$smarty->caching = false;
$smarty->cache_lifetime = 1800;
if (!apcms_CheckAccess('admincenter', $_SESSION['groups'])) {
$error = $apcms['LANGUAGE']['ERROR_ACCESS_DENIED'];
$apcms['redirect_url'] = $apcms['referer'];
$apcms['redirect_time'] = 3;
} else {
$AdminSideBar = "<a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "\">" . $apcms['LANGUAGE']['GLOBAL_BACK_TO_APCMS'] . "</a><br />\n";
$AdminSideBar .= "<a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin\">" . $apcms['LANGUAGE']['ADMIN_MAINPAGE'] . "</a><br />\n";
$mainbox_content = " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&act=general_config\">" . $apcms['LANGUAGE']['ADMIN_GENERAL_CONFIG'] . "</a><br />\n";
$mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&act=plugins\">" . $apcms['LANGUAGE']['ADMIN_PLUGINS'] . "</a><br />\n";
$mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&act=sidebars\">" . $apcms['LANGUAGE']['ADMIN_SIDEBARMANAGEMENT'] . "</a><br />\n";
$mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&act=user\">" . $apcms['LANGUAGE']['ADMIN_USERMANAGEMENT'] . "</a><br />\n";
$mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&act=groups\">" . $apcms['LANGUAGE']['ADMIN_GROUPMANAGEMENT'] . "</a><br />\n";
$lnav = new APC_Smarty($apcms['themesdir'] . '/' . $THEME);
$lnav->assign('navbox_head', $apcms['LANGUAGE']['ADMIN_NAVBOX_MAIN']);
$lnav->assign('navbox_content', $mainbox_content);
$lout = $lnav->fetch('navbox.tpl');
$AdminSideBar .= "\n<br />\n" . $lout;
$smarty->assign('apcms_adminSideBar', $AdminSideBar);
if (isset($_GET['act']) && trim($_GET['act']) != "") {
$act = htmlspecialchars(urldecode(trim($_GET['act'])));
$act = str_replace("./", "", $act);
$act = str_replace("../", "", $act);
$act = str_replace("..", "", $act);
$ainclude = $act;
$aincludefile = $PATH . "/includes/" . $act . ".admin.inc.php";
} else {
$act = "main";
$ainclude = "main";
$aincludefile = $PATH . "/includes/main.admin.inc.php";
function ReadNews($newsid)
{
/** globalising of the needed variables, objects and arrays */
global $db, $apcms, $hook;
$NOUT = '';
$retnews = $db->unbuffered_query_first("SELECT * FROM `" . $this->newstable . "` WHERE `id`='" . intval($newsid) . "'");
if (isset($retnews) && count($retnews) >= 1) {
$postdate = intval($retnews[2]);
$title = apcms_Strip($retnews[3]);
if ($this->config['use_bbcode'] === true) {
$body = apcms_TextOut(stripslashes($retnews[4]));
$extbody = apcms_TextOut(stripslashes($retnews[5]));
} else {
$body = apcms_simpleTextOut(stripslashes($retnews[4]));
$extbody = apcms_simpleTextOut(stripslashes($retnews[5]));
}
$views = intval($retnews[6]) + 1;
$authorname = "";
$db->unbuffered_query("UPDATE `" . $this->newstable . "` SET `views`='" . $views . "' WHERE `id`='" . intval($newsid) . "'");
if ($this->config['show_author'] === true) {
$retuser = $db->unbuffered_query_first("SELECT `nickname` FROM `" . $apcms['table']['global']['users'] . "` WHERE `id`='" . intval($retnews[1]) . "'");
if (isset($retuser[0]) && trim($retuser[0]) != "") {
$authorname .= " @ " . apcms_Strip($retuser[0]);
} else {
$authorname .= " @ " . $apcms['LANGUAGE']['GLOBAL_UNKNOWN'];
}
}
$retcnum = $db->unbuffered_query_first("SELECT COUNT(*) FROM `" . $this->commentstable . "` WHERE `nid`='" . intval($newsid) . "'");
$commentnum = intval($retcnum[0]);
/** Include the Smarty class */
require_once $apcms['path'] . "/libs/smarty.class.php";
if ($this->config['use_bbcode'] === true) {
$mainbox_head = apcms_Strip($retnews[3]);
$mainbox_content = apcms_TextOut(stripslashes($retnews[4]));
