock($title, $help, COM_getBlockTemplate('whats_new_block', 'header', $position));
$topicSql = '';
if ($_CONF['hidenewstories'] == 0 || $_CONF['hidenewcomments'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$topicSql = COM_getTopicSQL('AND', 0, 'ta');
}
if ($_CONF['hidenewstories'] == 0) {
$where_sql = " AND ta.type = 'article' AND ta.id = sid";
$archiveTid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if (!empty($archiveTid)) {
$where_sql .= " AND (ta.tid <> '{$archiveTid}')";
}
// Find the newest stories
$sql['mysql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid, title, date ORDER BY date DESC";
$sql['pgsql'] = "SELECT sid, title FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (date >= (NOW() - INTERVAL '{$_CONF['newstoriesinterval']} SECOND')) AND (date <= NOW()) AND (draft_flag = 0)" . $where_sql . COM_getPermSQL('AND') . $topicSql . COM_getLangSQL('sid', 'AND') . "\n GROUP BY sid, title, date ORDER BY date DESC";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='whats_new_block'");
}
// Any late breaking news stories?
$retval .= '<h3>' . $LANG01[99] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newstoriesinterval']) . '</small></h3>';
if ($numRows > 0) {
$newArticles = array();
for ($x = 0; $x < $numRows; $x++) {
$A = DB_fetchArray($result);
$url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titleToUse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$anchorText = str_replace('$', '$', $titleToUse);
$anchorText = str_replace(' ', ' ', $anchorText);
$newArticles[] = COM_createLink($anchorText, $url, $attr);
}
$retval .= COM_makeList($newArticles, 'list-new-plugins');
} else {
$retval .= $LANG01[100] . '<br' . XHTML . '>' . LB;
// No new stories
}
if ($_CONF['hidenewcomments'] == 0 || $_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
if ($_CONF['hidenewcomments'] == 0) {
// Go get the newest comments
$retval .= '<h3>' . $LANG01[83] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newcommentsinterval']) . '</small></h3>';
$new_plugin_comments = PLG_getWhatsNewComment();
if (!empty($new_plugin_comments)) {
// Sort array by element lastdate newest to oldest
foreach ($new_plugin_comments as $k => $v) {
$b[$k] = strtolower($v['lastdate']);
}
arsort($b);
$temp = array();
foreach ($b as $key => $val) {
$temp[] = $new_plugin_comments[$key];
}
$new_plugin_comments = $temp;
$newComments = array();
$count = 0;
foreach ($new_plugin_comments as $A) {
$count .= +1;
$url = '';
$info = PLG_getItemInfo($A['type'], $A['sid'], 'url');
if (!empty($info)) {
$url = $info . '#comments';
}
// Check to see if url (plugin may not support PLG_getItemInfo
if (!empty($url)) {
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titleToUse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$anchorComment = str_replace('$', '$', $titleToUse);
$anchorComment = str_replace(' ', ' ', $anchorComment);
if ($A['dups'] > 1) {
$anchorComment .= ' [+' . $A['dups'] . ']';
}
$newComments[] = COM_createLink($anchorComment, $url, $attr);
if ($count == 15) {
break;
}
}
}
$retval .= COM_makeList($newComments, 'list-new-comments');
} else {
$retval .= $LANG01[86] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0 || $_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
if ($_CONF['trackback_enabled'] && $_CONF['hidenewtrackbacks'] == 0) {
$retval .= '<h3>' . $LANG01[114] . ' <small>' . COM_formatTimeString($LANG_WHATSNEW['new_last'], $_CONF['newtrackbackinterval']) . '</small></h3>';
$sql['mysql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (DATE_SUB(NOW(), INTERVAL {$_CONF['newtrackbackinterval']} SECOND)))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n GROUP BY t.sid, s.title\n ORDER BY lastdate DESC LIMIT 15";
$sql['pgsql'] = "SELECT DISTINCT COUNT(*) AS count,s.title,t.sid,max(t.date) AS lastdate\n FROM {$_TABLES['trackback']} AS t, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = s.sid AND (t.type = 'article') AND (t.sid = s.sid) AND (t.date >= (NOW()+ INTERVAL '{$_CONF['newtrackbackinterval']} SECOND'))" . COM_getPermSQL('AND', 0, 2, 's') . " AND (s.draft_flag = 0) AND (s.trackbackcode = 0)" . $topicSql . COM_getLangSQL('sid', 'AND', 's') . "\n GROUP BY t.sid, s.title\n ORDER BY lastdate DESC LIMIT 15";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows > 0) {
