Esempio n. 1
0
 function view()
 {
     global $_CONF, $_TABLES;
     $body = '';
     $T = new Template($_CONF['path'] . 'plugins/tag/templates');
     $T->set_file('badword', 'admin_badword.thtml');
     $T->set_var('xhtml', XHTML);
     $T->set_var('this_script', COM_buildURL($_CONF['site_admin_url'] . '/plugins/tag/index.php'));
     $T->set_var('lang_desc_admin_badword', TAG_str('desc_admin_badword'));
     $T->set_var('lang_add', TAG_str('add'));
     $T->set_var('lang_lbl_tag', TAG_str('lbl_tag'));
     $T->set_var('lang_delete_checked', TAG_str('delete_checked'));
     $sql = "SELECT * FROM {$_TABLES['tag_badwords']}";
     $result = DB_query($sql);
     if (DB_error()) {
         return $retval . '<p>' . TAG_str('db_error') . '</p>';
     } else {
         if (DB_numRows($result) == 0) {
             $T->set_var('msg', '<p>' . TAG_str('no_badword') . '</p>');
         } else {
             $sw = 1;
             while (($A = DB_fetchArray($result)) !== false) {
                 $word = TAG_escape($A['badword']);
                 $body .= '<tr><td>' . '<input id="' . $word . '" name="words[]" type="checkbox" ' . 'value="' . $word . '"><label for="' . $word . '">' . $word . '</label></td></tr>' . LB;
                 $sw = $sw == 1 ? 2 : 1;
             }
         }
     }
     $T->set_var('body', $body);
     $T->parse('output', 'badword');
     $retval = $T->finish($T->get_var('output'));
     return $retval;
 }
Esempio n. 2
0
 function view()
 {
     global $_CONF, $_TABLES;
     $retval = '';
     $sql = "SELECT L.tag_id, L.tag, COUNT(m.tag_id) AS cnt, L.hits " . "FROM {$_TABLES['tag_list']} AS L " . "LEFT JOIN {$_TABLES['tag_map']} AS m " . "ON L.tag_id = m.tag_id " . "GROUP BY m.tag_id " . "ORDER BY cnt DESC, tag";
     $result = DB_query($sql);
     if (DB_error()) {
         return $retval . '<p>' . TAG_str('db_error') . '</p>';
     } else {
         if (DB_numRows($result) == 0) {
             return $retval . '<p>' . TAG_str('no_tag') . '</p>';
         }
     }
     $T = new Template($_CONF['path'] . 'plugins/tag/templates');
     $T->set_file('stats', 'admin_stats.thtml');
     $T->set_var('xhtml', XHTML);
     $T->set_var('this_script', COM_buildURL($_CONF['site_admin_url'] . '/plugins/tag/index.php'));
     $T->set_var('lang_desc_admin_stats', TAG_str('desc_admin_stats'));
     $T->set_var('lang_lbl_tag', TAG_str('lbl_tag'));
     $T->set_var('lang_lbl_count', TAG_str('lbl_count'));
     $T->set_var('lang_lbl_hit_count', TAG_str('lbl_hit_count'));
     $T->set_var('lang_delete_checked', TAG_str('delete_checked'));
     $T->set_var('lang_ban_checked', TAG_str('ban_checked'));
     $sw = 1;
     $body = '';
     while (($A = DB_fetchArray($result)) !== false) {
         $tag_id = $A['tag_id'];
         $body .= '<tr class="pluginRow' . $sw . '">' . '<td><input id="tag' . TAG_escape($tag_id) . '" name="tag_ids[]" ' . 'type="checkbox" value="' . TAG_escape($A['tag_id']) . '"' . XHTML . '><label for="tag' . TAG_escape($tag_id) . '">' . TAG_escape($A['tag']) . '</label></td>' . '<td style="text-align: right;">' . TAG_escape($A['cnt']) . '</td><td style="text-align: right;">' . TAG_escape($A['hits']) . '</td></tr>' . LB;
         $sw = $sw == 1 ? 2 : 1;
     }
     $T->set_var('body', $body);
     $T->parse('output', 'stats');
     $retval = $T->finish($T->get_var('output'));
     return $retval;
 }
Esempio n. 3
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    /* Store the first CATEGORY as the Topic ID */
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    /* Apply filters to the parameters passed by the webservice */
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    /* - START: Set all the defaults - */
    if (empty($args['tid'])) {
        // see if we have a default topic
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
        if (!empty($topic)) {
            $args['tid'] = $topic;
        } else {
            // otherwise, just use the first one
            $o = array();
            $s = array();
            if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                $args['tid'] = $o[0];
            } else {
                $svc_msg['error_desc'] = 'No topics available';
                return PLG_RET_ERROR;
            }
        }
    }
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
        $args['alternate_id'] = NULL;
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        /* Permissions */
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    /* - END: Set all the defaults - */
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        /* First load the original story to check if it has been modified */
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    /* This function is also doing the security checks */
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    switch ($result) {
        case STORY_DUPLICATE_SID:
            if (!$args['gl_svc']) {
                if (isset($args['type']) && $args['type'] == 'submission') {
                    $output .= STORY_edit($sid, 'moderate');
                } else {
                    $output .= STORY_edit($sid, 'error');
                }
            }
            return PLG_RET_ERROR;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_EMPTY_REQUIRED_FIELDS:
            if (!$args['gl_svc']) {
                $output .= STORY_edit($sid, 'error');
            }
            return PLG_RET_ERROR;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            $upload->setAutomaticResize(true);
            if ($_CONF['keep_unscaled_image'] == 1) {
                $upload->keepOriginalImage(true);
            } else {
                $upload->keepOriginalImage(false);
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            $upload->setFieldName('file');
            //@TODO - better error handling...
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_siteHeader('menu', $LANG24[30]);
                $output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
            $result = DB_query($sql, 1);
            $row = DB_fetchArray($result);
            $ai_img_num = $row['ai_img_num'];
            if ($ai_img_num < 1) {
                $ai_img_num = 1;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                $curfile['name'] = '';
                if (isset($_FILES['file']['name'][$z])) {
                    $curfile['name'] = $_FILES['file']['name'][$z];
                }
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
                    $ai_img_num++;
                } else {
                    $filenames[] = '';
                }
            }
            $upload->setFileNames($filenames);
            $upload->uploadFiles();
            //@TODO - better error handling
            if ($upload->areErrors()) {
                $retval = COM_siteHeader('menu', $LANG24[30]);
                $retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $retval .= STORY_edit($sid, 'error');
                $retval .= COM_siteFooter();
                echo $retval;
                exit;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                if ($filenames[$z] != '') {
                    $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
                    $result = DB_query($sql, 1);
                    $row = DB_fetchArray($result);
                    $ai_img_num = $row['ai_img_num'];
                    if ($ai_img_num < 1) {
                        $ai_img_num = 1;
                    }
                    DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
                }
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkImages();
            if (count($errors) > 0) {
                $output = COM_siteHeader('menu', $LANG24[54]);
                $eMsg = $LANG24[55] . '<p>';
                for ($i = 1; $i <= count($errors); $i++) {
                    $eMsg .= current($errors) . '<br />';
                    next($errors);
                }
                //@TODO - use return here...
                $output .= COM_showMessageText($eMsg, $LANG24[54], true);
                $output .= STORY_edit($sid, 'error');
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_olderStuff();
        if ($story->type == 'submission') {
            COM_setMessage(9);
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
            exit;
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
Esempio n. 4
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    if (defined('DEMO_MODE')) {
        $output = COM_siteHeader('menu');
        $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
        $output .= COM_siteFooter();
        return PLG_REG_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_uid'])) {
        $args['sp_uid'] = $_USER['uid'];
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if ($args['sp_status'] != 1) {
        $args['sp_status'] = 0;
    }
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['sp_search'] != 1) {
        $args['sp_search'] = 0;
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } else {
            if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
                $svc_msg['error_desc'] = 'Menu label missing';
                return PLG_RET_ERROR;
            }
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_status = $args['sp_status'];
    $sp_uid = $args['sp_uid'];
    $sp_title = $args['sp_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    $sp_search = $args['sp_search'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_label = strip_tags($sp_label);
        $sp_content = DB_escapeString($sp_content);
        $sp_title = DB_escapeString($sp_title);
        $sp_label = DB_escapeString($sp_label);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
            // multi-language configuration - allow one entire page
            // centerblock for all or none per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
        if ($delete_old_page && !empty($sp_old_id)) {
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
            DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
            PLG_itemDeleted($sp_old_id, 'staticpages');
        }
        PLG_itemSaved($sp_id, 'staticpages');
        $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
Esempio n. 5
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
        return PLG_RET_AUTH_FAILED;
    }
    require_once $_CONF['path_system'] . 'lib-comment.php';
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    // Store the first CATEGORY as the Topic ID
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    // - START: Set all the defaults -
    /*
        if (empty($args['tid'])) {
            // see if we have a default topic
            $topic = DB_getItem($_TABLES['topics'], 'tid',
                                'is_default = 1' . COM_getPermSQL('AND'));
            if (!empty($topic)) {
                $args['tid'] = $topic;
            } else {
                // otherwise, just use the first one
                $o = array();
                $s = array();
                if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                    $args['tid'] = $o[0];
                } else {
                    $svc_msg['error_desc'] = 'No topics available';
                    return PLG_RET_ERROR;
                }
            }
        } */
    /* This is a solution for above but the above has issues
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topics selected or available';
            return PLG_RET_ERROR;
        }
       */
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    // - END: Set all the defaults -
    // TEST CODE
    /* foreach ($args as $k => $v) {
           if (!is_array($v)) {
               echo "$k => $v\r\n";
           } else {
               echo "$k => $v\r\n";
               foreach ($v as $k1 => $v1) {
                   echo "        $k1 => $v1\r\n";
               }
           }
       }*/
    // exit ();
    // END TEST CODE
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
            } else {
                $args['sid'] = COM_makeSid();
            }
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original story to check if it has been modified
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    // This function is also doing the security checks
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    // Check if topics selected if not prompt required field
    if ($result == STORY_LOADED_OK) {
        if (!TOPIC_checkTopicSelectionControl()) {
            $result = STORY_EMPTY_REQUIRED_FIELDS;
        }
    }
    switch ($result) {
        case STORY_DUPLICATE_SID:
            $output .= COM_errorLog($LANG24[24], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
            return PLG_RET_ERROR;
            break;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_EMPTY_REQUIRED_FIELDS:
            $output .= COM_errorLog($LANG24[31], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output);
            return PLG_RET_ERROR;
            break;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new Upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            if (!empty($_CONF['image_lib'])) {
                if ($_CONF['image_lib'] == 'imagemagick') {
                    // Using imagemagick
                    $upload->setMogrifyPath($_CONF['path_to_mogrify']);
                } elseif ($_CONF['image_lib'] == 'netpbm') {
                    // using netPBM
                    $upload->setNetPBM($_CONF['path_to_netpbm']);
                } elseif ($_CONF['image_lib'] == 'gdlib') {
                    // using the GD library
                    $upload->setGDLib();
                }
                $upload->setAutomaticResize(true);
                if ($_CONF['keep_unscaled_image'] == 1) {
                    $upload->keepOriginalImage(true);
                } else {
                    $upload->keepOriginalImage(false);
                }
                if (isset($_CONF['jpeg_quality'])) {
                    $upload->setJpegQuality($_CONF['jpeg_quality']);
                }
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $end_index = $index_start + $upload->numFiles() - 1;
            for ($z = $index_start; $z <= $end_index; $z++) {
                $curfile = current($_FILES);
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $z . '.' . $fextension;
                }
                next($_FILES);
            }
            $upload->setFileNames($filenames);
            reset($_FILES);
            $upload->uploadFiles();
            if ($upload->areErrors()) {
                $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $retval;
                exit;
            }
            reset($filenames);
            for ($z = $index_start; $z <= $end_index; $z++) {
                DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
                next($filenames);
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkAttachedImages();
            if (count($errors) > 0) {
                $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG24[55] . LB . '<ul>' . LB;
                foreach ($errors as $err) {
                    $output .= '<li>' . $err . '</li>' . LB;
                }
                $output .= '</ul>' . LB;
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= storyeditor($sid);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s)
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_rdfUpToDateCheck('comment');
        STORY_updateLastArticlePublished();
        CMT_updateCommentcodes();
        if ($story->type == 'submission') {
            $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
Esempio n. 6
0
 /**
  *   Display the detail page for the event occurrence.
  *
  *   @param  integer $rp_id  ID of the repeat to display
  *   @param  string  $query  Optional query string, for highlighting
  *   @param  string  $tpl    Optional template filename, e.g. 'event_print'
  *   @return string      HTML for the page.
  */
 public function Render($rp_id = 0, $query = '', $tpl = '')
 {
     global $_CONF, $_USER, $_EV_CONF, $_TABLES, $LANG_EVLIST, $LANG_WEEK, $_SYSTEM;
     $retval = '';
     $url = '';
     $location = '';
     $street = '';
     $city = '';
     $province = '';
     $country = '';
     $postal = '';
     $name = '';
     $email = '';
     $phone = '';
     if ($rp_id != 0) {
         $this->Read($rp_id);
     }
     if ($this->rp_id == 0) {
         return EVLIST_alertMessage($LANG_EVLIST['access_denied']);
     }
     //update hit count
     evlist_hit($this->ev_id);
     $template = 'event';
     if (!empty($tpl)) {
         $template .= '_' . $tpl;
     } else {
         $template .= $_SYSTEM['framework'] == 'uikit' ? '.uikit' : '';
     }
     $T = new Template(EVLIST_PI_PATH . '/templates/');
     $T->set_file(array('event' => $template . '.thtml', 'datetime' => 'date_time.thtml', 'address' => 'address.thtml', 'contact' => 'contact.thtml'));
     // If plain text then replace newlines with <br> tags
     if ($this->Event->postmode == '1') {
         //plaintext
         $this->Event->Detail->summary = nl2br($this->Event->Detail->summary);
         $this->Event->Detail->full_description = nl2br($this->Event->Detail->full_description);
         $this->Event->Detail->location = nl2br($this->Event->Detail->location);
     }
     $title = $this->Event->Detail->title;
     if ($this->postmode != 'plaintext') {
         $summary = PLG_replaceTags($this->Event->Detail->summary);
         $fulldescription = PLG_replaceTags($this->Event->Detail->full_description);
         $location = $this->Event->Detail->location != '' ? PLG_replaceTags($this->Event->Detail->location) : '';
     } else {
         $summary = $this->Event->Detail->summary;
         $fulldescription = $this->Event->Detail->full_description;
         $location = $this->Event->Detail->location;
     }
     if ($query != '') {
         $title = COM_highlightQuery($title, $query);
         if (!empty($summary)) {
             $summary = COM_highlightQuery($summary, $query);
         }
         if (!empty($fulldescription)) {
             $fulldescription = COM_highlightQuery($fulldescription, $query);
         }
         if (!empty($location)) {
             $location = COM_highlightQuery($location, $query);
         }
     }
     $date_start = EVLIST_formattedDate($this->date_start);
     if ($this->date_start != $this->date_end) {
         $date_end = EVLIST_formattedDate($this->date_end);
     } else {
         $date_end = '';
     }
     if ($this->Event->allday == '1') {
         $allday = '<br />' . $LANG_EVLIST['all_day_event'];
     } else {
         $allday = '';
         if ($this->time_start1 != '') {
             $time_start1 = EVLIST_formattedTime($this->time_start1);
             $time_end1 = EVLIST_formattedTime($this->time_end1);
         } else {
             $time_start1 = '';
             $time_end1 = '';
         }
         //$time_period = $time_start . $time_end;
         if ($this->Event->split == '1') {
             $time_start2 = EVLIST_formattedTime($this->time_start2);
             $time_end2 = EVLIST_formattedTime($this->time_end2);
         }
     }
     $url = $this->Event->Detail->url;
     $street = $this->Event->Detail->street;
     $city = $this->Event->Detail->city;
     $province = $this->Event->Detail->province;
     $postal = $this->Event->Detail->postal;
     $country = $this->Event->Detail->country;
     // Now get the text description of the recurring interval, if any
     if ($this->Event->recurring && $this->Event->rec_data['type'] < EV_RECUR_DATES) {
         $rec_data = $this->Event->rec_data;
         $rec_string = $LANG_EVLIST['recur_freq_txt'] . ' ' . $this->Event->RecurDescrip();
         switch ($rec_data['type']) {
             case EV_RECUR_WEEKLY:
                 // sequential days
                 $weekdays = array();
                 if (is_array($rec_data['listdays'])) {
                     foreach ($rec_data['listdays'] as $daynum) {
                         $weekdays[] = $LANG_WEEK[$daynum];
                     }
                     $days_text = implode(', ', $weekdays);
                 } else {
                     $days_text = '';
                 }
                 $rec_string .= ' ' . sprintf($LANG_EVLIST['on_days'], $days_text);
                 break;
             case EV_RECUR_DOM:
                 $days = array();
                 foreach ($rec_data['interval'] as $key => $day) {
                     $days[] = $LANG_EVLIST['rec_intervals'][$day];
                 }
                 $days_text = implode(', ', $days) . ' ' . $LANG_WEEK[$rec_data['weekday']];
                 $rec_string .= ' ' . sprintf($LANG_EVLIST['on_the_days'], $days_text);
                 break;
         }
         if ($this->Event->rec_data['stop'] != '' && $this->Event->rec_data['stop'] < EV_MAX_DATE) {
             $rec_string .= ' ' . sprintf($LANG_EVLIST['recur_stop_desc'], EVLIST_formattedDate($this->Event->rec_data['stop']));
         }
     } else {
         $rec_string = '';
     }
     $T->set_var(array('pi_url' => EVLIST_URL, 'webcal_url' => preg_replace('/^https?/', 'webcal', EVLIST_URL), 'rp_id' => $this->rp_id, 'ev_id' => $this->ev_id, 'title' => $title, 'summary' => $summary, 'full_description' => $fulldescription, 'can_edit' => $this->isAdmin ? 'true' : '', 'start_time1' => $time_start1, 'end_time1' => $time_end1, 'start_time2' => $time_start2, 'end_time2' => $time_end2, 'start_date' => $date_start, 'end_date' => $date_end, 'start_datetime1' => $date_start . $time_start, 'end_datetime1' => $date_end . $time_end, 'allday_event' => $this->Event->allday == 1 ? 'true' : '', 'is_recurring' => $this->Event->recurring, 'can_subscribe' => $this->Event->Calendar->cal_ena_ical, 'recurring_event' => $rec_string, 'owner_id' => $this->Event->owner_id, 'cal_name' => $this->Event->Calendar->cal_name, 'cal_id' => $this->Event->cal_id, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'more_info_link' => sprintf($LANG_EVLIST['click_here'], $url)));
     if ($_EV_CONF['enable_rsvp'] == 1 && $this->Event->options['use_rsvp'] > 0) {
         if ($this->Event->options['rsvp_cutoff'] > 0) {
             $dt = new Date($this->event->date_start1 . ' ' . $this->Event->time_start1, $_CONF['timezone']);
             if (time() > $dt->toUnix() - $this->Event->options['rsvp_cutoff'] * 86400) {
                 $past_cutoff = false;
             } else {
                 $past_cutoff = true;
             }
         }
         if (COM_isAnonUser()) {
             // Just show a must-log-in message
             $T->set_var('login_to_register', 'true');
         } elseif (!$past_cutoff) {
             $num_free_tickets = $this->isRegistered(0, true);
             $total_tickets = $this->isRegistered(0, false);
             if ($num_free_tickets > 0) {
                 // If the user is already registered for any free tickets,
                 // show the cancel link
                 $T->set_var(array('unregister_link' => 'true', 'num_free_reg' => $num_free_tickets));
             }
             // Show the registration link
             if (($this->Event->options['max_rsvp'] == 0 || $this->Event->options['rsvp_waitlist'] == 1 || $this->Event->options['max_rsvp'] > $this->TotalRegistrations()) && ($this->Event->options['max_user_rsvp'] == 0 || $total_tickets < $this->Event->options['max_user_rsvp'])) {
                 USES_evlist_class_tickettype();
                 $Ticks = evTicketType::GetTicketTypes();
                 if ($this->Event->options['max_user_rsvp'] > 0) {
                     $T->set_block('event', 'tickCntBlk', 'tcBlk');
                     $T->set_var('register_multi', true);
                     //$rsvp_user_count = '';
                     $avail_tickets = $this->Event->options['max_user_rsvp'] - $total_tickets;
                     for ($i = 1; $i <= $avail_tickets; $i++) {
                         $T->set_var('tick_cnt', $i);
                         $T->parse('tcBlk', 'tickCntBlk', true);
                         //$rsvp_user_count .= '<option value="'.$i.'">'.$i.
