/**
* Update array if need be with correct topic.
*
* @param array $A Array of articles from db
* @param string $tid_list List of child topics of current topic
*/
function fixTopic(&$A, $tid_list)
{
global $_TABLES, $topic;
if (!empty($topic)) {
// This case may happen if a article belongs to the current topic but the default topic for the article is a child of the current topic.
$sql = "SELECT t.topic, t.imageurl\n FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta\n WHERE t.tid = ta.tid\n AND ta.type = 'article' AND ta.id = '{$A['sid']}' AND ta.tid = '{$topic}'\n " . COM_getLangSQL('tid', 'AND', 't') . COM_getPermSQL('AND', 0, 2, 't');
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$B = DB_fetchArray($result);
$A['topic'] = $B['topic'];
$A['imageurl'] = $B['imageurl'];
} else {
// Does not belong to current topic so check inherited
// Make sure sort order the same as in TOPIC_getTopic or articles with multiple topics might not display in the right topic when clicked
$sql = "SELECT t.topic, t.imageurl\n FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta\n WHERE t.tid = ta.tid\n AND ta.type = 'article' AND ta.id = '{$A['sid']}'\n AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$topic}')))\n " . COM_getLangSQL('tid', 'AND', 't') . COM_getPermSQL('AND', 0, 2, 't') . "\n ORDER BY ta.tdefault DESC, ta.tid ASC";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$B = DB_fetchArray($result);
$A['topic'] = $B['topic'];
$A['imageurl'] = $B['imageurl'];
}
}
}
}
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return string HTML for poll listing
*
*/
function polllist()
{
global $_CONF, $_TABLES, $_USER, $_PO_CONF, $LANG25, $LANG_LOGIN, $LANG_POLLS;
$retval = '';
if (empty($_USER['username']) && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
$retval = COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('xhtml', XHTML);
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$retval .= $login->finish($login->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
require_once $_CONF['path_system'] . 'lib-admin.php';
$header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true));
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '');
$query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(date) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
$retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr);
}
return $retval;
}
/**
* Get the Google-style page navigation for the list display
*
* @param string $start Starting date
* @param string $end Ending date
* @param integer $cat Category ID (optional)
* @param integer $page Current page number
* @param integer $range Range being displayed (upcoming, past, etc)
* @return string HTML for page navigation
*/
function EVLIST_pagenav($start, $end, $cat = 0, $page = 0, $range = 0, $cal = 0)
{
global $_TABLES, $_EV_CONF;
$cat = (int) $cat;
$range = (int) $range;
$cal = (int) $cal;
$limit = (int) $_EV_CONF['limit_list'];
if ($limit < 1) {
return '';
}
$base_url = EVLIST_URL . "/index.php?cat={$cat}&cal={$cal}&range={$range}&view=list";
if (!empty($cat)) {
$cat_join = " LEFT JOIN {$_TABLES['evlist_lookup']} l\n ON l.eid = ev.id ";
$cat_where = " AND l.cid = '{$cat}' ";
} else {
$cat_join = '';
$cat_where = '';
}
if ($cal > 0) {
$cal_where = ' AND cal.cal_id = ' . $cal;
} else {
$cal_where = '';
}