$newComments = array();
for ($i = 0; $i < $numRows; $i++) {
$A = DB_fetchArray($result);
$url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']) . '#trackback';
$title = COM_undoSpecialChars(stripslashes($A['title']));
$titleToUse = COM_truncate($title, $_CONF['title_trim_length'], '...');
if ($title != $titleToUse) {
$attr = array('title' => htmlspecialchars($title));
} else {
$attr = array();
}
$anchorComment = str_replace('$', '$', $titleToUse);
$anchorComment = str_replace(' ', ' ', $anchorComment);
if ($A['count'] > 1) {
$anchorComment .= ' [+' . $A['count'] . ']';
}
$newComments[] = COM_createLink($anchorComment, $url, $attr);
}
$retval .= COM_makeList($newComments, 'list-new-trackbacks');
} else {
$retval .= $LANG01[115] . '<br' . XHTML . '>' . LB;
}
if ($_CONF['hidenewplugins'] == 0) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
if ($_CONF['hidenewplugins'] == 0) {
list($headlines, $smallHeadlines, $content) = PLG_getWhatsNew();
$plugins = count($headlines);
if ($plugins > 0) {
for ($i = 0; $i < $plugins; $i++) {
$retval .= '<h3>' . $headlines[$i] . ' <small>' . $smallHeadlines[$i] . '</small></h3>';
if (is_array($content[$i])) {
$retval .= COM_makeList($content[$i], 'list-new-plugins');
} else {
$retval .= $content[$i];
}
if ($i + 1 < $plugins) {
$retval .= '<div class="divider-whats-new"></div>';
}
}
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('whats_new_block', 'footer', $position));
if ($_CONF['whatsnew_cache_time'] > 0) {
CACHE_create_instance($cacheInstance, $retval);
}
return $retval;
}
public function parse($p1, $p2 = '', $fulltag)
{
global $_CONF, $_TABLES, $_USER, $LANG01;
USES_lib_comments();
$retval = '';
$skip = 0;
$dt = new Date('now', $_USER['tzid']);
// topic = specific topic or 'all'
// display = how many stories to display, if 0, then all
// meta = show meta data (i.e.; who when etc)
// titleLink - make title a hot link
// featured - 0 = show all, 1 = only featured, 2 = all except featured
// frontpage - 1 = show only items marked for frontpage - 0 = show all
// cols - number of columns to show
// template - the template name
$topic = $p1;
if ($topic == 'all') {
$topic = '';
}
$uniqueID = md5($p1 . $p2);
$display = 10;
// display 10 articles
$meta = 0;
// do not display meta data
$titleLink = 0;
// do not use links in title
$featured = 0;
// 0 = show all, 1 = only featured, 2 = all except featured
$frontpage = 0;
// only show items marked for frontpage
$cols = 3;
// number of columns
$truncate = 0;
// maximum number of characters to include in story text
$template = 'headlines.thtml';
$px = explode(' ', trim($p2));
if (is_array($px)) {
foreach ($px as $part) {
if (substr($part, 0, 8) == 'display:') {
$a = explode(':', $part);
$display = $a[1];
$skip++;
} elseif (substr($part, 0, 5) == 'meta:') {
$a = explode(':', $part);
$meta = $a[1];
$skip++;
} elseif (substr($part, 0, 10) == 'titlelink:') {
$a = explode(':', $part);
$titleLink = $a[1];
$skip++;
} elseif (substr($part, 0, 9) == 'featured:') {
$a = explode(':', $part);
$featured = $a[1];
$skip++;
} elseif (substr($part, 0, 10) == 'frontpage:') {
$a = explode(':', $part);
$frontpage = (int) $a[1];
$skip++;
} elseif (substr($part, 0, 5) == 'cols:') {
$a = explode(':', $part);
$cols = $a[1];
$skip++;
} elseif (substr($part, 0, 9) == 'template:') {
$a = explode(':', $part);
$template = $a[1];
$skip++;
} elseif (substr($part, 0, 9) == 'truncate:') {
$a = explode(':', $part);
$truncate = (int) $a[1];
$skip++;
} else {
break;
}
}
if ($skip != 0) {
if (count($px) > $skip) {
for ($i = 0; $i < $skip; $i++) {
array_shift($px);
}
$caption = trim(implode(' ', $px));
} else {
$caption = '';
}
}
} else {
$caption = trim($p2);
}
if ($display < 0) {
$display = 3;
}
$hash = CACHE_security_hash();
$instance_id = 'whatsnew_headlines_' . $uniqueID . '_' . $hash . '_' . $_USER['theme'];
if (($cache = CACHE_check_instance($instance_id, 0)) !== FALSE) {
return $cache;
}
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
$sql = " (date <= NOW()) AND (draft_flag = 0)";
if (empty($topic)) {
$sql .= COM_getLangSQL('tid', 'AND', 's');
}
// if a topic was provided only select those stories.
