/** * Here we do the work */ function execute($comment) { global $_USER, $LANG_SX00; $ans = 0; if (isset($_USER['uid']) && $_USER['uid'] > 1) { $uid = $_USER['uid']; } else { $uid = 1; } $sfs = new SFSbase(); if ($sfs->CheckForSpam($comment)) { $ans = 1; SPAMX_log($LANG_SX00['foundspam'] . 'Stop Forum Spam (SFS)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']); SESS_setVar('spamx_msg', 'Failed Stop Forum Spam IP / username check'); } // tell the Action module that we've already been triggered $GLOBALS['sfs_triggered'] = true; return $ans; }
/** * Here we do the work */ function execute($comment) { global $_USER, $_SPX_CONF, $LANG_SX00; if (!isset($_SPX_CONF['slc_max_links'])) { $_SPX_CONF['slc_max_links'] = 5; } $tooManyLinks = 0; if (isset($_USER['uid']) && $_USER['uid'] > 1) { $uid = $_USER['uid']; } else { $uid = 1; } $slc = new SLCbase(); $linkCount = $slc->CheckForSpam($comment); if ($linkCount > $_SPX_CONF['slc_max_links']) { SPAMX_log($LANG_SX00['foundspam'] . 'Spam Link Counter (SLC)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']); $tooManyLinks = 1; SESS_setVar('spamx_msg', 'Too many links in post'); } // tell the Action module that we've already been triggered $GLOBALS['slc_triggered'] = true; return $tooManyLinks; }
echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { $msg = COM_getMessage(); if ($msg > 0) { $pageBody .= COM_showMessage($msg, '', '', 0, 'info'); } switch ($mode) { case 'create': // Got bad account info from registration process, show error // message and display form again $pageBody .= newuserform(); break; default: if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { SESS_setVar('login_referer', $_SERVER['HTTP_REFERER']); } // check to see if this was the last allowed attempt if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]); } else { // Show login form if ($msg != 69 && $msg != 70) { if ($_CONF['custom_registration'] and function_exists('CUSTOM_loginErrorHandler') && $msg != 0) { // Typically this will be used if you have a custom main site page and need to control the login process $pageBody .= CUSTOM_loginErrorHandler($msg); } else { $pageBody .= loginform(false, $status); } } }
/** * Check a security token. * * Checks the POST and GET data for a security token, if one exists, validates * that it's for this user and URL. If the token is not valid, it asks the user * to re-authenticate and resends the request if authentication was successful. * * @return boolean true if the token is valid; does not return if not! * */ function SEC_checkToken() { global $_CONF, $LANG20, $LANG_ADMIN; if (_sec_checkToken()) { SEC_createToken(-1); return true; } // determine the destination of this request $destination = COM_getCurrentURL(); // validate the destination is not blank and is part of our site... if ($destination == '') { $destination = $_CONF['site_url'] . '/index.php'; } if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { $destination = $_CONF['site_url'] . '/index.php'; } $method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST'; $postdata = serialize($_POST); $getdata = serialize($_GET); $filedata = ''; if (!empty($_FILES)) { foreach ($_FILES as $key => $file) { if (is_array($file['name'])) { foreach ($file['name'] as $offset => $filename) { if (!empty($file['name'][$offset])) { $filename = basename($file['tmp_name'][$offset]); move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename); $_FILES[$key]['tmp_name'][$offset] = $filename; } } } else { if (!empty($file['name']) && !empty($file['tmp_name'])) { $filename = basename($file['tmp_name']); move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename); $_FILES[$key]['tmp_name'] = $filename; } } } $filedata = serialize($_FILES); } SESS_setVar('glfusion.auth.method', $method); SESS_setVar('glfusion.auth.dest', $destination); SESS_setVar('glfusion.auth.post', $postdata); SESS_setVar('glfusion.auth.get', $getdata); if (!empty($filedata)) { SESS_setVar('glfusion.auth.file', $filedata); } $display = COM_siteHeader(); $display .= SEC_tokenreauthForm('', $destination); $display .= COM_siteFooter(); echo $display; exit; }
/** * Set the view information into a session variable. * Used to keep track of the last calendar viewed by a visitor so they * can be returned to the same view after viewing an event detail or * when returning to the site. * * @uses SESS_setVar() * @param string $type Type of view, 'day', 'month', etc. * @param integer $year Year number * @param integer $month Month number * @param integer $day Day number */ function EVLIST_setViewSession($type, $year, $month, $day) { SESS_setVar('evlist.current', array('view' => $type, 'date' => array($year, $month, $day))); }
