Esempio n. 1
0
function modDownload()
{
    global $_CONF, $_FM_CONF, $_TABLES, $_USER, $myts, $eh, $mytree, $filemgmt_SnapStore, $filemgmt_FileSnapURL;
    $totalvotes = '';
    $lid = $_GET['lid'];
    $result = DB_query("SELECT cid, title, url, homepage, version, size, logourl, comments,submitter FROM {$_TABLES['filemgmt_filedetail']} WHERE lid='" . DB_escapeString($lid) . "'");
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        redirect_header("index.php", 2, _MD_NOMATCH);
        exit;
    }
    $display = COM_siteHeader('menu');
    $display .= filemgmt_navbar();
    $display .= '<form method="post" enctype="multipart/form-data" action="index.php">';
    $display .= '<input type="hidden" name="op" value="modDownloadS" />';
    $display .= '<input type="hidden" name="lid" value="' . $lid . '" />';
    $display .= '<table width="100%" border="0" class="plugin">';
    list($cid, $title, $url, $homepage, $version, $size, $logourl, $comments, $submitter) = DB_fetchArray($result);
    $title = $myts->makeTboxData4Edit($title);
    $pathstring = "<a href=\"{$_CONF['site_url']}/filemgmt/index.php\">" . _MD_MAIN . "</a>&nbsp;:&nbsp;";
    $nicepath = $mytree->getNicePathFromId($cid, "title", "{$_CONF['site_url']}/filemgmt/viewcat.php");
    $pathstring .= $nicepath;
    $pathstring .= "<a href=\"{$_CONF['site_url']}/filemgmt/index.php?id={$lid}\">{$title}</a>";
    $display .= '<tr><td colspan="3" width="100%" style="padding:5px;">' . $pathstring . '</td></tr>';
    $display .= '<tr><td colspan="3" width="100%" class="pluginHeader" style="padding:5px;">' . _MD_MODDL . "&nbsp; &nbsp;" . '<b>(max:' . "&nbsp;" . ini_get('upload_max_filesize') . ')</b></td></tr>';
    $url = rawurldecode($myts->makeTboxData4Edit($url));
    $homepage = $myts->makeTboxData4Edit($homepage);
    $version = $myts->makeTboxData4Edit($version);
    $size = $myts->makeTboxData4Edit($size);
    $logourl = rawurldecode($myts->makeTboxData4Edit($logourl));
    $result2 = DB_query("SELECT description FROM {$_TABLES['filemgmt_filedesc']} WHERE lid='" . DB_escapeString($lid) . "'");
    list($description) = DB_fetchArray($result2);
    $description = $myts->makeTareaData4Edit($description);
    $display .= '<tr><td>' . _MD_FILEID . '</td><td colspan="2"><b>' . $lid . '</b></td></tr>';
    $display .= '<tr><td>' . _MD_FILETITLE . '</td><td colspan="2"><input type="text" name="title" value="' . $title . '" size="50" maxlength="200" /></td></tr>' . LB;
    $display .= '<tr><td>' . _MD_DLFILENAME . '</td><td colspan="2"><input type="text" name="url" value="' . $url . '" size="50" maxlength="200" /></td></tr>' . LB;
    $display .= '<tr><td width="25%">' . _MD_REPLFILENAME . '</td><td colspan="2"><input type="file" name="newfile" size="50" maxlength="200" /></td></tr>' . LB;
    $display .= '<tr><td>' . _MD_HOMEPAGEC . '</td><td colspan="2"><input type="text" name="homepage" value="' . $homepage . '" size="50" maxlength="150" /></td></tr>' . LB;
    $display .= '<tr><td>' . _MD_VERSIONC . '</td><td colspan="2"><input type="text" name="version" value="' . $version . '" size="10" maxlength="10" /></td></tr>' . LB;
    $display .= '<tr><td>' . _MD_FILESIZEC . '</td><td colspan="2"><input type="text" name="size" value="' . $size . '" size="10" maxlength="20" />' . _MD_BYTES . '</td></tr>' . LB;
    $display .= '<tr><td style="vertical-align:top;">' . _MD_DESCRIPTIONC . '</td><td colspan="2"><textarea name="description" cols="55" rows="10">' . $description . '</textarea></td></tr>' . LB;
    $display .= '<tr><td>' . _MD_CATEGORYC . '</td><td colspan="2">';
    $display .= $mytree->makeMySelBox("title", "title", $cid, 0, "cid");
    $display .= '</td></tr>' . LB;
    if (!empty($logourl) and file_exists($filemgmt_SnapStore . $logourl)) {
        $display .= '<tr><td>' . _MD_SHOTIMAGE . '</td><td width="5%"><img src="' . $filemgmt_FileSnapURL . $logourl . '" width="80"></td>' . LB;
        $display .= '<td width="35%"><input type="file" size="40" name="newfileshot" /><br /><br /><input type="checkbox" name="deletesnap" />&nbsp;Delete</td></tr>' . LB;
    } else {
        $display .= '<tr><td>' . _MD_SHOTIMAGE . '</td>' . LB;
        $display .= '<td colspan="2"><input type="file" size="40" name="newfileshot" /></td></tr>' . LB;
    }
    $display .= '<tr><td>' . _MD_COMMENTOPTION . '</td><td colspan="2">';
    if ($comments) {
        $display .= '<input type="radio" name="commentoption" value="1" checked="checked" />&nbsp;' . _MD_YES . '&nbsp;';
        $display .= '<input type="radio" name="commentoption" value="0" />&nbsp;' . _MD_NO . '&nbsp;';
    } else {
        $display .= '<input type="radio" name="commentoption" value="1" />&nbsp;' . _MD_YES . '&nbsp;';
        $display .= '<input type="radio" name="commentoption" value="0" checked="checked" />&nbsp;' . _MD_NO . '&nbsp;';
    }
    $display .= '</td></tr>' . LB;
    $display .= '<tr><td>' . _MD_OWNER . '</td><td colspan="2">';
    $display .= COM_buildOwnerList('owner_id', $submitter);
    $display .= '</td></tr>' . LB;
    $display .= '<tr><td>' . _MD_SILENTEDIT . '</td><td colspan="2">';
    $display .= '<input type="checkbox" name="silentedit" value="1" ' . ($_FM_CONF['silent_edit_default'] ? ' checked="checked"' : '') . '/>';
    $display .= '</td></tr>' . LB;
    $display .= '<tr><td colspan="3" style="text-align:center;padding:10px;">';
    $display .= '<input type="submit" value="' . _MD_SUBMIT . '" /><span style="padding-left:15px;padding-right:15px;">';
    $display .= '<input type="submit" value="' . _MD_DELETE . '" onclick=\'if (confirm("Delete this file ?")) {this.form.op.value="delDownload";return true}; return false\' />';
    $display .= "</span><input type=\"submit\" name=\"cancel\" value=\"" . _MD_CANCEL . "\"" . XHTML . ">";
    $display .= '</td></tr></table></form>' . LB;
    /* Display File Voting Information */
    $display .= '<form method="post" action="index.php">';
    $display .= '<input type="hidden" name="op" value="" />';
    $display .= '<input type="hidden" name="rid" value="" />';
    $display .= '<input type="hidden" name="lid" value="' . $lid . '" />';
    $display .= '<table style="vertical-align:top;" width="100%" class="pluginSubTable">';
    $display .= '<tr><th colspan="7">';
    if ($totalvotes == '') {
        $totalvotes = 0;
    }
    $display .= sprintf(_MD_DLRATINGS, 0);
    $display .= '</th></tr>';
    // Show Registered Users Votes
    $ratingData = array();
    $ratingData = RATING_getVoteData('filemgmt', $lid, 'ratingdate', 'desc', array("AND" => "u.uid > 1"));
    $votes = count($ratingData);
