/**
* jmd_img_selector preferences
*
* @param string $event
* @param string $step
*/
function jmd_img_selector($event, $step)
{
global $jmdImgSel, $path_to_site, $prefs;
$out = '<div id="jmd_img_selector" style="width: 500px; margin: 0 auto">';
if ($step === 'update') {
$settings = array('tbWidth' => gps('tbWidth'), 'tbHeight' => gps('tbHeight'), 'imgWidth' => gps('imgWidth'), 'imgHeight' => gps('imgHeight'));
foreach ($settings as $key => $value) {
$jmdImgSel->upsertPref($key, $value);
}
$msg = $jmdImgSel->gTxt('prefs_updated');
}
if ($step === 'css') {
$css = <<<CSS
//inc <img_sel.css>
CSS;
safe_insert("txp_css", "name='jmd_img_selector', css='" . base64_encode($css) . "'");
$msg = $jmdImgSel->gTxt('css_created');
}
pageTop($jmdImgSel->gTxt('prefs'), isset($msg) ? $msg : '');
// Preferences
$out .= form(fieldset(fieldset($jmdImgSel->input('pref_width', 'tbWidth') . $jmdImgSel->input('pref_height', 'tbHeight'), $jmdImgSel->gTxt('tb_legend')) . fieldset($jmdImgSel->input('pref_width', 'imgWidth') . $jmdImgSel->input('pref_height', 'imgHeight'), $jmdImgSel->gTxt('img_legend')) . fInput('submit', 'update', $jmdImgSel->gTxt('update')) . eInput('jmd_img_selector') . sInput('update'), $jmdImgSel->gTxt('prefs_legend')));
// Check if CSS file exists
$rs = safe_field('name', 'txp_css', 'name="jmd_img_selector"');
if (empty($rs)) {
$out .= form(fieldset(fInput('submit', 'submit', $jmdImgSel->gTxt('create_css')) . eInput('jmd_img_selector') . sInput('css'), $jmdImgSel->gTxt('css_legend')));
}
echo $out;
}
function page_title($atts)
{
global $sitename, $s, $c, $q, $pg, $id, $parentid;
extract(lAtts(array('separator' => ': '), $atts));
$out = $sitename;
if ($pg) {
$out = $sitename . $separator . gTxt('page') . ' ' . $pg;
}
if ($s and $s != 'default') {
$out = $sitename . $separator . fetch_section_title($s);
}
if ($c) {
$out = $sitename . $separator . fetch_category_title($c);
}
if ($q) {
$out = $sitename . $separator . gTxt('search_results') . $separator . ' ' . $q;
}
if ($id) {
$id = (int) $id;
$out = $sitename . $separator . safe_field('Title', 'textpattern', "ID = {$id}");
}
if ($parentid) {
$parent_id = (int) $parent_id;
$out = $sitename . $separator . gTxt('comments_on') . ' ' . safe_field('Title', 'textpattern', "ID = {$parentid}");
}
return escape_title($out);
}
function plugin_help()
{
$name = gps('name');
pagetop(gTxt('plugin_help'));
$help = $name ? safe_field('help', 'txp_plugin', "name = '" . doSlash($name) . "'") : '';
echo startTable('edit') . tr(tda($help, ' width="600"')) . endTable();
}
function pagetop($pagetitle, $message = '', $msgclass = '')
{
global $css_mode, $siteurl, $sitename, $txp_user, $event;
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field('privs', 'txp_users', "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . $event;
}
$theme = 'default';
include txpath . DS . 'theme' . DS . $theme . DS . 'header.php';
}
function page_title($atts)
{
global $parentid, $thisarticle, $id, $q, $c, $author, $context, $s, $pg, $sitename;
extract(lAtts(array('separator' => ': '), $atts));
$out = txpspecialchars($sitename . $separator);
$parent_id = (int) $parentid;
if ($parent_id) {
$out .= gTxt('comments_on') . ' ' . escape_title(safe_field('Title', 'textpattern', "ID = {$parent_id}"));
} elseif ($thisarticle['title']) {
$out .= escape_title($thisarticle['title']);
} elseif ($q) {
$out .= gTxt('search_results') . txpspecialchars($separator . $q);
} elseif ($c) {
$out .= txpspecialchars(fetch_category_title($c, $context));
} elseif ($s and $s != 'default') {
$out .= txpspecialchars(fetch_section_title($s));
} elseif ($author) {
$out .= txpspecialchars(get_author_name($author));
} elseif ($pg) {
$out .= gTxt('page') . ' ' . $pg;
} else {
$out = txpspecialchars($sitename);
}
return $out;
}
function logit($r = '')