                         //        '</option>'.LB;
                     }
                     //$T->set_var('register_multi', $rsvp_user_count);
                 } else {
                     // max_rsvp == 0 indicates openended registration
                     $T->set_var('register_unltd', 'true');
                 }
                 $T->set_block('event', 'tickTypeBlk', 'tBlk');
                 foreach ($this->Event->options['tickets'] as $tick_id => $data) {
                     /*$options .= '<option value="' . $tick_id . '">' .
                           $Ticks[$tick_id]->description;
                       if ($data['fee'] > 0) {
                           $options .= ' - ' . COM_numberFormat($data['fee'], 2);
                       }
                       $options .= '</option>' . LB;*/
                     $status = LGLIB_invokeService('paypal', 'formatAmount', array('amount' => $data['fee']), $pp_fmt_amt, $svc_msg);
                     $fmt_amt = $status == PLG_RET_OK ? $pp_fmt_amt : COM_numberFormat($data['fee'], 2);
                     $T->set_var(array('tick_type' => $tick_id, 'tick_descr' => $Ticks[$tick_id]->description, 'tick_fee' => $data['fee'] > 0 ? $fmt_amt : 'FREE'));
                     $T->parse('tBlk', 'tickTypeBlk', true);
                 }
                 $T->set_var(array('register_link' => 'true', 'ticket_options' => $options, 'ticket_types_multi' => count($this->Event->options['tickets']) > 1 ? 'true' : ''));
             }
         }
         // If ticket printing is enabled for this event, see if the
         // current user has any tickets to print.
         if ($this->Event->options['rsvp_print'] > 0) {
             $paid = $this->Event->options['rsvp_print'] == 1 ? 'paid' : '';
             USES_evlist_class_ticket();
             $tickets = evTicket::GetTickets($this->ev_id, '', $this->uid, $paid);
             if (count($tickets) > 0) {
                 $T->set_var('have_tickets', 'true');
             }
         }
     }
     // if enable_rsvp
     if (!empty($date_start) || !empty($date_end)) {
         $T->parse('datetime_info', 'datetime');
     }
     // Only process the location block if at least one element exists.
     // Don't want an empty block showing.
     if (!empty($location) || !empty($street) || !empty($city) || !empty($province) || !empty($postal)) {
         $T->set_var(array('location' => $location, 'street' => $street, 'city' => $city, 'province' => $province, 'country' => $country, 'postal' => $postal));
         $T->parse('address_info', 'address');
         // Get info from the Weather plugin, if configured and available
         // There has to be at least some location data for this to work.
         if ($_EV_CONF['use_weather']) {
             // The postal code works best, but not internationally.
             // Try the regular address first.
             $loc = '';
             if (!empty($city) && !empty($province)) {
                 $loc = $city . ', ' . $province . ' ' . $country;
             }
             if (!empty($postal)) {
                 $loc .= ' ' . $postal;
             }
             if (!empty($loc)) {
                 // Location info was found, get the weather
                 LGLIB_invokeService('weather', 'embed', array('loc' => $loc), $weather, $svc_msg);
                 if (!empty($weather)) {
                     // Weather info was found
                     $T->set_var('weather', $weather);
                 }
             }
         }
     }
     // Get a map from the Locator plugin, if configured and available
     if ($_EV_CONF['use_locator'] == 1 && $this->Event->Detail->lat != 0 && $this->Event->Detail->lng != 0) {
         $status = LGLIB_invokeService('locator', 'getMap', array('lat' => $this->Event->Detail->lat, 'lng' => $this->Event->Detail->lng), $map, $svc_msg);
         if ($status == PLG_RET_OK) {
             $T->set_var(array('map' => $map, 'lat' => number_format($this->Event->Detail->lat, 8, '.', ''), 'lng' => number_format($this->Event->Detail->lng, 8, '.', '')));
         }
     }
     //put contact info here: contact, email, phone#
     $name = $this->Event->Detail->contact != '' ? COM_applyFilter($this->Event->Detail->contact) : '';
     if ($this->Event->Detail->email != '') {
         $email = COM_applyFilter($this->Event->Detail->email);
         $email = EVLIST_obfuscate($email);
     } else {
         $email = '';
     }
     $phone = $this->Event->Detail->phone != '' ? COM_applyFilter($this->Event->Detail->phone) : '';
     if (!empty($name) || !empty($email) || !empty($phone)) {
         $T->set_var(array('name' => $name, 'email' => $email, 'phone' => $phone));
         $T->parse('contact_info', 'contact');
     }
     // TODO: Is the range needed?
     if (!empty($range)) {
         $andrange = '&amp;range=' . $range;
     } else {
         $andrange = '&amp;range=2';
     }
     if (!empty($cat)) {
         $andcat = '&amp;cat=' . $cat;
     } else {
         $andcat = '';
     }
     $cats = $this->Event->GetCategories();
     $catcount = count($cats);
     if ($catcount > 0) {
         $catlinks = array();
         for ($i = 0; $i < $catcount; $i++) {
             $catlinks[] = '<a href="' . COM_buildURL(EVLIST_URL . '/index.php?op=list' . $andrange . '&cat=' . $cats[$i]['id']) . '">' . $cats[$i]['name'] . '</a>&nbsp;';
         }
         $catlink = join('|&nbsp;', $catlinks);
         $T->set_var('category_link', $catlink, true);
     }
     //  reminders must be enabled globally first and then per event in
     //  order to be active
     if (!isset($_EV_CONF['reminder_days'])) {
         $_EV_CONF['reminder_days'] = 1;
     }
     $hasReminder = 0;
     if ($_EV_CONF['enable_reminders'] == '1' && $this->Event->enable_reminders == '1' && time() < strtotime("-" . $_EV_CONF['reminder_days'] . " days", strtotime($this->date_start))) {
         //form will not appear within XX days of scheduled event.
         $show_reminders = true;
         // Let's see if we have already asked for a reminder...
         if ($_USER['uid'] > 1) {
             $hasReminder = DB_count($_TABLES['evlist_remlookup'], array('eid', 'uid', 'rp_id'), array($this->ev_id, $_USER['uid'], $this->rp_id));
         }
     } else {
         $show_reminders = false;
     }
     if ($this->Event->options['contactlink'] == 1) {
         $ownerlink = $_CONF['site_url'] . '/profiles.php?uid=' . $this->Event->owner_id;
         $ownerlink = sprintf($LANG_EVLIST['contact_us'], $ownerlink);
     } else {
         $ownerlink = '';
     }
     $T->set_var(array('owner_link' => $ownerlink, 'reminder_set' => $hasReminder ? 'true' : 'false', 'reminder_email' => isset($_USER['email']) ? $_USER['email'] : '', 'notice' => 1, 'rp_id' => $this->rp_id, 'eid' => $this->ev_id, 'show_reminderform' => $show_reminders ? 'true' : ''));
     USES_evlist_class_tickettype();
     $tick_types = evTicketType::GetTicketTypes();
     $T->set_block('event', 'registerBlock', 'rBlock');
     if (is_array($this->Event->options['tickets'])) {
         foreach ($this->Event->options['tickets'] as $tic_type => $info) {
             $T->set_var(array('tic_description' => $tick_types[$tic_type]->description, 'tic_fee' => COM_numberFormat($info['fee'], 2)));
             $T->parse('rBlock', 'registerBlock', true);
         }
     }
     // Show the "manage reservations" link to the event owner
     if ($_EV_CONF['enable_rsvp'] == 1 && $this->Event->options['use_rsvp'] > 0) {
         if ($this->isAdmin) {
             $T->set_var('admin_rsvp', EVLIST_adminRSVP($this->rp_id));
         }
     }
     $T->parse('output', 'event');
     $retval .= $T->finish($T->get_var('output'));
     return $retval;
 }
Esempio n. 7
0
/**
 * Return a canonical link
 *
 * @param    string $dir_topic current topic or 'all'
 * @param    int    $year      current year
 * @param    int    $month     current month
 * @return   string          <link rel="canonical"> tag
 */
function DIR_canonicalLink($dir_topic, $year = 0, $month = 0)
{
    global $_CONF;
    $script = $_CONF['site_url'] . '/' . THIS_SCRIPT;
    $tp = '?topic=' . urlencode($dir_topic);
    $parts = '';
    if ($year != 0 && $month != 0) {
        $parts .= "&amp;year={$year}&amp;month={$month}";
    } elseif ($year != 0) {
        $parts .= "&amp;year={$year}";
    } elseif ($dir_topic === 'all') {
        $tp = '';
    }
    $url = COM_buildURL($script . $tp . $parts);
    return '<link rel="canonical" href="' . $url . '"' . XHTML . '>' . LB;
}
Esempio n. 8
0
/**
*   Create a list of events
*
*   @param  integer $range          Range indicator (upcoming, past, etc)
*   @param  integer $category       Category to limit search
*   @param  string  $block_title    Title of block
*   @return string      HTML for list page
*/
function EVLIST_listview($range = '', $category = '', $calendar = '', $block_title = '')
{
    global $_CONF, $_EV_CONF, $_USER, $_TABLES, $LANG_EVLIST;
    EVLIST_setViewSession('list', $year, $month, $day);
    $retval = '';
    $T = new Template(EVLIST_PI_PATH . '/templates/');
    $T->set_file('index', 'index.thtml');
    if ($_EV_CONF['_can_add']) {
        $add_event_link = EVLIST_URL . '/event.php?edit=x';
    } else {
        $add_event_link = '';
    }
    $T->set_var(array('action' => EVLIST_URL . '/index.php', 'range_options' => EVLIST_GetOptions($LANG_EVLIST['ranges'], $range), 'add_event_link' => $add_event_link, 'add_event_text' => $LANG_EVLIST['add_event'], 'rangetext' => $LANG_EVLIST['ranges'][$range]));
    $page = empty($_GET['page']) ? 1 : (int) $_GET['page'];
    $opts = array('cat' => $category, 'page' => $page, 'limit' => $_EV_CONF['limit_list'], 'cal' => $calendar);
    switch ($range) {
        case 1:
            // past
            $start = EV_MIN_DATE;
            $end = $_EV_CONF['_today'];
            $opts['order'] = 'DESC';
            break;
        case 3:
            //this week
            $start = $_EV_CONF['_today'];
            $end = date('Y-m-d', strtotime('+1 week', $_EV_CONF['_today_ts']));
            break;
        case 4:
            //this month
            $start = $_EV_CONF['_today'];
            $end = date('Y-m-d', strtotime('+1 month', $_EV_CONF['_today_ts']));
            break;
        case 2:
            //upcoming
        //upcoming
        default:
            $start = $_EV_CONF['_today'];
            $end = EV_MAX_DATE;
            break;
    }
    $events = EVLIST_getEvents($start, $end, $opts);
    if (empty($events)) {
        //return empty list msg
        $T->set_var(array('title' => '', 'block_title' => $block_title, 'empty_listmsg' => $LANG_EVLIST['no_match']));
        if (!empty($range)) {
            $andrange = '&amp;range=' . $range;
            $T->set_var('range', $range);
        } else {
            $andrange = '&amp;range=2';
        }
        if (!empty($category)) {
            $andcat = '&amp;cat=' . $category;
            $T->set_var('category', $category);
        } else {
            $andcat = '';
        }
    } else {
        //populate list
        // So we don't call SEC_hasRights inside the loop
        $isAdmin = SEC_hasRights('evlist.admin');
        $T->set_file(array('item' => 'list_item.thtml', 'editlinks' => 'edit_links.thtml', 'category_form' => 'category_dd.thtml'));
        if (!empty($range)) {
            $andrange = '&amp;range=' . $range;
            $T->set_var('range', $range);
        } else {
            $andrange = '&amp;range=2';
        }
        if (!empty($category)) {
            $andcat = '&amp;cat=' . $category;
            $T->set_var('category', $category);
        } else {
            $andcat = '';
        }
        // Track events that have been shown so we show them only once.