    $display .= '<tr><td colspan="7">';
    $display .= sprintf(_MD_REGUSERVOTES, $votes);
    $display .= '</td></tr>';
    $display .= '<tr><th>' . _MD_USER . '</th><th>' . _MD_IP . '</th><th>' . _MD_RATING . '</th><th>' . _MD_DATE . '</th><th align="center">' . _MD_DELETE . '</th></tr>';
    if ($votes == 0) {
        $display .= '<tr><td align="center" colspan="5">' . _MD_NOREGVOTES . '<br /></td></tr>';
    }
    $x = 0;
    $cssid = 1;
    foreach ($ratingData as $data) {
        $formatted_date = formatTimestamp($data['ratingdate']);
        $ratinguname = $data['username'];
        $ratinghostname = $data['ip_address'];
        $rating = $data['rating'];
        $ratingid = $data['id'];
        $display .= "<tr class=\"pluginRow{$cssid}\"><td>{$ratinguname}</td><td>{$ratinghostname}</td><td>{$rating}</td>";
        $display .= "<td>{$formatted_date}</td><td style=\"text-align:center;padding-right:20px;\">";
        $display .= '<input type="image" src="' . $_CONF['site_url'] . '/filemgmt/images/delete.png" ';
        $display .= 'onclick=\'if (confirm("Delete this rating entry?")) {this.form.op.value="delVote";this.form.lid.value="' . $lid . '";this.form.rid.value="' . $ratingid . '";return true};return false;\' value="Delete" />';
        $display .= "</td></tr>\n";
        $x++;
        $cssid = $cssid == 1 ? 2 : 1;
    }
    $display .= '</table></form>' . LB;
    // Show Unregistered Users Votes
    $ratingData = array();
    $ratingData = RATING_getVoteData('filemgmt', $lid, 'ratingdate', 'desc', array('AND' => 'u.uid = 1'));
    $votes = count($ratingData);
    $display .= '<form method="post" action="index.php" onsubmit="alert(this.form.op.value)">';
    $display .= '<input type="hidden" name="op" value="" />';
    $display .= '<input type="hidden" name="rid" value="" />';
    $display .= '<input type="hidden" name="lid" value="' . $lid . '" />';
    $display .= '<table style="vertical-align:top;" width="100%" class="pluginSubTable">';
    $display .= '<tr><th colspan="7">';
    $display .= sprintf(_MD_ANONUSERVOTES, $votes);
    $display .= '</th></tr>';
    $display .= '<tr><th colspan="2">' . _MD_IP . '</th><th colspan="3">' . _MD_RATING . '</th><th colspan="2">' . _MD_DATE . '</th></tr>';
    if ($votes == 0) {
        $display .= "<tr><td colspan=\"7\" align=\"center\">" . _MD_NOUNREGVOTES . "<br" . XHTML . "></td></tr>";
    }
    $x = 0;
    $cssid = 1;
    foreach ($ratingData as $data) {
        $formatted_date = formatTimestamp($data['ratingdate']);
        $ratinghostname = $data['ip_address'];
        $rating = $data['rating'];
        $ratingid = $data['id'];
        $display .= "<tr class=\"pluginRow{$cssid}\" style=\"vertical-align:bottom;\"><td colspan=\"2\">{$ratinghostname}</td><td colspan=\"3\">{$rating}</td>";
        $display .= "<td>{$formatted_date}</td><td style=\"text-align:center;padding-right:20px;\">";
        $display .= '<input type="image" src="' . $_CONF['site_url'] . '/filemgmt/images/delete.png" ';
        $display .= 'onclick=\'if (confirm("Delete this record")) {this.form.op.value="delVote";this.form.lid.value="' . $lid . '";this.form.rid.value="' . $ratingid . '";return true};return false;\' value="Delete" />';
        $display .= "</td></tr>";
        $x++;
        $cssid = $cssid == 1 ? 2 : 1;
    }
    $display .= "<tr><td colspan=\"6\">&nbsp;<br" . XHTML . "></td></tr>\n";
    $display .= "</table></form>";
    $display .= "<br" . XHTML . ">";
    $display .= COM_endBlock();
    $display .= COM_siteFooter();
    echo $display;
}
Esempio n. 2
0
/**
* Show topic administration form
*
* @param    string  tid     ID of topic to edit
* @param    array   $T      An array of topic fields (optional)
* @return   string          HTML for the topic editor
*
*/
function TOPIC_edit($tid = '', $T = array(), $msg = '')
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE;
    USES_lib_admin();
    $retval = '';
    $topicEdit = 0;
    $assoc_stories_published = 0;
    $assoc_stories_draft = 0;
    $assoc_images = 0;
    $assoc_comments = 0;
    $assoc_trackbacks = 0;
    if (!empty($tid)) {
        $topicEdit = 1;
        // existing topic - pull fields from DB
        $result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='" . DB_escapeString($tid) . "'");
        $A = DB_fetchArray($result);
        $access = SEC_inGroup('Topic Admin') ? 3 : SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
        if ($access == 0 or $access == 2) {
            $retval .= COM_showMessageText($LANG27[13], $LANG27[12], true);
            COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
            return $retval;
        }
        // ok let's see what is associated with this topic
        $result2 = DB_query("SELECT bid FROM {$_TABLES['blocks']} WHERE tid = '{$tid}'");
        $assoc_blocks = DB_numRows($result2);
        $result2 = DB_query("SELECT fid FROM {$_TABLES['syndication']} WHERE topic = '{$tid}'");
        $assoc_feeds = DB_numRows($result2);
        $result2 = DB_query("SELECT sid FROM {$_TABLES['storysubmission']} WHERE tid = '{$tid}'");
        $assoc_stories_submitted = DB_numRows($result2);
        $result2 = DB_query("SELECT sid, draft_flag FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
        $total_assoc_stories = DB_numRows($result2);
        if ($total_assoc_stories > 0) {
            for ($i = 0; $i < $total_assoc_stories; $i++) {
                $S = DB_fetchArray($result2);
                if ($S['draft_flag'] == 0) {
                    $assoc_stories_published += 1;
                } else {
                    $assoc_stories_draft += 1;
                }
                $result3 = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid = '{$S['sid']}'");
                $assoc_images += DB_numRows($result3);
                $result3 = DB_query("SELECT cid FROM {$_TABLES['comments']} WHERE sid = '{$S['sid']}' AND type = 'article'");
                $assoc_comments += DB_numRows($result3);
                $result3 = DB_query("SELECT cid FROM {$_TABLES['trackback']} WHERE sid = '{$S['sid']}' AND type = 'article'");
                $assoc_trackbacks += DB_numRows($result3);
            }
        }
    } else {
        // new topic - retain field values if any in case of failed validation
        $A = array();
        $A['tid'] = isset($T['tid']) ? $T['tid'] : '';
        $A['topic'] = isset($T['topic']) ? $T['topic'] : '';
        $A['sortnum'] = isset($T['sortnum']) ? $T['sortnum'] : 0;
        $A['limitnews'] = isset($T['limitnews']) ? $T['limitnews'] : '';
        // leave empty!