{
global $siteurl, $prefs, $pretext;
$mydomain = str_replace('www.', '', preg_quote($siteurl, "/"));
$out['uri'] = @$pretext['request_uri'];
$out['ref'] = clean_url(str_replace("http://", "", serverSet('HTTP_REFERER')));
$host = $ip = serverSet('REMOTE_ADDR');
if (!empty($prefs['use_dns'])) {
// A crude rDNS cache
if ($h = safe_field('host', 'txp_log', "ip='" . doSlash($ip) . "' limit 1")) {
$host = $h;
} else {
// Double-check the rDNS
$host = @gethostbyaddr(serverSet('REMOTE_ADDR'));
if ($host != $ip and @gethostbyname($host) != $ip) {
$host = $ip;
}
}
}
$out['ip'] = $ip;
$out['host'] = $host;
$out['status'] = 200;
// FIXME
$out['method'] = serverSet('REQUEST_METHOD');
if (preg_match("/^[^\\.]*\\.?{$mydomain}/i", $out['ref'])) {
$out['ref'] = "";
}
if ($r == 'refer') {
if (trim($out['ref']) != "") {
insert_logit($out);
}
} else {
insert_logit($out);
}
}
function doTxpValidate()
{
global $logout, $txpcfg;
$p_userid = ps('p_userid');
$p_password = ps('p_password');
$logout = gps('logout');
$stay = ps('stay');
if ($logout) {
setcookie('txp_login', '', time() - 3600);
}
if (!empty($_COOKIE['txp_login']) and !$logout) {
// cookie exists
@(list($c_userid, $cookie_hash) = split(',', $_COOKIE['txp_login']));
$nonce = safe_field('nonce', 'txp_users', "name='{$c_userid}'");
if (md5($c_userid . $nonce) === $cookie_hash && $nonce) {
// check nonce
$GLOBALS['txp_user'] = $c_userid;
// cookie is good, create $txp_user
return '';
} else {
// something's gone wrong
$GLOBALS['txp_user'] = '';
setcookie('txp_login', '', time() - 3600);
return gTxt('bad_cookie');
}
} elseif ($p_userid and $p_password) {
// no cookie, but incoming login vars
sleep(3);
// should grind dictionary attacks to a halt
if (txp_validate($p_userid, $p_password)) {
$nonce = safe_field('nonce', 'txp_users', "name='{$p_userid}'");
if (!$nonce) {
define('TXP_UPDATE', 1);
include_once txpath . '/update/_update.php';
exit(graf('Please reload'));
}
if ($stay) {
// persistent cookie required
setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce), time() + 3600 * 24 * 365);
// expires in 1 year
} else {
// session-only cookie required
setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce));
setcookie('txp_nostay', '1', time() + 3600 * 24 * 365);
// remember nostay for 1 year
}
$GLOBALS['txp_user'] = $p_userid;
// login is good, create $txp_user
return '';
} else {
$GLOBALS['txp_user'] = '';
return gTxt('could_not_log_in');
}
} else {
$GLOBALS['txp_user'] = '';
return gTxt('login_to_textpattern');
}
}
function check_privs()
{
global $txp_user;
$privs = safe_field("privs", "txp_users", "`name`='{$txp_user}'");
$args = func_get_args();
if (!in_array($privs, $args)) {
exit(pageTop('Restricted') . '<p style="margin-top:3em;text-align:center">' . gTxt('restricted_area') . '</p>');
}
}
function doTxpValidate()
{
global $logout, $txpcfg;
$p_userid = ps('p_userid');
$p_password = ps('p_password');
$logout = gps('logout');
$stay = ps('stay');
if ($logout) {
setcookie('txp_login', ' ', time() - 3600);
}
if (isset($_COOKIE['txp_login']) and !$logout) {
// cookie exists
list($c_userid, $cookie_hash) = split(',', $_COOKIE['txp_login']);
$nonce = safe_field('nonce', 'txp_users', "name='{$c_userid}'");
if (md5($c_userid . $nonce) == $cookie_hash) {
// check secret word
$GLOBALS['txp_user'] = $c_userid;
// cookie is good, create $txp_user
return '';
} else {
// something's gone wrong
$GLOBALS['txp_user'] = '';
setcookie('txp_login', '', time() - 3600);
return gTxt('bad_cookie');
}
} elseif ($p_userid and $p_password) {
// no cookie, but incoming login vars
sleep(3);
// should grind dictionary attacks to a halt
if (txp_validate($p_userid, $p_password)) {
$nonce = safe_field('nonce', 'txp_users', "name='{$p_userid}'");
if (!$nonce) {
exit(graf('Missing authentication information.
