/**
 * sidに対応する多言語記事が存在する場合はその記事へのリンクを作成し返す関数
 *   $sid : story id
 *   --------------
 *   return : 多言語記事へのリンク
**/
function CUSTOM_multilangstory($sid)
{
    global $_CONF, $_TABLES;
    $retval = '';
    if (empty($_CONF['languages']) || empty($_CONF['language_files']) || count($_CONF['languages']) != count($_CONF['language_files'])) {
        return $retval;
    }
    $work = split('_', $sid);
    $cur_lang = array_pop($work);
    if (empty($cur_lang) || !array_key_exists($cur_lang, $_CONF['languages'])) {
        return $retval;
    }
    $entries = array();
    $mini_sid = implode('_', $work);
    foreach ($_CONF['languages'] as $key => $value) {
        if ($cur_lang != $key) {
            $mul_sid = DB_getItem($_TABLES['stories'], 'sid', 'sid="' . $mini_sid . '_' . $key . '"');
            if (!empty($mul_sid)) {
                $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $mul_sid);
                $entries[] = '<a href="' . $url . '">' . $value . '</a>';
            }
        }
    }
    if (sizeof($entries) > 0) {
        $retval .= COM_makeList($entries);
    }
    return $retval;
}
Esempio n. 2
0
            }
        } else {
            $show_comments = true;
        }
        // Display the comments, if there are any ..
        if ($story->displayElements('commentcode') >= 0 and $show_comments) {
            $delete_option = SEC_hasRights('story.edit') && $story->getAccess() == 3 ? true : false;
            require_once $_CONF['path_system'] . 'lib-comment.php';
            $story_template->set_var('commentbar', CMT_userComments($story->getSid(), $story->displayElements('title'), 'article', $order, $mode, 0, $page, false, $delete_option, $story->displayElements('commentcode')));
        }
        if ($_CONF['trackback_enabled'] && $story->displayElements('trackbackcode') >= 0 && $show_comments) {
            if (SEC_hasRights('story.ping')) {
                if ($story->displayElements('draft_flag') == 0 && $story->displayElements('day') < time()) {
                    $url = $_CONF['site_admin_url'] . '/trackback.php?mode=sendall&amp;id=' . $story->getSid();
                    $story_template->set_var('send_trackback_link', COM_createLink($LANG_TRB['send_trackback'], $url));
                    $story_template->set_var('send_trackback_url', $url);
                    $story_template->set_var('lang_send_trackback_text', $LANG_TRB['send_trackback']);
                }
            }
            $permalink = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid());
            $story_template->set_var('trackback', TRB_renderTrackbackComments($story->getSID(), 'article', $story->displayElements('title'), $permalink));
        } else {
            $story_template->set_var('trackback', '');
        }
        $display .= $story_template->finish($story_template->parse('output', 'article'));
        $display .= COM_siteFooter();
    }
} else {
    $display .= COM_refresh($_CONF['site_url'] . '/index.php');
}
COM_output($display);
Esempio n. 3
0
function LIB_GetListField($fieldname, $fieldvalue, $A, $icon_arr)
{
    global $_CONF;
    global $LANG_ACCESS;
    $retval = '';
    switch ($fieldname) {
        //編集アイコン
        case 'editid':
            $retval = "<a href=\"{$_CONF['site_admin_url']}";
            $retval .= "/plugins/" . THIS_SCRIPT;
            $retval .= "?mode=edit";
            $retval .= "&amp;id={$A['group_id']}\">";
            $retval .= "{$icon_arr['edit']}</a>";
            break;
        case 'copy':
            $url = $_CONF['site_admin_url'] . "/plugins/" . THIS_SCRIPT;
            $url .= "?";
            $url .= "mode=copy";
            $url .= "&amp;id={$A['group_id']}";
            $retval = COM_createLink($icon_arr['copy'], $url);
            break;
        case 'code':
            $name = COM_applyFilter($A['code']);
            $url = $_CONF['site_url'] . "/" . THIS_SCRIPT2;
            $url .= "?";
            $url .= "gcode=" . $A['code'];
            $url .= "&amp;m=gcode";
            $url = COM_buildUrl($url);
            $retval = COM_createLink($name, $url);
            break;
        case 'group_id':
            $name = COM_applyFilter($A['group_id']);
            $url = $_CONF['site_url'] . "/" . THIS_SCRIPT2;
            $url .= "?";
            $url .= "gid=" . $A['group_id'];
            $url .= "&amp;m=gid";
            $url = COM_buildUrl($url);
            $retval = COM_createLink($name, $url);
            break;
            //各項目
        //各項目
        default:
            $retval = $fieldvalue;
            break;
    }
    return $retval;
}
Esempio n. 4
0
 /**
  * Callback function for the ListFactory class
  *
  * This function gets called by the ListFactory class and formats
  * each row accordingly for example pulling usernames from the
  * users table and displaying a link to their profile.
  *
  * @param array $row An array of plain data to format
  * @return array A reformatted version of the input array
  *
  */
 public function searchFormatCallback($preSort, $row)
 {
     global $_CONF, $LANG09;
     if ($preSort) {
         if (is_array($row[LF_SOURCE_TITLE])) {
             $row[LF_SOURCE_TITLE] = implode($_CONF['search_separator'], $row[LF_SOURCE_TITLE]);
         }
         if (is_numeric($row['uid'])) {
             if (empty($this->_names[$row['uid']])) {
                 $this->_names[$row['uid']] = htmlspecialchars(COM_getDisplayName($row['uid']));
                 if ($row['uid'] != 1) {
                     $this->_names[$row['uid']] = COM_createLink($this->_names[$row['uid']], $_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $row['uid']);
                 }
             }
             $row['uid'] = $this->_names[$row['uid']];
         }
     } else {
         $row[LF_SOURCE_TITLE] = COM_createLink($row[LF_SOURCE_TITLE], $this->_searchURL . '&amp;type=' . $row[LF_SOURCE_NAME] . '&amp;mode=search');
         if ($row['url'] != '#') {
             $row['url'] = ($row['url'][0] == '/' ? $_CONF['site_url'] : '') . $row['url'];
             if (isset($this->_url_rewrite[$row[LF_SOURCE_NAME]]) && $this->_url_rewrite[$row[LF_SOURCE_NAME]]) {
                 $row['url'] = COM_buildUrl($row['url']);
             }
             if (isset($this->_append_query[$row[LF_SOURCE_NAME]]) && $this->_append_query[$row[LF_SOURCE_NAME]]) {
                 if (!empty($this->_query)) {
                     $row['url'] .= (strpos($row['url'], '?') ? '&amp;' : '?') . 'query=' . urlencode($this->_query);
                 }
             }
         }
         $row['title'] = $this->_shortenText($this->_query, $row['title'], 8);
         $row['title'] = stripslashes(str_replace('$', '&#36;', $row['title']));
         $row['title'] = COM_createLink($row['title'], $row['url']);
         if ($row['description'] == 'LF_NULL') {
             $row['description'] = '<i>' . $LANG09[70] . '</i>';
         } elseif ($row['description'] != '<i>' . $LANG09[70] . '</i>') {
             $row['description'] = stripslashes($this->_shortenText($this->_query, PLG_replaceTags($row['description']), $this->_wordlength));
         }
         if ($row['date'] != 'LF_NULL') {
             $dt = COM_getUserDateTimeFormat(intval($row['date']));
             $row['date'] = $dt[0];
         }
         if ($row['hits'] != 'LF_NULL') {
             $row['hits'] = COM_NumberFormat($row['hits']) . ' ';
             // simple solution to a silly problem!
         }
     }
     return $row;
 }
Esempio n. 5
0
 /**
  * Returns an array of (
  *   'id'        => $id (string),
  *   'title'     => $title (string),
  *   'uri'       => $uri (string),
  *   'date'      => $date (int: Unix timestamp),
  *   'image_uri' => $image_uri (string)
  * )
  */
 public function getItemsByDate($tid = '', $all_langs = FALSE)
 {
     global $_CONF, $_TABLES;
     $entries = array();
     if (empty(Dataproxy::$startDate) or empty(Dataproxy::$endDate)) {
         return $entries;
     }
     $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) AS day " . "  FROM {$_TABLES['stories']} " . "WHERE (draft_flag = 0) AND (date <= NOW()) " . "  AND (UNIX_TIMESTAMP(date) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') ";
     if (!empty($tid)) {
         $sql .= "AND (tid = '" . addslashes($tid) . "') ";
     }
     if (!Dataproxy::isRoot()) {
         $sql .= COM_getTopicSql('AND', Dataproxy::uid()) . COM_getPermSql('AND', Dataproxy::uid());
         if (function_exists('COM_getLangSQL') and $all_langs === FALSE) {
             $sql .= COM_getLangSQL('sid', 'AND');
         }
     }
     $result = DB_query($sql);
     if (DB_error()) {
         return $entries;
     }
     while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
         $entry = array();
         $entry['id'] = stripslashes($A['sid']);
         $entry['title'] = stripslashes($A['title']);
         $entry['uri'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . stripslashes($A['sid']));
         $entry['date'] = $A['day'];
         $entry['imageurl'] = FALSE;
         $entries[] = $entry;
     }
     return $entries;
 }
Esempio n. 6
0
/**
* Saves a story submission
*
* @param    array   $A  Data for that submission
* @return   string      HTML redirect
*
*/
function savestory($A)
{
    global $_CONF, $_TABLES, $_USER;
    $retval = '';
    $story = new Story();
    $story->loadSubmission();
    // pseudo-formatted story text for the spam check
    $result = PLG_checkforSpam($story->GetSpamCheckFormat(), $_CONF['spamx']);
    if ($result > 0) {
        COM_updateSpeedlimit('submit');
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    COM_updateSpeedlimit('submit');
    $result = $story->saveSubmission();
    if ($result == STORY_NO_ACCESS_TOPIC) {
        // user doesn't have access to this topic - bail
        $retval = COM_refresh($_CONF['site_url'] . '/index.php');
    } elseif ($result == STORY_SAVED || $result == STORY_SAVED_SUBMISSION) {
        if (isset($_CONF['notification']) && in_array('story', $_CONF['notification'])) {
            sendNotification($_TABLES['storysubmission'], $story);
        }
        if ($result == STORY_SAVED) {
            $retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $story->getSid()));
        } else {
            $retval = COM_refresh($_CONF['site_url'] . '/index.php?msg=2');
        }
    }
    return $retval;
}
Esempio n. 7
0
/**
* Returns the trackback URL for an entry
*
* Note: Trackback pings default to stories, so we leave off the type if it
*       is 'article' to create shorter URLs.
*
* @param    string  $id     the entry's ID
* @param    string  $type   type of the entry ('article' = story, etc.)