} $uid = 0; if (isset($_POST['uid'])) { $uid = COM_applyFilter($_POST['uid'], true); } elseif (isset($_GET['uid'])) { $uid = COM_applyFilter($_GET['uid'], true); } $grp_id = 0; if (isset($_POST['grp_id'])) { $grp_id = COM_applyFilter($_POST['grp_id'], true); } elseif (isset($_GET['grp_id'])) { $grp_id = COM_applyFilter($_GET['grp_id'], true); } elseif (SESS_isSet('grp_id')) { $grp_id = SESS_getVar('grp_id'); } SESS_setVar('grp_id', $grp_id); $msg = COM_getMessage(); switch ($action) { case 'edit': $display .= COM_siteHeader('menu', $LANG28[1]); if ($uid == 1) { $display .= COM_siteHeader('menu', $LANG28[11]); $display .= COM_showMessageFromParameter(); $display .= USER_list(); $display .= COM_siteFooter(); } else { $display .= USER_edit($uid, $msg); $display .= COM_siteFooter(); } break; case 'save':
$sort_box_raw .= '<option value="8" ' . ($sortOrder == 8 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views'] . '</option>'; $sort_box_raw .= '<option value="9" ' . ($sortOrder == 9 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views_asc'] . '</option>'; $sort_box_raw .= '<option value="10" ' . ($sortOrder == 10 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha'] . '</option>'; $sort_box_raw .= '<option value="11" ' . ($sortOrder == 11 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha_asc'] . '</option>'; } else { $sort_box = ''; } $owner_id = $MG_albums[$album_id]->owner_id; if ($owner_id == '' || !isset($MG_albums[$album_id]->owner_id)) { $owner_id = 0; } $ownername = DB_getItem($_TABLES['users'], 'username', "uid=" . intval($owner_id)); $album_last_update = MG_getUserDateTimeFormat($MG_albums[$album_id]->last_update); $T = new Template(MG_getTemplatePath($album_id)); $T->set_file(array('page' => 'album_page.thtml', 'noitems' => 'album_page_noitems.thtml')); SESS_setVar('mediagallery.album.page', $page + 1); $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'birdseed' => $birdseed, 'birdseed_ul' => $birdseedUL, 'album_title' => PLG_replaceTags($MG_albums[$album_id]->title, 'mediagallery', 'album_title'), 'url_slideshow' => $url_slideshow, 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&sort=' . $sortOrder, $page + 1, ceil($total_items_in_album / $media_per_page)), 'bottom_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&sort=' . $sortOrder, $page + 1, ceil($total_items_in_album / $media_per_page)), 'page_number' => sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages), 'jumpbox' => $album_jumpbox, 'album_jumpbox_raw' => $album_jumpbox_raw, 'album_id' => $album_id, 'lbslideshow' => $lbSlideShow, 'album_description' => $MG_albums[$album_id]->display_album_desc ? PLG_replaceTags($MG_albums[$album_id]->description, 'mediagallery', 'album_description') : '', 'album_id_display' => $MG_albums[0]->owner_id || $_MG_CONF['enable_media_id'] == 1 ? $LANG_MG03['album_id_display'] . $album_id : '', 'lang_slideshow' => $lang_slideshow, 'select_adminbox' => $admin_box, 'admin_box_items' => $admin_box_items, 'admin_menu' => $admin_menu, 'select_sortbox' => $sort_box, 'select_sortbox_raw' => $sort_box_raw, 'album_last_update' => $album_last_update[0], 'album_owner' => $ownername, 'media_count' => $MG_albums[$album_id]->getMediaCount(), 'lang_search' => $LANG_MG01['search'])); if ($MG_albums[$album_id]->enable_rss) { $rssfeedname = sprintf($_MG_CONF['rss_feed_name'] . "%06d", $album_id); $feedUrl = MG_getFeedUrl($rssfeedname . '.rss'); $rsslink = '<a href="' . $feedUrl . '"' . ' type="application/rss+xml">'; $rsslink .= '<img src="' . MG_getImageFile('feed.png') . '" style="border:none;" alt=""/></a>'; $T->set_var('rsslink', $rsslink); } else { $T->set_var('rsslink', ''); } $subscribe = ''; if (!COM_isAnonUser()) { if (PLG_isSubscribed('mediagallery', '', $album_id, $_USER['uid'])) { $subscribe = '<a class="subscribelink" href="' . $_MG_CONF['site_url'] . '/subscription.php?op=unsubscribe&sid=' . $album_id . '">' . $LANG01['unsubscribe'] . '</a>'; $subscribe_url = $_MG_CONF['site_url'] . '/subscription.php?op=unsubscribe&sid=' . $album_id;