if (!empty($topic)) {
$sql .= " AND s.tid = '" . DB_escapeString($topic) . "' ";
}
if ($featured == 1) {
$sql .= " AND s.featured = 1 ";
} else {
if ($featured == 2) {
$sql .= " AND s.featured = 0 ";
}
}
if ($frontpage == 1) {
$sql .= " AND frontpage = 1 ";
}
if ($topic != $archivetid) {
$sql .= " AND s.tid != '{$archivetid}' ";
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
$userfields = 'u.uid, u.username, u.fullname';
if ($_CONF['allow_user_photo'] == 1) {
$userfields .= ', u.photo';
if ($_CONF['use_gravatar']) {
$userfields .= ', u.email';
}
}
$orderBy = ' date DESC ';
$headlinesSQL = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC," . $orderBy;
if ($display > 0) {
$headlinesSQL .= " LIMIT " . $display;
}
$result = DB_query($headlinesSQL);
$numRows = DB_numRows($result);
if ($numRows < $cols) {
$cols = $numRows;
}
if ($cols > 6) {
$cols = 6;
}
if ($numRows > 0) {
$T = new Template($_CONF['path'] . 'system/autotags/');
$T->set_file('page', $template);
$T->set_var('columns', $cols);
$T->set_block('page', 'headlines', 'hl');
$newstories = array();
while ($A = DB_fetchArray($result)) {
$T->unset_var('readmore_url');
$T->unset_var('lang_readmore');
if ($A['attribution_author'] != '') {
$author = $A['attribution_author'];
} else {
$author = $A['username'];
}
$title = COM_undoSpecialChars($A['title']);
$title = str_replace(' ', ' ', $title);
$subtitle = COM_undoSpecialChars($A['subtitle']);
if ($A['story_image'] != '') {
$story_image = $_CONF['site_url'] . $A['story_image'];
} else {
$story_image = '';
}
$A['introtext'] = STORY_renderImages($A['sid'], $A['introtext']);
if (!empty($A['bodytext'])) {
$closingP = strrpos($A['introtext'], "</p>");
if ($closingP !== FALSE) {
$text = substr($A['introtext'], 0, $closingP);
$A['introtext'] = $text;
}
// adds the read more link
$T->set_var('readmore_url', COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']));
$T->set_var('lang_readmore', $LANG01['continue_reading']);
}
if ($truncate > 0) {
$A['introtext'] = $this->truncateHTML($A['introtext'], $truncate, '...');
}
$topicurl = $_CONF['site_url'] . '/index.php?topic=' . $A['tid'];
$dt->setTimestamp($A['unixdate']);
if ($A['commentcode'] >= 0) {
$cmtLinkArray = CMT_getCommentLinkWithCount('article', $A['sid'], $_CONF['site_url'] . '/article.php?story=' . $A['sid'], $A['comments'], 1);
$T->set_var(array('lang_comments' => '', 'comments_count' => $cmtLinkArray['comment_count'], 'comments_url' => $cmtLinkArray['url'], 'comments_url_extra' => $cmtLinkArray['url_extra']));
} else {
$T->unset_var('lang_comments');
$T->unset_var('comments_count');
$T->unset_var('comments_url');
$T->unset_var('comments_url_extra');
}
$T->set_var(array('titlelink' => $titleLink ? TRUE : '', 'meta' => $meta ? TRUE : '', 'lang_by' => $LANG01[95], 'lang_posted_in' => $LANG01['posted_in'], 'story_topic_url' => $topicurl, 'title' => $title, 'subtitle' => $subtitle, 'story_image' => $story_image, 'text' => PLG_replaceTags($A['introtext']), 'date' => $A['date'], 'time' => $dt->format('Y-m-d', true) . 'T' . $dt->format('H:i:s', true), 'topic' => $A['topic'], 'tid' => $A['tid'], 'author' => $author, 'author_id' => $A['uid'], 'sid' => $A['sid'], 'short_date' => $dt->format($_CONF['shortdate'], true), 'date_only' => $dt->format($_CONF['dateonly'], true), 'date' => $dt->format($dt->getUserFormat(), true), 'url' => COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']), 'attribution_url' => $A['attribution_url'], 'attribution_name' => $A['attribution_name']));
$T->parse('hl', 'headlines', true);
}
$retval = $T->finish($T->parse('output', 'page'));
CACHE_create_instance($instance_id, $retval, 0);
}
return $retval;
}
/**
* Check if a feed for stories from a topic needs to be updated.