        $already_shown = array();
        foreach ($events as $date => $daydata) {
            foreach ($daydata as $A) {
                if (array_key_exists($A['rp_id'], $already_shown)) {
                    continue;
                } else {
                    $already_shown[$A['rp_id']] = 1;
                }
                $titlelink = COM_buildURL(EVLIST_URL . '/event.php?eid=' . $A['rp_id'] . $timestamp . $andrange . $andcat);
                $titlelink = '<a href="' . $titlelink . '">' . COM_stripslashes($A['title']) . '</a>';
                $summary = PLG_replaceTags(COM_stripslashes($A['summary']));
                $datesummary = sprintf($LANG_EVLIST['event_begins'], EVLIST_formattedDate(strtotime($A['rp_date_start'])));
                $morelink = COM_buildURL(EVLIST_URL . '/event.php?eid=' . $A['rp_id'] . $timestamp . $andrange . $andcat);
                $morelink = '<a href="' . $morelink . '">' . $LANG_EVLIST['read_more'] . '</a>';
                if (empty($A['email'])) {
                    $contactlink = $_CONF['site_url'] . '/profiles.php?uid=' . $A['owner_id'];
                } else {
                    $contactlink = 'mailto:' . EVLIST_obfuscate($A['email']);
                }
                $contactlink = '<a href="' . $contactlink . '">' . $LANG_EVLIST['ev_contact'] . '</a>';
                $T->set_var(array('title' => $titlelink, 'date_summary' => $datesummary, 'summary' => $summary, 'more_link' => $morelink, 'contact_link' => $contactlink, 'contact_name' => $A['contact'], 'owner_name' => COM_getDisplayName($A['owner_id']), 'block_title' => $block_title, 'category_links' => EVLIST_getCatLinks($A['ev_id'], $andrange), 'cal_id' => $A['cal_id'], 'cal_name' => $A['cal_name'], 'cal_fgcolor' => $A['fgcolor'], 'cal_bgcolor' => $A['bgcolor']));
                $T->parse('event_item', 'item', true);
            }
        }
    }
    $T->parse('output', 'index');
    $retval .= $T->finish($T->get_var('output'));
    // Set page navigation
    $retval .= EVLIST_pagenav($start, $end, $category, $page, $range, $calendar);
    return $retval;
}
Esempio n. 9
0
            $display .= COM_printPageNavigation($base_url, $page, $num_pages);
        }
    }
} else {
    // no stories to display
    if ($page == 1) {
        if (!isset($_CONF['hide_no_news_msg']) || $_CONF['hide_no_news_msg'] == 0) {
            $display .= COM_startBlock($LANG05[1], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG05[2];
            $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        }
        $display .= PLG_showCenterblock(3, $page, $topic);
        // bottom blocks
    } else {
        $topic_url = '';
        if (!empty($topic)) {
            $topic_url = COM_buildURL($_CONF['site_url'] . '/index.php?topic=' . $topic);
        }
        COM_handle404($topic_url);
    }
}
$header = '';
if ($topic) {
    // Meta Tags
    if ($_CONF['meta_tags'] > 0) {
        $result = DB_query("SELECT meta_description, meta_keywords FROM {$_TABLES['topics']} WHERE tid = '{$topic}'");
        $A = DB_fetcharray($result);
        $header .= LB . PLG_getMetaTags('homepage', '', array(array('name' => 'description', 'content' => stripslashes($A['meta_description'])), array('name' => 'keywords', 'content' => stripslashes($A['meta_keywords']))));
    }
}
$display = COM_createHTMLDocument($display, array('breadcrumbs' => $breadcrumbs, 'headercode' => $header, 'rightblock' => true));
// Output page
Esempio n. 10
0
    $commentCount = DB_count($_TABLES['comments'], 'sid', "fileid_{$lid}");
    $recentPostMessage = _MD_COMMENTSWANTED;
    if ($commentCount > 0) {
        $result4 = DB_query("SELECT cid, UNIX_TIMESTAMP(date) AS day,username FROM {$_TABLES['comments']},{$_TABLES['users']} WHERE {$_TABLES['users']}.uid = {$_TABLES['comments']}.uid AND sid = 'fileid_{$lid}' ORDER BY date desc LIMIT 1");
        $C = DB_fetchArray($result4);
        $recentPostMessage = $LANG01[27] . ': ' . strftime($_CONF['daytime'], $C['day']) . ' ' . $LANG01[104] . ' ' . $C['username'];
        $comment_link = '<a href="' . $_CONF[site_url] . '/filemgmt/index.php?id=' . $lid . '" title="' . $recentPostMessage . '">' . $commentCount . '&nbsp;' . $LANG01[3] . '</a>';
    } else {
        $comment_link = '<a href="' . $_CONF[site_url] . '/comment.php?type=filemgmt&amp;sid=' . $lid . '" title="' . $recentPostMessage . '">' . _MD_ENTERCOMMENT . '</a>';
    }
    $p->set_var('comment_link', $comment_link);
    $p->set_var('show_comments', '');
} else {
    $p->set_var('show_comments', 'none');
}
$p->set_var('LANG_DOWNLOAD', _MD_DOWNLOAD);
$p->set_var('LANG_FILELINK', _MD_FILELINK);
$p->set_var('LANG_RATETHISFILE', _MD_RATETHISFILE);
$p->set_var('LANG_REPORTBROKEN', _MD_REPORTBROKEN);
//@@@@@20090602add---->
$pageurl = COM_buildURL($_CONF[site_url] . "/filemgmt/index.php?id=" . $lid);
$readmore_link = COM_createLink(_MD_FILELINK, $pageurl);
$p->set_var('readmore_link', $readmore_link);
//@@@@@20090602add<----
if ($FilemgmtAdmin) {
    $p->set_var('LANG_EDIT', _MD_EDIT);
    $p->set_var('show_editlink', '');
} else {
    $p->set_var('LANG_EDIT', '');
    $p->set_var('show_editlink', 'none');
}
Esempio n. 11
0
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
    global $_CONF;
    global $_TABLES;
    global $_USER;
    $box_conf = "_" . strtoupper($pi_name) . "_CONF";
    global ${$box_conf};
    $box_conf = ${$box_conf};
    $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
    global ${$lang_box_admin};
    $lang_box_admin = ${$lang_box_admin};
    $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
    global ${$lang_box_admin_menu};
    $lang_box_admin_menu = ${$lang_box_admin_menu};
    $table = $_TABLES[strtoupper($pi_name) . '_def_field'];
    $table1 = $_TABLES[strtoupper($pi_name) . '_base'];
    $table2 = $_TABLES[strtoupper($pi_name) . '_addition'];
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    if ($id == 0) {
        $new_flg = true;
    } else {
        $new_flg = false;
    }
    $name = COM_stripslashes($_POST['name']);
    $name = addslashes(COM_checkHTML(COM_checkWords($name)));
    $templatesetvar = COM_applyFilter($_POST['templatesetvar']);
    $templatesetvar = addslashes(COM_checkHTML(COM_checkWords($templatesetvar)));
    $description = COM_stripslashes($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $allow_display = COM_applyFilter($_POST['allow_display']);
    $allow_display = addslashes(COM_checkHTML(COM_checkWords($allow_display)));
    $allow_edit = COM_applyFilter($_POST['allow_edit']);
    $allow_edit = addslashes(COM_checkHTML(COM_checkWords($allow_edit)));
    $textcheck = COM_applyFilter($_POST['textcheck']);
    $textcheck = addslashes(COM_checkHTML(COM_checkWords($textcheck)));
    $textconv = COM_applyFilter($_POST['textconv']);
    $textconv = addslashes(COM_checkHTML(COM_checkWords($textconv)));
    $searchtarget = COM_applyFilter($_POST['searchtarget']);
    $searchtarget = addslashes(COM_checkHTML(COM_checkWords($searchtarget)));
    $initial_value = COM_applyFilter($_POST['initial_value']);
    $initial_value = addslashes(COM_checkHTML(COM_checkWords($initial_value)));
    $range_start = COM_applyFilter($_POST['range_start']);
    $range_start = addslashes(COM_checkHTML(COM_checkWords($range_start)));
    $range_end = COM_applyFilter($_POST['range_end']);
    $range_end = addslashes(COM_checkHTML(COM_checkWords($range_end)));
    $dfid = COM_applyFilter($_POST['dfid']);
    $dfid = addslashes(COM_checkHTML(COM_checkWords($dfid)));
    $type = COM_applyFilter($_POST['type']);
    $type = addslashes(COM_checkHTML(COM_checkWords($type)));
    $selection = COM_applyFilter($_POST['selection']);
    $selection = addslashes(COM_checkHTML(COM_checkWords($selection)));
    $selectlist = COM_applyFilter($_POST['selectlist']);
    $selectlist = addslashes(COM_checkHTML(COM_checkWords($selectlist)));
    $checkrequried = COM_applyFilter($_POST['checkrequried']);
    $checkrequried = addslashes(COM_checkHTML(COM_checkWords($checkrequried)));
    $size = COM_applyFilter($_POST['size'], true);
    $size = addslashes(COM_checkHTML(COM_checkWords($size)));
    $maxlength = COM_applyFilter($_POST['maxlength'], true);
    $maxlength = addslashes(COM_checkHTML(COM_checkWords($maxlength)));
    $rows = COM_applyFilter($_POST['rows'], true);
    $rows = addslashes(COM_checkHTML(COM_checkWords($rows)));
    $br = COM_applyFilter($_POST['br'], true);
    $br = addslashes(COM_checkHTML(COM_checkWords($br)));
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //ID
    if ($id == 0) {
        //$err.=$lang_box_admin['err_id']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $lang_box_admin['err_id'] . "<br/>" . LB;
        }
    }
    //名称必須
    if (empty($name)) {
        $err .= $lang_box_admin['err_name'] . "<br/>" . LB;
    }
    //テーマ変数必須,二重チェック
    if (empty($templatesetvar)) {
        $err .= $lang_box_admin['err_templatesetvar'] . "<br/>" . LB;
    } else {
        $templatesetvar = rtrim(ltrim($templatesetvar));
        $newtemplatesetvar = COM_sanitizeID($templatesetvar, false);
        if ($templatesetvar != $newtemplatesetvar) {
            $err .= $lang_box_admin['err_templatesetvar'] . "<br/>" . LB;
        } else {
            $cntsql = "SELECT field_id FROM {$table} ";
            $cntsql .= " WHERE ";
            $cntsql .= " templatesetvar='{$templatesetvar}' ";
            $cntsql .= " AND field_id<>{$id}";
            $result = DB_query($cntsql);
            $numrows = DB_numRows($result);
            if ($numrows != 0) {
                $err .= $lang_box_admin['err_templatesetvar_w'] . "<br/>" . LB;
            }
        }
    }
    //7 = 'オプションリスト';
    //8 = 'ラジオボタンリスト';
    //14= 'マルチセレクトリスト';
    if ($type == 7 or $type == 8 or $type == 14) {
        if ($selection == "") {
            $err .= $lang_box_admin['err_selection'] . "<br/>" . LB;
        }
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($table, "max(field_id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = "field_id";
    $values = "{$id}";
    $fields .= ",name";
    $values .= ",'{$name}'";
    $fields .= ",templatesetvar";
    $values .= ",'{$templatesetvar}'";
    $fields .= ",description";
    $values .= ",'{$description}'";
    $fields .= ",type";
    $values .= ",{$type}";
    $fields .= ",selection";
    $values .= ",'{$selection}'";
    $fields .= ",selectlist";
    $values .= ",'{$selectlist}'";
    $fields .= ",checkrequried";
    $values .= ",{$checkrequried}";
    $fields .= ",size";
    $values .= ",{$size}";
    $fields .= ",maxlength";
    $values .= ",{$maxlength}";
    $fields .= ",rows";
    $values .= ",{$rows}";
    $fields .= ",br";
    $values .= ",{$br}";
    $fields .= ",orderno";
    //
    $values .= ",'{$orderno}'";
    $fields .= ",allow_display";
    $values .= ",{$allow_display}";
    $fields .= ",allow_edit";
    $values .= ",{$allow_edit}";
    $fields .= ",textcheck";
    $values .= ",{$textcheck}";
    $fields .= ",textconv";
    $values .= ",{$textconv}";
    $fields .= ",searchtarget";
    $values .= ",{$searchtarget}";
    $fields .= ",initial_value";
    $values .= ",'{$initial_value}'";
    $fields .= ",range_start";
    $values .= ",'{$range_start}'";
    $fields .= ",range_end";
    $values .= ",'{$range_end}'";
    $fields .= ",dfid";
    $values .= ",{$dfid}";
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    DB_save($table, $fields, $values);
    //    if ($new_flg){
    $sql = "INSERT INTO " . $table2 . LB;
    $sql .= " (`id`,`field_id`,`value`)" . LB;
    $sql .= " SELECT id";
    $sql .= " ," . $id;
    if ($initial_value != "") {
        $sql .= ",'" . $initial_value . "' ";
    } else {
        //7 = 'オプションリスト';
        //8 = 'ラジオボタンリスト';
        if (($type == 7 or $type == 8) and $selection != "") {
            $sql .= ",'0' ";
        } else {
            $sql .= ",NULL ";
        }
    }
    $sql .= " FROM " . $table1 . " AS t1" . LB;
    $sql .= " where  fieldset_id=0 AND id NOT IN (select id from " . $table2 . LB;
    $sql .= " where field_id=" . $id . ")" . LB;
    //COM_errorLog( "sql= " . $sql, 1 );
    DB_query($sql);
    //    }
    //    $rt=fncsendmail ($id);
    //    if ($edt_flg){
    //        $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
    //        $return_page.="?id=".$id;
    //    }else{
    //        $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
    //    }
    //$return_page="";//@@@@@debug 用
    $message = "";
    if ($box_conf['aftersave_admin'] === 'no') {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/field.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
            $message = 1;
        } else {
            if ($box_conf['aftersave_admin'] === 'admin') {
                $target = $box_conf['aftersave_admin'];
                $message = 1;
            } else {
                $item_url = $_CONF['site_url'] . $box_conf['top'];
                $target = $box_conf['aftersave_admin'];
            }
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
    echo $return_page;
    exit;
}
Esempio n. 12
0
function CMT_getCommentLinkWithCount($type, $sid, $url, $cmtCount = 0, $urlRewrite = 0)
{
    global $_CONF, $LANG01;
    $retval = '';
    if (!isset($_CONF['comment_engine'])) {
        $_CONF['comment_engine'] = 'internal';
    }
    switch ($_CONF['comment_engine']) {
        case 'disqus':
            if ($urlRewrite) {
                $url = COM_buildURL($url . '#disqus_thread');
            } else {
                $url = $url . '#disqus_thread';
            }
            if ($type == 'filemgmt') {
                $type = 'filemgmt_fileid';
            }
            $link = '<a href="' . $url . '" data-disqus-identifier=' . $type . '_' . $sid . '>';
            $retval = array('url' => $url, 'url_extra' => ' data-disqus-identifier="' . $type . '_' . $sid . '"', 'link' => $link, 'nonlink' => '<span class="disqus-comment-count" data-disqus-identifier="' . $type . '_' . $sid . '"></span>', 'comment_count' => '<span class="disqus-comment-count" data-disqus-identifier="' . $type . '_' . $sid . '">0 ' . $LANG01[83] . '</span>', 'comment_text' => $LANG01[83], 'link_with_count' => $link . '<span class="disqus-comment-count" data-disqus-identifier="' . $type . '_' . $sid . '">' . $cmtCount . ' ' . $LANG01[83] . '</span></a>');
            break;
        case 'facebook':
            if ($urlRewrite) {
                $url = COM_buildURL($url);
            } else {
                $url = $url;
            }
            $link = '<a href="' . $url . '">';
            $retval = array('url' => $url, 'url_extra' => '', 'link' => $link, 'nonlink' => '<span class="fb-comments-count" data-href="' . $url . '"></span>', 'comment_count' => '<span class="fb-comments-count" data-href="' . $url . '"></span> ' . $LANG01[83], 'comment_text' => $LANG01[83], 'link_with_count' => $link . '<span class="fb-comments-count" data-href="' . $url . '"></span>' . ' ' . $LANG01[83] . '</a>');
            break;
        case 'internal':
        default:
            $link = '<a href="' . $url . '#comments">';
            $retval = array('url' => $url, 'url_extra' => '', 'link' => $link, 'nonlink' => '', 'comment_count' => $cmtCount . ' ' . $LANG01[83], 'comment_text' => $LANG01[83], 'link_with_count' => $link . ' ' . $cmtCount . ' ' . $LANG01[83] . '</a>');
            break;
    }
    return $retval;
}
Esempio n. 13
0
        $cmt_page = COM_applyFilter($_GET['cmtpage'], true);
    }
}
$valid_modes = array('threaded', 'nested', 'flat', 'nocomment');
if (in_array($mode, $valid_modes) === false) {
    $mode = '';
}
if ($display_mode != 'print') {
    $display_mode = '';
}
$pageArgument = '?page=' . $page;
$dmArgument = empty($display_mode) ? '' : '&disp_mode=' . $display_mode;
$cmtOrderArgument = empty($comment_order) ? '' : 'order=' . $comment_order;
$cmtModeArgument = empty($comment_mode) ? '' : 'mode=' . $comment_mode;
$cmtPageArgument = empty($cmt_page) ? '' : 'cmtpage=' . (int) $cmt_page;
$baseURL = COM_buildURL($_CONF['site_url'] . '/page.php' . $pageArgument . $dmArgument);
if (strpos($baseURL, '?') === false) {
    $sep = '?';
} else {
    $sep = '&';
}
if ($cmtOrderArgument != '') {
    $baseURL = $baseURL . $sep . $cmtOrderArgument;
    $sep = '&';
}
if ($cmtModeArgument != '') {
    $baseURL = $baseURL . $sep . $cmtModeArgument;
    $sep = '&';
}
if ($cmtPageArgument != '') {
    $baseURL = $baseURL . $sep . $cmtPageArgument;
Esempio n. 14
0
function fncSave($edt_flg, $navbarMenu, $menuno, $template)
{
    $pi_name = "databox";
    global $_CONF;
    global $LANG_DATABOX_ADMIN;
    global $_TABLES;
    global $_USER;
    global $_DATABOX_CONF;
    global $LANG_DATABOX_user_menu;
    $addition_def = DATABOX_getadditiondef();
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    if ($id == 0) {
        $new_flg = true;
    } else {
        $new_flg = false;
    }
    $fieldset_id = COM_applyFilter($_POST['fieldset'], true);
    $code = COM_applyFilter($_POST['code']);
    $code = addslashes(COM_checkHTML(COM_checkWords($code)));
    $title = COM_stripslashes($_POST['title']);
    $title = addslashes(COM_checkHTML(COM_checkWords($title)));
    $page_title = COM_applyFilter($_POST['page_title']);
    $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $language_id = COM_applyFilter($_POST['language_id']);
    $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
    $category = $_POST['category'];
    //@@@@@
    $additionfields = $_POST['afield'];
    $additionfields_old = $_POST['afield'];
    $additionfields_fnm = $_POST['afield_fnm'];
    $additionfields_del = $_POST['afield_del'];
    $additionfields_alt = $_POST['afield_alt'];
    $additionfields_date = array();
    $additionfields = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
    //            $hits =0;
    //            $comments=0;
    $old_mode = COM_applyFilter($_POST['old_mode']);
    $old_mode = addslashes(COM_checkHTML(COM_checkWords($old_mode)));
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //id