* @return   string          trackback URL for that entry
*
*/
function TRB_makeTrackbackUrl($id, $type = 'article')
{
    global $_CONF;
    $url = $_CONF['site_url'] . '/trackback.php?id=' . $id;
    if (!empty($type) && $type != 'article') {
        $url .= '&amp;type=' . $type;
    }
    return COM_buildUrl($url);
}
Esempio n. 8
0
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param    int     $user   User ID of profile to get
* @param    int     $msg    Message to display (if != 0)
* @return   string          HTML for user profile page
*
*/
function userprofile($user, $msg = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
    $retval = '';
    if (empty($_USER['username']) && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= COM_siteHeader('menu');
        $retval .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
        $login = new Template($_CONF['path_layout'] . 'submit');
        $login->set_file(array('login' => 'submitloginrequired.thtml'));
        $login->set_var('xhtml', XHTML);
        $login->set_var('login_message', $LANG_LOGIN[2]);
        $login->set_var('site_url', $_CONF['site_url']);
        $login->set_var('site_admin_url', $_CONF['site_admin_url']);
        $login->set_var('layout_url', $_CONF['layout_url']);
        $login->set_var('lang_login', $LANG_LOGIN[3]);
        $login->set_var('lang_newuser', $LANG_LOGIN[4]);
        $login->parse('output', 'login');
        $retval .= $login->finish($login->get_var('output'));
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $retval .= COM_siteFooter();
        return $retval;
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$user}");
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        // no such user
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    $display_name = COM_getDisplayName($user, $A['username'], $A['fullname']);
    // format date/time to user preference
    $curtime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $curtime[0];
    $user_templates = new Template($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('xhtml', XHTML);
    $user_templates->set_var('site_url', $_CONF['site_url']);
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    if ($_CONF['show_fullname'] == 1) {
        $user_templates->set_var('username', $A['fullname']);
        $user_templates->set_var('user_fullname', $A['username']);
    } else {
        $user_templates->set_var('username', $A['username']);
        $user_templates->set_var('user_fullname', $A['fullname']);
    }
    if (SEC_hasRights('user.edit')) {
        global $_IMAGE_TYPE, $LANG_ADMIN;
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&amp;uid={$A['uid']}");
        $user_templates->set_var('edit_link', $edit_link_url);
    }
    $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $user);
    $user_templates->set_var('lang_sendemail', $LANG04[81]);
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', nl2br(stripslashes($A['about'])));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82]);
    $user_templates->set_var('headline_last10comments', $LANG04[10]);
    $user_templates->set_var('headline_postingstats', $LANG04[83]);
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
    $nrows = DB_numRows($result);
    $tids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $T = DB_fetchArray($result);
        $tids[] = $T['tid'];
    }
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (count($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
    } else {
        $nrows = 0;
    }
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
            $storytime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storytime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
    }
    // list of last 10 comments by this user
    $sidArray = array();
    if (count($tids) > 0) {
        // first, get a list of all stories the current visitor has access to
        $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $result = DB_query($sql);
        $numsids = DB_numRows($result);
        for ($i = 1; $i <= $numsids; $i++) {
            $S = DB_fetchArray($result);
            $sidArray[] = $S['sid'];
        }
    }
    $sidList = implode("', '", $sidArray);
    $sidList = "'{$sidList}'";
    // then, find all comments by the user in those stories
    $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = {$user}) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
    // SQL NOTE:  Using a HAVING clause is usually faster than a where if the
    // field is part of the select
    // if (!empty ($sidList)) {
    //     $sql .= " AND (sid in ($sidList))";
    // }
    if (!empty($sidList)) {
        $sql .= " HAVING sid in ({$sidList})";
    }
    $sql .= " ORDER BY unixdate DESC LIMIT 10";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
            $commenttime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('comment_date', $commenttime[0]);
            $user_templates->parse('comment_row', 'row', true);
        }
    } else {
        $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_number_comments', $LANG04[85]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$user})";
    if (!empty($sidList)) {
        $sql .= " AND (sid in ({$sidList}))";
    }
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($user));
    }
    PLG_profileVariablesDisplay($user, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($user);
    return $retval;
}
Esempio n. 9
0
 /**
  * Returns an array of (
  *   'id'        => $id (string),
  *   'title'     => $title (string),
  *   'uri'       => $uri (string),
  *   'date'      => $date (int: Unix timestamp),
  *   'image_uri' => $image_uri (string)
  * )
  */
 function getItems($category, $all_langs = false)
 {
     global $_CONF, $_TABLES, $_CONF_ADVT;
     $entries = array();
     if ($this->uid == 1 and $this->isLoginRequired() === true) {
         return $entries;
     }
     $sql = "SELECT * " . "FROM {$_TABLES['ad_ads']} " . "WHERE (cat_id ='" . DB_escapeString($category) . "') " . "ORDER BY ad_id";
     $result = DB_query($sql);
     if (DB_error()) {
         return $entries;
     }
     while (($A = DB_fetchArray($result, false)) !== false) {
         $entry = array();
         $entry['id'] = $A['ad_id'];
         $entry['title'] = $A['subject'];
         $entry['uri'] = COM_buildUrl($_CONF['site_url'] . '/' . $_CONF_ADVT['pi_name'] . '/index.php?mode=detail&amp;id=' . urlencode($A['ad_id']));
         $entry['date'] = $A['add_date'];
         $entry['image_uri'] = $retval['uri'];
         $entries[] = $entry;
     }
     return $entries;
 }
Esempio n. 10
0
/**
* Implements the [topic:] autotag.
*
* @param    string  $op         operation to perform
* @param    string  $content    item (e.g. topic text), including the autotag
* @param    array   $autotag    parameters used in the autotag
* @param    mixed               tag names (for $op='tagname') or formatted content
*
*/
function plugin_autotags_topic($op, $content = '', $autotag = '')
{
    global $_CONF, $_TABLES, $LANG27, $_GROUPS;
    if ($op == 'tagname') {
        return array('topic', 'related_topics', 'related_items');
    } elseif ($op == 'permission' || $op == 'nopermission') {
        if ($op == 'permission') {
            $flag = true;
        } else {
            $flag = false;
        }
        $tagnames = array();
        if (isset($_GROUPS['Topic Admin'])) {
            $group_id = $_GROUPS['Topic Admin'];
        } else {
            $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Topic Admin'");
        }
        $owner_id = SEC_getDefaultRootUser();
        if (COM_getPermTag($owner_id, $group_id, $_CONF['autotag_permissions_topic'][0], $_CONF['autotag_permissions_topic'][1], $_CONF['autotag_permissions_topic'][2], $_CONF['autotag_permissions_topic'][3]) == $flag) {
            $tagnames[] = 'topic';
        }
        if (COM_getPermTag($owner_id, $group_id, $_CONF['autotag_permissions_related_topics'][0], $_CONF['autotag_permissions_related_topics'][1], $_CONF['autotag_permissions_related_topics'][2], $_CONF['autotag_permissions_related_topics'][3]) == $flag) {
            $tagnames[] = 'related_topics';
        }
        if (COM_getPermTag($owner_id, $group_id, $_CONF['autotag_permissions_related_items'][0], $_CONF['autotag_permissions_related_items'][1], $_CONF['autotag_permissions_related_items'][2], $_CONF['autotag_permissions_related_items'][3]) == $flag) {
            $tagnames[] = 'related_items';
        }
        if (count($tagnames) > 0) {
            return $tagnames;
        }
    } elseif ($op == 'description') {
        return array('topic' => $LANG27['autotag_desc_topic'], 'related_topics' => $LANG27['autotag_desc_related_topics'], 'related_items' => $LANG27['autotag_desc_related_items']);
    } elseif ($op == 'parse') {
        if ($autotag['tag'] != 'topic' && $autotag['tag'] != 'related_topics' && $autotag['tag'] != 'related_items') {
            return $content;
        }
        if ($autotag['tag'] == 'topic') {
            $tid = COM_applyFilter($autotag['parm1']);
            if (!empty($tid) && SEC_hasTopicAccess($tid) > 0) {
                $tid = DB_escapeString($tid);
                $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['topics']} WHERE tid = '{$tid}'";
                $result = DB_query($sql);
                $A = DB_fetchArray($result);
                if ($A['count'] == 1) {
                    $url = COM_buildUrl($_CONF['site_url'] . '/index.php?topic=' . $tid);
                    $linktext = $autotag['parm2'];
                    if (empty($linktext)) {
                        $linktext = stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'"));
                    }
                    $link = COM_createLink($linktext, $url);
                    $content = str_replace($autotag['tagstr'], $link, $content);
                }
            }
        } elseif ($autotag['tag'] == 'related_topics') {
            $id = COM_applyFilter($autotag['parm1']);
            $type = '';
            $max = $_CONF['related_topics_max'];
            // Article Default
            $tids = array();
            $skip = 0;
            $px = explode(' ', trim($autotag['parm2']));
            if (is_array($px)) {
                foreach ($px as $part) {
                    if (substr($part, 0, 5) == 'type:') {
                        $a = explode(':', $part);
                        $type = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 4) == 'max:') {
                        $a = explode(':', $part);
                        $max = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 6) == 'topic:') {
                        $a = explode(':', $part);
                        $tids[] = $a[1];
                        // Add each topic when found
                        $skip++;
                    } else {
                        break;
                    }
                }
            }
            $related_topics = '';
            if (!empty($type) and !empty($id)) {
                // Return topics of object
                $related_topics = TOPIC_relatedTopics($type, $id, $max);
            } elseif (!empty($tids)) {
                // Since list of topics specified add id to topic list (since really a topic)
                if (!empty($id)) {
                    $tids[] = $id;
                }
                $related_topics = TOPIC_relatedTopics('', '', $max, $tids);