if (trim(stripslashes($retnews[5])) != "") {
$mainbox_content .= "\n<br />" . apcms_TextOut(stripslashes($retnews[5]));
}
} else {
$mainbox_head = apcms_simpleTextOut($retnews[3]);
$mainbox_content = apcms_simpleTextOut(stripslashes($retnews[4]));
if (trim(stripslashes($retnews[5])) != "") {
$mainbox_content .= "\n<br />" . apcms_simpleTextOut(stripslashes($retnews[5]));
}
}
$mainbox_foot = "<table class=\"apcms_mainboxfoot\" width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tr>\n<td class=\"apcms_mainboxfoot\">\n";
$mainbox_foot .= date($this->config['dateformat'], intval($retnews[2])) . $authorname;
$mainbox_foot .= "\n</td>\n<td width=\"50%\" class=\"apcms_mainboxfoot\" align=\"right\">\n";
$mainbox_foot .= "[ " . intval($retnews[6]) . " " . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['VIEWS'] . " | " . $commentnum . " <a href=\"" . $apcms['baseURL'] . "?news[action]=read&news[id]=" . intval($retnews[0]) . "\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENTS'] . "</a> ]";
$mainbox_foot .= "\n</td>\n</tr>\n</table>\n";
$mbox = new APC_Smarty($apcms['themesdir'] . '/' . $apcms['theme']);
$mbox->assign('mainbox_head', $mainbox_head);
$mbox->assign('mainbox_content', $mainbox_content);
$mbox->assign('mainbox_foot', $mainbox_foot);
$mbout = $mbox->fetch('mainbox.tpl');
$NOUT .= $mbout . "\n<a name=\"comments\"></a>\n\n<hr size=\"1\" noshade=\"noshade\" /><b><u>" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENTS'] . "</u></b>\n<br />\n<br />\n";
/** Save the comment */
if (isset($_POST['news']['action']) && trim($_POST['news']['action']) == "comment") {
if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1) {
$_POST['news']['username'] = $_SESSION['nickname'];
$_POST['news']['email'] = $_SESSION['email'];
$uid = $_SESSION['userid'];
} else {
$uid = 0;
}
if (!isset($_POST['news']['username']) || trim($_POST['news']['username']) == "") {
$error = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['ERROR_NO_USERNAME'];
} elseif (!isset($_POST['news']['email']) || trim($_POST['news']['email']) == "") {
$error = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['ERROR_NO_EMAIL'];
} elseif (!isset($_POST['news']['comment']) || trim($_POST['news']['comment']) == "") {
$error = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['ERROR_NO_TEXT'];
} else {
$query = "INSERT INTO `" . $this->commentstable . "` (`nid`, `uid`, `postdate`, `title`, `body`) VALUES (\n\t\t\t\t\t\t\t\t\t'" . intval($_POST['news']['nid']) . "', \n\t\t\t\t\t\t\t\t\t'" . intval($uid) . "', \n\t\t\t\t\t\t\t\t\t'" . time() . "', \n\t\t\t\t\t\t\t\t\t'" . apcms_ESC(apcms_Strip($_POST['news']['title'])) . "', \n\t\t\t\t\t\t\t\t\t'" . apcms_ESC(trim($_POST['news']['comment'])) . "' \n\t\t\t\t\t\t\t\t)";
$db->unbuffered_query($query);
$success = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['SUCCESS_COMMENT_SAVED'];
}
}
$retcomments = $db->unbuffered_GetAll_row("SELECT * FROM `" . $this->commentstable . "` WHERE `nid`='" . intval($newsid) . "' ORDER BY `postdate`");
if (isset($retcomments) && count($retcomments) >= 1) {
for ($a = 0; $a < count($retcomments); $a++) {
$mainbox_head = apcms_Strip($retcomments[$a][4]);
$mainbox_content = apcms_TextOut(stripslashes($retcomments[$a][5]));
$authorname = "";
if ($this->config['show_author'] === true) {
$retuser = $db->unbuffered_query_first("SELECT `nickname` FROM `" . $apcms['table']['global']['users'] . "` WHERE `id`='" . intval($retcomments[$a][2]) . "'");
if (isset($retuser[0]) && trim($retuser[0]) != "") {