$sql = "SELECT count(rep.rp_id) as cnt\n FROM {$_TABLES['evlist_repeat']} rep\n LEFT JOIN {$_TABLES['evlist_events']} ev\n ON ev.id = rep.rp_ev_id\n LEFT JOIN {$_TABLES['evlist_calendars']} cal\n ON cal.cal_id = ev.cal_id\n {$cat_join}\n WHERE ev.status = 1 \n AND (\n (rep.rp_date_start <= '{$end}' AND rep.rp_date_end >= '{$start}')\n OR\n (rep.rp_date_end >= '{$start}' AND rep.rp_date_start <= '{$start}')\n OR\n (rep.rp_date_end <= '{$end}' AND rep.rp_date_start >= '{$start}')\n ) " . COM_getPermSQL('AND', 0, 2, 'ev') . ' ' . COM_getPermSQL('AND', 0, 2, 'cal') . " {$cat_where} {$cal_where}\n ORDER BY rep.rp_date_start ASC";
//echo $sql;die;
$res = DB_query($sql);
list($numrows) = DB_fetchArray($res);
if ($numrows > $limit) {
$numpages = ceil($numrows / $limit);
//$baseurl = EVLIST_URL . '/index.php?' . $range . $andcat;
$retval = COM_printPageNavigation($base_url, $page, $numpages);
}
return $retval;
}
public function getChildCategories($pid = FALSE, $all_langs = FALSE)
{
global $_CONF, $_TABLES;
$retval = array();
if ($pid !== FALSE) {
return $retval;
}
$where = array();
$sql = "SELECT tid, topic, imageurl " . "FROM {$_TABLES['topics']} ";
if (Dataproxy::uid() > 1) {
$tids = DB_getItem($_TABLES['userindex'], 'tids', "uid = " . Dataproxy::uid());
if (!empty($tids)) {
$where[] = "(tid NOT IN ('" . str_replace(' ', "','", addslashes($tids)) . "'))";
}
}
// Adds permission check. When uid is 0, then it means access as Root
if (!Dataproxy::isRoot()) {
$temp = COM_getPermSQL('', Dataproxy::uid());
if (!empty($temp)) {
$where[] = $temp;
}
}
// Adds lang id. When uid is 0, then it means access as Root
if (!Dataproxy::isRoot() and function_exists('COM_getLangSQL') and $all_langs === FALSE) {
$temp = COM_getLangSQL('tid', '');
if (!empty($temp)) {
$where[] = $temp;
}
}
if (count($where) > 0) {
$sql .= " WHERE " . implode(" AND ", $where);
}
if ($_CONF['sortmethod'] == 'alpha') {
$sql .= ' ORDER BY topic ASC';
} else {
$sql .= ' ORDER BY sortnum';
}
$result = DB_query($sql);
if (DB_error()) {
return $retval;
}
while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
$entry = array();
$entry['id'] = stripslashes($A['tid']);
$entry['title'] = stripslashes($A['topic']);
$entry['uri'] = $_CONF['site_url'] . '/index.php?topic=' . $entry['id'];
$entry['date'] = FALSE;
$entry['image_uri'] = stripslashes($A['imageurl']);
$retval[] = $entry;
}
return $retval;
}
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return string HTML for poll listing
*
*/
function POLLS_pollList()
{
global $_CONF, $_TABLES, $_USER, $_PO_CONF, $LANG25, $LANG_LOGIN, $LANG_POLLS;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
} else {
USES_lib_admin();
$header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true, 'align' => 'center'), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true, 'align' => 'center'));
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '');
$query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(date) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
$retval .= ADMIN_list('polls', 'POLLS_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token = 'dummy');
}
return $retval;
}
/**
* Displays the list of ipn history from the log stored in the database
*
*/
function PAYPAL_listIPNlog()
{
global $_CONF, $_TABLES, $LANG_PAYPAL_1, $_USER;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
if (DB_count($_TABLES['paypal_ipnlog']) == 0) {
$retval .= '<p>' . $LANG_PAYPAL_1['ipnlog_empty'] . '</p>';
}
$header_arr = array(array('text' => $LANG_PAYPAL_1['ID'], 'field' => 'id', 'sort' => true), array('text' => $LANG_PAYPAL_1['IP_address'], 'field' => 'ip_addr', 'sort' => true), array('text' => $LANG_PAYPAL_1['date_time'], 'field' => 'time', 'sort' => true), array('text' => $LANG_PAYPAL_1['verified'], 'field' => 'verified', 'sort' => true), array('text' => $LANG_PAYPAL_1['txn_id'], 'field' => 'txn_id', 'sort' => true), array('text' => $LANG_PAYPAL_1['payment_status'], 'field' => 'payment_status', 'sort' => true), array('text' => $LANG_PAYPAL_1['purchaser'], 'field' => 'custom', 'sort' => true));