/** * Complete the login process - setup new session * * Complete the login process - create new session for user * * @param int $uid User ID of logged in user * @return none * */ function SESS_completeLogin($uid) { global $_TABLES, $_CONF, $_SYSTEM, $_USER; $request_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; // build the $_USER array $userdata = SESS_getUserDataFromId($uid); $_USER = $userdata; // save old session data $savedSessionData = json_encode($_SESSION); // create the session $sessid = SESS_newSession($_USER['uid'], $request_ip, $_CONF['session_cookie_timeout']); if (isset($_COOKIE[$_CONF['cookie_session']])) { $cookie_domain = $_CONF['cookiedomain']; $cookie_path = $_CONF['cookie_path']; setcookie($_COOKIE[$_CONF['cookie_session']], '', time() - 42000, $cookie_path, $cookie_domain, $_CONF['cookiesecure'], true); } session_id($sessid); session_start(); $_SESSION = json_decode($savedSessionData, true); // initialize session counter SESS_setVar('session.counter', 1); if (!isset($_USER['tzid']) || empty($_USER['tzid'])) { $_USER['tzid'] = $_CONF['timezone']; } // Let plugins act on login event PLG_loginUser($_USER['uid']); // check and see if they have remember me set $cooktime = (int) $_USER['cookietimeout']; if ($cooktime > 0) { $cookieTimeout = time() + $cooktime; $token_ttl = $cooktime; // set userid cookie SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); // set long term cookie SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } DB_query("UPDATE {$_TABLES['users']} set remote_ip='" . DB_escapeString($request_ip) . "' WHERE uid=" . (int) $_USER['uid'], 1); if ($_CONF['allow_user_themes']) { // set theme cookie (or update it ) SEC_setcookie($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } }
/** * Save a comment * * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @param string $title Title of comment * @param string $comment Text of comment * @param string $sid ID of object receiving comment * @param int $pid ID of parent comment * @param string $type Type of comment this is (article, polls, etc) * @param string $postmode Indicates if text is HTML or plain text * @return int 0 for success, > 0 indicates error * */ function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode) { global $_CONF, $_TABLES, $_USER, $LANG03; $ret = 0; // Get a valid uid if (empty($_USER['uid'])) { $uid = 1; } else { $uid = $_USER['uid']; } // Sanity check if (empty($sid) || empty($title) || empty($comment) || empty($type)) { COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with one or more missing values.'); if (SESS_isSet('glfusion.commentpresave.error')) { $msg = SESS_getVar('glfusion.commentpresave.error') . '<br/>' . $LANG03[12]; } else { $msg = $LANG03[12]; } SESS_setVar('glfusion.commentpresave.error', $msg); return $ret = 1; } // Check that anonymous comments are allowed if ($uid == 1 && ($_CONF['loginrequired'] == 1 || $_CONF['commentsloginrequired'] == 1)) { COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " . 'attempted to save a comment with anonymous comments disabled for site.'); return $ret = 2; } // Check for people breaking the speed limit COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment'); $last = COM_checkSpeedlimit('comment'); if ($last > 0) { COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment before the speed limit expired'); return $ret = 3; } // Let plugins have a chance to check for spam $spamcheck = '<h1>' . $title . '</h1><p>' . $comment . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and display message if spam action was taken if ($result > 0) { // update speed limit nonetheless COM_updateSpeedlimit('comment'); // then tell them to get lost ... COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } // Let plugins have a chance to decide what to do before saving the comment, return errors. if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) { return $someError; } $title = COM_checkWords(strip_tags($title)); $comment = CMT_prepareText($comment, $postmode); // check for non-int pid's // this should just create a top level comment that is a reply to the original item if (!is_numeric($pid) || $pid < 0) { $pid = 0; } if (!empty($title) && !empty($comment)) { COM_updateSpeedlimit('comment'); $title = DB_escapeString($title); $comment = DB_escapeString($comment); $type = DB_escapeString($type); // Insert the comment into the comment table DB_lockTable($_TABLES['comments']); if ($pid > 0) { $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = " . (int) $pid . " AND sid = '" . DB_escapeString($sid) . "'"); list($rht, $indent) = DB_fetchArray($result); if (!DB_error()) { DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND lft >= {$rht}"); DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND rht >= {$rht}"); DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "',{$uid},'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht},{$rht}+1,{$indent}+1,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'"); } else { //replying to non-existent comment or comment in wrong article COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to reply to a non-existent comment or the pid/sid did not match'); $ret = 4; // Cannot return here, tables locked! } } else { $rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '" . DB_escapeString($sid) . "'"); if (DB_error()) { $rht = 0; } DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "'," . (int) $uid . ",'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht}+1,{$rht}+2,0,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'"); } $cid = DB_insertId(); //set Anonymous user name if present if (isset($_POST['username'])) { $name = strip_tags(USER_sanitizeName($_POST['username'])); DB_change($_TABLES['comments'], 'name', DB_escapeString($name), 'cid', (int) $cid); } DB_unlockTable($_TABLES['comments']); CACHE_remove_instance('whatsnew'); if ($type == 'article') { CACHE_remove_instance('story_' . $sid); } // check to see if user has subscribed.... if (!COM_isAnonUser()) { if (isset($_POST['subscribe']) && $_POST['subscribe'] == 1) { $itemInfo = PLG_getItemInfo($type, $sid, 'url,title'); if (isset($itemInfo['title'])) { $id_desc = $itemInfo['title']; } else { $id_desc = 'not defined'; } $rc = PLG_subscribe('comment', $type, $sid, $uid, $type, $id_desc); } else { PLG_unsubscribe('comment', $type, $sid); } } // Send notification of comment if no errors and notications enabled for comments if ($ret == 0 && isset($_CONF['notification']) && in_array('comment', $_CONF['notification'])) { CMT_sendNotification($title, $comment, $uid, $_SERVER['REMOTE_ADDR'], $type, $cid); } if ($ret == 0) { PLG_sendSubscriptionNotification('comment', $type, $sid, $cid, $uid); } } else { COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.'); return $ret = 5; } return $ret; }
function COM_setMsg($msg, $type = 'info') { $msgArray = array('msg' => $msg, 'type' => $type); SESS_setVar('glfusion.infoblock', serialize($msgArray)); }
function STORY_list() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24; USES_lib_admin(); $retval = ''; $form = new Template($_CONF['path_layout'] . 'admin/story/'); $form->set_file('form', 'story_admin.thtml'); if (!empty($_GET['tid'])) { $current_topic = COM_applyFilter($_GET['tid']); } elseif (!empty($_POST['tid'])) { $current_topic = COM_applyFilter($_POST['tid']); } elseif (!empty($_GET['ptid'])) { $current_topic = COM_applyFilter($_GET['ptid']); } else { if (SESS_isSet('story_admin_topic')) { $current_topic = SESS_getVar('story_admin_topic'); } else { $current_topic = $LANG09[9]; } } SESS_setVar('story_admin_topic', $current_topic); if ($current_topic == $LANG09[9]) { $excludetopics = ''; $seltopics = ''; $topicsql = "SELECT tid,topic FROM {$_TABLES['topics']}" . COM_getPermSQL(); $tresult = DB_query($topicsql); $trows = DB_numRows($tresult); if ($trows > 0) { $excludetopics .= ' ('; for ($i = 1; $i <= $trows; $i++) { $T = DB_fetchArray($tresult); if ($i > 1) { $excludetopics .= ' OR '; } $excludetopics .= "tid = '{$T['tid']}'"; $seltopics .= '<option value="' . $T['tid'] . '"'; if ($current_topic == "{$T['tid']}") { $seltopics .= ' selected="selected"'; } $seltopics .= '>' . $T['topic'] . ' (' . $T['tid'] . ')' . '</option>' . LB; } $excludetopics .= ') '; } } else { $excludetopics = " tid = '{$current_topic}' "; $seltopics = COM_topicList('tid,topic', $current_topic, 1, true); } $alltopics = '<option value="' . $LANG09[9] . '"'; if ($current_topic == $LANG09[9]) { $alltopics .= ' selected="selected"'; } $alltopics .= '>' . $LANG09[9] . '</option>' . LB; $filter = $LANG_ADMIN['topic'] . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">' . $alltopics . $seltopics . '</select>'; $header_arr = array(); $header_arr[] = array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center', 'width' => '35px'); $header_arr[] = array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false, 'align' => 'center', 'width' => '35px'); $header_arr[] = array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true); $header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true); $header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false, 'align' => 'center'); $header_arr[] = array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true, 'align' => 'center'); $header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true, 'align' => 'center'); $header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true); //author $header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'); //date if (SEC_hasRights('story.ping') && ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) { $header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false, 'align' => 'center'); } $header_arr[] = array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center'); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions'])); if (SEC_inGroup('Root')) { $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings'); } $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']); $form->set_var('block_start', COM_startBlock($LANG24[22], '', COM_getBlockTemplate('_admin_block', 'header'))); $form->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[23], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE)); $text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/story.php'); $sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, " . "UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . "LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid " . "WHERE 1=1 "; if (!empty($excludetopics)) { $excludetopics = 'AND ' . $excludetopics; } $query_arr = array('table' => 'stories', 'sql' => $sql, 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'), 'default_filter' => $excludetopics . COM_getPermSQL('AND')); $token = SEC_createToken(); $form_arr = array('bottom' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>'); $form->set_var('admin_list', ADMIN_list('story', 'STORY_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, $filter, $token, '', $form_arr)); $form->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $retval = $form->parse('output', 'form'); return $retval; }
/** * Creates a list of data with a search, filter, clickable headers etc. * * @param string $component name of the list * @param string $fieldfunction name of the function that handles special entries * @param array $header_arr array of header fields with sortables and table fields * @param array $text_arr array with different text strings * @param array $query_arr array with sql-options * @param array $defsort_arr default sorting values * @param string $filter additional drop-down filters * @param string $extra additional values passed to fieldfunction * @param array $options_arr array of options - used for check-all feature * @param array $form_arr optional extra forms at top or bottom * @return string HTML output of function * */ function ADMIN_list($component, $fieldfunction, $header_arr, $text_arr, $query_arr, $defsort_arr, $filter = '', $extra = '', $options_arr = '', $form_arr = '') { global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ACCESS, $LANG01, $_IMAGE_TYPE, $MESSAGE; // retrieve the query if (isset($_GET['q'])) { $query = strip_tags($_GET['q']); } else { if (isset($_POST['q'])) { $query = strip_tags($_POST['q']); } else { if (SESS_isSet($component . '_q')) { $query = strip_tags(SESS_getVar($component . '_q')); } else { $query = ''; } } } // retrieve the query_limit if (isset($_GET['query_limit'])) { $query_limit = COM_applyFilter($_GET['query_limit'], true); } else { if (isset($_POST['query_limit'])) { $query_limit = COM_applyFilter($_POST['query_limit'], true); } else { if (SESS_isSet($component . '_query_limit')) { $query_limit = COM_applyFilter(SESS_getVar($component . '_query_limit'), true); } else { $query_limit = 50; } } } // get the current page from the interface. The variable is linked to the // component, i.e. the plugin/function calling this here to avoid overlap // the default page number is 1 if (isset($_GET[$component . 'listpage'])) { $page = COM_applyFilter($_GET[$component . 'listpage'], true); $curpage = $page; } else { if (isset($_POST[$component . 'listpage'])) { $page = COM_applyFilter($_POST[$component . 'listpage'], true); $curpage = $page; } else { if (SESS_isSet($component . 'listpage')) { $page = COM_applyFilter(SESS_getVar($component . 'listpage'), true); $curpage = $page; } else { $page = ''; $curpage = 1; } } } $curpage = $curpage <= 0 ? 1 : $curpage; // curpagee has to be > 0 // process text_arr for title, help url and form url $title = (is_array($text_arr) and !empty($text_arr['title'])) ? $text_arr['title'] : ''; $help_url = (is_array($text_arr) and !empty($text_arr['help_url'])) ? $text_arr['help_url'] : ''; $form_url = (is_array($text_arr) and !empty($text_arr['form_url'])) ? $text_arr['form_url'] : ''; // determine what extra options we should use (search, limit, paging) if (isset($text_arr['has_extras']) && $text_arr['has_extras']) { # old option, denotes all $has_search = true; $has_limit = true; $has_paging = true; } else { $has_search = isset($text_arr['has_search']) && $text_arr['has_search'] ? true : false; $has_limit = isset($text_arr['has_limit']) && $text_arr['has_limit'] ? true : false; $has_paging = isset($text_arr['has_paging']) && $text_arr['has_paging'] ? true : false; } // process options_arr for chkdelete/chkselect options if any $chkselect = (is_array($options_arr) and (isset($options_arr['chkselect']) and $options_arr['chkselect'] or isset($options_arr['chkdelete']) and $options_arr['chkdelete'])) ? true : false; $chkall = (is_array($options_arr) and isset($options_arr['chkall'])) ? $options_arr['chkall'] : true; $chkname = (is_array($options_arr) and isset($options_arr['chkname'])) ? $options_arr['chkname'] : 'delitem'; $chkfield = (is_array($options_arr) and isset($options_arr['chkfield'])) ? $options_arr['chkfield'] : ''; $chkactions = (is_array($options_arr) and isset($options_arr['chkactions'])) ? $options_arr['chkactions'] : ''; $chkfunction = (is_array($options_arr) and isset($options_arr['chkfunction'])) ? $options_arr['chkfunction'] : 'ADMIN_chkDefault'; $chkminimum = (is_array($options_arr) and isset($options_arr['chkminimum'])) ? $options_arr['chkminimum'] : 1; # get all template fields. $admin_templates = new Template($_CONF['path_layout'] . 'admin/lists'); $admin_templates->set_file(array('search' => 'searchmenu.thtml', 'list' => 'list.thtml', 'header' => 'header.thtml', 'row' => 'listitem.thtml', 'field' => 'field.thtml', 'arow' => 'actionrow.thtml')); # insert std. values into the template $admin_templates->set_var('form_url', $form_url); $admin_templates->set_var('lang_edit', $LANG_ADMIN['edit']); $admin_templates->set_var('lang_delconfirm', $LANG01[125]); if (isset($form_arr['top'])) { $admin_templates->set_var('formfields_top', $form_arr['top']); } if (isset($form_arr['bottom'])) { $admin_templates->set_var('formfields_bottom', $form_arr['bottom']); } // Check if the delete checkbox and support for the delete all feature should be displayed if ($chkselect) { if ($chkall) { $admin_templates->set_var('header_text', '<input type="checkbox" name="chk_selectall" title="' . $LANG01[126] . '" onclick="caItems(this.form,\'' . $chkname . '\');"/>'); } else { $admin_templates->set_var('header_text', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />'); } $admin_templates->set_var('class', 'admin-list-field'); $admin_templates->set_var('header_column_style', 'style="text-align:center;width:25px;"'); // always center checkbox $admin_templates->parse('header_row', 'header', true); } $icon_arr = ADMIN_getIcons(); if ($has_search) { // show search $admin_templates->set_var('lang_search', $LANG_ADMIN['search']); $admin_templates->set_var('lang_submit', $LANG_ADMIN['submit']); $admin_templates->set_var('last_query', htmlspecialchars($query)); $admin_templates->set_var('filter', $filter); } $sql = $query_arr['sql']; // get sql from array that builds data if (isset($_GET['orderby']) || SESS_isSet($component . '_orderby')) { if (isset($_GET['orderby'])) { $orderbyidx = COM_applyFilter($_GET['orderby'], true); } else { $orderbyidx = COM_applyFilter(SESS_getVar($component . '_orderby'), true); } if (isset($header_arr[$orderbyidx]['field']) && $header_arr[$orderbyidx]['sort'] != false) { $orderidx_link = "&orderby={$orderbyidx}"; // preserve the value for paging $orderby = $header_arr[$orderbyidx]['field']; // get the field name to sort by } else { $orderby = $defsort_arr['field']; // not set - use default (this could be null) $orderidx_link = ''; $orderbyidx = ''; } } else { $orderby = $defsort_arr['field']; // not set - use default (this could be null) $orderidx_link = ''; $orderbyidx = ''; } // set sort direction. defaults to ASC if (isset($_GET['direction'])) { $direction = COM_applyFilter($_GET['direction']); } else { if (SESS_isSet($component . '_direction')) { $direction = SESS_getVar($component . '_direction'); } else { $direction = $defsort_arr['direction']; } } $direction = strtoupper($direction) == 'DESC' ? 'DESC' : 'ASC'; // retrieve previous sort order field if (isset($_GET['prevorder'])) { $prevorder = COM_applyFilter($_GET['prevorder']); } else { $prevorder = ''; } // reverse direction if previous order field was the same (this is a toggle) if ($orderby == $prevorder) { // reverse direction if prev. order was the same $direction = $direction == 'DESC' ? 'ASC' : 'DESC'; } SESS_setVar($component . 'listpage', $page); SESS_setVar($component . '_q', $query); SESS_setVar($component . '_query_limit', $query_limit); SESS_setVar($component . '_direction', $direction); SESS_setVar($component . '_orderby', $orderbyidx); // ok now let's build the order sql $orderbysql = !empty($orderby) ? "ORDER BY {$orderby} {$direction}" : ''; // assign proper arrow img based upon order $arrow_img = $direction == 'ASC' ? 'ascending' : 'descending'; $img_arrow_url = "{$_CONF['layout_url']}/images/admin/{$arrow_img}.