*
* @param string $tid topic id
* @param string $update_info list of story ids
* @param string $limit number of entries or number of hours
* @param string $updated_topic (optional) topic to be updated
* @param string $updated_id (optional) entry id to be updated
* @return boolean false = feed needs to be updated
*
*/
function SYND_feedUpdateCheckTopic($tid, $update_info, $limit, $updated_topic = '', $updated_id = '')
{
global $_CONF, $_TABLES, $_SYND_DEBUG;
$where = '';
if (!empty($limit)) {
if (substr($limit, -1) == 'h') {
$limitsql = '';
$hours = substr($limit, 0, -1);
$where = " AND date >= DATE_SUB(NOW(),INTERVAL {$hours} HOUR)";
} else {
$limitsql = ' LIMIT ' . $limit;
}
} else {
$limitsql = ' LIMIT 10';
}
// "SELECT sid FROM {$_TABLES['stories']} WHERE draft_flag = 0 AND date <= NOW() AND tid = '$tid'" . COM_getTopicSQL('AND', 1) . " AND perm_anon > 0 ORDER BY date DESC $limitsql"
$sql = "SELECT sid\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE draft_flag = 0 AND date <= NOW() AND perm_anon > 0\n AND ta.type = 'article' AND ta.id = sid\n AND ta.tid = '{$tid}'" . COM_getTopicSQL('AND', 1, 'ta') . "\n GROUP BY sid\n ORDER BY date DESC {$limitsql}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
$sids = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if ($A['sid'] == $updated_id) {
// no need to look any further - this feed has to be updated
return false;
}
$sids[] = $A['sid'];
}
$current = implode(',', $sids);
if ($_SYND_DEBUG) {
COM_errorLog("Update check for topic {$tid}: comparing new list ({$current}) with old list ({$update_info})", 1);
}
return $current != $update_info ? false : true;
}
function MYCALJP_showStoriesIntro()
{
global $_CONF, $_TABLES, $_MYCALJP2_CONF;
if (!$_MYCALJP2_CONF['showstoriesintro']) {
return '';
}
$retval = '';
$_dateStart = COM_applyFilter($_GET['datestart']);
$_dateEnd = COM_applyFilter($_GET['dateend']);
if (!empty($_dateStart) && !empty($_dateEnd)) {
$ds = explode("-", $_dateStart);
$de = explode("-", $_dateEnd);
$startdate = mktime(0, 0, 0, $ds[1], $ds[2], $ds[0]);
$enddate = mktime(23, 59, 59, $de[1], $de[2], $de[0]);
$sql = "AND (UNIX_TIMESTAMP(date) BETWEEN '{$startdate}' AND '{$enddate}') ";
}
$sql .= "AND (draft_flag = 0) ";
$sql .= COM_getPermSQL('AND', 0, 2, 's') . ' ';
$sql .= COM_getTopicSQL('AND', 0, 'ta') . ' ';
$sql .= COM_getLangSQL('sid', 'AND', 's') . ' ';
$userfields = 'u.username, u.fullname';
if ($_CONF['allow_user_photo'] == 1) {
$userfields .= ', u.photo';
if ($_CONF['use_gravatar']) {
$userfields .= ', u.email';
}
}
$msql = array();
$msql['mysql'] = "SELECT DISTINCT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . "UNIX_TIMESTAMP(s.expire) AS expireunix, " . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta " . "WHERE (ta.type = 'article') AND (ta.tdefault = 1) AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (s.sid = ta.id) " . $sql . "ORDER BY featured DESC, date DESC";
/*
$msql['mssql']="SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, cast(s.introtext as text) as introtext, cast(s.bodytext as text) as bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.in_transit, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode, "
. " UNIX_TIMESTAMP(s.date) AS unixdate, "
. 'UNIX_TIMESTAMP(s.expire) as expireunix, '
. $userfields . ", t.topic, t.imageurl "
. "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, "
. "{$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta "
. "WHERE (ta.type = 'article') AND (ta.tdefault = 1) AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (s.sid = ta.id) "
. $sql . "ORDER BY featured DESC, date DESC";
*/
$result = DB_query($msql);
require_once $_CONF['path_system'] . 'lib-story.php';
$story = new Story();
while ($A = DB_fetchArray($result)) {
$story->loadFromArray($A);
$retval .= STORY_renderArticle($story, 'y');
}
return $retval;
}
/**
* Displays a list of all the stories that have the 'draft' flag set.