            }
            if (!empty($related_topics)) {
                $content = str_replace($autotag['tagstr'], $related_topics, $content);
            }
        } elseif ($autotag['tag'] == 'related_items') {
            $id = COM_applyFilter($autotag['parm1']);
            $type = '';
            $max = $_CONF['related_topics_max'];
            // Article Default
            $trim = 0;
            $include_types = array();
            $tids = array();
            $skip = 0;
            $px = explode(' ', trim($autotag['parm2']));
            if (is_array($px)) {
                foreach ($px as $part) {
                    if (substr($part, 0, 5) == 'type:') {
                        $a = explode(':', $part);
                        $type = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 4) == 'max:') {
                        $a = explode(':', $part);
                        $max = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 5) == 'trim:') {
                        $a = explode(':', $part);
                        $trim = $a[1];
                        $skip++;
                    } elseif (substr($part, 0, 6) == 'topic:') {
                        $a = explode(':', $part);
                        $tids[] = $a[1];
                        // Add each topic when found
                        $skip++;
                    } elseif (substr($part, 0, 8) == 'include:') {
                        $a = explode(':', $part);
                        $include_types[] = $a[1];
                        // Add each type when found
                        $skip++;
                    } else {
                        break;
                    }
                }
            }
            $related_items = '';
            if (!empty($type) and !empty($id)) {
                // Return topics of object
                $related_items = TOPIC_relatedItems($type, $id, $include_types, $max, $trim, $tids);
            } elseif (!empty($tids) or !empty($id)) {
                // Since list of topics specified add id to topic list (since really a topic)
                $tids[] = $id;
                $related_items = TOPIC_relatedItems('', '', $include_types, $max, $trim, $tids);
            }
            if (!empty($related_items)) {
                $content = str_replace($autotag['tagstr'], $related_items, $content);
            }
        }
        return $content;
    }
}
/**
* Returns a list of stories with a give topic id
*/
function SITEMAPMENU_listStory($tid)
{
    global $_CONF, $_TABLES, $LANG_DIR;
    $retval = '';
    $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) AS day " . "FROM {$_TABLES['stories']} " . "WHERE (draft_flag = 0) AND (date <= NOW())";
    if ($tid != 'all') {
        $sql .= " AND (tid = '{$tid}')";
    }
    $sql .= COM_getTopicSql('AND') . COM_getPermSql('AND') . " ORDER BY date DESC";
    $result = DB_query($sql);
    $numrows = DB_numRows($result);
    if ($numrows > 0) {
        $entries = array();
        for ($i = 0; $i < $numrows; $i++) {
            $A = DB_fetchArray($result);
            $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
            $entries[] = '<a class="nav-link" href="' . $url . '">' . SITEMAPMENU_esc(stripslashes($A['title'])) . '</a>';
        }
        $retval .= COM_makeList($entries) . LB;
    }
    return $retval;
}
Esempio n. 12
0
function fncsendmail($m = "", $id = 0, $username = "", $email = "")
{
    $pi_name = "userbox";
    global $_CONF;
    global $_TABLES;
    global $LANG_USERBOX_MAIL;
    global $LANG_USERBOX_ADMIN;
    global $_USER;
    global $_USERBOX_CONF;
    global $LANG28;
    $retval = '';
    $site_name = $_CONF['site_name'];
    $subject = $LANG_USERBOX_MAIL['subject_' . $m];
    $message = $LANG_USERBOX_MAIL['message_' . $m];
    if ($m === "data_delete") {
        $msg .= $LANG28['2'] . ":" . $id . LB;
        $msg .= $LANG28['3'] . ":" . $title . LB;
        //URL
        $url = $_CONF['site_url'] . "/userbox/profile.php";
        $url = COM_buildUrl($url);
    } else {
        $sql = "SELECT ";
        $sql .= " t1.*";
        $sql .= " ,t2.uid";
        $sql .= " ,t2.username";
        $sql .= " ,t2.fullname";
        $sql .= " ,t2.email";
        $sql .= " FROM ";
        $sql .= $_TABLES['USERBOX_base'] . " AS t1";
        $sql .= "," . $_TABLES['users'] . " AS t2";
        $sql .= " WHERE ";
        $sql .= " t1.id = {$id}";
        $sql .= " AND t1.id = t2.uid";
        $result = DB_query($sql);
        $numrows = DB_numRows($result);
        if ($numrows > 0) {
            $A = DB_fetchArray($result);
            $A = array_map('stripslashes', $A);
            $email = $A['email'];
            //下書
            if ($A['draft_flag'] == 1) {
                $msg .= $LANG_USERBOX_ADMIN['draft'] . LB;
            }
            //コア
            $msg .= $LANG28['2'] . ":" . $A['uid'] . LB;
            $msg .= $LANG28['3'] . ":" . $A['username'] . LB;
            $msg .= $LANG28['4'] . ":" . $A['fullname'] . LB;
            //基本項目
            $msg .= $LANG_USERBOX_ADMIN['page_title'] . ":" . $A['page_title'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['description'] . ":" . $A['description'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['hits'] . ":" . $A['hits'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['comments'] . ":" . $A['comments'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['meta_description'] . ":" . $A['meta_description'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['meta_keywords'] . ":" . $A['meta_keywords'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['commentcode'] . ":" . $A['commentcode'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['comment_expire'] . ":" . $A['comment_expire'] . LB;
            // 準備中 $msg.=  $LANG_USERBOX_ADMIN['language_id'].":".$A['language_id'].LB;
            $msg .= $LANG_USERBOX_ADMIN['owner_id'] . ":" . $A['owner_id'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['group_id'] . ":" . $A['group_id'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['perm_owner'] . ":" . $A['perm_owner'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['perm_group'] . ":" . $A['perm_group'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['perm_members'] . ":" . $A['perm_members'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['perm_anon'] . ":" . $A['perm_anon'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['modified'] . ":" . $A['modified'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['created'] . ":" . $A['created'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['expired'] . ":" . $A['expired'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['released'] . ":" . $A['released'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['orderno'] . ":" . $A['orderno'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['trackbackcode'] . ":" . $A['trackbackcode'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['draft'] . ":" . $A['draft'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['udatetime'] . ":" . $A['udatetime'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['uuid'] . ":" . $A['uuid'] . LB;
            //koko
            //カテゴリ
            $msg .= DATABOX_getcategoriesText($id, 0, $pi_name);
            //追加項目
            $group_id = stripslashes($A['group_id']);
            $owner_id = stripslashes($A['owner_id']);
            $chk_user = DATABOX_chkuser($group_id, $owner_id, "userbox.admin");
            $addition_def = DATABOX_getadditiondef($pi_name);
            $additionfields = DATABOX_getadditiondatas($id, $pi_name);
            $msg .= DATABOX_getaddtionfieldsText($additionfields, $addition_def, $chk_user, $pi_name, $A['fieldset_id']);
            //タイムスタンプ 更新ユーザ
            $msg .= $LANG_USERBOX_ADMIN['udatetime'] . ":" . $A['udatetime'] . LB;
            $msg .= $LANG_USERBOX_ADMIN['uuid'] . ":" . $A['uuid'] . LB;
            //URL
            $url = $_CONF['site_url'] . "/userbox/profile.php";
            $url .= "?";
            if ($_USERBOX_CONF['datacode']) {
                $url .= "m=code";
                $url .= "&code=" . $A['username'];
            } else {
                $url .= "m=id";
                $url .= "&id=" . $A['id'];
            }
            $url = COM_buildUrl($url);
        }
    }
    if ($_USERBOX_CONF['mail_to_draft'] == 0 and $A['draft_flag'] == 1) {
    } else {
        $message .= $msg . LB;
        $message .= $url . LB;
        $message .= $LANG_USERBOX_MAIL['sig'] . LB;
        $mail_to = $_USERBOX_CONF['mail_to'];
        //--- to user
        if ($_USERBOX_CONF['mail_to_owner'] == 1) {
            if (array_search($email, $mail_to) === false) {
                $to = $email;
                COM_mail($to, $subject, $message);
            }
        }
        //--- to admin
        if (!empty($mail_to)) {
            $to = implode($mail_to, ",");
            COM_mail($to, $subject, $message);
        }
    }
    return $retval;
}
Esempio n. 13
0
/**
* This function will allow plugins to support the use of custom autolinks
* in other site content. Plugins can now use this API when saving content
* and have the content checked for any autolinks before saving.
* The autolink would be like:  [story:20040101093000103 here]
*
* @param   string   $content   Content that should be parsed for autolinks
* @param   string   $plugin    Optional if you only want to parse using a specific plugin
*
*/
function PLG_replaceTags($content, $plugin = '')
{
    global $_CONF, $_TABLES, $LANG32;
    if (isset($_CONF['disable_autolinks']) && $_CONF['disable_autolinks'] == 1) {
        // autolinks are disabled - return $content unchanged
        return $content;
    }
    $autolinkModules = PLG_collectTags();
    // For each supported module, scan the content looking for any AutoLink tags
    $tags = array();
    $contentlen = MBYTE_strlen($content);
    $content_lower = MBYTE_strtolower($content);
    foreach ($autolinkModules as $moduletag => $module) {
        $autotag_prefix = '[' . $moduletag . ':';
        $offset = 0;
        $prev_offset = 0;
        while ($offset < $contentlen) {
            $start_pos = MBYTE_strpos($content_lower, $autotag_prefix, $offset);
            if ($start_pos === false) {
                break;
            } else {
                $end_pos = MBYTE_strpos($content_lower, ']', $start_pos);
                $next_tag = MBYTE_strpos($content_lower, '[', $start_pos + 1);
                if ($end_pos > $start_pos and ($next_tag === false or $end_pos < $next_tag)) {
                    $taglength = $end_pos - $start_pos + 1;
                    $tag = MBYTE_substr($content, $start_pos, $taglength);
                    $parms = explode(' ', $tag);
                    // Extra test to see if autotag was entered with a space
                    // after the module name
                    if (MBYTE_substr($parms[0], -1) == ':') {
                        $startpos = MBYTE_strlen($parms[0]) + MBYTE_strlen($parms[1]) + 2;
                        $label = str_replace(']', '', MBYTE_substr($tag, $startpos));
                        $tagid = $parms[1];
                    } else {
                        $label = str_replace(']', '', MBYTE_substr($tag, MBYTE_strlen($parms[0]) + 1));
                        $parms = explode(':', $parms[0]);
                        if (count($parms) > 2) {
                            // whoops, there was a ':' in the tag id ...