$authorname .= " @ " . apcms_Strip($retuser[0]);
} else {
$authorname .= " @ " . $apcms['LANGUAGE']['GLOBAL_UNKNOWN'];
}
}
$mainbox_foot = "<table class=\"apcms_mainboxfoot\" width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tr>\n<td class=\"apcms_mainboxfoot\">\n";
$mainbox_foot .= date($this->config['dateformat'], intval($retcomments[$a][3])) . $authorname;
$mainbox_foot .= "\n</td>\n</tr>\n</table>\n";
$mbox = new APC_Smarty($apcms['themesdir'] . '/' . $apcms['theme']);
$mbox->assign('mainbox_head', $mainbox_head);
$mbox->assign('mainbox_content', $mainbox_content);
$mbox->assign('mainbox_foot', $mainbox_foot);
$mbout = $mbox->fetch('mainbox.tpl');
$NOUT .= $mbout . "\n\n<hr size=\"1\" noshade=\"noshade\" />";
}
} else {
/** FIXME */
/** maybe create something better looking...? */
$NOUT .= "<br /><br /><div align=\"center\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['NO_COMMENTS'] . "</div>\n\n<hr size=\"1\" noshade=\"noshade\" />";
}
if (isset($error) && trim($error) != "") {
$NOUT .= "<div id=\"error\">" . $error . "</div>";
$error = "";
}
if (isset($success) && trim($success) != "") {
$NOUT .= "<div id=\"success\">" . $success . "</div>";
$success = "";
}
if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1 || $this->config['guest_comments'] === true) {
$NOUT .= "\n<br />\n<div id=\"content1\">\n";
$NOUT .= "<form name=\"commentform\" action=\"" . $apcms['baseURL'] . "?news[action]=read&news[id]=" . intval($newsid) . "#comments\" method=\"post\">\n";
$NOUT .= "<input type=\"hidden\" name=\"news[action]\" value=\"comment\" />\n";
$NOUT .= "<input type=\"hidden\" name=\"news[nid]\" value=\"" . intval($newsid) . "\" />\n";
$NOUT .= "\t<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"3\">\n";
if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1) {
$NOUT .= "\t\t<tr class=\"content2\">\n";
$NOUT .= "\t\t\t<td valign=\"top\">\n";
$NOUT .= "\t\t\t\t<label for=\"username\" accesskey=\"u\" tabindex=\"-1\">" . $apcms['LANGUAGE']['GLOBAL_USERNAME'] . "</label>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
$NOUT .= "\t\t\t\t<input id=\"username\" type=\"text\" name=\"news[username]\" value=\"" . $_SESSION['nickname'] . "\" disabled=\"disabled\" readonly=\"readonly\" style=\"width:100%\" />\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
$NOUT .= "\t\t<tr class=\"content2\">\n";
$NOUT .= "\t\t\t<td valign=\"top\">\n";
$NOUT .= "\t\t\t\t<label for=\"email\" accesskey=\"e\" tabindex=\"-1\">" . $apcms['LANGUAGE']['GLOBAL_EMAIL'] . "</label>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
$NOUT .= "\t\t\t\t<input id=\"email\" type=\"text\" name=\"news[email]\" value=\"" . $_SESSION['email'] . "\" disabled=\"disabled\" readonly=\"readonly\" style=\"width:100%\" />\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
} else {
$NOUT .= "\t\t<tr class=\"content2\">\n";
$NOUT .= "\t\t\t<td valign=\"top\">\n";
$NOUT .= "\t\t\t\t<label for=\"username\" accesskey=\"u\" tabindex=\"1\">" . $apcms['LANGUAGE']['GLOBAL_USERNAME'] . "</label>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
$NOUT .= "\t\t\t\t<input id=\"username\" type=\"text\" name=\"news[username]\" value=\"" . (isset($_POST['news']['username']) && trim($_POST['news']['username']) != "" ? apcms_Strip($_POST['news']['username']) : "") . "\" style=\"width:100%\" />\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
$NOUT .= "\t\t<tr class=\"content2\">\n";
$NOUT .= "\t\t\t<td valign=\"top\">\n";
$NOUT .= "\t\t\t\t<label for=\"email\" accesskey=\"e\" tabindex=\"2\">" . $apcms['LANGUAGE']['GLOBAL_EMAIL'] . "</label>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