*
* When enabled, this will list all the stories that have been marked as
* 'draft'. Approving a story from this list will clear the draft flag and
* thus publish the story.
*
* @param string $token CSRF token
* @return string HTML for the list of draft stories
*
*/
function draftlist($token)
{
global $_CONF, $_TABLES, $LANG24, $LANG29, $LANG_ADMIN;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
$result = DB_query("SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid FROM {$_TABLES['stories']} WHERE (draft_flag = 1)" . COM_getTopicSQL('AND') . COM_getPermSQL('AND', 0, 3) . " ORDER BY date ASC");
$nrows = DB_numRows($result);
$data_arr = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$A['edit'] = $_CONF['site_admin_url'] . '/story.php?mode=edit&sid=' . $A['id'];
$A['row'] = $i;
$A['title'] = stripslashes($A['title']);
$A['tid'] = stripslashes($A['tid']);
$data_arr[$i] = $A;
}
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 0), array('text' => $LANG29[10], 'field' => 'title'), array('text' => $LANG29[14], 'field' => 'day'), array('text' => $LANG29[15], 'field' => 'tid'), array('text' => $LANG29[2], 'field' => 'delete'), array('text' => $LANG29[1], 'field' => 'approve'));
$text_arr = array('has_menu' => false, 'title' => $LANG29[35] . ' (' . $LANG24[34] . ')', 'help_url' => '', 'no_data' => $LANG29[39], 'form_url' => "{$_CONF['site_admin_url']}/moderation.php");
$form_arr = array("bottom" => '', "top" => '');
if ($nrows > 0) {
$form_arr['bottom'] = '<input type="hidden" name="type" value="draft"' . XHTML . '>' . LB . '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"' . XHTML . '>' . LB . '<input type="hidden" name="mode" value="moderation"' . XHTML . '>' . LB . '<input type="hidden" name="count" value="' . $nrows . '"' . XHTML . '>' . '<p align="center"><input type="submit" value="' . $LANG_ADMIN['submit'] . '"' . XHTML . '></p>' . LB;
}
$listoptions = array('chkdelete' => true, 'chkfield' => 'id');
$table = ADMIN_simpleList('ADMIN_getListField_moderation', $header_arr, $text_arr, $data_arr, $listoptions, $form_arr);
$retval .= $table;
return $retval;
}
/**
* Returns SQL & Language texts to moderation.php
*
* @return mixed Plugin object or void if not allowed
*
*/
function plugin_itemlist_story()
{
global $_TABLES, $LANG29;
if (plugin_ismoderator_story()) {
$plugin = new Plugin();
$plugin->submissionlabel = $LANG29[35];
$plugin->submissionhelpfile = 'ccstorysubmission.html';
$plugin->getsubmissionssql = "SELECT sid AS id,title,UNIX_TIMESTAMP(date) AS day,tid,uid" . " FROM {$_TABLES['storysubmission']}" . COM_getTopicSQL('WHERE') . " ORDER BY date ASC";
$plugin->addSubmissionHeading($LANG29[10]);
$plugin->addSubmissionHeading($LANG29[14]);
$plugin->addSubmissionHeading($LANG29[15]);
$plugin->addSubmissionHeading($LANG29[46]);
return $plugin;
}
}
/**
* Saves a story submission.
*
* @return integer result code explaining behaviour.