                            array_shift($parms);
                            $tagid = implode(':', $parms);
                        } else {
                            $tagid = $parms[1];
                        }
                    }
                    $newtag = array('module' => $module, 'tag' => $moduletag, 'tagstr' => $tag, 'startpos' => $start_pos, 'length' => $taglength, 'parm1' => str_replace(']', '', $tagid), 'parm2' => $label);
                    $tags[] = $newtag;
                } else {
                    // Error: tags do not match - return with no changes
                    return $content . $LANG32[32];
                }
                $prev_offset = $offset;
                $offset = $end_pos;
            }
        }
    }
    // If we have found 1 or more AutoLink tag
    if (count($tags) > 0) {
        // Found the [tag] - Now process them all
        foreach ($tags as $autotag) {
            $function = 'plugin_autotags_' . $autotag['module'];
            if ($autotag['module'] == 'geeklog' and (empty($plugin) or $plugin == 'geeklog')) {
                $url = '';
                $linktext = $autotag['parm2'];
                if ($autotag['tag'] == 'story') {
                    $autotag['parm1'] = COM_applyFilter($autotag['parm1']);
                    if (!empty($autotag['parm1'])) {
                        $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $autotag['parm1']);
                        if (empty($linktext)) {
                            $linktext = stripslashes(DB_getItem($_TABLES['stories'], 'title', "sid = '{$autotag['parm1']}'"));
                        }
                    }
                }
                if (!empty($url)) {
                    $filelink = COM_createLink($linktext, $url);
                    $content = str_replace($autotag['tagstr'], $filelink, $content);
                }
            } elseif (function_exists($function) and (empty($plugin) or $plugin == $autotag['module'])) {
                $content = $function('parse', $content, $autotag);
            }
        }
    }
    return $content;
}
Esempio n. 14
0
$p->set_var('LANG_title', $LANG_GF01['TITLE']);
$p->set_var('LANG_date', $LANG_GF01['DATE']);
$p->set_var('LANG_comments', $LANG_GF01['COMMENTS']);
if ($nrows > 0) {
    $base_url = $_CONF['site_admin_url'] . '/plugins/forum/migrate.php';
    if (!empty($curtopic)) {
        $base_url .= '?tid=' . $curtopic;
    }
    for ($i = 0; $i < $nrows; $i++) {
        list($topic, $sid, $story, $date, $comments) = DB_fetchArray($result);
        $p->set_var('sid', $sid);
        $p->set_var('topic', stripslashes($topic));
        if ($curtopic == "submissions") {
            $story_link = $_CONF['site_admin_url'] . '/story.php?mode=editsubmission&amp;id=' . $sid;
        } else {
            $story_link = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
        }
        $p->set_var('story_link', $story_link);
        $p->set_var('story_title', $story);
        $p->set_var('date', $date);
        $p->set_var('num_comments', $comments);
        $p->set_var('cssid', $i % 2 + 1);
        $p->parse('story_record', 'records', true);
    }
    $p->set_var('page_navigation', COM_printPageNavigation($base_url, $page, $numpages));
}
$p->set_var('gltoken_name', CSRF_TOKEN);
$p->set_var('gltoken', SEC_createToken());
$p->parse('output', 'page');
$display .= $p->finish($p->get_var('output'));
$display .= COM_endBlock();
Esempio n. 15
0
function LIB_GetListField($fieldname, $fieldvalue, $A, $icon_arr)
{
    global $_CONF, $LANG_ACCESS;
    $retval = '';
    $allow_display = COM_applyFilter($A['allow_display'], true);
    switch ($fieldname) {
        //編集アイコン
        case 'editid':
            $retval = "<a href=\"{$_CONF['site_admin_url']}";
            $retval .= "/plugins/" . THIS_SCRIPT;
            $retval .= "?mode=edit";
            $retval .= "&amp;id={$A['category_id']}\">";
            $retval .= "{$icon_arr['edit']}</a>";
            break;
        case 'copy':
            $url = $_CONF['site_admin_url'] . "/plugins/" . THIS_SCRIPT;
            $url .= "?";
            $url .= "mode=copy";
            $url .= "&amp;id={$A['category_id']}";
            $retval = COM_createLink($icon_arr['copy'], $url);
            break;
            //コード
        //コード
        case 'code':
            if ($allow_display < 2) {
                $name = COM_applyFilter($A['code']);
                $url = $_CONF['site_url'] . "/" . THIS_SCRIPT;
                $url .= "?";
                $url .= "code=" . $A['code'];
                $url .= "&amp;m=code";
                $url = COM_buildUrl($url);
                $retval = COM_createLink($name, $url);
                break;
            }
        case 'category_id':
            if ($allow_display < 2) {
                $name = COM_applyFilter($A['category_id']);
                $url = $_CONF['site_url'] . "/" . THIS_SCRIPT;
                $url .= "?";
                $url .= "id=" . $A['category_id'];
                $url .= "&amp;m=id";
                $url = COM_buildUrl($url);
                $retval = COM_createLink($name, $url);
                break;
            }
            //各項目
        //各項目
        default:
            $retval = $fieldvalue;
            break;
    }
    return $retval;
}
Esempio n. 16
0
/**
* Provide a block to switch languages
*
* Provides a drop-down menu (or simple link, if you only have two languages)
* to switch languages. This can be used as a PHP block or called from within
* your theme's header.thtml:
* <code>
* <?php print phpblock_switch_language(); ?>
* </code>
*
* @return   string  HTML for drop-down or link to switch languages
*
*/
function phpblock_switch_language()
{
    global $_CONF;
    $retval = '';
    if (empty($_CONF['languages']) || empty($_CONF['language_files']) || count($_CONF['languages']) != count($_CONF['language_files'])) {
        return $retval;
    }
    $lang = COM_getLanguage();
    $langId = COM_getLanguageId($lang);
    if (count($_CONF['languages']) == 2) {
        foreach ($_CONF['languages'] as $key => $value) {
            if ($key != $langId) {
                $newLang = $value;
                $newLangId = $key;
                break;
            }
        }
        $switchUrl = COM_buildUrl($_CONF['site_url'] . '/switchlang.php?lang=' . $newLangId);
        $retval .= COM_createLink($newLang, $switchUrl);
    } else {
        $retval .= '<form name="change" action="' . $_CONF['site_url'] . '/switchlang.php" method="get">' . LB;
        $retval .= '<input type="hidden" name="oldlang" value="' . $langId . '"' . XHTML . '>' . LB;
        $retval .= '<select onchange="change.submit()" name="lang">';
        foreach ($_CONF['languages'] as $key => $value) {
            if ($lang == $_CONF['language_files'][$key]) {
                $selected = ' selected="selected"';
            } else {
                $selected = '';
            }
            $retval .= '<option value="' . $key . '"' . $selected . '>' . $value . '</option>' . LB;
        }
        $retval .= '</select>' . LB;
        $retval .= '</form>' . LB;
    }
    return $retval;
}
Esempio n. 17
0
function PAGE_getListField($fieldname, $fieldvalue, $A, $icon_arr, $token)
{
    global $_CONF, $_USER, $LANG_ADMIN, $LANG_STATIC, $LANG_ACCESS, $_TABLES;
    $retval = '';
    $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    $enabled = $A['sp_status'] == 1 ? true : false;
    $dt = new Date('now', $_USER['tzid']);
    switch ($fieldname) {
        case 'edit':
            if ($access == 3) {
                $attr['title'] = $LANG_ADMIN['edit'];
                $retval = COM_createLink($icon_arr['edit'], $_CONF['site_admin_url'] . '/plugins/staticpages/index.php' . '?edit=x&amp;sp_id=' . $A['sp_id'], $attr);
            } else {
                $retval = $icon_arr['blank'];
            }
            break;
        case 'copy':
            if ($access >= 2) {
                $attr['title'] = $LANG_ADMIN['copy'];
                $retval = COM_createLink($icon_arr['copy'], $_CONF['site_admin_url'] . '/plugins/staticpages/index.php' . '?clone=x&amp;sp_id=' . $A['sp_id'], $attr);
            } else {
                $retval = $icon_arr['blank'];
            }
            break;
        case "sp_title":
            $sp_title = $A['sp_title'];
            if ($enabled) {
                $url = COM_buildUrl($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']);
                $retval = COM_createLink($sp_title, $url, array('title' => $LANG_STATIC['title_display']));
            } else {
                $retval = '<span class="disabledfield">' . $sp_title . '</span>';
            }
            break;
        case 'access':
            if ($access == 3) {
                $privs = $LANG_ACCESS['edit'];
            } else {
                $privs = $LANG_ACCESS['readonly'];
            }
            $retval = $enabled ? $privs : '<span class="disabledfield">' . $privs . '</span>';
            break;
        case "sp_uid":
            $owner = COM_getDisplayName($A['sp_uid']);
            $retval = $enabled ? $owner : '<span class="disabledfield">' . $owner . '</span>';
            break;
        case "sp_centerblock":
            if ($A['sp_centerblock']) {
                switch ($A['sp_where']) {
                    case '1':
                        $where = $LANG_STATIC['centerblock_top'];
                        break;
                    case '2':
                        $where = $LANG_STATIC['centerblock_feat'];
                        break;
                    case '3':
                        $where = $LANG_STATIC['centerblock_bottom'];
                        break;
                    default:
                        $where = $LANG_STATIC['centerblock_entire'];
                        break;
                }
            } else {
                $where = $LANG_STATIC['centerblock_no'];
            }
            $retval = $enabled ? $where : '<span class="disabledfield">' . $where . '</span>';
            break;
        case "unixdate":
            $dt->setTimestamp($A['unixdate']);
            $datetime = $dt->format($_CONF['daytime'], true);
            $retval = $enabled ? $datetime : '<span class="disabledfield">' . $datetime . '</span>';
            break;
        case 'delete':
            if ($access == 3) {
                $attr['title'] = $LANG_ADMIN['delete'];
                $attr['onclick'] = "return confirm('" . $LANG_STATIC['delete_confirm'] . "');";
                $retval = COM_createLink($icon_arr['delete'], $_CONF['site_admin_url'] . '/plugins/staticpages/index.php' . '?delete=x&amp;sp_id=' . $A['sp_id'] . '&amp;' . CSRF_TOKEN . '=' . $token, $attr);
            } else {
                $retval = $icon_arr['blank'];
            }
            break;
        case 'sp_status':
            if ($access == 3) {
                if ($enabled) {
                    $switch = ' checked="checked"';
                    $title = 'title="' . $LANG_ADMIN['disable'] . '" ';
                } else {
                    $title = 'title="' . $LANG_ADMIN['enable'] . '" ';
                    $switch = '';
                }
                $retval = '<input class="sp-enabler" type="checkbox" name="enabledstaticpages[' . $A['sp_id'] . ']" ' . $title . 'onclick="submit()" value="1"' . $switch . '/>';
                $retval .= '<input type="hidden" name="sp_idarray[' . $A['sp_id'] . ']" value="1" />';
            } else {
                $retval = $enabled ? $LANG_ACCESS['yes'] : $LANG_ACCESS['No'];
            }
            break;
        default:
            $retval = $enabled ? $fieldvalue : '<span class="disabledfield">' . $fieldvalue . '</span>';
            break;
    }
    return $retval;
}
Esempio n. 18
0
/**
 * Handles a comment edit submission
 *
 * @copyright Jared Wenerd 2008
 * @author Jared Wenerd, wenerd87 AT gmail DOT com
 * @param  string $mode whether to store edited comment in the queue
 * @return string HTML (possibly a refresh)
 */
function CMT_handleEditSubmit($mode = null)
{
    global $_CONF, $_TABLES, $_USER, $LANG03;
    $display = '';
    $type = COM_applyFilter($_POST['type']);
    $sid = COM_applyFilter($_POST['sid']);
    $cid = COM_applyFilter($_POST['cid']);
    $postmode = COM_applyFilter($_POST['postmode']);
    $commentuid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'");
    if (empty($_USER['uid'])) {
        $uid = 1;
    } else {
        $uid = $_USER['uid'];
    }
    // check for bad input
    if (empty($sid) || empty($_POST['title']) || empty($_POST['comment']) || !is_numeric($cid) || $cid < 1) {
        COM_errorLog("CMT_handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried to edit a comment with one or more missing values.");
        return COM_refresh($_CONF['site_url'] . '/index.php');
    } elseif ($uid != $commentuid && !SEC_hasRights('comment.moderate')) {
        //check permissions
        COM_errorLog("CMT_handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment without proper permission.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $comment = CMT_prepareText($_POST['comment'], $postmode, $type);
    $title = COM_checkWords(strip_tags(COM_stripslashes($_POST['title'])));
    if ($mode == $LANG03[35]) {
        $table = $_TABLES['commentsubmissions'];
    } else {
        $table = $_TABLES['comments'];
    }
    if (!empty($title) && !empty($comment)) {
        COM_updateSpeedlimit('comment');
        $title = addslashes($title);
        $comment = addslashes($comment);
        // save the comment into the table
        DB_query("UPDATE {$table} SET comment = '{$comment}', title = '{$title}'" . " WHERE cid={$cid} AND sid='{$sid}'");
        if (DB_error()) {
            //saving to non-existent comment or comment in wrong article
            COM_errorLog("CMT_handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit to a non-existent comment or the cid/sid did not match');
            return COM_refresh($_CONF['site_url'] . '/index.php');
        }
        //save edit information for published comment
        if ($mode != $LANG03[35]) {
            DB_save($_TABLES['commentedits'], 'cid,uid,time', "{$cid},{$uid},NOW()");
        } else {
            return COM_refresh(COM_buildUrl($_CONF['site_admin_url'] . "/moderation.php"));
        }
    } else {
        COM_errorLog("CMT_handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    return COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}"));
}
Esempio n. 19
0
 function _parseElement()
 {
     global $_SP_CONF, $_USER, $_TABLES, $LANG01, $_CONF, $_GROUPS;
     $returnArray = array();
     $childArray = array();
     $item_array = array();
     if ($this->active != 1 && $this->id != 0) {
         return NULL;
     }
     if ($this->group_id == 998 && !COM_isAnonUser()) {
         return NULL;
     }
     if (isset($_REQUEST['topic'])) {
         $topic = COM_applyFilter($_REQUEST['topic']);
     } else {
         $topic = '';
     }
     if (COM_isAnonUser()) {
         $anon = 1;
     } else {
         $anon = 0;
     }
     $allowed = true;
     if ($this->group_id != 998 && $this->id != 0 && !SEC_inGroup($this->group_id)) {
         return NULL;
     }
     if ($this->group_id == 1 && !isset($_GROUPS['Root'])) {
         return NULL;
     }
     switch ($this->type) {
         case ET_SUB_MENU:
             $this->replace_macros();
             break;
         case ET_FUSION_ACTION:
             switch ($this->subtype) {
                 case 0:
                     // home
                     $this->url = $_CONF['site_url'] . '/';
                     break;
                 case 1:
                     // contribute
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['submitloginrequired'])) {
                         return NULL;
                     }
                     if (empty($topic)) {
                         $this->url = $_CONF['site_url'] . '/submit.php?type=story';
                     } else {
                         $this->url = $_CONF['site_url'] . '/submit.php?type=story&amp;topic=' . $topic;
                     }
                     $label = $LANG01[71];
                     break;
                 case 2:
                     // directory
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['directoryloginrequired'])) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/directory.php';
                     if (!empty($topic)) {
                         $this->url = COM_buildUrl($this->url . '?topic=' . urlencode($topic));
                     }
                     break;
                 case 3:
                     // prefs
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['profileloginrequired'])) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/usersettings.php?mode=edit';
                     break;
                 case 4:
                     // search
                     if ($anon && ($_CONF['loginrequired'] || $_CONF['searchloginrequired'])) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/search.php';
                     break;
                 case 5:
                     // stats
                     if (!SEC_hasRights('stats.view')) {
                         return NULL;
                     }
                     $this->url = $_CONF['site_url'] . '/stats.php';
                     break;
                 default:
                     // unknown?