Please run _update.php'));
}
if ($stay) {
// persistent cookie required
setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce), time() + 3600 * 24 * 365);
// expires in 1 year
} else {
// session-only cookie required
setcookie('txp_login', $p_userid . ',' . md5($p_userid . $nonce));
}
$GLOBALS['txp_user'] = $p_userid;
// login is good, create $txp_user
return '';
} else {
$GLOBALS['txp_user'] = '';
return gTxt('could_not_log_in');
}
} else {
$GLOBALS['txp_user'] = '';
return gTxt('login_to_textpattern');
}
}
function section_save()
{
global $txpcfg, $app_mode;
extract(doSlash(psa(array('page', 'css', 'old_name'))));
extract(psa(array('name', 'title')));
$prequel = '';
$sequel = '';
if (empty($title)) {
$title = $name;
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = doSlash($textile->TextileThis($title, 1));
$name = doSlash(sanitizeForUrl($name));
if ($old_name && strtolower($name) != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$name}'")) {
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
if ($app_mode == 'async') {
// TODO: Better/themeable popup
send_script_response('window.alert("' . escape_js(strip_tags(gTxt('section_name_already_exists', array('{name}' => $name)))) . '")');
} else {
sec_section_list($message);
return;
}
}
}
if ($name == 'default') {
safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
update_lastmod();
} else {
extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
// note this means 'selected by default' not 'default page'
if ($is_default) {
safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
// switch off $is_default for all sections in async app_mode
if ($app_mode == 'async') {
$prequel = '$("input[name=\\"is_default\\"][value=\\"1\\"]").attr("checked", false);' . '$("input[name=\\"is_default\\"][value=\\"0\\"]").attr("checked", true);';
}
}
safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'");
safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
update_lastmod();
}
$message = gTxt('section_updated', array('{name}' => $name));
if ($app_mode == 'async') {
// Caveat: Use unslashed params for DTO
$s = psa(array('name', 'title', 'page', 'css')) + compact('is_default', 'on_frontpage', 'in_rss', 'searchable');
$s = section_detail_partial($s);
send_script_response($prequel . '$("#section-form-' . $name . '").replaceWith("' . escape_js($s) . '");' . $sequel);
} else {
sec_section_list($message);
}
}
function jcp_simple_gravatar($atts)
{
global $prefs;
global $thiscomment;
global $thisarticle;
$size = !empty($atts['size']) ? $atts['size'] : '80';
$default = !empty($atts['default']) ? $atts['default'] : 'default';
$format = !empty($atts['format']) ? $atts['format'] : 'jpg';
$rating = !empty($atts['rating']) ? $atts['rating'] : 'G';
// TODO: Add support for Gravatar id's
// Comment or article author's email address?
// TODO: Clean up code, make it more DRY or somehthing.
if (empty($atts['user'])) {
if (empty($atts['where'])) {
if (!empty($thiscomment)) {
$email = !empty($atts['email']) ? $atts['email'] : $thiscomment['email'];
} elseif (!empty($thisarticle)) {
$email = safe_field("email", "txp_users", "name='" . $thisarticle['authorid'] . "'");
}
} else {
if ($atts['where'] == "comment") {
$email = !empty($atts['email']) ? $atts['email'] : $thiscomment['email'];
} elseif ($atts['where'] == "article") {
$email = safe_field("email", "txp_users", "name='" . $thisarticle['authorid'] . "'");
}
}
} else {
$email = safe_field("email", "txp_users", "name='" . $atts['user'] . "'");
}
// The Gravatar URL before adding the parameters!
$url = "http://gravatar.com/avatar/" . md5(strtolower($email)) . ".{$format}";
// Parameters
if ($rating != 'G') {
$parameters[] = 'r=' . $rating;
}
$parameters[] = 's=' . $size;
if (!empty($atts['default'])) {
$parameters[] = 'd=' . urlencode($default);
} elseif (!empty($atts['default_local'])) {
// Get the site URL
if (strstr('http://', $prefs['siteurl'])) {
$siteurl = $prefs['siteurl'];
} else {
$siteurl = "http://" . $prefs['siteurl'];
}
$parameters[] = 'd=' . urlencode($siteurl . $atts['default_local']);
}
if (isset($parameters)) {
$par = join("&", $parameters);
$url .= "?" . $par;
}
// We're done, yay!