*/
function saveSubmission()
{
global $_USER, $_CONF, $_TABLES;
$this->_sid = COM_makeSid();
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$tmptid = addslashes(COM_sanitizeID($this->_tid));
$result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND'));
if (DB_numRows($result) == 0) {
// user doesn't have access to this topic - bail
return STORY_NO_ACCESS_TOPIC;
}
$T = DB_fetchArray($result);
if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
$this->_sid = addslashes($this->_sid);
$this->_tid = $tmptid;
$this->_title = addslashes($this->_title);
$this->_introtext = addslashes($this->_introtext);
$this->_bodytext = addslashes($this->_bodytext);
$this->_postmode = addslashes($this->_postmode);
DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'");
return STORY_SAVED_SUBMISSION;
} else {
// post this story directly. First establish the necessary missing data.
$this->_sanitizeData();
if (!isset($_CONF['show_topic_icon'])) {
$_CONF['show_topic_icon'] = 1;
}
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_oldsid = $this->_sid;
$this->_date = mktime();
$this->_featured = 0;
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_statuscode = 0;
$this->_show_topic_icon = $_CONF['show_topic_icon'];
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
$this->_group_id = $T['group_id'];
$this->_perm_owner = $T['perm_owner'];
$this->_perm_group = $T['perm_group'];
$this->_perm_members = $T['perm_members'];
$this->_perm_anon = $T['perm_anon'];
$this->saveToDatabase();
PLG_itemSaved($this->_sid, 'article');
COM_rdfUpToDateCheck();
COM_olderStuff();
return STORY_SAVED;
}
}
/**
* Display main view (list of years)
* Displays an overview of all the years and months, starting with the first
* year for which a story has been posted. Can optionally display a list of
* the stories for the current month at the top of the page.
*
* @param Template $template reference of the template
* @param string $dir_topic current topic
* @return string list of all the years in the db
*/
function DIR_displayAll($template, $dir_topic)
{
global $_TABLES, $LANG_DIR;
$retval = '';
$yearsql = array();
$yearsql['mysql'] = "SELECT DISTINCT YEAR(date) AS year, date\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (draft_flag = 0) AND (date <= NOW())\n AND ta.type = 'article' AND ta.id = sid\n " . COM_getTopicSQL('AND', 0, 'ta') . COM_getPermSql('AND') . COM_getLangSQL('sid', 'AND');
$yearsql['pgsql'] = "SELECT EXTRACT(YEAR from date) AS year\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (draft_flag = 0) AND (date <= NOW())\n AND ta.type = 'article' AND ta.id = sid\n " . COM_getTopicSQL('AND', 0, 'ta') . COM_getPermSql('AND') . COM_getLangSQL('sid', 'AND');
$ySql = array();
$ySql['mysql'] = $yearsql['mysql'] . " GROUP BY year, date ORDER BY date DESC";
$ySql['pgsql'] = $yearsql['pgsql'] . " GROUP BY year, date ORDER BY year DESC";
$yResult = DB_query($ySql);
$numYears = DB_numRows($yResult);
if ($numYears > 0) {
for ($i = 0; $i < $numYears; $i++) {
$Y = DB_fetchArray($yResult);
if (TEMPLATE_EXISTS) {
$template->set_var('section_title', $Y['year']);
$retval .= $template->parse('title', 'section-title') . LB;
} else {
$retval .= '<h3>' . $Y['year'] . '</h3>' . LB;
}
$retval .= DIR_displayYear($template, $dir_topic, $Y['year']);
}
} else {
if (TEMPLATE_EXISTS) {
$retval .= $template->parse('message', 'no-articles') . LB;
} else {
$retval .= '<p>' . $LANG_DIR['no_articles'] . '</p>' . LB;
}
}
return $retval;
}
/**
* Shows older story information in a block
*
* Return the HTML that shows any older stories
*
* @param string $help Help file for block
* @param string $title Title used in block header
* @param string $position Position in which block is being rendered 'left', 'right' or blank (for centre)
* @return string Return the HTML that shows any new stories, comments, etc
*
*/
function COM_olderStoriesBlock($help = '', $title = '', $position = '')
{
global $_TABLES, $_CONF;
$cacheInstance = 'olderarticles__' . CACHE_security_hash() . '__' . $_CONF['theme'];
$retval = CACHE_check_instance($cacheInstance);
if (empty($retval)) {
$retval = COM_startBlock($title, $help, COM_getBlockTemplate('older_stories_block', 'header', $position));