        $A['is_default'] = isset($T['is_default']) && $T['is_default'] == 'on' ? 1 : 0;
        $A['archive_flag'] = isset($T['archive_flag']) && $T['archive_flag'] == 'on' ? 1 : 0;
        $A['sort_by'] = isset($T['sort_by']) ? $T['sort_by'] : 0;
        $A['sort_dir'] = isset($T['sort_dir']) && $T['sort_dir'] == 'ASC' ? 'ASC' : 'DESC';
        $A['owner_id'] = isset($T['owner_id']) ? $T['owner_id'] : '';
        $A['group_id'] = isset($T['group_id']) ? $T['group_id'] : '';
        $A['imageurl'] = isset($T['imageurl']) ? $T['imageurl'] : '';
        $assoc_stories_submitted = 0;
        $assoc_blocks = 0;
        $assoc_feeds = 0;
        if ($A['sortnum'] != '') {
            $tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($A['sortnum']) . '"');
            $newSortNum = $tidSortNumber;
        } else {
            $newSortNum = 0;
        }
        $A['sortnum'] = $newSortNum;
        // an empty owner_id signifies this is a new block, set to current user
        // this will also set the default values for group_id as well as the
        // default values for topic permissions
        if (empty($A['owner_id'])) {
            $A['owner_id'] = $_USER['uid'];
            // this is the one instance where we default the group
            // most topics should belong to the Topic Admin group
            if (isset($_GROUPS['Topic Admin'])) {
                $A['group_id'] = $_GROUPS['Topic Admin'];
            } else {
                $A['group_id'] = SEC_getFeatureGroup('topic.edit');
            }
            SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
        } else {
            if (isset($T['perm_owner'])) {
                $A['perm_owner'] = SEC_getPermissionValue($T['perm_owner']);
                $A['perm_group'] = SEC_getPermissionValue($T['perm_group']);
                $A['perm_members'] = SEC_getPermissionValue($T['perm_members']);
                $A['perm_anon'] = SEC_getPermissionValue($T['perm_anon']);
            } else {
                SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
            }
        }
        $access = 3;
    }
    // display the topic editor
    $topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
    $topic_templates->set_file('editor', 'topiceditor.thtml');
    // generate input for topic id
    if (!empty($topicEdit) && SEC_hasRights('topic.edit')) {
        $tid_input = $tid . '<input type="hidden" size="20" maxlength="128" name="tid" value="' . $tid . '"' . XHTML . '>';
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s' . XHTML . '>';
        $jsconfirm = ' onclick="return doubleconfirm(\'' . $LANG27[40] . '\',\'' . $LANG27[6] . '\');"';
        $topic_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $topic_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
        $topic_templates->clear_var('lang_donotusespaces');
    } else {
        $tid_input = '<input class="required alphanumeric" type="text" size="20" maxlength="128" name="tid" id="tid" value="' . $tid . '"' . XHTML . '>';
        $topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
    }
    $topic_templates->set_var('tid_input', $tid_input);
    $topic_templates->set_var('lang_topicid', $LANG27[2]);
    $topic_templates->set_var('topic_id', $A['tid']);
    $topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
    $topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
    $ownername = COM_getDisplayName($A['owner_id']);
    $topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
    $topic_templates->set_var('owner_name', $ownername);
    $topic_templates->set_var('owner', $ownername);
    $topic_templates->set_var('owner_id', $A['owner_id']);
    $topic_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id']));
    $topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
    $topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
    $topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
    $topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
    $topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
    $topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
    $sort_select = '<select id="sortnum" name="sortnum">' . LB;
    $sort_select .= '<option value="0">' . 'First Position' . '</option>' . LB;
    $result = DB_query("SELECT tid,topic,sortnum FROM {$_TABLES['topics']} ORDER BY sortnum ASC");
    if ($topicEdit == 1) {
        $testvar = 10;
    } else {
        $testvar = 0;
    }
    $order = 10;
    while ($row = DB_fetchArray($result)) {
        if ($row['tid'] != $tid) {
            $test_sortnum = $order + $testvar;
            $sort_select .= '<option value="' . $row['tid'] . '"' . ($A['sortnum'] == $test_sortnum ? ' selected="selected"' : '') . '>' . $row['topic'] . ' (' . $row['tid'] . ')' . '</option>' . LB;
        }
        $order += 10;
    }
    $sort_select .= '</select>' . LB;
    // show sort order only if they specified sortnum as the sort method
    if ($_CONF['sortmethod'] != 'alpha') {
        $topic_templates->set_var('lang_sortorder', $LANG27[41]);
        if ($A['sortnum'] == 0) {
            $A['sortnum'] = '';
        }
        $topic_templates->set_var('sort_order', $sort_select);
    } else {
        $topic_templates->set_var('lang_sortorder', $LANG27[14]);
        $topic_templates->set_var('sort_order', $LANG27[15]);
    }
    $topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
    if ($A['limitnews'] == 0) {
        $topic_templates->set_var('story_limit', '');
    } else {
        $topic_templates->set_var('story_limit', $A['limitnews']);
    }
    $topic_templates->set_var('default_limit', $_CONF['limitnews']);
    $topic_templates->set_var('lang_defaultis', $LANG27[16]);
    $topic_templates->set_var('lang_topicname', $LANG27[3]);
    $topic_templates->set_var('topic_name', htmlentities($A['topic']));
    if (empty($A['tid'])) {
        $A['imageurl'] = '/images/topics/';
    }
    $topic_templates->set_var('lang_topicimage', $LANG27[4]);
    $topic_templates->set_var('lang_uploadimage', $LANG27[27]);
    $topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']);
    $topic_templates->set_var('lang_maxsize', $LANG27[28]);
    $topic_templates->set_var('max_url_length', 255);
    $topic_templates->set_var('image_url', $A['imageurl']);
    if (@getimagesize($_CONF['path_html'] . $A['imageurl']) !== false) {
        $topic_templates->set_var('topicimage', $_CONF['site_url'] . $A['imageurl']);
    }
    $topic_templates->set_var('lang_defaulttopic', $LANG27[22]);
    $topic_templates->set_var('lang_defaulttext', $LANG27[23]);
    if ($A['is_default'] == 1) {
        $topic_templates->set_var('default_checked', 'checked="checked"');
    } else {
        $topic_templates->set_var('default_checked', '');
    }
    $topic_templates->set_var('lang_sort_story_by', $LANG27[35]);
    $topic_templates->set_var('lang_sort_story_dir', $LANG27[36]);
    $sortSelect = '<select name="sort_by" id="sort_by">' . LB;
    $sortSelect .= '<option value="0"' . ($A['sort_by'] == 0 ? ' selected="selected"' : '') . '>' . $LANG27[30] . '</option>' . LB;
    $sortSelect .= '<option value="1"' . ($A['sort_by'] == 1 ? ' selected="selected"' : '') . '>' . $LANG27[31] . '</option>' . LB;
    $sortSelect .= '<option value="2"' . ($A['sort_by'] == 2 ? ' selected="selected"' : '') . '>' . $LANG27[32] . '</option>' . LB;
    $sortSelect .= '</select>' . LB;
    $topic_templates->set_var('story_sort_select', $sortSelect);
    $sort_dir = '<select name="sort_dir" id="sort_dir">' . LB;
    $sort_dir .= '<option value="ASC"' . ($A['sort_dir'] == 'ASC' ? ' selected="selected"' : '') . '>' . $LANG27[33] . '</option>' . LB;