{$_IMAGE_TYPE}"; $attr['style'] = "vertical-align:text-top;"; $img_arrow = ' ' . COM_createImage($img_arrow_url, $arrow_img, $attr); # HEADER FIELDS array(text, field, sort, align, class) ===================== // number of columns in each row $ncols = count($header_arr); for ($i = 0; $i < $ncols; $i++) { $header_text = isset($header_arr[$i]['text']) && !empty($header_arr[$i]['text']) ? $header_arr[$i]['text'] : ''; // check to see if field is sortable if (isset($header_arr[$i]['sort']) && $header_arr[$i]['sort'] != false) { // add the sort indicator $header_text .= $orderby == $header_arr[$i]['field'] ? $img_arrow : ''; // change the mouse to a pointer $th_subtags = " onmouseover=\"this.style.cursor='pointer';\""; // create an index so we know what to sort $separator = strpos($form_url, '?') > 0 ? '&' : '?'; // ok now setup the parameters to preserve: // sort field and direction $th_subtags .= " onclick=\"window.location.href='{$form_url}{$separator}" . "orderby={$i}&prevorder={$orderby}&direction={$direction}"; // page number $th_subtags .= !empty($page) ? '&' . $component . 'listpage=' . $page : ''; // query $th_subtags .= !empty($query) ? '&q=' . urlencode($query) : ''; // query limit $th_subtags .= !empty($query_limit) ? '&query_limit=' . $query_limit : ''; $th_subtags .= "';\""; } else { $th_subtags = ''; } // apply field styling if specified if (!empty($header_arr[$i]['header_class'])) { $admin_templates->set_var('class', $header_arr[$i]['header_class']); } else { $admin_templates->set_var('class', 'admin-list-headerfield'); } // apply field alignment options if specified $header_column_style = ''; if (!empty($header_arr[$i]['align'])) { if ($header_arr[$i]['align'] == 'center') { $header_column_style = 'text-align:center;'; } elseif ($header_arr[$i]['align'] == 'right') { $header_column_style = 'text-align:right;'; } } // apply field wrap option if specified $header_column_style .= isset($header_arr[$i]['nowrap']) ? ' white-space:nowrap;' : ''; // apply field width option if specified $header_column_style .= isset($header_arr[$i]['width']) ? ' width:' . $header_arr[$i]['width'] . ';' : ''; // apply field style option if specified if (!empty($header_column_style)) { $admin_templates->set_var('header_column_style', 'style="' . $header_column_style . '"'); } else { $admin_templates->clear_var('header_column_style'); } // output the header field $admin_templates->set_var('header_text', $header_text); $admin_templates->set_var('th_subtags', $th_subtags); $admin_templates->parse('header_row', 'header', true); // clear all for next header $admin_templates->clear_var('th_subtags'); $admin_templates->clear_var('class'); $admin_templates->clear_var('header_text'); } if ($has_limit) { $admin_templates->set_var('lang_limit_results', $LANG_ADMIN['limit_results']); $limit = !empty($query_limit) ? $query_limit : 50; // query limit (default=50) if ($query != '') { # set query into form after search $admin_templates->set_var('query', urlencode($query)); } else { $admin_templates->set_var('query', ''); } $admin_templates->set_var('query_limit', $query_limit); # choose proper dropdown field for query limit $admin_templates->set_var($limit . '_selected', 'selected="selected"'); // set the default sql filter (if any) $filtersql = isset($query_arr['default_filter']) && !empty($query_arr['default_filter']) ? " {$query_arr['default_filter']}" : ''; // now add the query fields if (!empty($query)) { # add query fields with search term $filtersql .= " AND ("; for ($f = 0; $f < count($query_arr['query_fields']); $f++) { $filtersql .= $query_arr['query_fields'][$f] . " LIKE '%" . DB_escapeString($query) . "%'"; if ($f < count($query_arr['query_fields']) - 1) { $filtersql .= " OR "; } } $filtersql .= ")"; } $num_pagessql = $sql . $filtersql; $num_pagesresult = DB_query($num_pagessql); $num_rows = DB_numRows($num_pagesresult); $num_pages = ceil($num_rows / $limit); $curpage = $num_pages < $curpage ? 1 : $curpage; // don't go beyond possible results $offset = ($curpage - 1) * $limit; $limitsql = "LIMIT {$offset},{$limit}"; // get only current page data $admin_templates->set_var('lang_records_found', $LANG_ADMIN['records_found']); $admin_templates->set_var('records_found', COM_numberFormat($num_rows)); } if ($has_search || $has_limit || $has_paging) { $admin_templates->parse('search_menu', 'search', true); } else { $admin_templates->set_var('search_menu', ''); } # form the sql query to retrieve the data if (!isset($filtersql)) { $filtersql = ''; } if (!isset($orderbysql)) { $orderbysql = ''; } if (!isset($limitsql)) { $limitsql = ''; } $sql .