$sql['mysql'] = "SELECT sid,ta.tid,title,comments,UNIX_TIMESTAMP(date) AS day\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = sid " . COM_getLangSQL('sid', 'AND') . "\n AND (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1, 'ta') . "\n GROUP BY sid\n ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
$sql['mssql'] = $sql['mysql'];
$sql['pgsql'] = "SELECT sid,ta.tid,title,comments,date_part('epoch',date) AS day\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = 'article' AND ta.id = sid " . COM_getLangSQL('sid', 'AND') . "\n AND (perm_anon = 2) AND (frontpage = 1) AND (date <= NOW()) AND (draft_flag = 0)" . COM_getTopicSQL('AND', 1, 'ta') . "\n GROUP BY sid, ta.tid, title, comments, day\n ORDER BY featured DESC, date DESC LIMIT {$_CONF['limitnews']}, {$_CONF['limitnews']}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$dateonly = $_CONF['dateonly'];
if (empty($dateonly)) {
$dateonly = '%d-%b';
// fallback: day - abbrev. month name
}
$day = 'noday';
$string = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$daycheck = strftime('%A', $A['day']);
if ($day != $daycheck) {
if ($day != 'noday') {
$daylist = COM_makeList($oldnews, 'list-older-stories');
$daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
$string .= $daylist . '<div class="divider-older-stories"></div>';
}
$day2 = strftime($dateonly, $A['day']);
$string .= '<h3>' . $daycheck . ' <small>' . $day2 . '</small></h3>' . LB;
$oldnews = array();
$day = $daycheck;
}
$oldnews_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$oldnews[] = COM_createLink($A['title'], $oldnews_url) . ' (' . COM_numberFormat($A['comments']) . ')';
}
if (!empty($oldnews)) {
$daylist = COM_makeList($oldnews, 'list-older-stories');
$daylist = preg_replace("/(\r\n)|(\r)|(\n)/", '', $daylist);
$string .= $daylist;
$retval .= $string;
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('older_stories_block', 'footer', $position));
CACHE_create_instance($cacheInstance, $retval);
}
return $retval;
}
if (!empty($topic)) {
$sql .= " AND s.tid = '{$topic}' ";
} elseif (!$newstories) {
$sql .= " AND frontpage = 1 ";
}
if ($topic != $archivetid) {
$sql .= " AND s.tid != '{$archivetid}' ";
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
if (!empty($U['aids'])) {
$sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
}
if (!empty($U['tids'])) {
$sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
}
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
if ($newstories) {
$sql .= "AND (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) ";
}
$offset = ($page - 1) * $limit;
$userfields = 'u.uid, u.username, u.fullname';
if ($_CONF['allow_user_photo'] == 1) {
$userfields .= ', u.photo';
if ($_CONF['use_gravatar']) {
$userfields .= ', u.email';
}
}
$msql = array();
$msql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT {$offset}, {$limit}";
$msql['mssql'] = "SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, cast(s.introtext as text) as introtext, cast(s.bodytext as text) as bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode, " . " UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC, date DESC LIMIT {$offset}, {$limit}";
$result = DB_query($msql);
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
// Topic Permissions
$topic_perms = COM_getTopicSQL('', 0, 'ta');
if ($topic_perms != "") {
$topic_perms = " AND (" . $topic_perms . "";
if (COM_onFrontpage()) {
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
} else {
// $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
}
}
$topic_perms .= " GROUP BY sp_id";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
$page = $output['sp_id'];
// reset page id so case mimics id perfectly since this affects the cache file and canonical link
// WE ASSUME $output doesn't have any confidential fields
// Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
if (!isset($args['template'])) {
$output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
}
if ($failflg) {
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output = COM_createHTMLDocument($output, array('rightblock' => true));
}
} else {
if ($mode !== 'autotag') {
COM_handle404();
}
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['created']));
$output['updated'] = date('c', strtotime($output['modified']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['page_title'] = $output['sp_page_title'];