    $sort_dir .= '<option value="DESC"' . ($A['sort_dir'] == 'DESC' ? ' selected="selected"' : '') . '>' . $LANG27[34] . '</option>' . LB;
    $sort_dir .= '</select>';
    $topic_templates->set_var('story_sort_dir', $sort_dir);
    $topic_templates->set_var('lang_archivetopic', $LANG27[25]);
    $topic_templates->set_var('lang_archivetext', $LANG27[26]);
    $topic_templates->set_var('archive_disabled', '');
    if ($A['archive_flag'] == 1) {
        $topic_templates->set_var('archive_checked', 'checked="checked"');
    } else {
        $topic_templates->set_var('archive_checked', '');
        // Only 1 topic can be the archive topic - so check if there already is one
        if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
            $topic_templates->set_var('archive_disabled', 'disabled');
        }
    }
    $assoc_stories = ($assoc_stories_published > 0 or $assoc_stories_draft > 0 or $assoc_stories_submitted > 0 or $assoc_images > 0 or $assoc_comments > 0 or $assoc_trackbacks > 0);
    if ($assoc_blocks > 0 or $assoc_feeds > 0 or $assoc_stories) {
        $topic_templates->set_var('lang_assoc_objects', $LANG27[43]);
        if ($assoc_stories_published > 0) {
            $topic_templates->set_var('lang_assoc_stories_published', $LANG27[44]);
            $topic_templates->set_var('assoc_stories_published', $assoc_stories_published);
            $topic_templates->set_var('published_story_admin_link', COM_createLink($LANG27[52], $_CONF['site_admin_url'] . '/story.php'));
        }
        if ($assoc_stories_draft > 0) {
            $topic_templates->set_var('lang_assoc_stories_draft', $LANG27[45]);
            $topic_templates->set_var('assoc_stories_draft', $assoc_stories_draft);
            $topic_templates->set_var('draft_story_admin_link', COM_createLink($LANG27[52], $_CONF['site_admin_url'] . '/story.php'));
        }
        if ($assoc_stories_submitted > 0) {
            $topic_templates->set_var('lang_assoc_stories_submitted', $LANG27[46]);
            $topic_templates->set_var('assoc_stories_submitted', $assoc_stories_submitted);
            $topic_templates->set_var('moderation_link', COM_createLink($LANG27[53], $_CONF['site_admin_url'] . '/moderation.php'));
        }
        if ($assoc_images > 0) {
            $topic_templates->set_var('lang_assoc_images', $LANG27[47]);
            $topic_templates->set_var('assoc_images', $assoc_images);
        }
        if ($assoc_comments > 0) {
            $topic_templates->set_var('lang_assoc_comments', $LANG27[48]);
            $topic_templates->set_var('assoc_comments', $assoc_comments);
        }
        if ($assoc_trackbacks > 0) {
            $topic_templates->set_var('lang_assoc_trackbacks', $LANG27[49]);
            $topic_templates->set_var('assoc_trackbacks', $assoc_trackbacks);
        }
        if ($assoc_blocks > 0) {
            $topic_templates->set_var('lang_assoc_blocks', $LANG27[50]);
            $topic_templates->set_var('assoc_blocks', $assoc_blocks);
            $topic_templates->set_var('block_admin_link', COM_createLink($LANG27[54], $_CONF['site_admin_url'] . '/block.php'));
        }
        if ($assoc_feeds > 0) {
            $topic_templates->set_var('lang_assoc_feeds', $LANG27[51]);
            $topic_templates->set_var('assoc_feeds', $assoc_feeds);
            $topic_templates->set_var('syndication_admin_link', COM_createLink($LANG27[55], $_CONF['site_admin_url'] . '/syndication.php'));
        }
    }
    $topic_templates->set_var('gltoken_name', CSRF_TOKEN);
    $topic_templates->set_var('gltoken', SEC_createToken());
    $topic_templates->parse('output', 'editor');
    if ($msg != '') {
        $retval .= COM_showMessageText($msg);
    }
    $retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header'));
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/topic.php', 'text' => $LANG_ADMIN['topic_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $retval .= ADMIN_createMenu($menu_arr, $LANG27[57], $_CONF['layout_url'] . '/images/icons/topic.' . $_IMAGE_TYPE);
    $retval .= $topic_templates->finish($topic_templates->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
Esempio n. 3
0
/**
* Displays the static page form
*
* @param    array   $A      Data to display
* @param    string  $error  Error message to display
*
*/
function PAGE_form($A, $error = false)
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $action, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG24, $LANG_postmodes, $MESSAGE;
    USES_lib_admin();
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php', 'text' => $LANG_STATIC['page_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $template_path = staticpages_templatePath('admin');
    if (!empty($sp_id) && ($action == 'edit' || $action == 'clone')) {
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $A['owner_id'] = $_USER['uid'];
        if (isset($_GROUPS['staticpages Admin'])) {
            $A['group_id'] = $_GROUPS['staticpages Admin'];
        } else {
            $A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
        }
        SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
        $access = 3;
    }
    $retval = '';
    if (empty($A['owner_id'])) {
        $error = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
        $error .= $LANG_STATIC['deny_msg'];
        $error .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
    }
    if ($error) {
        $retval .= $error . '<br/><br/>';
    } else {
        $sp_template = new Template($template_path);
        $sp_template->set_file('form', 'editor.thtml');
        $sp_template->set_var('lang_mode', $LANG24[3]);
        $sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
        $ownername = COM_getDisplayName($A['owner_id']);
        $sp_template->set_var(array('sp_search_checked' => $A['sp_search'] == 1 ? ' checked="checked"' : '', 'sp_status_checked' => $A['sp_status'] == 1 ? ' checked="checked"' : '', 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"), 'owner_name' => $ownername, 'owner' => $ownername, 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], $access), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'start_block_editor' => COM_startBlock($LANG_STATIC['staticpages'] . ' :: ' . $LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header')), 'lang_save' => $LANG_ADMIN['save'], 'lang_cancel' => $LANG_ADMIN['cancel'], 'lang_preview' => $LANG_ADMIN['preview'], 'lang_editor' => $LANG_STATIC['staticpageeditor'], 'lang_attributes' => $LANG_STATIC['attributes']));
        if (SEC_hasRights('staticpages.delete') && $action != 'clone' && !empty($A['sp_old_id'])) {
            $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>';
            $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
            $sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
            $sp_template->set_var('delete_button', true);
            $sp_template->set_var('lang_delete_confirm', $MESSAGE[76]);
            $sp_template->set_var('lang_delete', $LANG_ADMIN['delete']);
            $sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
        } else {
            $sp_template->set_var('delete_option', '');
        }
        $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
        $sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['sp_uid']}"));
        $authorname = COM_getDisplayName($A['sp_uid']);
        $sp_template->set_var('name', $authorname);
        $sp_template->set_var('author', $authorname);