    if ($id == 0) {
        //$err.=$LANG_DATABOX_ADMIN['err_uid']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $LANG_DATABOX_ADMIN['err_id'] . "<br/>" . LB;
        }
    }
    //タイトル必須
    if (empty($title)) {
        $err .= $LANG_DATABOX_ADMIN['err_title'] . "<br/>" . LB;
    }
    //文字数制限チェック
    if (mb_strlen($description, 'UTF-8') > $_DATABOX_CONF['maxlength_description']) {
        $err .= $LANG_DATABOX_ADMIN['description'] . $_DATABOX_CONF['maxlength_description'] . $LANG_DATABOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    //----追加項目チェック
    $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
        $retval['display'] = fncEdit($id, $edt_flg, 3, $err, "edit", $fieldset_id, $template, $old_mode);
        return $retval;
    }
    // CHECK おわり
    //-----
    // 新規登録時
    if ($new_flg) {
        $w = DB_getItem($_TABLES['DATABOX_base'], "max(id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = LB . "id";
    $values = LB . "{$id}";
    if ($new_flg) {
        if ($_DATABOX_CONF['datacode']) {
            $code = "000000" . date(Ymdhis);
        }
        $created = COM_convertDate2Timestamp(date("Y-m-d"), date("H:i::00"));
        $modified = $created;
        $released = $created;
        $commentcode = $_DATABOX_CONF['commentcode'];
        $trackbackcode = $_CONF[trackback_code];
        $comment_expire = '0000-00-00 00:00:00';
        $expired = '0000-00-00 00:00:00';
        //
        $defaulttemplatesdirectory = null;
        $draft_flag = $_DATABOX_CONF['user_draft_default'];
        $draft_flag = $_DATABOX_CONF['user_draft_default'];
        //---
        $meta_description = "";
        $meta_keywords = "";
        $owner_id = $_USER['uid'];
        $group_id = SEC_getFeatureGroup('databox.admin', $_USER['uid']);
        $array = array();
        SEC_setDefaultPermissions($array, $_DATABOX_CONF['default_permissions']);
        $perm_owner = $array['perm_owner'];
        $perm_group = $array['perm_group'];
        $perm_anon = $array['perm_anon'];
        $perm_members = $array['perm_members'];
        $draft_flag = $_DATABOX_CONF['user_draft_default'];
        $cache_time = $_DATABOX_CONF['default_cache_time'];
        //-----
        $fields .= ",defaulttemplatesdirectory";
        //
        $values .= ",'{$defaulttemplatesdirectory}'";
        $fields .= ",draft_flag";
        $values .= ",{$draft_flag}";
        $fields .= ",cache_time";
        $values .= ",{$cache_time}";
        $fields .= ",meta_description";
        //
        $values .= ",'{$meta_description}'";
        $fields .= ",meta_keywords";
        //
        $values .= ",'{$meta_keywords}'";
        $fields .= ",commentcode";
        //
        $values .= ",{$commentcode}";
        $fields .= ",trackbackcode";
        //
        $values .= ",{$trackbackcode}";
        $fields .= ",comment_expire";
        //
        if ($comment_expire == '0000-00-00 00:00:00') {
            $values .= ",'{$comment_expire}'";
        } else {
            $values .= ",FROM_UNIXTIME('{$comment_expire}')";
        }
        $fields .= ",language_id";
        //
        $values .= ",'{$language_id}'";
        $fields .= ",owner_id";
        $values .= ",{$owner_id}";
        $fields .= ",group_id";
        $values .= ",{$group_id}";
        $fields .= ",perm_owner";
        $values .= ",{$perm_owner}";
        $fields .= ",perm_group";
        $values .= ",{$perm_group}";
        $fields .= ",perm_members";
        $values .= ",{$perm_members}";
        $fields .= ",perm_anon";
        $values .= ",{$perm_anon}";
        $fields .= ",modified";
        $values .= ",FROM_UNIXTIME('{$modified}')";
        $fields .= ",created";
        $values .= ",FROM_UNIXTIME('{$created}')";
        $fields .= ",expired";
        if ($expired == '0000-00-00 00:00:00') {
            $values .= ",'{$expired}'";
        } else {
            $values .= ",FROM_UNIXTIME('{$expired}')";
        }
        $fields .= ",released";
        $values .= ",FROM_UNIXTIME('{$released}')";
        $hits = 0;
        $comments = 0;
        $fields .= ",code";
        $values .= ",'{$code}'";
        $fields .= ",title";
        //
        $values .= ",'{$title}'";
        $fields .= ",page_title";
        //
        $values .= ",'{$page_title}'";
        $fields .= ",description";
        //
        $values .= ",'{$description}'";
        //        $fields.=",hits";//
        //        $values.=",$hits";
        $fields .= ",comments";
        //
        $values .= ",{$comments}";
        $fields .= ",fieldset_id";
        //
        $values .= ",{$fieldset_id}";
        $fields .= ",uuid";
        $values .= ",{$uuid}";
        if ($edt_flg) {
            $return_page = $_CONF['site_url'] . "/" . THIS_SCRIPT;
            $return_page .= "?id=" . $id;
        } else {
            $return_page = $_CONF['site_url'] . '/' . THIS_SCRIPT . '?msg=1';
        }
        DB_save($_TABLES['DATABOX_base'], $fields, $values);
    } else {
        $sql = "UPDATE {$_TABLES['DATABOX_base']} set ";
        $sql .= " title = '{$title}'";
        $sql .= " ,page_title = '{$page_title}'";
        $sql .= " ,description = '{$description}'";
        $sql .= " ,language_id = '{$language_id}'";
        $sql .= " ,modified = FROM_UNIXTIME('{$modified}')";
        $sql .= ",uuid='{$uuid}' WHERE id={$id}";
        DB_query($sql);
    }
    //カテゴリ
    //$rt=DATABOX_savedatas("category_id",$_TABLES['DATABOX_category'],$id,$category);
    $rt = DATABOX_savecategorydatas($id, $category);
    //追加項目
    if ($old_mode == "copy") {
        DATABOX_uploadaddtiondatas_cpy($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
    } else {
        DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
    }
    if ($new_flg) {
        $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
    } else {
        $rt = DATABOX_saveaddtiondatas_update($id, $additionfields, $addition_def, $pi_name);
    }
    $rt = fncsendmail('data', $id);
    $cacheInstance = 'databox__' . $id . '__';
    CACHE_remove_instance($cacheInstance);
    //exit;//@@@@@debug 用
    if ($_DATABOX_CONF['aftersave'] === 'no') {
        $retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
        $retval['display'] .= fncEdit($id, $edt_flg, 1, $err, "edit", $fieldset_id, $template);
        return $retval;
    } else {
        if ($_DATABOX_CONF['aftersave'] === 'list' or $_DATABOX_CONF['aftersave'] === 'admin') {
            $url = $_CONF['site_url'] . "/databox/mydata/data.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
        } else {
            $url = $_CONF['site_url'] . "/databox/data.php";
            $url .= "?";
            //コード使用の時
            if ($_DATABOX_CONF['datacode']) {
                $url .= "code=" . $code;
                $url .= "&amp;m=code";
            } else {
                $url .= "id=" . $id;
                $url .= "&amp;m=id";
            }
            $item_url = COM_buildUrl($url);
            $target = $_DATABOX_CONF['aftersave_admin'];
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, 1);
    echo $return_page;
    exit;
}
Esempio n. 15
0
/**
* This function creates an html list of topics the object belongs too or
* creates a similar list based on topics passed to it
*
* @param    string          $type           Type of object to display access for
* @param    string          $id             Id of onject
* @param    integer         $max            Max number of items returned
* @param    string/array    $tids           Topics Ids to use instead of retrieving from db
* @return   HTML string
*
*/
function TOPIC_relatedTopics($type, $id, $max = 6, $tids = array())
{
    global $_CONF, $LANG27, $_TABLES;
    $retval = '';
    if ($max < 0) {
        $max = 6;
    }
    if (!is_array($tids)) {
        $tids = array($tids);
    }
    // if topic ids not passed then retrieve from db
    $from_db = false;
    if (empty($tids)) {
        $from_db = true;
    }
    if ($from_db) {
        // Retrieve Topic options
        $sql = "SELECT ta.tid, t.topic\n            FROM {$_TABLES['topic_assignments']} ta, {$_TABLES['topics']} t\n            WHERE t.tid = ta.tid AND ta.type = '{$type}' AND ta.id ='{$id}'\n            " . COM_getPermSQL('AND', 0, 2, 't') . COM_getLangSQL('tid', 'AND', 't') . "\n            AND t.tid != '" . TOPIC_ALL_OPTION . "' AND t.tid != '" . TOPIC_HOMEONLY_OPTION . "'";
    } else {
        $sql = "SELECT tid, topic\n            FROM {$_TABLES['topics']} t\n            WHERE (tid IN ('" . implode("','", $tids) . "'))";
    }
    $sql .= COM_getPermSQL('AND');
    if ($from_db) {
        $sql .= " ORDER BY tdefault DESC, topic ASC";
    } else {
        $sql .= " ORDER BY topic ASC";
    }
    if ($max > 0) {
        $sql .= " LIMIT " . $max;
    }
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        $topicrelated = COM_newTemplate($_CONF['path_layout']);
        $topicrelated->set_file(array('topicrelated' => 'topicrelated.thtml'));
        $blocks = array('topicitem', 'separator');
        foreach ($blocks as $block) {
            $topicrelated->set_block('topicrelated', $block);
        }
        $topicrelated->set_var('lang_filed_under', $LANG27['filed_under:']);
        for ($i = 0; $i < $nrows; $i++) {
            $A = DB_fetchArray($result);
            $url = COM_buildURL($_CONF['site_url'] . '/index.php?topic=' . $A['tid']);
            $topicrelated->set_var('topic_url', $url);
            $topicrelated->set_var('topic', $A['topic']);
            $topicrelated->parse('topics', 'topicitem', true);
            if ($i + 1 < $nrows) {
                $topicrelated->parse('topics', 'separator', true);
            }
        }
        $retval = $topicrelated->finish($topicrelated->parse('topicrelated', 'topicrelated'));
    }
    return $retval;
}
Esempio n. 16
0
$events = EVLIST_getEvents($start, $end, $opts);
$ical = '';
$space = '      ';
$rp_shown = array();
foreach ($events as $day) {
    foreach ($day as $event) {
        // Check if this repeat is already shown.  We only want multi-day
        // events included once instead of each day
        if (array_key_exists($event['rp_id'], $rp_shown)) {
            continue;
        }
        $rp_shown[$event['rp_id']] = 1;
        $start_time = gmstrftime('%Y%m%dT%H%M%SZ', strtotime($event['rp_date_start'] . ' ' . $event['rp_time_start1']));
        $end_time = gmstrftime('%Y%m%dT%H%M%SZ', strtotime($event['rp_date_end'] . ' ' . $event['rp_time_end1']));
        $summary = $event['title'];
        $permalink = COM_buildURL(EVLIST_URL . '/event.php?eid=' . $event['rp_id']);
        if (!empty($event['full_description'])) {
            $description = $event['full_description'];
        } elseif (!empty($event['summary'])) {
            $description = $event['summary'];
        } else {
            $description = $summary;
            // Event title is required
        }
        //$description = str_replace(",", "\,", $description);
        // TODO: the following 3 lines commented out 2011-02-17 to see if
        // they're necessary for google calendar
        //$description = str_replace("\\", "\\\\", $description);
        //$description = str_replace("\n", $space, strip_tags($description));
        //$description = str_replace("\r", $space, strip_tags($description));
        $ical .= "BEGIN:VEVENT\n" . "DTSTART:{$start_time}\n" . "DTEND:{$end_time}\n" . "URL:{$permalink}\n" . "SUMMARY:{$summary}\n" . "DESCRIPTION:{$description}\n" . "END:VEVENT\n\n";
Esempio n. 17
0
/**
* Saves link to the database
*
* @param    string  $lid            ID for link
* @param    string  $old_lid        old ID for link
* @param    string  $cid            cid of category link belongs to
* @param    string  $categorydd     Category links belong to
* @param    string  $url            URL of link to save
* @param    string  $description    Description of link
* @param    string  $title          Title of link
* @param    int     $hits           Number of hits for link
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group link belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $cid = DB_escapeString($cid);
    if (empty($owner_id)) {
        // this is new link from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Links Admin'])) {
            $group_id = $_GROUPS['Links Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('links.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    $lid = COM_sanitizeID($lid);
    $old_lid = COM_sanitizeID($old_lid);
    if (empty($lid)) {
        if (empty($old_lid)) {
            $lid = COM_makeSid();
        } else {
            $lid = $old_lid;
        }
    }
    // check for link id change
    if (!empty($old_lid) && $lid != $old_lid) {
        // check if new lid is already in use
        if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
            // TBD: abort, display editor with all content intact again
            $lid = $old_lid;
            // for now ...
        }
    }
    $access = 0;
    $old_lid = DB_escapeString($old_lid);
    if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
        COM_output($display);
        exit;
    } elseif (!empty($title) && !empty($description) && !empty($url)) {
        if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
            $cid = DB_escapeString($categorydd);
        } else {
            if ($categorydd != $LANG_LINKS_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
            }
        }
        DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
        DB_delete($_TABLES['links'], 'lid', $old_lid);
        DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (empty($old_lid) || $old_lid == $lid) {
            PLG_itemSaved($lid, 'links');
        } else {
            PLG_itemSaved($lid, 'links', $old_lid);
        }
        // Get category for rdf check
        $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('links', $category, $lid);
        return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
    } else {
        // missing fields
        $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
        if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
            $retval .= editlink('edit', $old_lid);
        } else {
            $retval .= editlink('edit', '');
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
        return $retval;
    }
}
Esempio n. 18
0
 /**
  * Return a list of articles that have some relation with the article ID given
  *
  * @param  string $articleId
  * @param  string $keywordList a comma-separated list of keywords
  * @param  int    $limit       max number od related articles
  * @return array
  * @link   http://www.enkeladress.com/article/20110315104621317
  */
 public static function getRelatedArticlesByKeywords($articleId, $keywordList, $limit = 5)
 {
     global $_CONF, $LANG24, $_TABLES;
     $work = array();
     $articleId = trim($articleId);
     $keywords = explode(',', $keywordList);
     if ($articleId === '' || count($keywords) === 0) {
         return $work;
     }
     $escapedArticleId = DB_escapeString($articleId);
     foreach ($keywords as $keyword) {
         $keyword = trim($keyword);
         if ($keyword === '') {
             continue;
         } else {
             $escapedKeyword = DB_escapeString($keyword);
         }
         $sql = "SELECT sid, title FROM {$_TABLES['stories']} " . "WHERE (sid  <> '{$escapedArticleId}') " . "AND (draft_flag = 0) AND (date <= NOW()) " . "AND meta_keywords LIKE '%{$escapedKeyword}%' " . "GROUP BY sid, title " . "LIMIT 5 ";
         $resultSet = DB_query($sql);
         while (($A = DB_fetchArray($resultSet, false)) !== false) {
             $sid = $A['sid'];
             $title = stripslashes($A['title']);
             $found = false;
             foreach ($work as &$item) {
                 if ($item['sid'] === $sid) {
                     $item['score']++;
                     $found = true;
                     break;
                 }
             }
             unset($item);
             if (!$found) {
                 $work[] = array('sid' => $sid, 'title' => $title, 'score' => 1);
             }
         }
     }
     if (count($work) > 1) {
         usort($work, array(__CLASS__, 'getRelatedArticlesSort'));
     }
     if (count($work) > $limit) {
         $work = array_slice($work, 0, $limit);
     }
     $encoding = COM_getEncodingt();
     $retval = array();
     foreach ($work as $item) {
         $retval[] = '<li>' . '<a href="' . COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $item['sid']) . '">' . htmlspecialchars($item['title'], ENT_QUOTES, $encoding) . '</a>' . '</li>' . PHP_EOL;
     }
     $retval = '<h3>' . $LANG24[92] . '</h3>' . PHP_EOL . '<ul>' . PHP_EOL . implode('', $retval) . '</ul>' . PHP_EOL;
     return $retval;
 }
Esempio n. 19
0
/**
* Displays the static page editor form
*
* @param    array   $A      Data to display
* @return   string          HTML for the static page editor
*
*/
function staticpageeditor_form($A)
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS;
    if (!empty($sp_id) && $mode == 'edit') {
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        if ($mode != 'clone') {
            $A['sp_inblock'] = $_SP_CONF['in_block'];
        }
        $A['owner_id'] = $_USER['uid'];
        if (isset($_GROUPS['Static Page Admin'])) {
            $A['group_id'] = $_GROUPS['Static Page Admin'];
        } else {
            $A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
        }
        SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
        $access = 3;
        if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
            $A['advanced_editor_mode'] = 1;
        }
    }
    $retval = '';
    $sp_template = COM_newTemplate(CTL_plugin_templatePath('staticpages', 'admin'));
    if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
        $sp_template->set_file('form', 'editor_advanced.thtml');
        // Shouldn't really have to check if anonymous user but who knows...