= "{$filtersql} {$orderbysql} {$limitsql};"; $result = DB_query($sql); // number of rows/records to display $nrows = DB_numRows($result); $r = 1; # r is the counter for the actual displayed rows for correct coloring for ($i = 0; $i < $nrows; $i++) { # now go through actual data $A = DB_fetchArray($result); $row_output = false; # as long as no fields are returned, dont print row if ($chkselect) { $admin_templates->set_var('class', 'admin-list-field'); $admin_templates->set_var('column_style', 'style="text-align:center;"'); // always center checkbox if ($chkfunction($A)) { $admin_templates->set_var('itemtext', '<input type="checkbox" name="' . $chkname . '[]" value="' . $A[$chkfield] . '" title="' . $LANG_ADMIN['select'] . '"/>'); } else { $admin_templates->set_var('itemtext', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />'); } $admin_templates->parse('item_field', 'field', true); } for ($j = 0; $j < $ncols; $j++) { $fieldname = $header_arr[$j]['field']; # get field name from headers $fieldvalue = ''; if (!empty($A[$fieldname])) { # is there a field in data like that? $fieldvalue = $A[$fieldname]; # yes, get its data } if (!empty($fieldfunction) && !empty($extra)) { $fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr, $extra); } else { if (!empty($fieldfunction)) { # do we have a fieldfunction? $fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr); } else { # if not just take the value $fieldvalue = $fieldvalue; } } if ($fieldvalue !== false) { # return was there, so write line $row_output = true; } else { $fieldvalue = ''; // dont give empty fields } if (!empty($header_arr[$j]['field_class'])) { $admin_templates->set_var('class', $header_arr[$j]['field_class']); } else { $admin_templates->set_var('class', 'admin-list-field'); } // process field alignment option if specified $column_style = ''; if (!empty($header_arr[$j]['align'])) { if ($header_arr[$j]['align'] == 'center') { $column_style = 'text-align:center;'; } elseif ($header_arr[$j]['align'] == 'right') { $column_style = 'text-align:right;'; } } $column_style .= isset($header_arr[$j]['nowrap']) ? ' white-space:nowrap;' : ''; if (!empty($column_style)) { $admin_templates->set_var('column_style', 'style="' . $column_style . '"'); } else { $admin_templates->clear_var('column_style'); } $admin_templates->set_var('itemtext', $fieldvalue); # write field $admin_templates->parse('item_field', 'field', true); } if ($row_output) { # there was data in at least one field, so print line $r++; # switch to next color $admin_templates->set_var('cssid', $r % 2 + 1); # make alternating table color $admin_templates->parse('item_row', 'row', true); # process the complete row } $admin_templates->clear_var('item_field'); # clear field } if ($nrows == 0) { # there is no data. return notification message. $message = isset($no_data) ? $text_arr['no_data'] : $LANG_ADMIN['no_results']; $admin_templates->set_var('message', $message); } else { // $footer_cols = ($chkselect) ? $ncols + 1 : $ncols; // $admin_templates->set_var('footer_row', '<tr><td colspan="' . $footer_cols . '"><div style="margin:2px 0 2px 0;border-top:1px solid #cccccc"></div></td></tr>'); } // if we displayed data, and chkselect option is available, display the // actions row for all selected items. provide a delete action as a minimum if ($nrows > 0 and $chkselect) { $actions = '<td style="text-align:center;">' . '<img src="' . $_CONF['layout_url'] . '/images/admin/action.' . $_IMAGE_TYPE . '" alt="" /></td>'; $actions .= '<td colspan="' . $ncols . '">' . $LANG_ADMIN['action'] . ' '; if (empty($chkactions)) { $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete']; } else { $actions .= $chkactions; } $actions .= '</td>'; $admin_templates->set_var('actions', $actions); $admin_templates->parse('action_row', 'arow', true); } // perform the paging if ($has_paging) { $hasargs = strstr($form_url, '?'); if ($hasargs) { $sep = '&'; } else { $sep = '?'; } if (!empty($query)) { # port query to next page $base_url = $form_url . $sep . 'q=' . urlencode($query) . "&query_limit={$query_limit}{$orderidx_link}&direction={$direction}"; } else { $base_url = $form_url . $sep . "query_limit={$query_limit}{$orderidx_link}&direction={$direction}"; } if ($num_pages > 1) { # print actual google-paging $admin_templates->set_var('google_paging', COM_printPageNavigation($base_url, $curpage, $num_pages, $component . 'listpage=')); } else { $admin_templates->set_var('google_paging', ''); } } // return the html output $admin_templates->parse('output', 'list'); $retval = !empty($title) ? COM_startBlock($title, $help_url, COM_getBlockTemplate('_admin_block', 'header')) : ''; $retval .= $admin_templates->finish($admin_templates->get_var('output')); $retval .= !empty($title) ? COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')) : ''; return $retval; }