                     $this->url = $_CONF['site_url'] . '/';
                     break;
             }
             break;
         case ET_FUSION_MENU:
             $this->url = '';
             switch ($this->subtype) {
                 case USER_MENU:
                     // if anonymous user - show login entry
                     if (COM_isAnonUser()) {
                         $this->label = $LANG01[58];
                         $this->url = $_CONF['site_url'] . '/users.php';
                         $this->target = '';
                         break;
                     }
                     // logged-in user see My Account entry
                     $item_array = getUserMenu();
                     $this->label = $LANG01[47];
                     break;
                 case ADMIN_MENU:
                     $this->url = $_CONF['site_admin_url'];
                     $item_array = getAdminMenu();
                     break;
                 case TOPIC_MENU:
                     $item_array = getTopicMenu();
                     break;
                 case STATICPAGE_MENU:
                     $item_array = array();
                     $order = '';
                     if (!empty($_SP_CONF['sort_menu_by'])) {
                         $order = ' ORDER BY ';
                         if ($_SP_CONF['sort_menu_by'] == 'date') {
                             $order .= 'sp_date DESC';
                         } else {
                             if ($_SP_CONF['sort_menu_by'] == 'label') {
                                 $order .= 'sp_label';
                             } else {
                                 if ($_SP_CONF['sort_menu_by'] == 'title') {
                                     $order .= 'sp_title';
                                 } else {
                                     // default to "sort by id"
                                     $order .= 'sp_id';
                                 }
                             }
                         }
                     }
                     $result = DB_query('SELECT sp_id, sp_label FROM ' . $_TABLES['staticpage'] . ' WHERE sp_onmenu = 1 AND sp_status = 1' . COM_getPermSql('AND') . $order);
                     $nrows = DB_numRows($result);
                     $menuitems = array();
                     for ($i = 0; $i < $nrows; $i++) {
                         $A = DB_fetchArray($result);
                         $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']);
                         $label = $A['sp_label'];
                         $item_array[] = array('label' => $label, 'url' => $url);
                     }
                     break;
                 case PLUGIN_MENU:
                     $item_array = array();
                     $plugin_menu = PLG_getMenuItems();
                     if (count($plugin_menu) == 0) {
                         $this->access = 0;
                     } else {
                         for ($i = 1; $i <= count($plugin_menu); $i++) {
                             $url = current($plugin_menu);
                             $label = key($plugin_menu);
                             $item_array[] = array('label' => $label, 'url' => $url);
                             next($plugin_menu);
                         }
                     }
                     break;
                 case HEADER_MENU:
                 default:
             }
             break;
         case ET_PLUGIN:
             $plugin_menus = _mbPLG_getMenuItems();
             if (isset($plugin_menus[$this->subtype])) {
                 $this->url = $plugin_menus[$this->subtype];
             } else {
                 $this->access = 0;
                 $allowed = 0;
             }
             break;
         case ET_STATICPAGE:
             $this->url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $this->subtype);
             break;
         case ET_URL:
             $this->replace_macros();
             break;
         case ET_PHP:
             $functionName = $this->subtype;
             if (function_exists($functionName)) {
                 $item_array = $functionName();
             }
             break;
         case ET_TOPIC:
             $this->url = $_CONF['site_url'] . '/index.php?topic=' . $this->subtype;
             break;
         default:
             break;
     }
     if ($this->id != 0 && $this->group_id == 998 && SEC_inGroup('Root')) {
         return NULL;
     }
     if ($allowed == 0 || $this->access == 0) {
         return NULL;
     }
     if ($this->type == ET_FUSION_MENU || $this->type == ET_PHP) {
         $childArray = $item_array;
     } else {
         if (!empty($this->children)) {
             $howmany = $this->getChildcount();
             if ($howmany > 0) {
                 $children = $this->getChildren();
                 foreach ($children as $child) {
                     $elementArray = $child->_parseElement();
                     if ($elementArray != NULL) {
                         $childArray[] = $elementArray;
                     }
                 }
             }
         } else {
             $childArray = NULL;
         }
     }
     $returnArray = array('label' => $this->label, 'url' => $this->url, 'target' => $this->target, 'children' => is_array($childArray) ? $childArray : NULL);
     return $returnArray;
 }
Esempio n. 20
0
function phpblock_storypicker()
{
    global $_TABLES, $_CONF, $topic;
    $LANG_STORYPICKER = array('choose' => 'Choose a story');
    $max_stories = 5;
    //how many stories to display in the list
    $topicsql = '';
    $sid = '';
    if (isset($_GET['story'])) {
        $sid = COM_applyFilter($_GET['story']);
        $stopic = DB_getItem($_TABLES['stories'], 'tid', 'sid = \'' . DB_escapeString($sid) . '\'');
        if (!empty($stopic)) {
            $topic = $stopic;
        } else {
            $sid = '';
        }
    }
    if (empty($topic)) {
        if (isset($_GET['topic'])) {
            $topic = COM_applyFilter($_GET['topic']);
        } elseif (isset($_POST['topic'])) {
            $topic = COM_applyFilter($_POST['topic']);
        } else {
            $topic = '';
        }
    }
    if (!empty($topic)) {
        $topicsql = " AND tid = '" . DB_escapeString($topic) . "'";
    }
    if (empty($topicsql)) {
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
        if (empty($topic)) {
            $topicsql = '';
        } else {
            $topicsql = " AND tid <> '" . DB_escapeString($topic) . "'";
        }
    }
    $sql = 'SELECT sid, title FROM ' . $_TABLES['stories'] . ' WHERE draft_flag = 0 AND date <= now()' . COM_getPermSQL(' AND') . COM_getTopicSQL(' AND') . $topicsql . ' ORDER BY date DESC LIMIT ' . $max_stories;
    $res = DB_query($sql);
    $list = '';
    while ($A = DB_fetchArray($res)) {
        $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
        $list .= '<li><a href=' . $url . '>' . htmlspecialchars(COM_truncate($A['title'], 41, '...')) . "</a></li>\n";
    }
    return $list;
}
Esempio n. 21
0
/**
 * article: delete a comment
 *
 * @param   int    $cid Comment to be deleted
 * @param   string $id  Item id to which $cid belongs
 * @return  mixed   false for failure, HTML string (redirect?) for success
 */
function plugin_deletecomment_article($cid, $id)
{
    global $_CONF, $_TABLES, $_USER;
    $retval = '';
    $has_editPermissions = SEC_hasRights('story.edit');
    $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '{$id}'");
    $A = DB_fetchArray($result);
    if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
        CMT_deleteComment($cid, $id, 'article');
        $comments = DB_count($_TABLES['comments'], 'sid', $id);
        DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
        // Comment count in Older Stories block may have changed so delete cache
        $cacheInstance = 'olderstories__';
        // remove all olderstories instances
        CACHE_remove_instance($cacheInstance);
        COM_redirect(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
    } else {
        COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) " . "tried to illegally delete comment {$cid} from {$id}");
        COM_redirect($_CONF['site_url'] . '/index.php');
    }
    return $retval;
}
Esempio n. 22
0
/**
* Return information for a story
*
* This is the story equivalent of PLG_getItemInfo. See lib-plugins.php for
* details.