        $sp_template->set_var('lang_url', $LANG_STATIC['url']);
        $sp_template->set_var('lang_id', $LANG_STATIC['id']);
        $sp_template->set_var('sp_uid', $A['sp_uid']);
        $sp_template->set_var('sp_id', $A['sp_id']);
        $sp_template->set_var('sp_old_id', $A['sp_old_id']);
        $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']));
        $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
        $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
        $sp_template->set_var('lang_centerblock_include', $LANG21[51]);
        $sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
        $sp_template->set_var('centerblock_help', $A['sp_help']);
        $sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
        if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
            $sp_template->set_var('centerblock_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('centerblock_checked', '');
        }
        $sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
        $sp_template->set_var('lang_position', $LANG_STATIC['position']);
        $current_topic = '';
        if (isset($A['sp_tid'])) {
            $current_topic = $A['sp_tid'];
        }
        if (empty($current_topic)) {
            $current_topic = 'none';
        }
        $topics = COM_topicList('tid,topic', $current_topic, 1, true);
        $alltopics = '<option value="all"';
        if ($current_topic == 'all') {
            $alltopics .= ' selected="selected"';
        }
        $alltopics .= '>' . $LANG_STATIC['all_topics'] . '</option>' . LB;
        $allnhp = '<option value="allnhp"';
        if ($current_topic == 'allnhp') {
            $allnhp .= ' selected="selected"';
        }
        $allnhp .= '>' . $LANG_STATIC['allnhp_topics'] . '</option>' . LB;
        $notopic = '<option value="none"';
        if ($current_topic == 'none') {
            $notopic .= ' selected="selected"';
        }
        $notopic .= '>' . $LANG_STATIC['no_topic'] . '</option>' . LB;
        $sp_template->set_var('topic_selection', '<select name="sp_tid">' . $alltopics . $allnhp . $notopic . $topics . '</select>');
        $position = '<select name="sp_where">';
        $position .= '<option value="1"';
        if ($A['sp_where'] == 1) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_top'] . '</option>';
        $position .= '<option value="2"';
        if ($A['sp_where'] == 2) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
        $position .= '<option value="3"';
        if ($A['sp_where'] == 3) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
        $position .= '<option value="0"';
        if ($A['sp_where'] == 0) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
        $position .= '<option value="4"';
        if ($A['sp_where'] == 4) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_nonews'] . '</option>';
        $position .= '</select>';
        $sp_template->set_var('pos_selection', $position);
        if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
            if (!isset($A['sp_php'])) {
                $A['sp_php'] = 0;
            }
            $selection = '<select name="sp_php">' . LB;
            $selection .= '<option value="0"';
            if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
                $selection .= ' selected="selected"';
            }
            $selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
            $selection .= '<option value="1"';
            if ($A['sp_php'] == 1) {
                $selection .= ' selected="selected"';
            }
            $selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
            $selection .= '<option value="2"';
            if ($A['sp_php'] == 2) {
                $selection .= ' selected="selected"';
            }
            $selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
            $selection .= '</select>';
            $sp_template->set_var('php_selector', $selection);
            $sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
        } else {
            $sp_template->set_var('php_selector', '');
            $sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
        }
        $sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
        // old variables (for the 1.3-type checkbox)
        $sp_template->set_var('php_checked', '');
        $sp_template->set_var('php_type', 'hidden');
        if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
            $sp_template->set_var('exit_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('exit_checked', '');
        }
        $sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
        $sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
        if (isset($A['sp_inblock']) && $A['sp_inblock'] == 1) {
            $sp_template->set_var('inblock_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('inblock_checked', '');
        }
        $sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
        $sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
        $curtime = COM_getUserDateTimeFormat($A['unixdate']);
        $sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
        $sp_template->set_var('sp_formateddate', $curtime[0]);
        $sp_template->set_var('sp_date', $curtime[1]);
        $sp_template->set_var('lang_title', $LANG_STATIC['title']);
        $title = '';
        if (isset($A['sp_title'])) {
            $title = htmlspecialchars($A['sp_title']);
        }
        $sp_template->set_var('sp_title', $title);
        $sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
        if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
            $sp_template->set_var('onmenu_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('onmenu_checked', '');
        }
        $sp_template->set_var('lang_label', $LANG_STATIC['label']);
        if (isset($A['sp_label'])) {
            $sp_template->set_var('sp_label', $A['sp_label']);
        } else {
            $sp_template->set_var('sp_label', '');
        }
        $sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
        $sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
        $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
        $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
        $sp_template->set_var('lang_rightblocks', $LANG_STATIC['rightblocks']);
        $sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
        if (!isset($A['sp_format'])) {
            $A['sp_format'] = '';
        }
        if ($A['sp_format'] == 'noblocks') {
            $sp_template->set_var('noblock_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('noblock_selected', '');
        }
        if ($A['sp_format'] == 'leftblocks') {
            $sp_template->set_var('leftblocks_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('leftblocks_selected', '');
        }
        if ($A['sp_format'] == 'rightblocks') {
            $sp_template->set_var('rightblocks_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('rightblocks_selected', '');
        }
        if ($A['sp_format'] == 'blankpage') {
            $sp_template->set_var('blankpage_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('blankpage_selected', '');
        }
        if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
            $sp_template->set_var('allblocks_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('allblocks_selected', '');
        }
        $sp_template->set_var('lang_content', $LANG_STATIC['content']);
        $content = '';
        if (isset($A['sp_content'])) {