return $url;
}
function doTxpValidate()
{
global $logout, $txpcfg, $txp_user;
$p_userid = ps('p_userid');
$p_password = ps('p_password');
$logout = gps('logout');
$stay = ps('stay');
if ($logout) {
setcookie('txp_login', '', time() - 3600);
}
if (!empty($_COOKIE['txp_login']) and !$logout) {
@(list($c_userid, $cookie_hash) = split(',', cs('txp_login')));
$nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "'");
if ($nonce && $nonce === md5($c_userid . pack('H*', $cookie_hash))) {
// cookie is good, create $txp_user
$txp_user = $c_userid;
return '';
} else {
// something's gone wrong
$txp_user = '';
setcookie('txp_login', '', time() - 3600);
return gTxt('bad_cookie');
}
} elseif ($p_userid and $p_password) {
sleep(3);
// should grind dictionary attacks to a halt
if (txp_validate($p_userid, $p_password)) {
$cookie_hash = md5(uniqid(rand()));
safe_update('txp_users', "nonce = '" . doSlash(md5($p_userid . pack('H*', $cookie_hash))) . "'", "name = '" . doSlash($p_userid) . "'");
if ($stay) {
setcookie('txp_login', $p_userid . ',' . $cookie_hash, time() + 3600 * 24 * 365);
// expires in 1 year
if (cs('txp_nostay')) {
setcookie('txp_nostay', '', time() - 3600);
}
} else {
setcookie('txp_login', $p_userid . ',' . $cookie_hash);
setcookie('txp_nostay', '1', time() + 3600 * 24 * 365);
// remember nostay for 1 year
}
$txp_user = $p_userid;
// login is good, create $txp_user
return '';
} else {
$txp_user = '';
return gTxt('could_not_log_in');
}
} else {
$txp_user = '';
return gTxt('login_to_textpattern');
}
}
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = doSlash(generate_password(6));
$rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name);
}
}
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($new_pass));
$rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . txpspecialchars($name);
}
}
/**
* Provides access to an author's username and email address.
* Replaces the spaces in an author's real name with any character.
*
* @param array $atts
* @param string $atts['display'] 'email', 'name', 'username'
* @param bool $atts['lowercase'] Lowercases $display
* @param string $atts['separator'] Replace spaces in $display with any char.
* @param string $atts['username'] Username to base output on. Default:
* article author
*/
function jmd_author($atts)
{
global $thisarticle;
extract(lAtts(array('display' => 'username', 'lowercase' => 0, 'separator' => ' ', 'username' => $thisarticle['authorid']), $atts));
$out = $username;
switch ($display) {
case 'email':
$out = eE(safe_field("email", "txp_users", "name='{$username}'"));
break;
case 'name':
$out = get_author_name($username);
break;
default:
}
if ($lowercase == 1) {
$out = strtolower($out);
}
return str_replace(' ', $separator, $out);
}
function page_save()
{
extract(doSlash(gpsa(array('name', 'html', 'copy'))));
if ($copy) {
$newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
if ($newname and safe_field('name', 'txp_page', "name = '{$newname}'")) {
$message = gTxt('page_already_exists', array('{name}' => $newname));
} elseif ($newname) {
safe_insert('txp_page', "name = '{$newname}', user_html = '{$html}'");
update_lastmod();
$message = gTxt('page_created', array('{name}' => $newname));
} else {
$message = gTxt('page_name_invalid');
}
page_edit($message);
} else {
safe_update('txp_page', "user_html = '{$html}'", "name = '{$name}'");
update_lastmod();
$message = gTxt('page_updated', array('{name}' => $name));
page_edit($message);
}
}
function zem_older($atts, $thing = false)
{
global $thispage, $pretext, $permlink_mode;
extract(lAtts(array('showalways' => 0), $atts));
$numPages = $thispage['numPages'];
$pg = $thispage['pg'];
if ($numPages > 1 and $pg != $numPages) {
$nextpg = $pg + 1;
// author urls should use RealName, rather than username
if (!empty($pretext['author'])) {
$author = safe_field('RealName', 'txp_users', "name = '" . doSlash($pretext['author']) . "'");
} else {
$author = '';
}
$parts = array('pg' => $nextpg, 's' => @$pretext['s'], 'c' => @$pretext['c'], 'q' => @$pretext['q'], 'author' => $author);
$parts = $parts + $_GET;
$url = pagelinkurl($parts);
if ($thing) {
return '<a href="' . $url . '"' . (empty($title) ? '' : ' title="' . $title . '"') . '>' . parse($thing) . '</a>';