*
* @param    string  $sid        story ID or '*'
* @param    string  $what       comma-separated list of story properties
* @param    int     $uid        user ID or 0 = current user
* @param    array   $options    (reserved for future extensions)
* @return   mixed               string or array of strings with the information
*
*/
function STORY_getItemInfo($sid, $what, $uid = 0, $options = array())
{
    global $_CONF, $_TABLES;
    // parse $what to see what we need to pull from the database
    $properties = explode(',', $what);
    $fields = array();
    foreach ($properties as $p) {
        switch ($p) {
            case 'date-created':
                $fields[] = 'UNIX_TIMESTAMP(date) AS unixdate';
                break;
            case 'description':
                $fields[] = 'introtext';
                $fields[] = 'bodytext';
                break;
            case 'excerpt':
                $fields[] = 'introtext';
                break;
            case 'feed':
                $fields[] = 'tid';
                break;
            case 'id':
                $fields[] = 'sid';
                break;
            case 'title':
                $fields[] = 'title';
                break;
            case 'url':
                // needed for $sid == '*', but also in case we're only requesting
                // the URL (so that $fields isn't emtpy)
                $fields[] = 'sid';
                break;
            default:
                // nothing to do
                break;
        }
    }
    $fields = array_unique($fields);
    if (count($fields) == 0) {
        $retval = array();
        return $retval;
    }
    // prepare SQL request
    if ($sid == '*') {
        $where = ' WHERE';
    } else {
        $where = " WHERE (sid = '" . addslashes($sid) . "') AND";
    }
    $where .= ' (draft_flag = 0) AND (date <= NOW())';
    if ($uid > 0) {
        $permSql = COM_getPermSql('AND', $uid) . COM_getTopicSql('AND', $uid);
    } else {
        $permSql = COM_getPermSql('AND') . COM_getTopicSql('AND');
    }
    $sql = "SELECT " . implode(',', $fields) . " FROM {$_TABLES['stories']}" . $where . $permSql;
    if ($sid != '*') {
        $sql .= ' LIMIT 1';
    }
    $result = DB_query($sql);
    $numRows = DB_numRows($result);
    $retval = array();
    for ($i = 0; $i < $numRows; $i++) {
        $A = DB_fetchArray($result);
        $props = array();
        foreach ($properties as $p) {
            switch ($p) {
                case 'date-created':
                    $props['date-created'] = $A['unixdate'];
                    break;
                case 'description':
                    $props['description'] = trim(PLG_replaceTags(stripslashes($A['introtext']) . ' ' . stripslashes($A['bodytext'])));
                    break;
                case 'excerpt':
                    $excerpt = stripslashes($A['introtext']);
                    if (!empty($A['bodytext'])) {
                        $excerpt .= "\n\n" . stripslashes($A['bodytext']);
                    }
                    $props['excerpt'] = trim(PLG_replaceTags($excerpt));
                    break;
                case 'feed':
                    $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "topic = '::all'");
                    if (empty($feedfile)) {
                        $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "topic = '::frontpage'");
                    }
                    if (empty($feedfile)) {
                        $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "topic = '{$A['tid']}'");
                    }
                    if (empty($feedfile)) {
                        $props['feed'] = '';
                    } else {
                        $props['feed'] = SYND_getFeedUrl($feedfile);
                    }
                    break;
                case 'id':
                    $props['id'] = $A['sid'];
                    break;
                case 'title':
                    $props['title'] = stripslashes($A['title']);
                    break;
                case 'url':
                    if (empty($A['sid'])) {
                        $props['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
                    } else {
                        $props['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
                    }
                    break;
                default:
                    // return empty string for unknown properties
                    $props[$p] = '';
                    break;
            }
        }
        $mapped = array();
        foreach ($props as $key => $value) {
            if ($sid == '*') {
                if ($value != '') {
                    $mapped[$key] = $value;
                }
            } else {
                $mapped[] = $value;
            }
        }
        if ($sid == '*') {
            $retval[] = $mapped;
        } else {
            $retval = $mapped;
            break;
        }
    }
    if ($sid != '*' && count($retval) == 1) {
        $retval = $retval[0];
    }
    return $retval;
}
Esempio n. 23
0
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @return   string          HTML for user profile page
*
*/
function userprofile()
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN;
    // @param    int     $user   User ID of profile to get
    // @param    int     $msg    Message to display (if != 0)
    // @param    string  $plugin optional plugin name for message
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        return $retval;
    }
    if (isset($_GET['uid'])) {
        $user = COM_applyFilter($_GET['uid'], true);
        if (!is_numeric($user) || $user < 2) {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
    } else {
        if (isset($_GET['username'])) {
            $username = $_GET['username'];
            if (!USER_validateUsername($username, 1)) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
            if (empty($username) || $username == '') {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
            $username = DB_escapeString($username);
            $user = DB_getItem($_TABLES['users'], 'uid', "username = '******'");
            if ($user < 2) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
        } else {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
    }
    $msg = 0;
    if (isset($_GET['msg'])) {
        $msg = COM_applyFilter($_GET['msg'], true);
    }
    $plugin = '';
    if ($msg > 0 && isset($_GET['plugin'])) {
        $plugin = COM_applyFilter($_GET['plugin']);
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        // no such user
        echo COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
        COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
    }
    $display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt());
    if ($msg > 0) {
        $retval .= COM_showMessage($msg, $plugin, '', 0, 'info');
    }
    // format date/time to user preference
    $curtime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $curtime[0];
    $user_templates = new Template($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('layout_url', $_CONF['layout_url']);
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    $user_templates->set_var('tooltip', COM_getTooltipStyle());
    if ($_CONF['show_fullname'] == 1) {
        if (empty($A['fullname'])) {
            $username = $A['username'];
            $fullname = '';
        } else {
            $username = $A['fullname'];
            $fullname = $A['username'];
        }
    } else {
        $username = $A['username'];
        $fullname = '';
    }
    $username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt());
    $fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt());
    if ($A['status'] == USER_ACCOUNT_DISABLED) {
        $username = sprintf('%s - %s', $username, $LANG28[42]);
        if (!empty($fullname)) {
            $fullname = sprintf('% - %s', $fullname, $LANG28[42]);
        }
    }
    $user_templates->set_var('username', $username);
    $user_templates->set_var('user_fullname', $fullname);
    if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) {
        global $_IMAGE_TYPE, $LANG_ADMIN;
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
        if ($_USER['uid'] == $A['uid']) {
            $edit_url = "{$_CONF['site_url']}/usersettings.php";
        } else {
            $edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&amp;uid={$A['uid']}";
        }
        $edit_link_url = COM_createLink($edit_icon, $edit_url);
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_url);
    } else {
        $user_templates->set_var('user_edit', '');
    }
    if (isset($A['photo']) && empty($A['photo'])) {
        $A['photo'] = '(none)';
        // user does not have a photo
    }
    $lastlogin = $A['lastlogin'];
    $lasttime = COM_getUserDateTimeFormat($lastlogin);
    $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    if ($_CONF['lastlogin'] && $A['showonline']) {
        $user_templates->set_var('lang_lastlogin', $LANG28[35]);
        if (!empty($lastlogin)) {
            $user_templates->set_var('user_lastlogin', $lasttime[0]);
        } else {
            $user_templates->set_var('user_lastlogin', $LANG28[36]);
        }
    }
    if ($A['showonline']) {
        if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) {
            $user_templates->set_var('online', 'online');
        }
    }
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $user);
    if ($A['email'] == '' || $A['emailfromuser'] == 0) {
        $user_templates->set_var('email_option', '');
    } else {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_online', $LANG04[160]);
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', nl2br($A['about']));
    $user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml'));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    }
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name);
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name);
    }
    $user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name);
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
    $nrows = DB_numRows($result);
    $tids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $T = DB_fetchArray($result);
        $tids[] = $T['tid'];
    }
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (sizeof($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
    } else {
        $nrows = 0;
    }
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => '')));
            $storytime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storytime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
    }
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        // list of last 10 comments by this user
        $sidArray = array();
        if (sizeof($tids) > 0) {
            // first, get a list of all stories the current visitor has access to
            $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
            $result = DB_query($sql);
            $numsids = DB_numRows($result);
            for ($i = 1; $i <= $numsids; $i++) {
                $S = DB_fetchArray($result);
                $sidArray[] = $S['sid'];
            }
        }
        $sidList = implode("', '", $sidArray);
        $sidList = "'{$sidList}'";
        // then, find all comments by the user in those stories
        $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
        // SQL NOTE:  Using a HAVING clause is usually faster than a where if the
        // field is part of the select
        // if (!empty ($sidList)) {
        //     $sql .= " AND (sid in ($sidList))";
        // }
        if (!empty($sidList)) {
            $sql .= " HAVING sid in ({$sidList})";
        }
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            for ($i = 0; $i < $nrows; $i++) {
                $C = DB_fetchArray($result);
                $user_templates->set_var('cssid', $i % 2 + 1);
                $user_templates->set_var('row_number', $i + 1 . '.');
                $C['title'] = str_replace('$', '&#36;', $C['title']);
                $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
                $user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => '')));
                $commenttime = COM_getUserDateTimeFormat($C['unixdate']);
                $user_templates->set_var('comment_date', $commenttime[0]);
                $user_templates->parse('comment_row', 'row', true);
            }
        } else {
            $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
        }
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('lang_number_comments', $LANG04[85]);
        $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")";
        if (!empty($sidList)) {
            $sql .= " AND (sid in ({$sidList}))";
        }
        $result = DB_query($sql);
        $N = DB_fetchArray($result);
        $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
        $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    }
    // hook to the profile icon display
    $profileIcons = PLG_profileIconDisplay($user);
    if (is_array($profileIcons) && count($profileIcons) > 0) {
        $user_templates->set_block('profile', 'profileicon', 'pi');
        for ($x = 0; $x < count($profileIcons); $x++) {
            if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') {
                $user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']);
                $user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']);
                $user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']);
                $user_templates->parse('pi', 'profileicon', true);
            }
        }
    }
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($user));
    }
    PLG_profileVariablesDisplay($user, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($user);
    return $retval;
}
Esempio n. 24
0
/**
 * Handles a comment delete
 *
 * @copyright Vincent Furia 2005
 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
 * @return string HTML (possibly a refresh)
 */
function handleDelete($formtype)
{
    global $_CONF, $_TABLES;
    $display = '';
    if ($formtype == 'editsubmission') {
        DB_delete($_TABLES['commentsubmissions'], 'cid', COM_applyFilter($_REQUEST['cid'], true));
        $display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
    } else {
        $type = COM_applyFilter($_REQUEST['type']);
        $sid = COM_applyFilter($_REQUEST['sid']);
        switch ($type) {
            case 'article':
                $has_editPermissions = SEC_hasRights('story.edit');
                $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
                $A = DB_fetchArray($result);
                if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
                    CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true), $sid, 'article');
                    $comments = DB_count($_TABLES['comments'], 'sid', $sid);
                    DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
                    $display .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}") . '#comments');
                } else {
                    COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
                    $display .= COM_refresh($_CONF['site_url'] . '/index.php');
                }
                break;
            default:
                // assume plugin
                if (!($display = PLG_commentDelete($type, COM_applyFilter($_REQUEST['cid'], true), $sid))) {
                    $display = COM_refresh($_CONF['site_url'] . '/index.php');
                }
                break;
        }
    }
    return $display;
}
Esempio n. 25
0
/**
* Prepare a banner item for rendering
*
* @param    array   $A          banner details
* @param    ref     $template   reference of the banner template
*
*/
function prepare_banner_item($A, &$template)
{
    global $_CONF, $_USER, $LANG_ADMIN, $LANG_BANNER, $_IMAGE_TYPE, $LANG_DIRECTION;
    $url = COM_buildUrl($_CONF['site_url'] . '/banner/portal.php?what=banner&amp;item=' . $A['bid']);
    $template->set_var('banner_url', $url);
    $template->set_var('banner_actual_url', $A['url']);
    $template->set_var('banner_actual_url_encoded', urlencode($A['url']));
    $template->set_var('banner_name', stripslashes($A['title']));
    $template->set_var('banner_name_encoded', urlencode($A['title']));
    $template->set_var('banner_hits', COM_numberFormat($A['hits']));
    $content = stripslashes($A['title']);
    $template->set_var('banner_html', $content);
    if (!COM_isAnonUser() && !SEC_hasRights('banner.edit')) {
        $reporturl = $_CONF['site_url'] . '/banner/index.php?mode=report&amp;bid=' . $A['bid'];
        $template->set_var('banner_broken', COM_createLink($LANG_BANNER[117], $reporturl, array('class' => 'pluginSmallText', 'rel' => 'nofollow')));
    } else {
        $template->set_var('banner_broken', '');
    }
    $bannerimg = nl2br(stripslashes($A['description']));
    $flg_link = empty($A['url']) ? false : true;
    $banner = banner_buildBanner($A['bid'], $content, $bannerimg, $flg_link);
    $template->set_var('banner_description', $banner);
    if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && SEC_hasRights('banner.edit')) {
        $editurl = $_CONF['site_admin_url'] . '/plugins/banner/index.php?mode=edit&amp;bid=' . $A['bid'];
        $template->set_var('banner_edit', COM_createLink($LANG_ADMIN['edit'], $editurl));
        $edit_icon = "<img src=\"{$_CONF['layout_url']}/images/edit.{$_IMAGE_TYPE}\" " . "alt=\"{$LANG_ADMIN['edit']}\" title=\"{$LANG_ADMIN['edit']}\"" . XHTML . ">";
        $attr = array('class' => 'editlink');
        $template->set_var('edit_icon', COM_createLink($edit_icon, $editurl, $attr));
    } else {
        $template->set_var('banner_edit', '');
        $template->set_var('edit_icon', '');
    }
}
Esempio n. 26
0
 public function parse($p1, $p2 = '', $fulltag)
 {
     global $_CONF, $_TABLES, $_USER, $LANG01;
     USES_lib_comments();
     $retval = '';
     $skip = 0;
     $dt = new Date('now', $_USER['tzid']);
     // topic = specific topic or 'all'
     // display = how many stories to display, if 0, then all
     // meta = show meta data (i.e.; who when etc)
     // titleLink - make title a hot link
     // featured - 0 = show all, 1 = only featured, 2 = all except featured
     // frontpage - 1 = show only items marked for frontpage - 0 = show all
     // cols - number of columns to show
     // template - the template name
     $topic = $p1;
     if ($topic == 'all') {
         $topic = '';
     }
     $uniqueID = md5($p1 . $p2);
     $display = 10;
     // display 10 articles
     $meta = 0;
     // do not display meta data
     $titleLink = 0;
     // do not use links in title
     $featured = 0;
     // 0 = show all, 1 = only featured, 2 = all except featured
     $frontpage = 0;
     // only show items marked for frontpage
     $cols = 3;
     // number of columns
     $truncate = 0;
     // maximum number of characters to include in story text
     $template = 'headlines.thtml';
     $px = explode(' ', trim($p2));
     if (is_array($px)) {
         foreach ($px as $part) {
             if (substr($part, 0, 8) == 'display:') {
                 $a = explode(':', $part);
                 $display = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 5) == 'meta:') {
                 $a = explode(':', $part);
                 $meta = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 10) == 'titlelink:') {
                 $a = explode(':', $part);
                 $titleLink = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'featured:') {
                 $a = explode(':', $part);
                 $featured = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 10) == 'frontpage:') {
                 $a = explode(':', $part);
                 $frontpage = (int) $a[1];
                 $skip++;
             } elseif (substr($part, 0, 5) == 'cols:') {
                 $a = explode(':', $part);
                 $cols = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'template:') {
                 $a = explode(':', $part);
                 $template = $a[1];
                 $skip++;
             } elseif (substr($part, 0, 9) == 'truncate:') {
                 $a = explode(':', $part);
                 $truncate = (int) $a[1];
                 $skip++;
             } else {
                 break;
             }
         }
         if ($skip != 0) {
             if (count($px) > $skip) {
                 for ($i = 0; $i < $skip; $i++) {
                     array_shift($px);
                 }
                 $caption = trim(implode(' ', $px));
             } else {
                 $caption = '';
             }
         }
     } else {
         $caption = trim($p2);
     }
     if ($display < 0) {
         $display = 3;
     }
     $hash = CACHE_security_hash();
     $instance_id = 'whatsnew_headlines_' . $uniqueID . '_' . $hash . '_' . $_USER['theme'];
     if (($cache = CACHE_check_instance($instance_id, 0)) !== FALSE) {
         return $cache;
     }
     $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
     $sql = " (date <= NOW()) AND (draft_flag = 0)";
     if (empty($topic)) {
         $sql .= COM_getLangSQL('tid', 'AND', 's');
     }
     // if a topic was provided only select those stories.