        if (COM_isAnonUser()) {
            $link_message = "";
        } else {
            $link_message = $LANG01[138];
        }
        $sp_template->set_var('noscript', COM_getNoScript(false, '', $link_message));
        // Setup Advanced Editor
        COM_setupAdvancedEditor('/staticpages/adveditor.js', 'staticpages.edit');
        $sp_template->set_var('lang_expandhelp', $LANG24[67]);
        $sp_template->set_var('lang_reducehelp', $LANG24[68]);
        $sp_template->set_var('lang_toolbar', $LANG24[70]);
        $sp_template->set_var('toolbar1', $LANG24[71]);
        $sp_template->set_var('toolbar2', $LANG24[72]);
        $sp_template->set_var('toolbar3', $LANG24[73]);
        $sp_template->set_var('toolbar4', $LANG24[74]);
        $sp_template->set_var('toolbar5', $LANG24[75]);
        $sp_template->set_var('lang_nojavascript', $LANG24[77]);
        $sp_template->set_var('lang_postmode', $LANG24[4]);
        if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
            $sp_template->set_var('show_adveditor', '');
            $sp_template->set_var('show_htmleditor', 'none');
        } else {
            $sp_template->set_var('show_adveditor', 'none');
            $sp_template->set_var('show_htmleditor', '');
        }
        $post_options = '<option value="html" selected="selected">' . $LANG_postmodes['html'] . '</option>';
        if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
            $post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
        } else {
            $post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
        }
        $sp_template->set_var('post_options', $post_options);
        $sp_template->set_var('change_editormode', 'onchange="change_editmode(this);"');
    } else {
        $sp_template->set_file('form', 'editor.thtml');
    }
    // Add JavaScript
    if ($_CONF['titletoid']) {
        $_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
        $sp_template->set_var('titletoid', true);
    }
    $sp_template->set_var('lang_mode', $LANG24[3]);
    $sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
    $sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
    $sp_template->set_var('lang_owner', $LANG_ACCESS['owner']);
    $owner_name = COM_getDisplayName($A['owner_id']);
    $owner_username = DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}");
    $sp_template->set_var('owner_id', $A['owner_id']);
    $sp_template->set_var('owner', $owner_name);
    $sp_template->set_var('owner_name', $owner_name);
    $sp_template->set_var('owner_username', $owner_username);
    if ($A['owner_id'] > 1) {
        $profile_link = $_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $A['owner_id'];
        $sp_template->set_var('start_owner_anchortag', '<a href="' . $profile_link . '">');
        $sp_template->set_var('end_owner_anchortag', '</a>');
        $sp_template->set_var('owner_link', COM_createLink($owner_name, $profile_link));
        $photo = '';
        if ($_CONF['allow_user_photo']) {
            $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$A['owner_id']}");
            if (!empty($photo)) {
                $camera_icon = '<img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" alt=""' . XHTML . '>';
                $sp_template->set_var('camera_icon', COM_createLink($camera_icon, $profile_link));
            }
        }
        if (empty($photo)) {
            $sp_template->set_var('camera_icon', '');
        }
    } else {
        $sp_template->set_var('start_owner_anchortag', '');
        $sp_template->set_var('end_owner_anchortag', '');
        $sp_template->set_var('owner_link', $owner_name);
    }
    $sp_template->set_var('lang_group', $LANG_ACCESS['group']);
    $sp_template->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
    $sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
    $sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']);
    $sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
    $sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
    $sp_template->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
    $token = SEC_createToken();
    $start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
    $start_block .= SEC_getTokenExpiryNotice($token);
    $sp_template->set_var('start_block_editor', $start_block);
    $sp_template->set_var('lang_save', $LANG_ADMIN['save']);
    $sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $sp_template->set_var('lang_preview', $LANG_ADMIN['preview']);
    if (SEC_hasRights('staticpages.delete') && $mode != 'clone' && !empty($A['sp_old_id'])) {
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
        $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
        $sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
    } else {
        $sp_template->set_var('delete_option', '');
    }
    $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
    $sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
    $authorname = COM_getDisplayName($A['owner_id']);
    $sp_template->set_var('name', $authorname);
    $sp_template->set_var('author', $authorname);
    $sp_template->set_var('lang_url', $LANG_STATIC['url']);
    $sp_template->set_var('lang_id', $LANG_STATIC['id']);
    $sp_template->set_var('sp_uid', $A['owner_id']);
    $sp_template->set_var('sp_id', $A['sp_id']);
    $sp_template->set_var('sp_old_id', $A['sp_old_id']);
    $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $A['sp_id']));
    $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
    $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
    $sp_template->set_var('lang_centerblock_include', $LANG21[51]);
    $sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
    $sp_template->set_var('centerblock_help', $A['sp_help']);
    $sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
    if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
        $sp_template->set_var('centerblock_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('centerblock_checked', '');
    }
    $sp_template->set_var('lang_position', $LANG_STATIC['position']);
    $position = '<select name="sp_where">';
    $position .= '<option value="1"';
    if ($A['sp_where'] == 1) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_top'] . '</option>';
    $position .= '<option value="2"';
    if ($A['sp_where'] == 2) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
    $position .= '<option value="3"';
    if ($A['sp_where'] == 3) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
    $position .= '<option value="0"';
    if ($A['sp_where'] == 0) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
    $position .= '</select>';
    $sp_template->set_var('pos_selection', $position);
    if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
        if (!isset($A['sp_php'])) {
            $A['sp_php'] = 0;
        }
        $selection = '<select name="sp_php">' . LB;
        $selection .= '<option value="0"';
        if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
            $selection .= ' selected="selected"';
        }
        $selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
        $selection .= '<option value="1"';
        if ($A['sp_php'] == 1) {
            $selection .= ' selected="selected"';
        }
        $selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
        $selection .= '<option value="2"';
        if ($A['sp_php'] == 2) {
            $selection .= ' selected="selected"';
        }
        $selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
        $selection .= '</select>';
        $sp_template->set_var('php_selector', $selection);
        $sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
    } else {
        $sp_template->set_var('php_selector', '');
        $sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
    }
    $sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
    // old variables (for the 1.3-type checkbox)
    $sp_template->set_var('php_checked', '');
    $sp_template->set_var('php_type', 'hidden');
    if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
        $sp_template->set_var('exit_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('exit_checked', '');
    }
    $sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
    $sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
    if ($A['sp_inblock'] == 1) {
        $sp_template->set_var('inblock_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('inblock_checked', '');
    }
    $sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
    $sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
    if ($A['draft_flag'] == 1) {
        $sp_template->set_var('draft_flag_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('draft_flag_checked', '');
    }
    $sp_template->set_var('lang_draft', $LANG_STATIC['draft']);
    $sp_template->set_var('lang_cache_time', $LANG_STATIC['cache_time']);
    $sp_template->set_var('lang_cache_time_desc', $LANG_STATIC['cache_time_desc']);
    $sp_template->set_var('cache_time', $A['cache_time']);
    $curtime = COM_getUserDateTimeFormat($A['unixdate']);
    $sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
    $sp_template->set_var('sp_formateddate', $curtime[0]);
    $sp_template->set_var('sp_date', $curtime[1]);
    $sp_template->set_var('lang_title', $LANG_STATIC['title']);
    $sp_template->set_var('lang_page_title', $LANG_STATIC['page_title']);
    $title = '';
    $page_title = '';
    if (isset($A['sp_title'])) {
        $title = htmlspecialchars(stripslashes($A['sp_title']));
    }
    if (isset($A['sp_page_title'])) {
        $page_title = htmlspecialchars(stripslashes($A['sp_page_title']));
    }
    $sp_template->set_var('sp_title', $title);
    $sp_template->set_var('sp_page_title', $page_title);
    $sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
    if ($mode != 'clone') {
        // want to use default topic selection if new staticpage so pass in blank id
        $topic_sp_id = $A['sp_id'];
        if (empty($sp_id) && $mode == 'edit') {
            // means new
            $topic_sp_id = '';
        }
        $sp_template->set_var('topic_selection', TOPIC_getTopicSelectionControl('staticpages', $topic_sp_id, true, false, true));
    } else {
        $sp_template->set_var('topic_selection', TOPIC_getTopicSelectionControl('staticpages', $A['clone_sp_id'], true, false, true));
    }
    $sp_template->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
    $sp_template->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
    if (!empty($A['meta_description'])) {
        $sp_template->set_var('meta_description', $A['meta_description']);
    }
    if (!empty($A['meta_keywords'])) {
        $sp_template->set_var('meta_keywords', $A['meta_keywords']);
    }
    if ($_CONF['meta_tags'] > 0 && $_SP_CONF['meta_tags'] > 0) {
        $sp_template->set_var('hide_meta', '');
    } else {
        $sp_template->set_var('hide_meta', ' style="display:none;"');
    }
    if ($A['template_flag'] == 1) {
        $sp_template->set_var('template_flag_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('template_flag_checked', '');
    }
    $sp_template->set_var('lang_template', $LANG_STATIC['template']);
    $sp_template->set_var('lang_template_flag_msg', $LANG_STATIC['template_msg']);
    $template_list = templatelist($A['template_id']);
    $template_none = '<option value=""';
    if ($A['template_id'] == "") {
        $template_none .= ' selected="selected"';
    }
    $template_none .= '>' . $LANG_STATIC['none'] . '</option>';
    $sp_template->set_var('use_template_selection', '<select name="template_id">' . $template_none . $template_list . '</select>');
    $sp_template->set_var('lang_use_template', $LANG_STATIC['use_template']);
    $sp_template->set_var('lang_use_template_msg', $LANG_STATIC['use_template_msg']);
    $sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
    if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
        $sp_template->set_var('onmenu_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('onmenu_checked', '');
    }
    $sp_template->set_var('lang_label', $LANG_STATIC['label']);
    if (isset($A['sp_label'])) {
        $sp_template->set_var('sp_label', $A['sp_label']);
    } else {
        $sp_template->set_var('sp_label', '');
    }
    $sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
    $sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
    $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
    $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
    $sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
    if (!isset($A['sp_format'])) {
        $A['sp_format'] = '';
    }
    if ($A['sp_format'] == 'noblocks') {
        $sp_template->set_var('noblock_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('noblock_selected', '');
    }
    if ($A['sp_format'] == 'leftblocks') {
        $sp_template->set_var('leftblocks_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('leftblocks_selected', '');
    }
    if ($A['sp_format'] == 'blankpage') {
        $sp_template->set_var('blankpage_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('blankpage_selected', '');
    }
    if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
        $sp_template->set_var('allblocks_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('allblocks_selected', '');
    }
    $sp_template->set_var('lang_content', $LANG_STATIC['content']);
    $content = '';
    if (isset($A['sp_content'])) {
        $content = htmlspecialchars(stripslashes($A['sp_content']));
        $content = str_replace(array('{', '}'), array('&#123;', '&#125;'), $content);
    }
    $sp_template->set_var('sp_content', $content);
    $allowed = COM_allowedHTML('staticpages.edit', false, $_SP_CONF['filter_html']) . COM_allowedAutotags();
    $sp_template->set_var('lang_allowedhtml', $allowed);
    $sp_template->set_var('lang_allowed_html', $allowed);
    $sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
    if (empty($A['sp_hits'])) {
        $sp_template->set_var('sp_hits', '0');
        $sp_template->set_var('sp_hits_formatted', '0');
    } else {
        $sp_template->set_var('sp_hits', $A['sp_hits']);
        $sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
    }
    $sp_template->set_var('lang_comments', $LANG_STATIC['comments']);
    if ($A['commentcode'] == -1) {
        $sp_template->set_var('sp_comments', $LANG_ADMIN['na']);
    } else {
        $num_comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($A['sp_id']), 'staticpages'));
        $sp_template->set_var('sp_comments', COM_numberFormat($num_comments));
    }
    $sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $sp_template->set_var('gltoken_name', CSRF_TOKEN);
    $sp_template->set_var('gltoken', $token);
    $sp_template->parse('output', 'form');
    $retval .= $sp_template->finish($sp_template->get_var('output'));
    return $retval;
}
Esempio n. 20
0
/**
 * Shows a profile for a user
 * This grabs the user profile for a given user and displays it
 *
 * @param    int     $uid     User ID of profile to get
 * @param    boolean $preview whether being called as preview from My Account
 * @param    int     $msg     Message to display (if != 0)
 * @param    string  $plugin  optional plugin name for message
 * @return   string              HTML for user profile page
 */
function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '')
{
    global $_CONF, $_TABLES, $_USER, $_IMAGE_TYPE, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN, $LANG_ADMIN;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LOGIN[1]));
        return $retval;
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$uid}");
    $numRows = DB_numRows($result);
    if ($numRows == 0) {
        // no such user
        COM_handle404();
    }
    $A = DB_fetchArray($result);
    if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
        COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
    }
    if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) {
        COM_handle404();
    }
    $display_name = COM_getDisplayName($uid, $A['username'], $A['fullname']);
    $display_name = htmlspecialchars($display_name);
    if (!$preview) {
        if ($msg > 0) {
            $retval .= COM_showMessage($msg, $plugin);
        }
    }
    // format date/time to user preference
    $currentTime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $currentTime[0];
    $user_templates = COM_newTemplate($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    if ($_CONF['show_fullname'] == 1) {
        if (empty($A['fullname'])) {
            $userName = $A['username'];
            $fullName = '';
        } else {
            $userName = $A['fullname'];
            $fullName = $A['username'];
        }
    } else {
        $userName = $A['username'];
        $fullName = $A['fullname'];
    }
    $userName = htmlspecialchars($userName);
    $fullName = htmlspecialchars($fullName);
    if ($A['status'] == USER_ACCOUNT_DISABLED) {
        $userName = sprintf('<s title="%s">%s</s>', $LANG28[42], $userName);
        if (!empty($fullName)) {
            $fullName = sprintf('<s title="%s">%s</s>', $LANG28[42], $fullName);
        }
    }
    $user_templates->set_var('username', $userName);
    $user_templates->set_var('user_fullname', $fullName);
    if ($preview) {
        $user_templates->set_var('edit_icon', '');
        $user_templates->set_var('edit_link', '');
        $user_templates->set_var('user_edit', '');
    } elseif (!COM_isAnonUser() && $_USER['uid'] == $uid) {
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[48] . '" title="' . $LANG01[48] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, $_CONF['site_url'] . '/usersettings.php');
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_link_url);
    } elseif (SEC_hasRights('user.edit')) {
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&amp;uid={$A['uid']}");
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_link_url);
    }
    if (isset($A['photo']) && empty($A['photo'])) {
        $A['photo'] = '(none)';
        // user does not have a photo
    }
    $photo = USER_getPhoto($uid, $A['photo'], $A['email'], -1);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $uid);
    $user_templates->set_var('uid', $uid);
    if ($A['email'] != '') {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    } else {
        $user_templates->set_var('email_option', '');
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', COM_nl2br(stripslashes($A['about'])));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', COM_nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82]);
    $user_templates->set_var('headline_last10comments', $LANG04[10]);
    $user_templates->set_var('headline_postingstats', $LANG04[83]);
    $tids = TOPIC_getList(0, true, false);
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (count($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate\n            FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND') . "\n            AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1\n            ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
    } else {
        $numRows = 0;
    }
    if ($numRows > 0) {
        for ($i = 0; $i < $numRows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
            $storyTime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storyTime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $story_row = $LANG01[37];
        if ($_CONF['supported_version_theme'] == '1.8.1') {
            $story_row = '<tr><td>' . $story_row . '</td></tr>';
        }
        $user_templates->set_var('story_row', $story_row);
    }
    // list of last 10 comments by this user
    $new_plugin_comments = PLG_getWhatsNewComment('', 10, $uid);
    if (!empty($new_plugin_comments)) {
        // Sort array by element lastdate newest to oldest
        foreach ($new_plugin_comments as $k => $v) {
            $b[$k] = strtolower($v['unixdate']);
        }
        arsort($b);
        foreach ($b as $key => $val) {
            $temp[] = $new_plugin_comments[$key];
        }
        $new_plugin_comments = $temp;
        $i = 0;
        foreach ($new_plugin_comments as $C) {