}
return $url;
}
return $showalways ? parse($thing) : '';
}
function page_title($atts)
{
global $sitename, $id, $c, $q, $parentid, $pg;
extract(lAtts(array('separator' => ': '), $atts));
$s = $sitename;
$sep = $separator;
$out = $sitename;
if ($c) {
$out = $s . $sep . fetch_category_title($c);
}
if ($q) {
$out = $s . $sep . gTxt('search_results') . $sep . ' ' . $q;
}
if ($pg) {
$out = $s . $sep . gTxt('page') . ' ' . $pg;
}
if ($id) {
$out = $s . $sep . safe_field('Title', 'textpattern', "ID = {$id}");
}
if ($parentid) {
$out = $s . $sep . gTxt('comments_on') . ' ' . safe_field('Title', 'textpattern', "ID = '{$parentid}'");
}
return escape_title($out);
}
function section_save()
{
global $txpcfg;
extract(doSlash(psa(array('page', 'css', 'old_name'))));
extract(psa(array('name', 'title')));
if (empty($title)) {
$title = $name;
}
// Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = doSlash($textile->TextileThis($title, 1));
$name = doSlash(sanitizeForUrl($name));
if ($old_name && strtolower($name) != strtolower($old_name)) {
if (safe_field('name', 'txp_section', "name='{$name}'")) {
$message = gTxt('section_name_already_exists', array('{name}' => $name));
sec_section_list($message);
return;
}
}
if ($name == 'default') {
safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
update_lastmod();
} else {
extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
// note this means 'selected by default' not 'default page'
if ($is_default) {
safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
}
safe_update('txp_section', "\n\t\t\t\tname = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss = {$in_rss},\n\t\t\t\tsearchable = {$searchable}\n\t\t\t", "name = '{$old_name}'");
safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
update_lastmod();
}
$message = gTxt('section_updated', array('{name}' => $name));
sec_section_list($message);
}
@ini_set("display_errors", "1");
include_once txpath . '/lib/constants.php';
include_once txpath . '/lib/mdb.php';
include_once txpath . '/lib/txplib_db.php';
include_once txpath . '/lib/txplib_prefs.php';
include_once txpath . '/lib/txplib_forms.php';
include_once txpath . '/lib/txplib_html.php';
include_once txpath . '/lib/txplib_misc.php';
include_once txpath . '/lib/txplib_element.php';
include_once txpath . '/lib/txplib_class.php';
include_once txpath . '/lib/admin_config.php';
include_once txpath . '/lib/txplib_controller.php';
include_once txpath . '/lib/txplib_section.php';
$microstart = getmicrotime();
if ($DB->connected && $DB->table_exists(PFX . 'textpattern')) {
$dbversion = safe_field('val', 'txp_prefs', "name = 'version'");
// global site prefs
$prefs = get_prefs();
extract($prefs);
if (empty($siteurl)) {
$siteurl = $_SERVER['HTTP_HOST'] . rtrim(dirname(dirname($_SERVER['SCRIPT_NAME'])), '/');
}
if (empty($path_to_site)) {
updateSitePath(dirname(dirname(__FILE__)));
}
define("LANG", $language);
//i18n: define("LANG","en-gb");
define('txp_version', $thisversion);
if (!defined('PROTOCOL')) {
switch (serverSet('HTTPS')) {
case '':
function css_save()
{
extract(gpsa(array('name', 'css', 'savenew', 'newname', 'copy')));
$css = doSlash(base64_encode($css));
if ($savenew or $copy) {
$newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
if ($newname and safe_field('name', 'txp_css', "name = '{$newname}'")) {
$message = gTxt('css_already_exists', array('{name}' => $newname));
} elseif ($newname) {
safe_insert('txp_css', "name = '" . $newname . "', css = '{$css}'");
// update site last mod time
update_lastmod();
$message = gTxt('css_created', array('{name}' => $newname));
} else {
$message = gTxt('css_name_required');
}
css_edit($message);
} else {
safe_update('txp_css', "css = '{$css}'", "name = '" . doSlash($name) . "'");
// update site last mod time
update_lastmod();
$message = gTxt('css_updated', array('{name}' => $name));
css_edit($message);
}
}
/**
* Writes a new language string to the database.
*
* The language is taken from a 'lang_code' HTTP POST or GET parameter.
*
* The '$value' argument takes a string as an array. This array consists of keys
* 'name', 'event', 'data', 'uLastmod'.