            $content = htmlspecialchars($A['sp_content']);
        }
        $sp_template->set_var('sp_content', $content);
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_template->set_var('lang_allowedhtml', COM_allowedHTML(SEC_getUserPermissions(), false, 'staticpages', 'page'));
        } else {
            $sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']);
        }
        $sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
        if (empty($A['sp_hits'])) {
            $sp_template->set_var('sp_hits', '0');
            $sp_template->set_var('sp_hits_formatted', '0');
        } else {
            $sp_template->set_var('sp_hits', $A['sp_hits']);
            $sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
        }
        $sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
        $sp_template->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id']));
        $sp_template->set_var('writtenby_dropdown', COM_buildOwnerList('sp_uid', $A['sp_uid']));
        $sp_template->set_var('gltoken_name', CSRF_TOKEN);
        $sp_template->set_var('gltoken', SEC_createToken());
        $sp_template->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions_edit'], plugin_geticon_staticpages()));
        PLG_templateSetVars('sp_editor', $sp_template);
        $retval .= $sp_template->parse('output', 'form');
    }
    return $retval;
}
Esempio n. 4
0
/**
* Shows story editor
*
* Displays the story entry form
*
* @param    string      $sid            ID of story to edit
* @param    string      $action         'preview', 'edit', 'moderate', 'draft'
* @param    string      $errormsg       a message to display on top of the page
* @param    string      $currenttopic   topic selection for drop-down menu
* @return   string      HTML for story editor
*
*/
function STORY_edit($sid = '', $action = '', $errormsg = '', $currenttopic = '')
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG33, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE;
    USES_lib_admin();
    $display = '';
    switch ($action) {
        case 'clone':
        case 'edit':
        case 'preview':
        case 'error':
            $title = $LANG24[5];
            $saveoption = $LANG_ADMIN['save'];
            $submission = false;
            break;
        case 'moderate':
            $title = $LANG24[90];
            $saveoption = $LANG_ADMIN['moderate'];
            $submission = true;
            break;
        case 'draft':
            $title = $LANG24[91];
            $saveoption = $LANG_ADMIN['save'];
            $submission = true;
            $action = 'edit';
            break;
        default:
            $title = $LANG24[5];
            $saveoption = $LANG_ADMIN['save'];
            $submission = false;
            $action = 'edit';
            break;
    }
    // Load HTML templates
    $story_templates = new Template($_CONF['path_layout'] . 'admin/story');
    $story_templates->set_file(array('editor' => 'storyeditor.thtml'));
    if (!isset($_CONF['hour_mode'])) {
        $_CONF['hour_mode'] = 12;
    }
    if (!empty($errormsg)) {
        $display .= COM_showMessageText($errormsg, $LANG24[25], true);
    }
    if (!empty($currenttopic)) {
        $allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . DB_escapeString($currenttopic) . "'" . COM_getTopicSql('AND'));
        if ($allowed != $currenttopic) {
            $currenttopic = '';
        }
    }
    $story = new Story();
    if ($action == 'preview' || $action == 'error') {
        while (list($key, $value) = each($_POST)) {
            if (!is_array($value)) {
                $_POST[$key] = $value;
            } else {
                while (list($subkey, $subvalue) = each($value)) {
                    $value[$subkey] = $subvalue;
                }
            }
        }
        $result = $story->loadFromArgsArray($_POST);
    } else {
        $result = $story->loadFromDatabase($sid, $action);
    }
    if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
        $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true);
        COM_accessLog("User {$_USER['username']} tried to access story {$sid}. - STORY_PERMISSION_DENIED or STORY_NO_ACCESS_PARAMS - " . $result);
        return $display;
    } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
        $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied'], true);
        $display .= STORY_renderArticle($story, 'p');
        COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}. - STORY_EDIT_DENIED or STORY_EXISTING_NO_EDIT_PERMISSION");
        return $display;
    } elseif ($result == STORY_INVALID_SID) {
        if ($action == 'moderate') {
            // that submission doesn't seem to be there any more (may have been
            // handled by another Admin) - take us back to the moderation page
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
        } else {
            echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
        }
    } elseif ($result == STORY_DUPLICATE_SID) {
        $story_templates->set_var('error_message', $LANG24[24]);
    } elseif ($result == STORY_EMPTY_REQUIRED_FIELDS) {
        $story_templates->set_var('error_message', $LANG24[31]);
    }
    if (empty($currenttopic) && $story->EditElements('tid') == '') {
        $story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')));
    } else {
        if ($story->EditElements('tid') == '') {
            $story->setTid($currenttopic);
        }
    }
    if (SEC_hasRights('story.edit')) {
        $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 0);
        $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 0);
    } else {
        $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 3);
        $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 3);
    }
    if ($allowedTopicList == '') {
        $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true);
        COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}. No allowed topics.");
        return $display;
    }
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php', 'text' => $LANG_ADMIN['story_list']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']));
    if (SEC_inGroup('Root')) {
        $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings');
    }
    $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
    require_once $_CONF['path_system'] . 'classes/navbar.class.php';
    $story_templates->set_var('hour_mode', $_CONF['hour_mode']);
    if ($story->hasContent()) {
        $previewContent = STORY_renderArticle($story, 'p');
        if ($previewContent != '') {
            $story_templates->set_var('preview_content', $previewContent);
        }
    }
    $navbar = new navbar();
    if (!empty($previewContent)) {
        $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
        $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
        $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
        $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
        $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
        $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
        $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
    } else {
        $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
        $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
        $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
        $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
        $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
        $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
    }