            $i = $i + 1;
            $user_templates->set_var('cssid', $i % 2);
            $user_templates->set_var('row_number', $i . '.');
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
            $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
            $commentTime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('comment_date', $commentTime[0]);
            $user_templates->parse('comment_row', 'row', true);
            if ($i == 10) {
                break;
            }
        }
    } else {
        $comment_row = $LANG01[29];
        if ($_CONF['supported_version_theme'] == '1.8.1') {
            $comment_row = '<tr><td>' . $comment_row . '</td></tr>';
        }
        $user_templates->set_var('comment_row', $comment_row);
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_number_comments', $LANG04[85]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$uid})";
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($uid));
    }
    PLG_profileVariablesDisplay($uid, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($uid);
    if (!$preview) {
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[1] . ' ' . $display_name));
    }
    return $retval;
}
Esempio n. 21
0
/**
 * used for the list of topics in admin/topic.php
 *
 * @param  string $fieldName
 * @param  string $fieldValue
 * @param  array  $A
 * @param  array  $icon_arr
 * @param  string $token
 * @return string
 */
function ADMIN_getListField_topics($fieldName, $fieldValue, $A, $icon_arr, $token)
{
    global $_CONF, $LANG_ACCESS, $_TABLES, $LANG27, $LANG32;
    $retval = false;
    $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    switch ($fieldName) {
        case 'edit':
            if ($access == 3) {
                $editUrl = $_CONF['site_admin_url'] . '/topic.php?mode=edit&amp;tid=' . $A['tid'];
                $retval = COM_createLink($icon_arr['edit'], $editUrl);
            }
            break;
        case 'sortnum':
            if ($_CONF['sortmethod'] === 'sortnum') {
                $style = 'style="vertical-align: middle;"';
                $upImage = $_CONF['layout_url'] . '/images/admin/up.png';
                $downImage = $_CONF['layout_url'] . '/images/admin/down.png';
                $url = $_CONF['site_admin_url'] . '/topic.php?mode=change_sortnum' . '&amp;tid=' . $A['tid'] . '&amp;' . CSRF_TOKEN . '=' . $token . '&amp;where=';
                $retval .= COM_createLink("<img {$style} alt=\"+\" src=\"{$upImage}\"" . XHTML . ">", $url . 'up', array('title' => $LANG32[44]));
                $retval .= '&nbsp;' . $fieldValue . '&nbsp;';
                $retval .= COM_createLink("<img {$style} alt=\"-\" src=\"{$downImage}\"" . XHTML . ">", $url . 'dn', array('title' => $LANG32[45]));
            } else {
                $retval = $fieldValue;
            }
            break;
        case 'image':
            $retval = '';
            if (!empty($A['imageurl'])) {
                $imageUrl = COM_getTopicImageUrl($A['imageurl']);
                $image_tag = '<img src="' . $imageUrl . '" width="24" height="24" id="topic-' . $A['tid'] . '" class="admin-topic-image" alt=""' . XHTML . '>';
                $url = COM_buildURL($_CONF['site_url'] . '/index.php?topic=' . $A['tid']);
                $retval = COM_createLink($image_tag, $url);
            }
            break;
        case 'topic':
            $default = $A['is_default'] == 1 ? $LANG27[24] : '';
            $level = -1;
            $tid = $A['tid'];
            while ($tid !== TOPIC_ROOT) {
                $tid = DB_getItem($_TABLES['topics'], 'parent_id', "tid = '{$tid}'");
                $level++;
            }
            $level *= 15;
            $content = '<span style="margin-left:' . $level . 'px">' . $fieldValue . '</span>';
            $url = COM_buildURL($_CONF['site_url'] . '/index.php?topic=' . $A['tid']);
            $retval = COM_createLink($content, $url) . $default;
            break;
        case 'access':
            $retval = $LANG_ACCESS['readonly'];
            if ($access == 3) {
                $retval = $LANG_ACCESS['edit'];
            }
            break;
        case 'inherit':
        case 'hidden':
            $yes = empty($LANG27[50]) ? 'Yes' : $LANG27[50];
            $no = empty($LANG27[50]) ? 'No' : $LANG27[51];
            $retval = $fieldValue == 1 ? $yes : $no;
            break;
        case 'story':
            // Retrieve list of inherited topics
            $tid_list = TOPIC_getChildList($A['tid']);
            // Calculate number of stories in topic, includes any inherited ones
            $sql = "SELECT sid FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta " . "WHERE (draft_flag = 0) AND (date <= NOW()) " . COM_getPermSQL('AND') . "AND ta.type = 'article' AND ta.id = sid " . "AND (ta.tid IN({$tid_list}) " . "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$A['tid']}'))) " . "GROUP BY sid";
            $result = DB_query($sql);
            $numRows = DB_numRows($result);
            $retval = COM_numberFormat($numRows);
            break;
        default:
            $retval = $fieldValue;
            break;
    }
    return $retval;
}
Esempio n. 22
0
/**
* Displays the static page editor form
*
* @param    array   $A  Data to display
* @return   string      HTML for the static page editor
*
*/
function staticpageeditor_form($A, $error = false)
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG24, $LANG_postmodes, $MESSAGE;
    $template_path = staticpages_templatePath('admin');
    if (!empty($sp_id) && $mode == 'edit') {
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        if ($mode != 'clone') {
            $A['sp_inblock'] = $_SP_CONF['in_block'];
        }
        $A['owner_id'] = $_USER['uid'];
        if (isset($_GROUPS['Static Page Admin'])) {
            $A['group_id'] = $_GROUPS['Static Page Admin'];
        } else {
            $A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
        }
        SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
        $access = 3;
        if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1 && file_exists($template_path . '/editor_advanced.thtml')) {
            $A['advanced_editor_mode'] = 1;
        }
    }
    $retval = '';
    $sp_template = new Template($template_path);
    if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1 && file_exists($template_path . '/editor_advanced.thtml')) {
        $sp_template->set_file('form', 'editor_advanced.thtml');
        $sp_template->set_var('lang_expandhelp', $LANG24[67]);
        $sp_template->set_var('lang_reducehelp', $LANG24[68]);
        $sp_template->set_var('lang_toolbar', $LANG24[70]);
        $sp_template->set_var('toolbar1', $LANG24[71]);
        $sp_template->set_var('toolbar2', $LANG24[72]);
        $sp_template->set_var('toolbar3', $LANG24[73]);
        $sp_template->set_var('toolbar4', $LANG24[74]);
        $sp_template->set_var('toolbar5', $LANG24[75]);
        $sp_template->set_var('lang_nojavascript', $LANG24[77]);
        $sp_template->set_var('lang_postmode', $LANG24[4]);
        if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
            $sp_template->set_var('show_adveditor', '');
            $sp_template->set_var('show_htmleditor', 'none');
        } else {
            $sp_template->set_var('show_adveditor', 'none');
            $sp_template->set_var('show_htmleditor', '');
        }
        $post_options = '<option value="html" selected="selected">' . $LANG_postmodes['html'] . '</option>';
        if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
            $post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
        } else {
            $post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
        }
        $sp_template->set_var('post_options', $post_options);
        $sp_template->set_var('change_editormode', 'onchange="change_editmode(this);"');
    } else {
        $sp_template->set_file('form', 'editor.thtml');
    }
    $sp_template->set_var('layout_url', $_CONF['layout_url']);
    $sp_template->set_var('lang_mode', $LANG24[3]);
    $sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
    $sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
    $sp_template->set_var('lang_owner', $LANG_ACCESS['owner']);
    $ownername = COM_getDisplayName($A['owner_id']);
    $sp_template->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
    $sp_template->set_var('owner_name', $ownername);
    $sp_template->set_var('owner', $ownername);
    $sp_template->set_var('owner_id', $A['owner_id']);
    $sp_template->set_var('lang_group', $LANG_ACCESS['group']);
    $sp_template->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
    $sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
    $sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']);
    $sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
    $sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
    $sp_template->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
    $sp_template->set_var('site_url', $_CONF['site_url']);
    $sp_template->set_var('site_admin_url', $_CONF['site_admin_url']);
    $token = SEC_createToken();
    $start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
    $start_block .= SEC_getTokenExpiryNotice($token);
    $sp_template->set_var('start_block_editor', $start_block);
    $sp_template->set_var('lang_save', $LANG_ADMIN['save']);
    $sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $sp_template->set_var('lang_preview', $LANG_ADMIN['preview']);
    if (SEC_hasRights('staticpages.delete') && $mode != 'clone' && !empty($A['sp_old_id'])) {
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
        $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
        $sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
    } else {
        $sp_template->set_var('delete_option', '');
    }
    $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
    $sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['sp_uid']}"));
    $authorname = COM_getDisplayName($A['sp_uid']);
    $sp_template->set_var('name', $authorname);
    $sp_template->set_var('author', $authorname);
    $sp_template->set_var('lang_url', $LANG_STATIC['url']);
    $sp_template->set_var('lang_id', $LANG_STATIC['id']);
    $sp_template->set_var('sp_uid', $A['sp_uid']);
    $sp_template->set_var('sp_id', $A['sp_id']);
    $sp_template->set_var('sp_old_id', $A['sp_old_id']);
    $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $A['sp_id']));
    $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
    $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
    $sp_template->set_var('lang_centerblock_include', $LANG21[51]);
    $sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
    $sp_template->set_var('centerblock_help', $A['sp_help']);
    $sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
    if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
        $sp_template->set_var('centerblock_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('centerblock_checked', '');
    }
    $sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
    $sp_template->set_var('lang_position', $LANG_STATIC['position']);
    $current_topic = '';
    if (isset($A['sp_tid'])) {
        $current_topic = $A['sp_tid'];
    }
    if (empty($current_topic)) {
        $current_topic = 'none';
    }
    $topics = COM_topicList('tid,topic', $current_topic, 1, true);
    $alltopics = '<option value="all"';
    if ($current_topic == 'all') {
        $alltopics .= ' selected="selected"';
    }
    $alltopics .= '>' . $LANG_STATIC['all_topics'] . '</option>' . LB;
    $notopic = '<option value="none"';
    if ($current_topic == 'none') {
        $notopic .= ' selected="selected"';
    }
    $notopic .= '>' . $LANG_STATIC['no_topic'] . '</option>' . LB;
    $sp_template->set_var('topic_selection', '<select name="sp_tid">' . $alltopics . $notopic . $topics . '</select>');
    $position = '<select name="sp_where">';
    $position .= '<option value="1"';
    if ($A['sp_where'] == 1) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_top'] . '</option>';
    $position .= '<option value="2"';
    if ($A['sp_where'] == 2) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
    $position .= '<option value="3"';
    if ($A['sp_where'] == 3) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
    $position .= '<option value="0"';
    if ($A['sp_where'] == 0) {
        $position .= ' selected="selected"';
    }
    $position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
    $position .= '</select>';
    $sp_template->set_var('pos_selection', $position);
    if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
        if (!isset($A['sp_php'])) {
            $A['sp_php'] = 0;
        }
        $selection = '<select name="sp_php">' . LB;
        $selection .= '<option value="0"';
        if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
            $selection .= ' selected="selected"';
        }
        $selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
        $selection .= '<option value="1"';
        if ($A['sp_php'] == 1) {
            $selection .= ' selected="selected"';
        }
        $selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
        $selection .= '<option value="2"';
        if ($A['sp_php'] == 2) {
            $selection .= ' selected="selected"';
        }
        $selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
        $selection .= '</select>';
        $sp_template->set_var('php_selector', $selection);
        $sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
    } else {
        $sp_template->set_var('php_selector', '');
        $sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
    }
    $sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
    // old variables (for the 1.3-type checkbox)
    $sp_template->set_var('php_checked', '');
    $sp_template->set_var('php_type', 'hidden');
    if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
        $sp_template->set_var('exit_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('exit_checked', '');
    }
    $sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
    $sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
    if ($A['sp_inblock'] == 1) {
        $sp_template->set_var('inblock_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('inblock_checked', '');
    }
    $sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
    $sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
    $curtime = COM_getUserDateTimeFormat($A['unixdate']);
    $sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
    $sp_template->set_var('sp_formateddate', $curtime[0]);
    $sp_template->set_var('sp_date', $curtime[1]);
    $sp_template->set_var('lang_title', $LANG_STATIC['title']);
    $title = '';
    if (isset($A['sp_title'])) {
        $title = htmlspecialchars(stripslashes($A['sp_title']));
    }
    $sp_template->set_var('sp_title', $title);
    $sp_template->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
    $sp_template->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
    if (!empty($A['meta_description'])) {
        $sp_template->set_var('meta_description', $A['meta_description']);
    }
    if (!empty($A['meta_keywords'])) {
        $sp_template->set_var('meta_keywords', $A['meta_keywords']);
    }
    $sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
    if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
        $sp_template->set_var('onmenu_checked', 'checked="checked"');
    } else {
        $sp_template->set_var('onmenu_checked', '');
    }
    $sp_template->set_var('lang_label', $LANG_STATIC['label']);
    if (isset($A['sp_label'])) {
        $sp_template->set_var('sp_label', $A['sp_label']);
    } else {
        $sp_template->set_var('sp_label', '');
    }
    $sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
    $sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
    $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
    $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
    $sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
    if (!isset($A['sp_format'])) {
        $A['sp_format'] = '';
    }
    if ($A['sp_format'] == 'noblocks') {
        $sp_template->set_var('noblock_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('noblock_selected', '');
    }
    if ($A['sp_format'] == 'leftblocks') {
        $sp_template->set_var('leftblocks_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('leftblocks_selected', '');
    }
    if ($A['sp_format'] == 'blankpage') {
        $sp_template->set_var('blankpage_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('blankpage_selected', '');
    }
    if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
        $sp_template->set_var('allblocks_selected', 'selected="selected"');
    } else {
        $sp_template->set_var('allblocks_selected', '');
    }
    $sp_template->set_var('lang_content', $LANG_STATIC['content']);
    $content = '';
    if (isset($A['sp_content'])) {
        $content = htmlspecialchars(stripslashes($A['sp_content']));
        $content = str_replace(array('{', '}'), array('&#123;', '&#125;'), $content);
    }
    $sp_template->set_var('sp_content', $content);
    if ($_SP_CONF['filter_html'] == 1) {
        $allowed = COM_allowedHTML('staticpages.edit');
        $sp_template->set_var('lang_allowedhtml', $allowed);
        $sp_template->set_var('lang_allowed_html', $allowed);
    } else {
        $sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']);
        $allowed = '<span class="warningsmall">' . $LANG_STATIC['all_html_allowed'] . ',</span>' . LB . '<div dir="ltr" class="warningsmall">';
        $autotags = array_keys(PLG_collectTags());
        $allowed .= '[' . implode(':], [', $autotags) . ':]';
        $allowed .= '</div>';
        $sp_template->set_var('lang_allowed_html', $allowed);
    }
    $sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
    if (empty($A['sp_hits'])) {
        $sp_template->set_var('sp_hits', '0');
        $sp_template->set_var('sp_hits_formatted', '0');
    } else {
        $sp_template->set_var('sp_hits', $A['sp_hits']);
        $sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
    }
    $sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $sp_template->set_var('xhtml', XHTML);
    $sp_template->set_var('gltoken_name', CSRF_TOKEN);
    $sp_template->set_var('gltoken', $token);
    $sp_template->parse('output', 'form');
    $retval .= $sp_template->finish($sp_template->get_var('output'));
    return $retval;
}
Esempio n. 23
0
/**
* Displays the static page form
*
* @param    array   $A      Data to display
* @param    string  $error  Error message to display
*
*/
function PAGE_form($A, $error = false)
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $action, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG24, $LANG_postmodes, $MESSAGE;
    USES_lib_admin();
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php', 'text' => $LANG_STATIC['page_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $template_path = staticpages_templatePath('admin');
    if (!empty($sp_id) && ($action == 'edit' || $action == 'clone')) {
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $A['owner_id'] = $_USER['uid'];
        if (isset($_GROUPS['staticpages Admin'])) {
            $A['group_id'] = $_GROUPS['staticpages Admin'];
        } else {
            $A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
        }
        SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
        $access = 3;
    }
    $retval = '';
    if (empty($A['owner_id'])) {
        $error = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
        $error .= $LANG_STATIC['deny_msg'];
        $error .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
    }
    if ($error) {
        $retval .= $error . '<br/><br/>';
    } else {
        $sp_template = new Template($template_path);
        $sp_template->set_file('form', 'editor.thtml');
        $sp_template->set_var('lang_mode', $LANG24[3]);
        $sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
        $ownername = COM_getDisplayName($A['owner_id']);