$defsort_arr = array('field' => 'id', 'direction' => 'desc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/plugins/paypal/ipnlog.php');
$sql = "SELECT * FROM {$_TABLES['paypal_ipnlog']} WHERE 1=1";
$query_arr = array('table' => 'paypal_ipnlog', 'sql' => $sql, 'query_fields' => array('id', 'ip_addr', 'time', 'verified', 'txn_id', 'ipn_data'), 'default_filter' => COM_getPermSQL('AND', 0, 3));
$retval .= ADMIN_list('paypal', 'plugin_getListField_paypal_IPNlog', $header_arr, $text_arr, $query_arr, $defsort_arr);
return $retval;
}
function PAYPAL_listDownloads()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_PAYPAL_1;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
if (DB_count($_TABLES['paypal_downloads']) == 0) {
$retval .= '<p>' . $LANG_PAYPAL_1['downloads_history_empty'] . '</p>';
}
$header_arr = array(array('text' => $LANG_PAYPAL_1['ID'], 'field' => 'id', 'sort' => true), array('text' => $LANG_PAYPAL_1['product_id'], 'field' => 'product_id', 'sort' => true), array('text' => $LANG_PAYPAL_1['filename_label'], 'field' => 'file', 'sort' => true), array('text' => $LANG_PAYPAL_1['date_time'], 'field' => 'dl_date', 'sort' => true), array('text' => $LANG_PAYPAL_1['user_id'], 'field' => 'user_id', 'sort' => true));
$defsort_arr = array('field' => 'id', 'direction' => 'desc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/plugins/paypal/downloads_history.php');
$sql = "SELECT\n\t *\n FROM {$_TABLES['paypal_downloads']}\n\t\t\tWHERE 1=1";
$query_arr = array('table' => 'paypal_downloads', 'sql' => $sql, 'query_fields' => array('id', 'product_id', 'file', 'dl_date', 'user_id'), 'default_filter' => COM_getPermSQL('AND', 0, 3));
$retval .= ADMIN_list('paypal', 'plugin_getListField_paypal_downloads', $header_arr, $text_arr, $query_arr, $defsort_arr);
return $retval;
}
/**
* Shows all polls in system
*
* List all the polls on the system if no $pid is provided
*
* @return string HTML for poll listing
*
*/
function polllist()
{
global $_CONF, $_TABLES, $_PO_CONF, $LANG25, $LANG_POLLS;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
} else {
require_once $_CONF['path_system'] . 'lib-admin.php';
$header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true));
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '', 'form_url' => $_CONF['site_url'] . '/polls/index.php');
$query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(created) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
$retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr);
}
return $retval;
}
/**
* List all markers that the user has access to
*
* @retun string HTML for the list
*
*/
function MAPS_listMarkersAdmin()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_MAPS_1;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
if (DB_count($_TABLES['maps_markers']) == 0) {
return $retval = '';
}
$header_arr = array(array('text' => $LANG_MAPS_1['id'], 'field' => 'mkid', 'sort' => true), array('text' => $LANG_MAPS_1['name'], 'field' => 'name', 'sort' => true), array('text' => $LANG_MAPS_1['map_label'], 'field' => 'mapname', 'sort' => true), array('text' => $LANG_MAPS_1['active_field'], 'field' => 'active', 'sort' => true), array('text' => $LANG_MAPS_1['hidden_field'], 'field' => 'hidden', 'sort' => true), array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false));
$defsort_arr = array('field' => 'modified', 'direction' => 'desc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/plugins/maps/markers.php');