    if ($action == 'preview') {
        $story_templates->set_var('show_preview', '');
        $story_templates->set_var('show_htmleditor', 'none');
        $story_templates->set_var('show_texteditor', 'none');
        $story_templates->set_var('show_submitoptions', 'none');
        $navbar->set_selected($LANG24[79]);
    } else {
        $navbar->set_selected($LANG24[80]);
        $story_templates->set_var('show_preview', 'none');
    }
    $story_templates->set_var('navbar', $navbar->generate());
    $story_templates->set_var('start_block', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header')));
    // start generating the story editor block
    $story_templates->set_var('block_start', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header')));
    $oldsid = $story->EditElements('originalSid');
    if (!empty($oldsid)) {
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="deletestory"%s/>';
        $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
        $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
        $story_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
    }
    if ($submission || $story->type == 'submission') {
        $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>');
    }
    $story_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[92], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE));
    $story_templates->set_var('lang_author', $LANG24[7]);
    $storyauthor = COM_getDisplayName($story->EditElements('uid'));
    $storyauthor_select = COM_optionList($_TABLES['users'], 'uid,username', $story->EditElements('uid'));
    $story_templates->set_var('story_author', $storyauthor);
    $story_templates->set_var('story_author_select', $storyauthor_select);
    $story_templates->set_var('author', $storyauthor);
    $story_templates->set_var('story_uid', $story->EditElements('uid'));
    // user access info
    $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
    $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
    $ownername = COM_getDisplayName($story->EditElements('owner_id'));
    $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . (int) $story->EditElements('owner_id')));
    $story_templates->set_var('owner_name', $ownername);
    $story_templates->set_var('owner', $ownername);
    $story_templates->set_var('owner_id', $story->EditElements('owner_id'));
    if (SEC_hasRights('story.edit')) {
        $story_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $story->EditElements('owner_id')));
    } else {
        $ownerInfo = '<input type="hidden" name="owner_id" value="' . $story->editElements('owner_id') . '" />' . $ownername;
        $story_templates->set_var('owner_dropdown', $ownerInfo);
    }
    $story_templates->set_var('lang_group', $LANG_ACCESS['group']);
    if (SEC_inGroup($story->EditElements('group_id'))) {
        $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
    } else {
        $gdrpdown = '<input type="hidden" name="group_id" value="' . $story->EditElements('group_id') . '"/>';
        $grpddown .= DB_getItem($_TABLES['groups'], 'grp_name', 'grp_id=' . (int) $story->EditElements('group_id'));
        $story_templates->set_var('group_dropdown', $grpddown);
    }
    $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
    $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
    $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
    $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
    $curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
    $story_templates->set_var('lang_date', $LANG24[15]);
    $story_templates->set_var('publish_second', $story->EditElements('publish_second'));
    $publish_ampm = '';
    $publish_hour = $story->EditElements('publish_hour');
    if ($publish_hour >= 12) {
        if ($publish_hour > 12) {
            $publish_hour = $publish_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
    $story_templates->set_var('publishampm_selection', $ampm_select);
    $month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
    $story_templates->set_var('publish_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
    $story_templates->set_var('publish_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
    $story_templates->set_var('publish_year_options', $year_options);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($publish_hour);
    }
    $story_templates->set_var('publish_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
    $story_templates->set_var('publish_minute_options', $minute_options);
    $story_templates->set_var('publish_date_explanation', $LANG24[46]);
    $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
    $story_templates->set_var('expire_second', $story->EditElements('expire_second'));
    $expire_ampm = '';
    $expire_hour = $story->EditElements('expire_hour');
    if ($expire_hour >= 12) {
        if ($expire_hour > 12) {
            $expire_hour = $expire_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
    if (empty($ampm_select)) {
        // have a hidden field to 24 hour mode to prevent JavaScript errors
        $ampm_select = '<input type="hidden" name="expire_ampm" value=""/>';
    }
    $story_templates->set_var('expireampm_selection', $ampm_select);
    $month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
    $story_templates->set_var('expire_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
    $story_templates->set_var('expire_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
    $story_templates->set_var('expire_year_options', $year_options);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($expire_hour);
    }
    $story_templates->set_var('expire_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
    $story_templates->set_var('expire_minute_options', $minute_options);
    $story_templates->set_var('expire_date_explanation', $LANG24[46]);
    $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
    if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
        $story_templates->set_var('is_checked2', 'checked="checked"');
        $story_templates->set_var('is_checked3', 'checked="checked"');
        $story_templates->set_var('showarchivedisabled', 'false');
    } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
        $story_templates->set_var('is_checked2', 'checked="checked"');
        $story_templates->set_var('is_checked4', 'checked="checked"');
        $story_templates->set_var('showarchivedisabled', 'false');
    } else {
        $story_templates->set_var('showarchivedisabled', 'true');
    }
    $story_templates->set_var('lang_archivetitle', $LANG24[58]);
    $story_templates->set_var('lang_option', $LANG24[59]);
    $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
    $story_templates->set_var('lang_story_stats', $LANG24[87]);
    $story_templates->set_var('lang_optionarchive', $LANG24[61]);
    $story_templates->set_var('lang_optiondelete', $LANG24[62]);
    $story_templates->set_var('lang_title', $LANG_ADMIN['title']);
    $story_templates->set_var('story_title', $story->EditElements('title'));
    $story_templates->set_var('story_subtitle', $story->EditElements('subtitle'));
    $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
    $story_templates->set_var('lang_alt_topic', $LANG_ADMIN['alt_topic']);
    $story_templates->set_var('topic_options', $allowedTopicList);
    $story_templates->set_var('alt_topic_options', $allowedAltTopicList);
    $story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
    if ($story->EditElements('show_topic_icon') == 1) {