$NOUT .= "\t\t\t\t<input id=\"email\" type=\"text\" name=\"news[email]\" value=\"" . (isset($_POST['news']['email']) && trim($_POST['news']['email']) != "" ? apcms_Strip($_POST['news']['email']) : "") . "\" style=\"width:100%\" />\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
}
$NOUT .= "\t\t<tr class=\"content2\">\n";
$NOUT .= "\t\t\t<td valign=\"top\">\n";
$NOUT .= "\t\t\t\t<label for=\"title\" accesskey=\"t\" tabindex=\"3\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENT_TITLE'] . "</label>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
$NOUT .= "\t\t\t\t<input id=\"title\" type=\"text\" name=\"news[title]\" value=\"" . (isset($_POST['news']['title']) && trim($_POST['news']['title']) != "" ? apcms_Strip($_POST['news']['title']) : "") . "\" style=\"width:100%\" />\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
$NOUT .= "\t\t<tr class=\"content2\">\n";
$NOUT .= "\t\t\t<td valign=\"top\">\n";
$NOUT .= "\t\t\t\t<label for=\"comment\" accesskey=\"c\" tabindex=\"4\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENT_BODY'] . "</label>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
$NOUT .= "\t\t\t\t<textarea id=\"comment\" name=\"news[comment]\" rows=\"6\" style=\"width:100%\">" . (isset($_POST['news']['comment']) && trim($_POST['news']['comment']) != "" ? trim($_POST['news']['comment']) : "") . "</textarea>\n";
$NOUT .= "\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
$NOUT .= "\t\t<tr>\n";
$NOUT .= "\t\t\t<td colspan=\"2\" align=\"center\">\n\t\t\t\t\t\t\t\t\t\t<label for=\"submit\" accesskey=\"s\" tabindex=\"4\">\n\t\t\t\t\t\t\t\t\t\t\t<input id=\"submit\" onfocus=\"formInUse=true;\" type=\"submit\" name=\"news[submit]\" value=\"" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENT_SAVE'] . "\" />\n\t\t\t\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\t\t</td>\n";
$NOUT .= "\t\t</tr>\n";
$NOUT .= "\t</table>\n";
$NOUT .= "</form>\n";
$NOUT .= "</div><br />\n";
$NOUT .= "\t<script type=\"text/javascript\">\n";
if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1) {
$NOUT .= "\t\tdocument.getElementById('title').focus();\n";
} else {
$NOUT .= "\t\tdocument.getElementById('username').focus();\n";
}
$NOUT .= "\t</script>\n";
}
} else {
}
/** Give the output to the Hook event of the mainpage (main.php) */
$hook->Set_MainContent($NOUT);
}
ob_start();
$oldlevel = error_reporting(0);
eval($matches[4][$countthis]);
error_reporting($oldlevel);
$buffer = ob_get_contents();
ob_end_clean();
$navbox_content = str_replace($matches[0][$countthis], $buffer, $navbox_content);
}
unset($matches);
preg_match_all("/(\\[box=)([^\\]]+)(\\])/siU", $navbox_content, $matches);
for ($countthis = 0; $countthis < count($matches[0]); $countthis++) {
$boxcontent = apcms_DisplayBoxContent($matches[2][$countthis]);
$navbox_content = str_replace($matches[0][$countthis], $boxcontent, $navbox_content);
}
$lnav = new APC_Smarty($apcms['themesdir'] . '/' . $THEME);
$lnav->assign('navbox_head', apcms_Strip($retright[$a][1]));
$lnav->assign('navbox_content', $navbox_content);
$lout = $lnav->fetch('navbox.tpl');
$RightSideBar .= $lout;
}
}
$smarty->assign('apcms_leftSideBar', $LeftSideBar);
$smarty->assign('apcms_rightSideBar', $RightSideBar);
$COUT = "";
if (!apcms_CheckAccess('global_access', $_SESSION['groups'])) {
$error = $apcms['LANGUAGE']['ERROR_ACCESS_DENIED'];
$apcms['redirect_url'] = $apcms['referer'];
$apcms['redirect_time'] = 3;
} else {
include $includefile;
}