     if (!empty($topic)) {
         $sql .= " AND s.tid = '" . DB_escapeString($topic) . "' ";
     }
     if ($featured == 1) {
         $sql .= " AND s.featured = 1 ";
     } else {
         if ($featured == 2) {
             $sql .= " AND s.featured = 0 ";
         }
     }
     if ($frontpage == 1) {
         $sql .= " AND frontpage = 1 ";
     }
     if ($topic != $archivetid) {
         $sql .= " AND s.tid != '{$archivetid}' ";
     }
     $sql .= COM_getPermSQL('AND', 0, 2, 's');
     $sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
     $userfields = 'u.uid, u.username, u.fullname';
     if ($_CONF['allow_user_photo'] == 1) {
         $userfields .= ', u.photo';
         if ($_CONF['use_gravatar']) {
             $userfields .= ', u.email';
         }
     }
     $orderBy = ' date DESC ';
     $headlinesSQL = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql . "ORDER BY featured DESC," . $orderBy;
     if ($display > 0) {
         $headlinesSQL .= " LIMIT " . $display;
     }
     $result = DB_query($headlinesSQL);
     $numRows = DB_numRows($result);
     if ($numRows < $cols) {
         $cols = $numRows;
     }
     if ($cols > 6) {
         $cols = 6;
     }
     if ($numRows > 0) {
         $T = new Template($_CONF['path'] . 'system/autotags/');
         $T->set_file('page', $template);
         $T->set_var('columns', $cols);
         $T->set_block('page', 'headlines', 'hl');
         $newstories = array();
         while ($A = DB_fetchArray($result)) {
             $T->unset_var('readmore_url');
             $T->unset_var('lang_readmore');
             if ($A['attribution_author'] != '') {
                 $author = $A['attribution_author'];
             } else {
                 $author = $A['username'];
             }
             $title = COM_undoSpecialChars($A['title']);
             $title = str_replace('&nbsp;', ' ', $title);
             $subtitle = COM_undoSpecialChars($A['subtitle']);
             if ($A['story_image'] != '') {
                 $story_image = $_CONF['site_url'] . $A['story_image'];
             } else {
                 $story_image = '';
             }
             $A['introtext'] = STORY_renderImages($A['sid'], $A['introtext']);
             if (!empty($A['bodytext'])) {
                 $closingP = strrpos($A['introtext'], "</p>");
                 if ($closingP !== FALSE) {
                     $text = substr($A['introtext'], 0, $closingP);
                     $A['introtext'] = $text;
                 }
                 // adds the read more link
                 $T->set_var('readmore_url', COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']));
                 $T->set_var('lang_readmore', $LANG01['continue_reading']);
             }
             if ($truncate > 0) {
                 $A['introtext'] = $this->truncateHTML($A['introtext'], $truncate, '...');
             }
             $topicurl = $_CONF['site_url'] . '/index.php?topic=' . $A['tid'];
             $dt->setTimestamp($A['unixdate']);
             if ($A['commentcode'] >= 0) {
                 $cmtLinkArray = CMT_getCommentLinkWithCount('article', $A['sid'], $_CONF['site_url'] . '/article.php?story=' . $A['sid'], $A['comments'], 1);
                 $T->set_var(array('lang_comments' => '', 'comments_count' => $cmtLinkArray['comment_count'], 'comments_url' => $cmtLinkArray['url'], 'comments_url_extra' => $cmtLinkArray['url_extra']));
             } else {
                 $T->unset_var('lang_comments');
                 $T->unset_var('comments_count');
                 $T->unset_var('comments_url');
                 $T->unset_var('comments_url_extra');
             }
             $T->set_var(array('titlelink' => $titleLink ? TRUE : '', 'meta' => $meta ? TRUE : '', 'lang_by' => $LANG01[95], 'lang_posted_in' => $LANG01['posted_in'], 'story_topic_url' => $topicurl, 'title' => $title, 'subtitle' => $subtitle, 'story_image' => $story_image, 'text' => PLG_replaceTags($A['introtext']), 'date' => $A['date'], 'time' => $dt->format('Y-m-d', true) . 'T' . $dt->format('H:i:s', true), 'topic' => $A['topic'], 'tid' => $A['tid'], 'author' => $author, 'author_id' => $A['uid'], 'sid' => $A['sid'], 'short_date' => $dt->format($_CONF['shortdate'], true), 'date_only' => $dt->format($_CONF['dateonly'], true), 'date' => $dt->format($dt->getUserFormat(), true), 'url' => COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']), 'attribution_url' => $A['attribution_url'], 'attribution_name' => $A['attribution_name']));
             $T->parse('hl', 'headlines', true);
         }
         $retval = $T->finish($T->parse('output', 'page'));
         CACHE_create_instance($instance_id, $retval, 0);
     }
     return $retval;
 }
Esempio n. 27
0
/**
* Display form to email a story to someone.
*
* @param    string  $sid    ID of article to email
* @return   string          HTML for email story form
*
*/
function mailstoryform($sid, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN;
    require_once $_CONF['path_system'] . 'lib-story.php';
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
        $retval = COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
        $login = new Template($_CONF['path_layout'] . 'submit');
        $login->set_file(array('login' => 'submitloginrequired.thtml'));
        $login->set_var('xhtml', XHTML);
        $login->set_var('site_url', $_CONF['site_url']);
        $login->set_var('site_admin_url', $_CONF['site_admin_url']);
        $login->set_var('layout_url', $_CONF['layout_url']);
        $login->set_var('login_message', $LANG_LOGIN[2]);
        $login->set_var('lang_login', $LANG_LOGIN[3]);
        $login->set_var('lang_newuser', $LANG_LOGIN[4]);
        $login->parse('output', 'login');
        $retval .= $login->finish($login->get_var('output'));
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        return $retval;
    }
    $story = new Story();
    $result = $story->loadFromDatabase($sid, 'view');
    if ($result != STORY_LOADED_OK) {
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    if ($msg > 0) {
        $retval .= COM_showMessage($msg);
    }
    if (empty($from) && empty($fromemail)) {
        if (!COM_isAnonUser()) {
            $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
            $fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
        }
    }
    $mail_template = new Template($_CONF['path_layout'] . 'profiles');
    $mail_template->set_file('form', 'contactauthorform.thtml');
    $mail_template->set_var('xhtml', XHTML);
    $mail_template->set_var('site_url', $_CONF['site_url']);
    $mail_template->set_var('site_admin_url', $_CONF['site_admin_url']);
    $mail_template->set_var('layout_url', $_CONF['layout_url']);
    $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
    $mail_template->set_var('lang_title', $LANG08[31]);
    $mail_template->set_var('story_title', $story->displayElements('title'));
    $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
    $mail_template->set_var('story_url', $url);
    $link = COM_createLink($story->displayElements('title'), $url);
    $mail_template->set_var('story_link', $link);
    $mail_template->set_var('lang_fromname', $LANG08[20]);
    $mail_template->set_var('name', $from);
    $mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
    $mail_template->set_var('email', $fromemail);
    $mail_template->set_var('lang_toname', $LANG08[18]);
    $mail_template->set_var('toname', $to);
    $mail_template->set_var('lang_toemailaddress', $LANG08[19]);
    $mail_template->set_var('toemail', $toemail);
    $mail_template->set_var('lang_cc', $LANG08[36]);
    $mail_template->set_var('lang_cc_description', $LANG08[37]);
    $mail_template->set_var('lang_shortmessage', $LANG08[27]);
    $mail_template->set_var('shortmsg', htmlspecialchars($shortmsg));
    $mail_template->set_var('lang_warning', $LANG08[22]);
    $mail_template->set_var('lang_sendmessage', $LANG08[16]);
    $mail_template->set_var('story_id', $sid);
    $mail_template->set_var('end_block', COM_endBlock());
    PLG_templateSetVars('emailstory', $mail_template);
    $mail_template->parse('output', 'form');
    $retval .= $mail_template->finish($mail_template->get_var('output'));
    return $retval;
}
Esempio n. 28
0
/**
* Return a canonical link
*
* @param    string  $dir_topic  current topic or 'all'
* @param    int     $year   current year
* @param    int     $month  current month
* @return   string          <link rel="canonical"> tag
*
*/
function DIR_canonicalLink($dir_topic, $year = 0, $month = 0)
{
    global $_CONF;
    $script = $_CONF['site_url'] . '/' . THIS_SCRIPT;
    $tp = '?topic=' . urlencode($dir_topic);
    $parts = '';
    if ($year != 0 && $month != 0) {
        $parts .= "&amp;year={$year}&amp;month={$month}";
    } elseif ($year != 0) {
        $parts .= "&amp;year={$year}";
    } elseif ($dir_topic == 'all') {
        $tp = '';
    }
    $url = COM_buildUrl($script . $tp . $parts);
    return '<link rel="canonical" href="' . $url . '"' . XHTML . '>' . LB;
}
Esempio n. 29
0
 /**
  * CallBack function for the ListFactory class
  *
  * This function gets called by the ListFactory class and formats
  * each row accordingly for example pulling usernames from the
  * users table and displaying a link to their profile.