        $story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
    } else {
        $story_templates->set_var('show_topic_icon_checked', '');
    }
    $story_templates->set_var('story_image_url', $story->EditElements('story_image'));
    $story_templates->set_var('lang_draft', $LANG24[34]);
    if ($story->EditElements('draft_flag')) {
        $story_templates->set_var('is_checked', 'checked="checked"');
        $story_templates->set_var('unpublished_selected', 'selected="selected"');
    } else {
        $story_templates->set_var('published_selected', 'selected="selected"');
    }
    $story_templates->set_var('lang_mode', $LANG24[3]);
    $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
    $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
    $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
    // comment expire
    $story_templates->set_var('lang_cmt_disable', $LANG24[63]);
    if ($story->EditElements('cmt_close')) {
        $story_templates->set_var('is_checked5', 'checked="checked"');
        //check box if enabled
        $story_templates->set_var('showcmtclosedisabled', 'false');
    } else {
        $story_templates->set_var('showcmtclosedisabled', 'true');
    }
    $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
    $story_templates->set_var('cmt_close_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
    $story_templates->set_var('cmt_close_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('cmt_close_year'));
    $story_templates->set_var('cmt_close_year_options', $year_options);
    $cmt_close_ampm = '';
    $cmt_close_hour = $story->EditElements('cmt_close_hour');
    //correct hour
    if ($cmt_close_hour >= 12) {
        if ($cmt_close_hour > 12) {
            $cmt_close_hour = $cmt_close_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
    if (empty($ampm_select)) {
        // have a hidden field to 24 hour mode to prevent JavaScript errors
        $ampm_select = '<input type="hidden" name="cmt_close_ampm" value="" />';
    }
    $story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($cmt_close_hour);
    }
    $story_templates->set_var('cmt_close_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
    $story_templates->set_var('cmt_close_minute_options', $minute_options);
    $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
    if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
        $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
        $featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured'));
        $story_templates->set_var('featured_options_data', $featured_options_data);
    } else {
        $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>";
        $story_templates->unset_var('featured_options_data');
    }
    $story_templates->set_var('featured_options', $featured_options);
    $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
    $story_templates->set_var('story_introtext', $story->EditElements('introtext'));
    $story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
    $story_templates->set_var('lang_introtext', $LANG24[16]);
    $story_templates->set_var('lang_bodytext', $LANG24[17]);
    $story_templates->set_var('lang_postmode', $LANG24[4]);
    $story_templates->set_var('lang_publishoptions', $LANG24[76]);
    $story_templates->set_var('lang_publishdate', $LANG24[69]);
    $story_templates->set_var('lang_nojavascript', $LANG24[77]);
    $story_templates->set_var('postmode', $story->EditElements('postmode'));
    if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') {
        $allowedHTML = '';
    } else {
        $allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>';
    }
    $allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story');
    $story_templates->set_var('lang_allowed_html', $allowedHTML);
    $fileinputs = '';
    $saved_images = '';
    if ($_CONF['maximagesperarticle'] > 0) {
        $story_templates->set_var('lang_images', $LANG24[47]);
        $icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid()));
        if ($icount > 0) {
            $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'");
            for ($z = 1; $z <= $icount; $z++) {
                $I = DB_fetchArray($result_articles);
                $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . '&nbsp;&nbsp;&nbsp;' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />';
            }
        }
        $newallowed = $_CONF['maximagesperarticle'] - $icount;
        for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
            $fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />';
            if ($z < $_CONF['maximagesperarticle']) {
                $fileinputs .= '<br />';
            }
        }
        $fileinputs .= '<br />' . $LANG24[51];
        if ($_CONF['allow_user_scaling'] == 1) {
            $fileinputs .= $LANG24[27];
        }
        $fileinputs .= $LANG24[28] . '<br />';
    }
    $story_templates->set_var('saved_images', $saved_images);
    $story_templates->set_var('image_form_elements', $fileinputs);
    $story_templates->set_var('lang_hits', $LANG24[18]);
    $story_templates->set_var('story_hits', $story->EditElements('hits'));
    $story_templates->set_var('lang_comments', $LANG24[19]);
    $story_templates->set_var('story_comments', $story->EditElements('comments'));
    $story_templates->set_var('lang_trackbacks', $LANG24[29]);
    $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
    $story_templates->set_var('lang_emails', $LANG24[39]);
    $story_templates->set_var('story_emails', $story->EditElements('numemails'));
    if ($_CONF['rating_enabled']) {
        $rating = @number_format($story->EditElements('rating'), 2);
        $votes = $story->EditElements('votes');
        $story_templates->set_var('rating', $rating);
        $story_templates->set_var('votes', $votes);
    }
    $story_templates->set_var('attribution_url', $story->EditElements('attribution_url'));
    $story_templates->set_var('attribution_name', $story->EditElements('attribution_name'));
    $story_templates->set_var('attribution_author', $story->EditElements('attribution_author'));
    $story_templates->set_var('lang_attribution_url', $LANG24[105]);
    $story_templates->set_var('lang_attribution_name', $LANG24[106]);
    $story_templates->set_var('lang_attribution_author', $LANG24[107]);
    $story_templates->set_var('lang_attribution', $LANG24[108]);
    $sec_token_name = CSRF_TOKEN;
    $sec_token = SEC_createToken();
    $story_templates->set_var('story_id', $story->getSid());
    $story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
    $story_templates->set_var('lang_sid', $LANG24[12]);
    $story_templates->set_var('lang_save', $saveoption);
    $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
    $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
    $story_templates->set_var('lang_timeout', $LANG_ADMIN['timeout_msg']);
    $story_templates->set_var('gltoken_name', CSRF_TOKEN);
    $story_templates->set_var('gltoken', $sec_token);
    $story_templates->set_var('security_token', $sec_token);
    $story_templates->set_var('security_token_name', $sec_token_name);
    $story_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    PLG_templateSetVars('storyeditor', $story_templates);
    if ($story->EditElements('postmode') != 'html') {
        $story_templates->unset_var('wysiwyg');
    }
    SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
    $story_templates->parse('output', 'editor');
    $display .= $story_templates->finish($story_templates->get_var('output'));
    return $display;
}