*
* @param array $value The string
* @param int $key Not used
*/
function install_lang_key(&$value, $key)
{
extract(gpsa(array('lang_code', 'updating')));
$exists = safe_field("name", 'txp_lang', "name = '" . doSlash($value['name']) . "' AND lang = '" . doSlash($lang_code) . "'");
$q = "name = '" . doSlash($value['name']) . "',\n event = '" . doSlash($value['event']) . "',\n data = '" . doSlash($value['data']) . "',\n lastmod = '" . doSlash(strftime('%Y%m%d%H%M%S', $value['uLastmod'])) . "'";
if ($exists !== false) {
$value['ok'] = safe_update('txp_lang', $q, "owner = '" . doSlash(TEXTPATTERN_LANG_OWNER_SYSTEM) . "' AND lang = '" . doSlash($lang_code) . "' AND name = '" . doSlash($value['name']) . "'");
} else {
$value['ok'] = safe_insert('txp_lang', "{$q}, lang = '" . doSlash($lang_code) . "'");
}
}
// publisher's email address
if (!safe_field('name', 'txp_prefs', "name = 'publisher_email'")) {
safe_insert('txp_prefs', "prefs_id = 1, name = 'publisher_email', val = '', type = 1, event = 'admin', position = 115");
}
// goodbye raw ?php support
if (safe_field('name', 'txp_prefs', "name = 'allow_raw_php_scripting'")) {
safe_delete('txp_prefs', "name = 'allow_raw_php_scripting'");
}
safe_alter('txp_users', "MODIFY RealName VARCHAR(255) NOT NULL default '', MODIFY email VARCHAR(254) NOT NULL default ''");
// Remove any setup strings from lang table
safe_delete('txp_lang', "event='setup'");
$has_idx = 0;
$rs = getRows('show index from `' . PFX . 'textpattern`');
foreach ($rs as $row) {
if ($row['Key_name'] == 'url_title_idx') {
$has_idx = 1;
}
}
if (!$has_idx) {
safe_query('alter ignore table `' . PFX . 'textpattern` add index url_title_idx(`url_title`)');
}
// Remove is_default from txp_section table and make it a preference
if (!safe_field('name', 'txp_prefs', "name = 'default_section'")) {
$current_default_section = safe_field('name', 'txp_section', 'is_default=1');
safe_insert('txp_prefs', "prefs_id = 1, name = 'default_section', val = '" . doSlash($current_default_section) . "', type = '2', event = 'section', html = 'text_input', position = '0'");
}
$cols = getThings('describe `' . PFX . 'txp_section`');
if (in_array('is_default', $cols)) {
safe_alter('txp_section', "DROP `is_default`");
}
safe_alter('txp_css', 'MODIFY css MEDIUMTEXT NOT NULL');
function getDefaultSection()
{
return safe_field("name", "txp_section", "is_default=1");
}
function form_save()
{
global $vars, $step, $essential_forms;
extract(doSlash(gpsa($vars)));
$name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
if (!$name) {
$step = 'form_create';
$message = gTxt('form_name_invalid');
return form_edit(array($message, E_ERROR));
}
if (!in_array($type, array('article', 'category', 'comment', 'file', 'link', 'misc', 'section'))) {
$step = 'form_create';
$message = gTxt('form_type_missing');
return form_edit(array($message, E_ERROR));
}
if ($savenew) {
$exists = safe_field('name', 'txp_form', "name = '{$name}'");
if ($exists) {
$step = 'form_create';
$message = gTxt('form_already_exists', array('{name}' => $name));
return form_edit(array($message, E_ERROR));
}
safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'");
update_lastmod();
$message = gTxt('form_created', array('{name}' => $name));
return form_edit($message);
}
safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'");
update_lastmod();
$message = gTxt('form_updated', array('{name}' => $name));
form_edit($message);
}
function plugin_multi_edit()
{
$selected = ps('selected');
$method = ps('edit_method');
if (!$selected or !is_array($selected)) {
return plugin_list();
}
$where = "name IN ('" . join("','", doSlash($selected)) . "')";
switch ($method) {
case 'delete':
foreach ($selected as $name) {
if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
load_plugin($name, true);
callback_event("plugin_lifecycle.{$name}", 'disabled');
callback_event("plugin_lifecycle.{$name}", 'deleted');
}
}
safe_delete('txp_plugin', $where);
break;
case 'changestatus':
foreach ($selected as $name) {
if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
$status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'");
load_plugin($name, true);
// NB: won't show returned messages anywhere due to potentially overwhelming verbiage.
callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled');
}
}
safe_update('txp_plugin', 'status = (1-status)', $where);
break;
case 'changeorder':
$order = min(max(intval(ps('order')), 1), 9);
safe_update('txp_plugin', 'load_order = ' . $order, $where);
break;
}
$message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected)));
plugin_list($message);
}
// Default event admin pref.
if (!safe_field('name', 'txp_prefs', "name = 'default_event'")) {
safe_insert('txp_prefs', "prefs_id = 1, name = 'default_event', val = 'article', type = '1', event = 'admin', html = 'default_event', position = '150'");
}
// Add columns for thumbnail dimensions.