        $sp_template->set_var(array('sp_search_checked' => $A['sp_search'] == 1 ? ' checked="checked"' : '', 'sp_status_checked' => $A['sp_status'] == 1 ? ' checked="checked"' : '', 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"), 'owner_name' => $ownername, 'owner' => $ownername, 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], $access), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'start_block_editor' => COM_startBlock($LANG_STATIC['staticpages'] . ' :: ' . $LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header')), 'lang_save' => $LANG_ADMIN['save'], 'lang_cancel' => $LANG_ADMIN['cancel'], 'lang_preview' => $LANG_ADMIN['preview'], 'lang_editor' => $LANG_STATIC['staticpageeditor'], 'lang_attributes' => $LANG_STATIC['attributes']));
        if (SEC_hasRights('staticpages.delete') && $action != 'clone' && !empty($A['sp_old_id'])) {
            $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>';
            $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
            $sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
            $sp_template->set_var('delete_button', true);
            $sp_template->set_var('lang_delete_confirm', $MESSAGE[76]);
            $sp_template->set_var('lang_delete', $LANG_ADMIN['delete']);
            $sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
        } else {
            $sp_template->set_var('delete_option', '');
        }
        $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
        $sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['sp_uid']}"));
        $authorname = COM_getDisplayName($A['sp_uid']);
        $sp_template->set_var('name', $authorname);
        $sp_template->set_var('author', $authorname);
        $sp_template->set_var('lang_url', $LANG_STATIC['url']);
        $sp_template->set_var('lang_id', $LANG_STATIC['id']);
        $sp_template->set_var('sp_uid', $A['sp_uid']);
        $sp_template->set_var('sp_id', $A['sp_id']);
        $sp_template->set_var('sp_old_id', $A['sp_old_id']);
        $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']));
        $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
        $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
        $sp_template->set_var('lang_centerblock_include', $LANG21[51]);
        $sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
        $sp_template->set_var('centerblock_help', $A['sp_help']);
        $sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
        if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
            $sp_template->set_var('centerblock_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('centerblock_checked', '');
        }
        $sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
        $sp_template->set_var('lang_position', $LANG_STATIC['position']);
        $current_topic = '';
        if (isset($A['sp_tid'])) {
            $current_topic = $A['sp_tid'];
        }
        if (empty($current_topic)) {
            $current_topic = 'none';
        }
        $topics = COM_topicList('tid,topic', $current_topic, 1, true);
        $alltopics = '<option value="all"';
        if ($current_topic == 'all') {
            $alltopics .= ' selected="selected"';
        }
        $alltopics .= '>' . $LANG_STATIC['all_topics'] . '</option>' . LB;
        $allnhp = '<option value="allnhp"';
        if ($current_topic == 'allnhp') {
            $allnhp .= ' selected="selected"';
        }
        $allnhp .= '>' . $LANG_STATIC['allnhp_topics'] . '</option>' . LB;
        $notopic = '<option value="none"';
        if ($current_topic == 'none') {
            $notopic .= ' selected="selected"';
        }
        $notopic .= '>' . $LANG_STATIC['no_topic'] . '</option>' . LB;
        $sp_template->set_var('topic_selection', '<select name="sp_tid">' . $alltopics . $allnhp . $notopic . $topics . '</select>');
        $position = '<select name="sp_where">';
        $position .= '<option value="1"';
        if ($A['sp_where'] == 1) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_top'] . '</option>';
        $position .= '<option value="2"';
        if ($A['sp_where'] == 2) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
        $position .= '<option value="3"';
        if ($A['sp_where'] == 3) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
        $position .= '<option value="0"';
        if ($A['sp_where'] == 0) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
        $position .= '<option value="4"';
        if ($A['sp_where'] == 4) {
            $position .= ' selected="selected"';
        }
        $position .= '>' . $LANG_STATIC['position_nonews'] . '</option>';
        $position .= '</select>';
        $sp_template->set_var('pos_selection', $position);
        if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
            if (!isset($A['sp_php'])) {
                $A['sp_php'] = 0;
            }
            $selection = '<select name="sp_php">' . LB;
            $selection .= '<option value="0"';
            if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
                $selection .= ' selected="selected"';
            }
            $selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
            $selection .= '<option value="1"';
            if ($A['sp_php'] == 1) {
                $selection .= ' selected="selected"';
            }
            $selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
            $selection .= '<option value="2"';
            if ($A['sp_php'] == 2) {
                $selection .= ' selected="selected"';
            }
            $selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
            $selection .= '</select>';
            $sp_template->set_var('php_selector', $selection);
            $sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
        } else {
            $sp_template->set_var('php_selector', '');
            $sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
        }
        $sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
        // old variables (for the 1.3-type checkbox)
        $sp_template->set_var('php_checked', '');
        $sp_template->set_var('php_type', 'hidden');
        if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
            $sp_template->set_var('exit_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('exit_checked', '');
        }
        $sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
        $sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
        if (isset($A['sp_inblock']) && $A['sp_inblock'] == 1) {
            $sp_template->set_var('inblock_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('inblock_checked', '');
        }
        $sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
        $sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
        $curtime = COM_getUserDateTimeFormat($A['unixdate']);
        $sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
        $sp_template->set_var('sp_formateddate', $curtime[0]);
        $sp_template->set_var('sp_date', $curtime[1]);
        $sp_template->set_var('lang_title', $LANG_STATIC['title']);
        $title = '';
        if (isset($A['sp_title'])) {
            $title = htmlspecialchars($A['sp_title']);
        }
        $sp_template->set_var('sp_title', $title);
        $sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
        if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
            $sp_template->set_var('onmenu_checked', 'checked="checked"');
        } else {
            $sp_template->set_var('onmenu_checked', '');
        }
        $sp_template->set_var('lang_label', $LANG_STATIC['label']);
        if (isset($A['sp_label'])) {
            $sp_template->set_var('sp_label', $A['sp_label']);
        } else {
            $sp_template->set_var('sp_label', '');
        }
        $sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
        $sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
        $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
        $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
        $sp_template->set_var('lang_rightblocks', $LANG_STATIC['rightblocks']);
        $sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
        if (!isset($A['sp_format'])) {
            $A['sp_format'] = '';
        }
        if ($A['sp_format'] == 'noblocks') {
            $sp_template->set_var('noblock_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('noblock_selected', '');
        }
        if ($A['sp_format'] == 'leftblocks') {
            $sp_template->set_var('leftblocks_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('leftblocks_selected', '');
        }
        if ($A['sp_format'] == 'rightblocks') {
            $sp_template->set_var('rightblocks_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('rightblocks_selected', '');
        }
        if ($A['sp_format'] == 'blankpage') {
            $sp_template->set_var('blankpage_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('blankpage_selected', '');
        }
        if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
            $sp_template->set_var('allblocks_selected', 'selected="selected"');
        } else {
            $sp_template->set_var('allblocks_selected', '');
        }
        $sp_template->set_var('lang_content', $LANG_STATIC['content']);
        $content = '';
        if (isset($A['sp_content'])) {
            $content = htmlspecialchars($A['sp_content']);
        }
        $sp_template->set_var('sp_content', $content);
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_template->set_var('lang_allowedhtml', COM_allowedHTML(SEC_getUserPermissions(), false, 'staticpages', 'page'));
        } else {
            $sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']);
        }
        $sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
        if (empty($A['sp_hits'])) {
            $sp_template->set_var('sp_hits', '0');
            $sp_template->set_var('sp_hits_formatted', '0');
        } else {
            $sp_template->set_var('sp_hits', $A['sp_hits']);
            $sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
        }
        $sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
        $sp_template->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id']));
        $sp_template->set_var('writtenby_dropdown', COM_buildOwnerList('sp_uid', $A['sp_uid']));
        $sp_template->set_var('gltoken_name', CSRF_TOKEN);
        $sp_template->set_var('gltoken', SEC_createToken());
        $sp_template->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions_edit'], plugin_geticon_staticpages()));
        PLG_templateSetVars('sp_editor', $sp_template);
        $retval .= $sp_template->parse('output', 'form');
    }
    return $retval;
}
Esempio n. 24
0
    $T->set_var('lang_' . $lang_var, TAG_str($lang_var));
}
$tag_menu = array();
$sql = "SELECT type, sid, COUNT(sid) AS cnt " . "  FROM {$_TABLES['tag_map']} " . "WHERE (tag_id IN ('" . implode("','", array_map('addslashes', $tags)) . "')) " . "GROUP BY type, sid " . "HAVING cnt = '" . addslashes(count($tags)) . "'";
$result = DB_query($sql);
if (!DB_error()) {
    while (($A = DB_fetchArray($result)) !== FALSE) {
        $url = '';
        $title = '';
        $item = '<li><a href="';
        switch ($A['type']) {
            case 'article':
                /* Falls through to default */
            /* Falls through to default */
            default:
                $url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . TAG_escape($A['sid']));
                $title = TAG_getStoryTitle($A['sid']);
                break;
        }
        if ($url === '') {
            continue;
        }
        $item .= $url . '">' . TAG_escape($title) . '</a></li>' . LB;
        $tag_menu[] = $item;
    }
}
if (count($tag_menu) > 0) {
    $tag_menu = '<ol>' . LB . implode(LB, $tag_menu) . LB . '</ol>' . LB;
} else {
    $tag_menu = TAG_str('no_item');
}
Esempio n. 25
0
 function _parseElement()
 {
     global $_SP_CONF, $_USER, $_TABLES, $LANG01, $_CONF, $_GROUPS;
     $returnArray = array();
     $childArray = array();
     $item_array = array();
     if ($this->active != 1 && $this->id != 0) {
         return NULL;
     }
     if ($this->group_id == 998 && !COM_isAnonUser()) {
         return NULL;
     }
     if (isset($_REQUEST['topic'])) {
         $topic = COM_applyFilter($_REQUEST['topic']);
     } else {
         $topic = '';
     }
     if (COM_isAnonUser()) {
         $anon = 1;
     } else {
         $anon = 0;
     }
     $allowed = true;
     if ($this->group_id != 998 && $this->id != 0 && !SEC_inGroup($this->group_id)) {
         return NULL;
     }
     if ($this->group_id == 1 && !isset($_GROUPS['Root'])) {
         return NULL;
     }
     switch ($this->type) {
         case ET_SUB_MENU:
             $this->replace_macros();
             break;
         case ET_FUSION_ACTION:
             switch ($this->subtype) {
                 case 0:
                     // home
                     $this->url = $_CONF['site_url'] . '/';
                     break;
                 case 1:
                     // contribute
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['submitloginrequired'])) {
                         return NULL;
                     }
                     if (empty($topic)) {
                         $this->url = $_CONF['site_url'] . '/submit.php?type=story';
                     } else {
                         $this->url = $_CONF['site_url'] . '/submit.php?type=story&amp;topic=' . $topic;
                     }
                     $label = $LANG01[71];
                     break;
                 case 2:
                     // directory
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['directoryloginrequired'])) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/directory.php';
                     if (!empty($topic)) {
                         $this->url = COM_buildUrl($this->url . '?topic=' . urlencode($topic));
                     }
                     break;
                 case 3:
                     // prefs
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['profileloginrequired'])) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/usersettings.php?mode=edit';
                     break;
                 case 4:
                     // search
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['searchloginrequired'])) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/search.php';
                     break;
                 case 5:
                     // stats
                     if (!SEC_hasRights('stats.view')) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/stats.php';
                     break;
                 default:
                     // unknown?
                     $this->url = $_CONF['site_url'] . '/';
                     break;
             }
             break;
         case ET_FUSION_MENU:
             $this->url = '';
             switch ($this->subtype) {
                 case USER_MENU:
                     // if anonymous user - show login entry
                     if (COM_isAnonUser()) {
                         $this->label = $LANG01[58];
                         $this->url = $_CONF['site_url'] . '/users.php';
                         $this->target = '';
                         break;
                     }
                     // logged-in user see My Account entry
                     $item_array = getUserMenu();
                     $this->label = $LANG01[47];
                     break;
                 case ADMIN_MENU:
                     $this->url = $_CONF['site_admin_url'];
                     $item_array = getAdminMenu();
                     break;
                 case TOPIC_MENU:
                     $item_array = getTopicMenu();
                     break;
                 case STATICPAGE_MENU:
                     $item_array = array();
                     $order = '';
                     if (!empty($_SP_CONF['sort_menu_by'])) {
                         $order = ' ORDER BY ';
                         if ($_SP_CONF['sort_menu_by'] == 'date') {
                             $order .= 'sp_date DESC';
                         } else {
                             if ($_SP_CONF['sort_menu_by'] == 'label') {
                                 $order .= 'sp_label';
                             } else {
                                 if ($_SP_CONF['sort_menu_by'] == 'title') {
                                     $order .= 'sp_title';
                                 } else {
                                     // default to "sort by id"
                                     $order .= 'sp_id';
                                 }
                             }
                         }
                     }
                     $result = DB_query('SELECT sp_id, sp_label FROM ' . $_TABLES['staticpage'] . ' WHERE sp_onmenu = 1 AND sp_status = 1' . COM_getPermSql('AND') . $order);
                     $nrows = DB_numRows($result);
                     $menuitems = array();
                     for ($i = 0; $i < $nrows; $i++) {
                         $A = DB_fetchArray($result);
                         $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']);
                         $label = $A['sp_label'];
                         $item_array[] = array('label' => $label, 'url' => $url);
                     }
                     break;
                 case PLUGIN_MENU:
                     $item_array = array();
                     $plugin_menu = PLG_getMenuItems();
                     if (count($plugin_menu) == 0) {
                         $this->access = 0;
                     } else {
                         for ($i = 1; $i <= count($plugin_menu); $i++) {
                             $url = current($plugin_menu);
                             $label = key($plugin_menu);
                             $item_array[] = array('label' => $label, 'url' => $url);
                             next($plugin_menu);
                         }
                     }
                     break;
                 case HEADER_MENU:
                 default:
             }
             break;
         case ET_PLUGIN:
             $plugin_menus = _mbPLG_getMenuItems();
             if (isset($plugin_menus[$this->subtype])) {
                 $this->url = $plugin_menus[$this->subtype];
             } else {
                 $this->access = 0;
                 $allowed = 0;
             }
             break;
         case ET_STATICPAGE:
             $this->url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $this->subtype);
             break;
         case ET_URL:
             $this->replace_macros();
             break;
         case ET_PHP:
             $functionName = $this->subtype;
             if (function_exists($functionName)) {
                 $item_array = $functionName();
             }
             break;
         case ET_TOPIC:
             $this->url = $_CONF['site_url'] . '/index.php?topic=' . $this->subtype;
             break;
         default:
             break;
     }
     if ($this->id != 0 && $this->group_id == 998 && SEC_inGroup('Root')) {
         return NULL;
     }
     if ($allowed == 0 || $this->access == 0) {
         return NULL;
     }
     if ($this->type == ET_FUSION_MENU || $this->type == ET_PHP) {
         $childArray = $item_array;
     } else {
         if (!empty($this->children)) {
             $howmany = $this->getChildcount();
             if ($howmany > 0) {
                 $children = $this->getChildren();
                 foreach ($children as $child) {
                     $elementArray = $child->_parseElement();
                     if ($elementArray != NULL) {
                         $childArray[] = $elementArray;
                     }
                 }
             }
         } else {
             $childArray = NULL;
         }
     }
     $returnArray = array('label' => $this->label, 'url' => $this->url, 'target' => $this->target, 'children' => is_array($childArray) ? $childArray : NULL);
     return $returnArray;
 }
Esempio n. 26
0
/**
*   Create the breadcrumb display, with links.