$output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY modified DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count++;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['created']));
$output_item['updated'] = date('c', strtotime($output_item['modified']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['page_title'] = $output_item['sp_page_title'];
//$output_item['category'] = array($output_item['sp_tid']);
$output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
//$output_item['content'] = $output_item['sp_content'];
$output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Performs search on all comments
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* Sami Barakat <s.m.barakat AT gmail DOT com>
* @access private
* @return object plugin object
*
*/
function _searchComments()
{
global $_CONF, $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(DB_escapeString(htmlspecialchars($this->_query)));
$sql = "SELECT s.sid AS id, c.title AS title, c.comment AS description, UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, '0' AS hits, ";
if ($_CONF['url_rewrite']) {
$sql .= "CONCAT('/article.php/',s.sid,'#comments') AS url ";
} else {
$sql .= "CONCAT('/article.php?story=',s.sid,'#comments') AS url ";
}
$sql .= "FROM {$_TABLES['users']} AS u, {$_TABLES['comments']} AS c ";
$sql .= "LEFT JOIN {$_TABLES['stories']} AS s ON ((s.sid = c.sid) ";
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ") ";
$sql .= "WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ";
if (!empty($this->_topic)) {
$sql .= "AND (s.tid = '" . DB_escapeString($this->_topic) . "') ";
}
if (!empty($this->_author)) {
$sql .= "AND (c.uid = " . (int) $this->_author . ") ";
}
$search = new SearchCriteria('comments', $LANG09[65] . ' > ' . $LANG09[66]);
$columns = array('comment', 'c.title');
$sql .= $search->getDateRangeSQL('AND', 'UNIX_TIMESTAMP(c.date)', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$search->setSQL($sql);
$search->setFTSQL($ftsql);
$search->setRank(2);
return $search;
}
/**
* Common function to be called from phpblock_lastarticles() and
* phpblock_lastarticles2()
*/
function phpblock_lastarticles_common($numrows = 10, $length = 50, $additional_sql = '')
{
global $_CONF, $_TABLES;
if (!defined('XHTML')) {
define('XHTML', '');
}
$numrows = intval($numrows);
if ($numrows < 1) {
$numrows = 10;
}
$length = intval($length);
if ($length < 1) {
$length = 50;
}
$sql = "SELECT STRAIGHT_JOIN " . LB;
$sql .= " s.sid";
$sql .= " , t.tid";
$sql .= " , s.title, s.date, s.group_id " . LB;
$sql .= " , s.introtext, s.bodytext, t.topic " . LB;
$sql .= " FROM {$_TABLES['stories']} AS s" . LB;
$sql .= ", {$_TABLES['topics']} AS t " . LB;
//FOR GL2.0.0
if (COM_versionCompare(VERSION, "2.0.0", '>=')) {
$sql .= " ,{$_TABLES['topic_assignments']} AS t2" . LB;
}
$sql .= " WHERE " . LB;
$sql .= " (s.title <> '') " . LB;
//FOR GL2.0.0
if (COM_versionCompare(VERSION, "2.0.0", '>=')) {
$sql .= " AND s.sid = t2.id" . LB;
$sql .= " AND t2.tid = t.tid" . LB;
} else {
$sql .= " AND (s.tid = t.tid) " . LB;
}
$sql .= " AND (s.draft_flag = 0) " . LB;
$sql .= " AND (s.date <= NOW()) " . LB;
$sql .= COM_getTopicSQL('AND', 0, 't') . LB;
if (function_exists('COM_getLangSQL')) {
$sql .= COM_getLangSQL('sid', 'AND', 's') . LB;
}
$sql .= $additional_sql . LB . "ORDER BY s.date DESC " . "LIMIT " . $numrows;
$result = DB_query($sql);
$template = LASTARTICLES_getTemplate();
$encoding = LASTARTICLES_getEncoding();
$retval = '';
while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
$introtext = PLG_replaceTags(stripslashes($A['introtext']));
$bodytext = PLG_replaceTags(stripslashes($A['bodytext']));
$article = mb_strimwidth(strip_tags($introtext), 0, LASTARTICLES_ARTICLE_LENGTH, '...', $encoding);
$date = date(LASTARTICLES_DATE_FORMAT, strtotime($A['date']));
$img = LASTARTICLES_renderImageTag($introtext . $bodytext);
$link = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$title = mb_strimwidth(stripslashes($A['title']), 0, $length, '...', $encoding);
$topic = LASTARTICLES_esc($A['topic']);
$retval .= str_replace(array('{article}', '{date}', '{img}', '{link}', '{title}', '{topic}', '{xhtml}'), array($article, $date, $img, $link, $title, $topic, XHTML), $template);
}
return $retval;
}