$cols = getThings('describe `' . PFX . 'txp_image`');
if (!in_array('thumb_w', $cols)) {
safe_alter('txp_image', "ADD `thumb_w` int(8) NOT NULL default 0, ADD `thumb_h` int(8) NOT NULL default 0");
}
// Plugin flags.
$cols = getThings('describe `' . PFX . 'txp_plugin`');
if (!in_array('flags', $cols)) {
safe_alter('txp_plugin', "ADD flags SMALLINT UNSIGNED NOT NULL DEFAULT 0");
}
// Default theme.
if (!safe_field('name', 'txp_prefs', "name = 'theme_name'")) {
safe_insert('txp_prefs', "prefs_id = 1, name = 'theme_name', val = 'classic', type = '1', event = 'admin', html = 'themename', position = '160'");
}
safe_alter('txp_plugin', 'CHANGE code code MEDIUMTEXT NOT NULL, CHANGE code_restore code_restore MEDIUMTEXT NOT NULL');
safe_alter('txp_prefs', 'CHANGE val val TEXT NOT NULL');
// Add author column to files and links,
// Boldy assuming that the publisher in charge of updating this site is the author of any existing content items.
foreach (array('txp_file', 'txp_link') as $table) {
$cols = getThings('describe `' . PFX . $table . '`');
if (!in_array('author', $cols)) {
safe_alter($table, "ADD author varchar(255) NOT NULL default '', ADD INDEX author_idx (author)");
safe_update($table, "author='" . doSlash($txp_user) . "'", '1=1');
}
}
// Add indices on author columns.
foreach (array('textpattern' => 'AuthorID', 'txp_image' => 'author') as $table => $col) {
function txp_die($msg, $status = '503')
{
// 503 status might discourage search engines from indexing or caching the error message
//Make it possible to call this function as a tag, e.g. in an article <txp:txp_die status="410" />
if (is_array($msg)) {
extract(lAtts(array('msg' => '', 'status' => '503'), $msg));
}
// Intentionally incomplete - just the ones we're likely to use
$codes = array('200' => 'OK', '301' => 'Moved Permanently', '302' => 'Found', '304' => 'Not Modified', '307' => 'Temporary Redirect', '401' => 'Unauthorized', '403' => 'Forbidden', '404' => 'Not Found', '410' => 'Gone', '414' => 'Request-URI Too Long', '500' => 'Internal Server Error', '501' => 'Not Implemented', '503' => 'Service Unavailable');
if ($status) {
if (isset($codes[strval($status)])) {
$status = strval($status) . ' ' . $codes[$status];
}
txp_status_header($status);
}
$code = '';
if ($status and $parts = @explode(' ', $status, 2)) {
$code = @$parts[0];
}
callback_event('txp_die', $code);
if (@$GLOBALS['connected']) {
$out = safe_field('user_html', 'txp_page', "name='error_" . doSlash($code) . "'");
if (empty($out)) {
$out = safe_field('user_html', 'txp_page', "name='error_default'");
}
}
if (empty($out)) {
$out = <<<eod
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Textpattern Error: <txp:error_status /></title>
</head>
<body>
<p align="center" style="margin-top:4em"><txp:error_message /></p>
</body>
</html>
eod;
}
header("Content-type: text/html; charset=utf-8");
if (is_callable('parse')) {
$GLOBALS['txp_error_message'] = $msg;
$GLOBALS['txp_error_status'] = $status;
$GLOBALS['txp_error_code'] = $code;
set_error_handler("tagErrorHandler");
die(parse($out));
} else {
$out = preg_replace(array('@<txp:error_status[^>]*/>@', '@<txp:error_message[^>]*/>@'), array($status, $msg), $out);
die($out);
}
}
h2. Credits
Thanks to "Steve Dickinson":http://txp-plugins.netcarving.com/ for making this work.