*
*   @param  integer $id ID of current category
*   @return string      Location string ready for display
*/
function PAYPAL_Breadcrumbs($id)
{
    global $_TABLES, $LANG_PP;
    $A = array();
    $location = '';
    $id = (int) $id;
    if ($id < 1) {
        return $location;
    } else {
        $parent = $id;
    }
    while (true) {
        $sql = "SELECT cat_name, cat_id, parent_id\n            FROM {$_TABLES['paypal.categories']}\n            WHERE cat_id='{$parent}' " . COM_getPermSQL('AND');
        $result = DB_query($sql);
        if (!$result) {
            break;
        }
        $row = DB_fetchArray($result, false);
        $url = '<a href="' . PAYPAL_URL . '/index.php?category=' . (int) $row['cat_id'] . '">' . $row['cat_name'] . '</a>';
        $A[] = $url;
        $parent = (int) $row['parent_id'];
        if ($parent == 0) {
            $url = '<a href="' . COM_buildURL(PAYPAL_URL . '/index.php') . '">' . $LANG_PP['home'] . '</a>';
            $A[] = $url;
            break;
        }
    }
    $B = array_reverse($A);
    $location = implode(' :: ', $B);
    return $location;
}
Esempio n. 27
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
        $output .= $LANG_STATIC['access_denied_msg'];
        $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
            $svc_msg['error_desc'] = 'Menu label missing';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
        if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
            $args['draft_flag'] = 'on';
        }
        if (empty($args['template_flag'])) {
            $args['template_flag'] = '';
        }
        if (empty($args['template_id'])) {
            $args['template_id'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_title = $args['sp_title'];
    $sp_page_title = $args['sp_page_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $meta_description = $args['meta_description'];
    $meta_keywords = $args['meta_keywords'];
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $draft_flag = $args['draft_flag'];
    $template_flag = $args['template_flag'];
    $template_id = $args['template_id'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        if ($draft_flag == 'on') {
            $draft_flag = 1;
        } else {
            $draft_flag = 0;
        }
        if ($template_flag == 'on') {
            $template_flag = 1;
        } else {
            $template_flag = 0;
        }
        // Remove any autotags the user doesn't have permission to use
        $sp_content = PLG_replaceTags($sp_content, '', true);
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_page_title = strip_tags($sp_page_title);
        $sp_label = strip_tags($sp_label);
        $meta_description = strip_tags($meta_description);
        $meta_keywords = strip_tags($meta_keywords);
        $sp_content = addslashes($sp_content);
        $sp_title = addslashes($sp_title);
        $sp_page_title = addslashes($sp_page_title);
        $sp_label = addslashes($sp_label);
        $meta_description = addslashes($meta_description);
        $meta_keywords = addslashes($meta_keywords);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // If marked as a template then set id to nothing and other default settings
        if ($template_flag == 1) {
            $template_id = '';
            $sp_onmenu = 0;
            $sp_label = "";
            $sp_centerblock = 0;
            $sp_php = 0;
            $sp_inblock = 0;
            $sp_nf = 0;
            $sp_hits = 0;
            $meta_description = "";
            $meta_keywords = "";
        } else {
            // See if it was a template before, if so and option changed, remove use from other pages
            if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            if ($template_id != '') {
                // If using a template, make sure php disabled
                $sp_php = 0;
                // Double check template id exists and is still a template
                $perms = SP_getPerms();
                if (!empty($perms)) {
                    $perms = ' AND ' . $perms;
                }
                if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
                    $template_id = '';
                }
            }
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
            // if we're in a multi-language setup, we need to allow one "entire
            // page" centerblock for 'all' or 'none' per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        // Retrieve created date
        $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
        if ($datecreated == '') {
            $datecreated = date('Y-m-d H:i:s');
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
        if ($delete_old_page && !empty($sp_old_id)) {
            // If a template and the id changed, update any staticpages that use it
            if ($template_flag == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
        }
        if (empty($sp_old_id) || $sp_id == $sp_old_id) {
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages');
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                }
            }
        } else {
            DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                }
            }
        }
        $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
Esempio n. 28
0
function fncSave($edt_flg, $navbarMenu, $menuno)
{
    $pi_name = "userbox";
    global $_CONF;
    global $_TABLES;
    global $_USER;
    global $_USERBOX_CONF;
    global $LANG_USERBOX_ADMIN;
    global $_FILES;
    $addition_def = DATABOX_getadditiondef($pi_name);
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $fieldset_id = COM_applyFilter($_POST['fieldset'], true);
    //@@@@@ username fullname
    $username = COM_applyFilter($_POST['username']);
    $username = addslashes(COM_checkHTML(COM_checkWords($username)));
    $fullname = COM_applyFilter($_POST['fullname']);
    $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
    $page_title = COM_applyFilter($_POST['page_title']);
    $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
    $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
    $draft_flag = COM_applyFilter($_POST['draft_flag'], true);
    //            $hits =0;
    //            $comments=0;
    $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
    if ($comment_expire_flag) {
        $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
        $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
        $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
        $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
        $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
        if ($comment_expire_ampm == 'pm') {
            if ($comment_expire_hour < 12) {
                $comment_expire_hour = $comment_expire_hour + 12;
            }
        }
        if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
            $comment_expire_hour = '00';
        }
    } else {
        $comment_expire_month = 0;
        $comment_expire_day = 0;
        $comment_expire_year = 0;
        $comment_expire_hour = 0;
        $comment_expire_minute = 0;
    }
    $commentcode = COM_applyFilter($_POST['commentcode'], true);
    $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
    $cache_time = COM_applyFilter($_POST['cache_time'], true);
    $meta_description = $_POST['meta_description'];
    $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
    $meta_keywords = $_POST['meta_keywords'];
    $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
    $language_id = COM_applyFilter($_POST['language_id']);
    $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
    $category = $_POST['category'];
    //@@@@@
    $additionfields = $_POST['afield'];
    $additionfields_old = $_POST['afield'];
    $additionfields_fnm = $_POST['afield_fnm'];
    $additionfields_del = $_POST['afield_del'];
    $additionfields_alt = $_POST['afield_alt'];
    $additionfields_date = array();
    $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
    //
    $owner_id = COM_applyFilter($_POST['owner_id'], true);
    $group_id = COM_applyFilter($_POST['group_id'], true);
    //
    $array['perm_owner'] = $_POST['perm_owner'];
    $array['perm_group'] = $_POST['perm_group'];
    $array['perm_members'] = $_POST['perm_members'];
    $array['perm_anon'] = $_POST['perm_anon'];
    if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
    } else {
        $perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
        $perm_group = COM_applyBasicFilter($array['perm_group'], true);
        $perm_members = COM_applyBasicFilter($array['perm_members'], true);
        $perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
    }
    //編集日付
    $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
    if ($modified_autoupdate == 1) {
        //$udate = date('Ymd');
        $modified_month = date('m');
        $modified_day = date('d');
        $modified_year = date('Y');
        $modified_hour = date('H');
        $modified_minute = date('i');
    } else {
        $modified_month = COM_applyFilter($_POST['modified_month'], true);
        $modified_day = COM_applyFilter($_POST['modified_day'], true);
        $modified_year = COM_applyFilter($_POST['modified_year'], true);
        $modified_hour = COM_applyFilter($_POST['modified_hour'], true);
        $modified_minute = COM_applyFilter($_POST['modified_minute'], true);
        $modified_ampm = COM_applyFilter($_POST['modified_ampm']);
        if ($modified_ampm == 'pm') {
            if ($modified_hour < 12) {
                $modified_hour = $modified_hour + 12;
            }
        }
        if ($modified_ampm == 'am' and $modified_hour == 12) {
            $modified_hour = '00';
        }
    }
    //公開日
    $released_month = COM_applyFilter($_POST['released_month'], true);
    $released_day = COM_applyFilter($_POST['released_day'], true);
    $released_year = COM_applyFilter($_POST['released_year'], true);
    $released_hour = COM_applyFilter($_POST['released_hour'], true);
    $released_minute = COM_applyFilter($_POST['released_minute'], true);
    if ($released_ampm == 'pm') {
        if ($released_hour < 12) {
            $released_hour = $released_hour + 12;
        }
    }
    if ($released_ampm == 'am' and $released_hour == 12) {
        $released_hour = '00';
    }
    //公開終了日
    $expired_flag = COM_applyFilter($_POST['expired_flag'], true);
    if ($expired_flag) {
        $expired_month = COM_applyFilter($_POST['expired_month'], true);
        $expired_day = COM_applyFilter($_POST['expired_day'], true);
        $expired_year = COM_applyFilter($_POST['expired_year'], true);
        $expired_hour = COM_applyFilter($_POST['expired_hour'], true);
        $expired_minute = COM_applyFilter($_POST['expired_minute'], true);
        if ($expired_ampm == 'pm') {
            if ($expired_hour < 12) {
                $expired_hour = $expired_hour + 12;
            }
        }
        if ($expired_ampm == 'am' and $expired_hour == 12) {
            $expired_hour = '00';
        }
    } else {
        $expired_month = 0;
        $expired_day = 0;
        $expired_year = 0;
        $expired_hour = 0;
        $expired_minute = 0;
    }
    $created = COM_applyFilter($_POST['created_un']);
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //id
    if ($id == 0) {
        //$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB;
        }
    }
    //文字数制限チェック
    if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) {
        $err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) {
        $err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) {
        $err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
    }
    //----追加項目チェック
    $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
    //編集日付
    $modified = $modified_year . "-" . $modified_month . "-" . $modified_day;
    if (checkdate($modified_month, $modified_day, $modified_year) == false) {
        $err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB;
    }
    $modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00");
    //公開日
    $released = $released_year . "-" . $released_month . "-" . $released_day;
    if (checkdate($released_month, $released_day, $released_year) == false) {
        $err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB;
    }
    $released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00");
    //コメント受付終了日時
    if ($comment_expire_flag) {
        if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) {
            $err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB;
        }
        $comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00");
    } else {
        $comment_expire = '0000-00-00 00:00:00';
        //$comment_expire="";
    }
    //公開終了日
    if ($expired_flag) {
        if (checkdate($expired_month, $expired_day, $expired_year) == false) {
            $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
        }
        $expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00");
        if ($expired < $released) {
            $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
        }
    } else {
        $expired = '0000-00-00 00:00:00';
        //$expired="";
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
        $retval['display'] = fncEdit($id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
        $created_month = date('m');
        $created_day = date('d');
        $created_year = date('Y');
        $created_hour = date('H');
        $created_minute = date('i');
        $created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00");
    }
    $hits = 0;
    $comments = 0;
    $fields = "id";
    $values = "{$id}";
    $fields .= ",page_title";
    //
    $values .= ",'{$page_title}'";
    $fields .= ",description";
    //
    $values .= ",'{$description}'";
    $fields .= ",defaulttemplatesdirectory";
    //
    $values .= ",'{$defaulttemplatesdirectory}'";
    //$fields.=",hits";//
    //$values.=",$hits";
    $fields .= ",comments";
    //
    $values .= ",{$comments}";
    $fields .= ",meta_description";
    //
    $values .= ",'{$meta_description}'";
    $fields .= ",meta_keywords";
    //
    $values .= ",'{$meta_keywords}'";
    $fields .= ",commentcode";
    //
    $values .= ",{$commentcode}";
    $fields .= ",trackbackcode";
    //
    $values .= ",{$trackbackcode}";
    $fields .= ",cache_time";
    //
    $values .= ",{$cache_time}";
    $fields .= ",comment_expire";
    //
    if ($comment_expire == '0000-00-00 00:00:00') {
        $values .= ",'{$comment_expire}'";
    } else {
        $values .= ",FROM_UNIXTIME('{$comment_expire}')";
    }
    $fields .= ",language_id";
    //
    $values .= ",'{$language_id}'";
    $fields .= ",owner_id";
    $values .= ",{$owner_id}";
    $fields .= ",group_id";
    $values .= ",{$group_id}";
    $fields .= ",perm_owner";
    $values .= ",{$perm_owner}";
    $fields .= ",perm_group";
    $values .= ",{$perm_group}";
    $fields .= ",perm_members";
    $values .= ",{$perm_members}";
    $fields .= ",perm_anon";
    $values .= ",{$perm_anon}";
    $fields .= ",modified";
    $values .= ",FROM_UNIXTIME('{$modified}')";
    if ($created != "") {
        $fields .= ",created";
        $values .= ",FROM_UNIXTIME('{$created}')";
    }
    $fields .= ",expired";
    if ($expired == '0000-00-00 00:00:00') {
        $values .= ",'{$expired}'";
    } else {
        $values .= ",FROM_UNIXTIME('{$expired}')";
    }
    $fields .= ",released";
    $values .= ",FROM_UNIXTIME('{$released}')";
    $fields .= ",orderno";
    //
    $values .= ",{$orderno}";
    $fields .= ",fieldset_id";
    //
    $values .= ",{$fieldset_id}";
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    $fields .= ",draft_flag";
    $values .= ",{$draft_flag}";
    DB_save($_TABLES['USERBOX_base'], $fields, $values);
    //カテゴリ
    $rt = DATABOX_savecategorydatas($id, $category, $pi_name);
    //追加項目
    DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
    $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
    //user (コアのテーブル)
    //kokoka
    $sql = "UPDATE " . $_TABLES['users'] . " SET ";
    $sql .= " fullname ='" . $fullname . "'";
    $sql .= " WHERE uid=" . $id;
    DB_query($sql);
    $rt = fncsendmail('data', $id);
    $cacheInstance = 'userbox__' . $id . '__';
    CACHE_remove_instance($cacheInstance);
    //exit;// debug 用
    //    if ($edt_flg){
    //        $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
    //        $return_page.="?id=".$id;
    //    }else{
    //        $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
    //    }
    //    return COM_refresh ($return_page);
    if ($_USERBOX_CONF['aftersave_admin'] === 'no') {
        $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
        $retval['display'] .= fncEdit($id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($_USERBOX_CONF['aftersave_admin'] === 'list') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
        } else {
            $url = $_CONF['site_url'] . "/userbox/profile.php";
            $url .= "?";
            //コード使用の時
            if ($_USERBOX_CONF['datacode']) {
                $url .= "code=" . $username;
                $url .= "&amp;m=code";
            } else {
                $url .= "id=" . $id;
                $url .= "&amp;m=id";
            }
            $item_url = COM_buildUrl($url);
            $target = $_USERBOX_CONF['aftersave_admin'];
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1);
    echo $return_page;
    exit;
}
Esempio n. 29
0
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
    global $_CONF;
    global $_TABLES;
    global $_USER;
    $box_conf = "_" . strtoupper($pi_name) . "_CONF";
    global ${$box_conf};
    $box_conf = ${$box_conf};
    $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
    global ${$lang_box_admin};
    $lang_box_admin = ${$lang_box_admin};
    $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
    global ${$lang_box_admin_menu};
    $lang_box_admin_menu = ${$lang_box_admin_menu};
    $lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE";
    global ${$lang_box_inputtype};
    $lang_box_inputtype = ${$lang_box_inputtype};
    $table = $_TABLES[strtoupper($pi_name) . '_def_group'];
    $retval = '';
    // clean 'em up
    $id = COM_applyFilter($_POST['id'], true);
    $code = COM_applyFilter($_POST['code']);
    $code = addslashes(COM_checkHTML(COM_checkWords($code)));
    $name = COM_applyFilter($_POST['name']);
    $name = addslashes(COM_checkHTML(COM_checkWords($name)));
    $description = $_POST['description'];
    //COM_applyFilter($_POST['description']);
    $description = addslashes(COM_checkHTML(COM_checkWords($description)));
    $parent_flg = COM_applyFilter($_POST['parent_flg'], true);
    $input_type = COM_applyFilter($_POST['input_type'], true);
    $orderno = mb_convert_kana($_POST['orderno'], "a");
    //全角英数字を半角英数字に変換する
    $orderno = COM_applyFilter($orderno, true);
    //$name = mb_convert_kana($name,"AKV");
    //A:半角英数字を全角英数字に変換する
    //K:半角カタカナを全角カタカナに変換する
    //V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
    //$name = str_replace ("'", "’",$name);
    //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
    //-----
    $type = 1;
    $uuid = $_USER['uid'];
    // CHECK はじめ
    $err = "";
    //ID コード
    if ($id == 0) {
        //$err.=$lang_box_admin['err_uid']."<br/>".LB;
    } else {
        if (!is_numeric($id)) {
            $err .= $lang_box_admin['err_id'] . "<br/>" . LB;
        }
    }
    //コード
    if ($code != "") {
        $cntsql = "SELECT code FROM {$table} ";
        $cntsql .= " WHERE ";
        $cntsql .= " code='{$code}' ";
        $cntsql .= " AND group_id<>{$id}";
        $result = DB_query($cntsql);
        $numrows = DB_numRows($result);
        if ($numrows != 0) {
            $err .= $lang_box_admin['err_code_w'] . "<br/>" . LB;
        }
    }
    //タイトル必須
    if (empty($name)) {
        $err .= $lang_box_admin['err_name'] . "<br/>" . LB;
    }
    //errorのあるとき
    if ($err != "") {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
        return $retval;
    }
    // CHECK おわり
    if ($id == 0) {
        $w = DB_getItem($table, "max(group_id)", "1=1");
        if ($w == "") {
            $w = 0;
        }
        $id = $w + 1;
    }
    $fields = "group_id";
    $values = "{$id}";
    $fields .= ",code";
    $values .= ",'{$code}'";
    $fields .= ",name";
    $values .= ",'{$name}'";
    $fields .= ",description";
    $values .= ",'{$description}'";
    $fields .= ",orderno";
    //
    $values .= ",{$orderno}";
    $fields .= ",parent_flg";
    //
    $values .= ",{$parent_flg}";
    $fields .= ",input_type";
    //
    $values .= ",{$input_type}";
    $fields .= ",uuid";
    $values .= ",{$uuid}";
    $fields .= ",udatetime";
    $values .= ",NOW( )";
    //
    //    if ($edt_flg){
    //        $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
    //        $return_page.="?id=".$id;
    //    }else{
    //        $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
    //    }
    DB_save($table, $fields, $values, $return_page);
    //    $rt=fncsendmail ($id);
    $message = "";
    if ($box_conf['aftersave_admin'] === 'no') {
        $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
        $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
        return $retval;
    } else {
        if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
            $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php";
            $item_url = COM_buildURL($url);
            $target = 'item';
            $message = 1;
        } else {
            if ($box_conf['aftersave_admin'] === 'admin') {
                $target = $box_conf['aftersave_admin'];
                $message = 1;
            } else {
                $item_url = $_CONF['site_url'] . $box_conf['top'];
                $target = $box_conf['aftersave_admin'];
            }
        }
    }
    $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
    echo $return_page;
    exit;
}
Esempio n. 30
0
/**
 * Provide feed data
 *
 * @param    int    $feed feed ID
 * @param    string $link
 * @param    string $update
 * @return   array          feed entries
 */
function plugin_getfeedcontent_comment($feed, &$link, &$update)
{
    global $_CONF, $_TABLES;
    $result = DB_query("SELECT topic,limits,content_length FROM {$_TABLES['syndication']} WHERE fid = '{$feed}'");
    $S = DB_fetchArray($result);
    // If topic is all then make it root so all topics are returned (since articles cannot belong to all topics)
    if ($S['topic'] == TOPIC_ALL_OPTION or empty($S['topic'])) {
        $S['topic'] = TOPIC_ROOT;
    }
    // Retrieve list of inherited topics for anonymous user
    $tid_list = TOPIC_getChildList($S['topic'], 1);
    $sql = "SELECT c.cid, c.sid, c.title as title, c.comment, UNIX_TIMESTAMP(c.date) AS modified, " . " s.title as articleTitle, c.uid, s.uid as articleAuthor " . "FROM {$_TABLES['comments']} c, {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta " . "WHERE (s.draft_flag = 0) AND (s.date <= NOW()) " . COM_getPermSQL('AND', 1, 2, 's') . " AND ta.type = 'article' AND ta.id = s.sid " . " AND c.type = 'article' AND s.sid = c.sid " . "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$S['topic']}'))) " . "GROUP BY c.cid " . "ORDER BY modified DESC  LIMIT 0, {$S['limits']} ";
    $result = DB_query($sql);
    $content = array();
    $cids = array();
    $numRows = DB_numRows($result);
    for ($i = 0; $i < $numRows; $i++) {
        $row = DB_fetchArray($result);
        $cids[] = $row['cid'];
        $title = stripslashes($row['title']);
        $body = stripslashes($row['comment']);
        if ($S['content_length'] > 1) {
            $body = SYND_truncateSummary($body, $S['content_length']);
        }
        $articleLink = COM_buildURL($_CONF['site_url'] . "/article.php?story={$row['sid']}");
        $link = $_CONF['site_url'] . "/comment.php?mode=view&cid={$row['cid']}";
        $articleTitle = $row['articleTitle'];
        if ($_CONF['comment_feeds_article_tag_position'] !== 'none') {
            $articleAuthor = sprintf($_CONF['comment_feeds_article_author_tag'], $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $row['articleAuthor'], COM_getDisplayName($row['articleAuthor']));
            $commentAuthor = sprintf($_CONF['comment_feeds_comment_author_tag'], $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $row['uid'], COM_getDisplayName($row['uid']));
            $magicTag = sprintf($_CONF['comment_feeds_article_tag'], $articleLink, $articleTitle, $articleAuthor, $commentAuthor);
            if ($_CONF['comment_feeds_article_tag_position'] === 'start') {
                $body = $magicTag . $body;
            } else {
                $body .= $magicTag;
            }
        }
        $content[] = array('title' => $title, 'summary' => $body, 'link' => $link, 'uid' => $row['uid'], 'author' => COM_getDisplayName($row['uid']), 'date' => $row['modified'], 'format' => 'html');
    }
    $link = $_CONF['site_url'];
    $update = implode(',', $cids);
    return $content;
}