  *
  * @author Sami Barakat <s.m.barakat AT gmail DOT com>
  * @access public
  * @param array $row An array of plain data to format
  * @return array A reformatted version of the input array
  *
  */
 function searchFormatCallBack($preSort, $row)
 {
     global $_CONF, $_USER;
     $dt = new Date('now', $_USER['tzid']);
     if ($preSort) {
         $row[SQL_TITLE] = is_array($row[SQL_TITLE]) ? implode($_CONF['search_separator'], $row[SQL_TITLE]) : $row[SQL_TITLE];
         if (is_numeric($row['uid'])) {
             if (empty($this->_names[$row['uid']])) {
                 $this->_names[$row['uid']] = htmlspecialchars(COM_getDisplayName($row['uid']));
                 if ($row['uid'] != 1) {
                     $this->_names[$row['uid']] = COM_createLink($this->_names[$row['uid']], $_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $row['uid']);
                 }
             }
             $row['uid'] = $this->_names[$row['uid']];
         }
     } else {
         $row[SQL_TITLE] = COM_createLink($row[SQL_TITLE], $this->_searchURL . '&amp;type=' . $row[SQL_NAME] . '&amp;mode=search');
         $row['url'] = ($row['url'][0] == '/' ? $_CONF['site_url'] : '') . $row['url'];
         if ($this->_url_rewrite[$row[SQL_NAME]]) {
             $row['url'] = COM_buildUrl($row['url']);
         }
         if ($row['title'] == '') {
             $row['title'] = $row[SQL_TITLE];
         }
         $row['title'] = $row['title'];
         // $this->_shortenText($this->_query, $row['title'], 6);
         $row['title'] = str_replace('$', '&#36;', $row['title']);
         $row['title'] = COM_createLink($row['title'], $row['url']);
         if ($row['description'] == '') {
             $row['description'] = $_CONF['search_no_data'];
         } else {
             $row['description'] = $row['description'];
         }
         if ($row['description'] != $_CONF['search_no_data']) {
             $row['description'] = $this->_shortenText($this->_query, $row['description'], $this->_wordlength);
         }
         $dt->setTimestamp($row['date']);
         $row['date'] = $dt->format($_CONF['daytime'], true);
         $row['hits'] = COM_NumberFormat($row['hits']) . ' ';
         // simple solution to a silly problem!
     }
     return $row;
 }
Esempio n. 30
0
/**
* This function will allow plugins to support the use of custom autolinks
* in other site content. Plugins can now use this API when saving content
* and have the content checked for any autolinks before saving.
* The autolink would be like:  [story:20040101093000103 here]
*
* @param   string   $content   Content that should be parsed for autolinks
* @param    string  $namespace Optional Namespace or plugin name collecting tag info
* @param    string  $operation Optional Operation being performed
* @param   string   $plugin    Optional if you only want to parse using a specific plugin
*
*/
function PLG_replaceTags($content, $namespace = '', $operation = '', $plugin = '')
{
    global $_CONF, $_TABLES, $_BLOCK_TEMPLATE, $LANG32, $_AUTOTAGS, $mbMenu, $autoTagUsage;
    if (isset($_CONF['disable_autolinks']) && $_CONF['disable_autolinks'] == 1) {
        // autolinks are disabled - return $content unchanged
        return $content;
    }
    static $recursionCount = 0;
    if ($recursionCount > 5) {
        COM_errorLog("AutoTag infinite recursion detected on " . $namespace . " " . $operation);
        return $content;
    }
    $autolinkModules = PLG_collectTags();
    $autoTagUsage = PLG_autoTagPerms();
    if (!empty($namespace) && !empty($operation)) {
        $postFix = '.' . $namespace . '.' . $operation;
    } else {
        $postFix = '';
    }
    // For each supported module, scan the content looking for any AutoLink tags
    $tags = array();
    $contentlen = utf8_strlen($content);
    $content_lower = utf8_strtolower($content);
    foreach ($autolinkModules as $moduletag => $module) {
        $autotag_prefix = '[' . $moduletag . ':';
        $offset = 0;
        $prev_offset = 0;
        while ($offset < $contentlen) {
            $start_pos = utf8_strpos($content_lower, $autotag_prefix, $offset);
            if ($start_pos === false) {
                break;
            } else {
                $end_pos = utf8_strpos($content_lower, ']', $start_pos);
                $next_tag = utf8_strpos($content_lower, '[', $start_pos + 1);
                if ($end_pos > $start_pos and ($next_tag === false or $end_pos < $next_tag)) {
                    $taglength = $end_pos - $start_pos + 1;
                    $tag = utf8_substr($content, $start_pos, $taglength);
                    $parms = explode(' ', $tag);
                    // Extra test to see if autotag was entered with a space
                    // after the module name
                    if (utf8_substr($parms[0], -1) == ':') {
                        $startpos = utf8_strlen($parms[0]) + utf8_strlen($parms[1]) + 2;
                        $label = str_replace(']', '', utf8_substr($tag, $startpos));
                        $tagid = $parms[1];
                    } else {
                        $label = str_replace(']', '', utf8_substr($tag, utf8_strlen($parms[0]) + 1));
                        $parms = explode(':', $parms[0]);
                        if (count($parms) > 2) {
                            // whoops, there was a ':' in the tag id ...
                            array_shift($parms);
                            $tagid = implode(':', $parms);
                        } else {
                            $tagid = $parms[1];
                        }
                    }
                    $newtag = array('module' => $module, 'tag' => $moduletag, 'tagstr' => $tag, 'startpos' => $start_pos, 'length' => $taglength, 'parm1' => str_replace(']', '', $tagid), 'parm2' => $label);
                    $tags[] = $newtag;
                } else {
                    // Error: tags do not match - return with no changes
                    return $content . $LANG32[32];
                }
                $prev_offset = $offset;
                $offset = $end_pos;
            }
        }
    }
    // If we have found 1 or more AutoLink tag
    if (count($tags) > 0) {
        // Found the [tag] - Now process them all
        $recursionCount++;
        foreach ($tags as $autotag) {
            $permCheck = $autotag['tag'] . $postFix;
            if (empty($postFix) || !isset($autoTagUsage[$permCheck]) || $autoTagUsage[$permCheck] == 1) {
                $function = 'plugin_autotags_' . $autotag['module'];
                if ($autotag['module'] == 'glfusion' and (empty($plugin) or $plugin == 'glfusion')) {
                    $url = '';
                    $linktext = $autotag['parm2'];
                    if ($autotag['tag'] == 'story') {
                        $autotag['parm1'] = COM_applyFilter($autotag['parm1']);
                        $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $autotag['parm1']);
                        if (empty($linktext)) {
                            $linktext = DB_getItem($_TABLES['stories'], 'title', "sid = '" . DB_escapeString($autotag['parm1']) . "'");
                        }
                    }
                    if (!empty($url)) {
                        $filelink = COM_createLink($linktext, $url);
                        $content = str_replace($autotag['tagstr'], $filelink, $content);
                    }
                    if ($autotag['tag'] == 'story_introtext') {
                        $url = '';
                        $linktext = '';
                        USES_lib_story();
                        if (isset($_USER['uid']) && $_USER['uid'] > 1) {
                            $result = DB_query("SELECT maxstories,tids,aids FROM {$_TABLES['userindex']} WHERE uid = {$_USER['uid']}");
                            $U = DB_fetchArray($result);
                        } else {
                            $U['maxstories'] = 0;
                            $U['aids'] = '';
                            $U['tids'] = '';
                        }
                        $sql = " (date <= NOW()) AND (draft_flag = 0)";
                        if (empty($topic)) {
                            $sql .= COM_getLangSQL('tid', 'AND', 's');
                        }
                        $sql .= COM_getPermSQL('AND', 0, 2, 's');
                        if (!empty($U['aids'])) {
                            $sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
                        }
                        if (!empty($U['tids'])) {
                            $sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
                        }
                        $sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
                        $userfields = 'u.uid, u.username, u.fullname';
                        $msql = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE s.sid = '" . $autotag['parm1'] . "' AND (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql;
                        $result = DB_query($msql);
                        $nrows = DB_numRows($result);
                        if ($A = DB_fetchArray($result)) {
                            $story = new Story();
                            $story->loadFromArray($A);
                            $linktext = STORY_renderArticle($story, 'y');
                        }
                        $content = str_replace($autotag['tagstr'], $linktext, $content);
                    }
                    if ($autotag['tag'] == 'showblock') {
                        $blockName = COM_applyBasicFilter($autotag['parm1']);
                        $result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE name = '" . DB_escapeString($blockName) . "'" . COM_getPermSQL('AND'));
                        if (DB_numRows($result) > 0) {
                            $skip = 0;
                            $B = DB_fetchArray($result);
                            $template = '';
                            $side = '';
                            $px = explode(' ', trim($autotag['parm2']));
                            if (is_array($px)) {
                                foreach ($px as $part) {
                                    if (substr($part, 0, 9) == 'template:') {
                                        $a = explode(':', $part);
                                        $template = $a[1];
                                        $skip++;
                                    } elseif (substr($part, 0, 5) == 'side:') {
                                        $a = explode(':', $part);
                                        $side = $a[1];
                                        $skip++;
                                        break;
                                    }
                                }
                                if ($skip != 0) {
                                    if (count($px) > $skip) {
                                        for ($i = 0; $i < $skip; $i++) {
                                            array_shift($px);
                                        }
                                        $caption = trim(implode(' ', $px));
                                    } else {
                                        $caption = '';
                                    }
                                }
                            }
                            if ($template != '') {
                                $_BLOCK_TEMPLATE[$blockName] = 'blockheader-' . $template . '.thtml,blockfooter-' . $template . '.thtml';
                            }
                            if ($side == 'left') {
                                $B['onleft'] = 1;
                            } else {
                                if ($side == 'right') {
                                    $B['onleft'] = 0;
                                }
                            }
                            $linktext = COM_formatBlock($B);
                            $content = str_replace($autotag['tagstr'], $linktext, $content);
                        } else {
                            $content = str_replace($autotag['tagstr'], '', $content);
                        }
                    }
                    if ($autotag['tag'] == 'menu') {
                        $menu = '';
                        $menuID = trim($autotag['parm1']);
                        $menuHTML = displayMenu($menuID);
                        $content = str_replace($autotag['tagstr'], $menuHTML, $content);
                    }
                    if (isset($_AUTOTAGS[$autotag['tag']])) {
                        $content = autotags_autotag('parse', $content, $autotag);
                    }
                } else {
                    if (function_exists($function) and (empty($plugin) or $plugin == $autotag['module'])) {
                        $content = $function('parse', $content, $autotag);
                    }
                }
            }
        }
        $recursionCount--;
    }
    return $content;
}