# --- END PLUGIN HELP ---
<?php
}
# --- BEGIN PLUGIN CODE ---
if (txpinterface === 'admin') {
if (gps('event') === 'form') {
ob_start('jmd_form_toggle_head');
ob_start('jmd_form_toggle');
}
if (safe_field('css', 'txp_css', 'name="jmd_form_toggle"') === FALSE) {
$css = <<<EOD
/*Collapse certain types by default
#type_article,
#type_comment,
#type_file,
#type_link,
#type_misc
{
display: none;
}
*/
/*"Create new form" link*/
#jmd_form_toggle .action
{
function pagetop($pagetitle, $message = "")
{
global $css_mode, $siteurl, $sitename, $txp_user, $event;
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . $event;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php
echo LANG;
?>
" lang="<?php
echo LANG;
?>
" dir="<?php
echo gTxt('lang_dir');
?>
">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex, nofollow" />
<title>Txp › <?php
echo htmlspecialchars($sitename);
?>
› <?php
echo escape_title($pagetitle);
?>
</title>
<link href="textpattern.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="textpattern.js"></script>
<script type="text/javascript">
<!--
var cookieEnabled = checkCookies();
if (!cookieEnabled)
{
confirm('<?php
echo trim(gTxt('cookies_must_be_enabled'));
?>
');
}
<?php
$edit = array();
if ($event == 'list') {
$rs = safe_column('name', 'txp_section', "name != 'default'");
$edit['section'] = $rs ? selectInput('Section', $rs, '', true) : '';
$rs = getTree('root', 'article');
$edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : '';
$edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : '';
$edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'"));
$edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true);
$rs = safe_column('name', 'txp_users', "privs not in(0,6)");
$edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : '';
}
if (in_array($event, array('image', 'file', 'link'))) {
$rs = getTree('root', $event);
$edit['category'] = $rs ? treeSelectInput('category', $rs, '') : '';
}
if ($event == 'plugin') {
$edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false);
}
if ($event == 'admin') {
$edit['privilege'] = privs();
}
// output JavaScript
?>
function poweredit(elm)
{
var something = elm.options[elm.selectedIndex].value;
// Add another chunk of HTML
var pjs = document.getElementById('js');
if (pjs == null)
{
var br = document.createElement('br');
elm.parentNode.appendChild(br);
pjs = document.createElement('P');
pjs.setAttribute('id','js');
elm.parentNode.appendChild(pjs);
}
if (pjs.style.display == 'none' || pjs.style.display == '')
{
pjs.style.display = 'block';
}
if (something != '')
{
switch (something)
{
<?php
foreach ($edit as $key => $val) {
echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), addslashes($val)) . "</span>';" . n . t . 'break;' . n . n;
}
?>
default:
pjs.style.display = 'none';
break;
}
}
return false;
}
addEvent(window, 'load', cleanSelects);
-->
</script>
<script type="text/javascript" src="jquery.js"></script>
<?php
callback_event('admin_side', 'head_end');
?>
</head>
<body id="<?php
echo $body_id;
?>
">
<?php
callback_event('admin_side', 'pagetop');
?>
<table id="pagetop" cellpadding="0" cellspacing="0">
<tr id="branding"><td><h1 id="textpattern">Textpattern</h1></td><td id="navpop"><?php
echo navPop(1);
?>
</td></tr>
<tr id="nav-primary"><td align="center" class="tabs" colspan="2">
<?php
if (!$bm) {
echo '<table cellpadding="0" cellspacing="0" align="center"><tr>
<td valign="middle" style="width:368px"> ' . $message . '</td>', has_privs('tab.content') ? areatab(gTxt('tab_content'), 'content', 'article', $area) : '', has_privs('tab.presentation') ? areatab(gTxt('tab_presentation'), 'presentation', 'page', $area) : '', has_privs('tab.admin') ? areatab(gTxt('tab_admin'), 'admin', 'admin', $area) : '', (has_privs('tab.extensions') and !empty($areas['extensions'])) ? areatab(gTxt('tab_extensions'), 'extensions', array_shift($areas['extensions']), $area) : '', '<td class="tabdown"><a href="' . hu . '" class="plain" target="_blank">' . gTxt('tab_view_site') . '</a></td>', '</tr></table>';
$secondary = tabsort($area, $event);
if ($secondary) {
echo '</td></tr><tr id="nav-secondary"><td align="center" class="tabs" colspan="2">
<table cellpadding="0" cellspacing="0" align="center"><tr>', $secondary, '</tr></table>';
}
}
echo '</td></tr></table>';
callback_event('admin_side', 'pagetop_end');
}