$sql = "SELECT\n\t a.*, b.name as mapname\n FROM {$_TABLES['maps_markers']} AS a\n\t\t\tLEFT JOIN\n\t\t\t {$_TABLES['maps_maps']} AS b\n\t\t\tON a.mid = b.mid\n\t\t\tWHERE 1=1";
$query_arr = array('sql' => $sql, 'default_filter' => COM_getPermSQL('AND', 0, 3));
$retval .= ADMIN_list('markers', 'plugin_getListField_markers', $header_arr, $text_arr, $query_arr, $defsort_arr);
return $retval;
}
/**
* List all maps that the user has access to
*
* @retun string HTML for the list
*
*/
function MAPS_listmaps()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_MAPS_1;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
if (DB_count($_TABLES['maps_maps']) == 0) {
return $retval = '';
}
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG_MAPS_1['id'], 'field' => 'mid', 'sort' => true), array('text' => $LANG_MAPS_1['name'], 'field' => 'name', 'sort' => true), array('text' => $LANG_MAPS_1['active_field'], 'field' => 'active', 'sort' => true), array('text' => $LANG_MAPS_1['hidden_field'], 'field' => 'hidden', 'sort' => true));
$defsort_arr = array('field' => 'mid', 'direction' => 'asc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/plugins/maps/index.php');
$sql = "SELECT\n\t *\n FROM {$_TABLES['maps_maps']}\n\t\t\tWHERE 1=1";
$query_arr = array('table' => 'maps_maps', 'sql' => $sql, 'query_fields' => array('name', 'description'), 'default_filter' => COM_getPermSQL('AND', 0, 3));
$retval .= ADMIN_list('maps', 'plugin_getListField_maps', $header_arr, $text_arr, $query_arr, $defsort_arr);
return $retval;
}
/**
* Returns all topics (and their icons).
*
* @return string HTML for the topic list
*/
function SITEMAPMENU_listTopics($lst, $tid)
{
global $_CONF, $_TABLES, $_USER;
$sql = "SELECT tid, topic, imageurl FROM {$_TABLES['topics']}";
if ($tid != '') {
$sql .= " WHERE (tid = '" . addslashes($tid) . "') ";
}
if (!empty($_USER['uid']) and $_USER['uid'] > 1) {
$tids = DB_getItem($_TABLES['userindex'], 'tids', "uid = '{$_USER['uid']}'");
if (!empty($tids)) {
if ($tid == '') {
$sql .= ' WHERE ';
} else {
$sql .= ' AND ';
}
$sql .= " (tid NOT IN ('" . str_replace(' ', "','", $tids) . "'))" . COM_getPermSQL('AND');
} else {
if ($tid != '') {
$sql .= COM_getPermSQL('AND');
} else {
$sql .= COM_getPermSQL();
}
}
} else {
if ($tid != '') {
$sql .= COM_getPermSQL('AND');
} else {
$sql .= COM_getPermSQL();
}
}
if ($_CONF['sortmethod'] == 'alpha') {
$sql .= ' ORDER BY topic ASC';
} else {
$sql .= ' ORDER BY sortnum';
}
$result = DB_query($sql);
$retval = '';
while (($A = DB_fetchArray($result)) !== false) {
$retval .= '<h3 class="nav-title">' . SITEMAPMENU_esc(stripslashes($A['topic'])) . '</h3>' . LB;
if ($lst == 'all') {
$retval .= SITEMAPMENU_listStory($A['tid']);
}
}
return $retval;
}
function listpolls()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG25, $LANG_ACCESS;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
// writing the menu on top
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= COM_startBlock($LANG25[18], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG25[19], plugin_geticon_polls());
// writing the actual list
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true));
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_extras' => true, 'instructions' => $LANG25[19], 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php');
$query_arr = array('table' => 'polltopics', 'sql' => "SELECT *,UNIX_TIMESTAMP(created) AS unixdate " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL('AND'));
$retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function makeProjectFileList($lid)
{
global $_CONF, $_TABLES, $LANG01, $_DLM_CONF, $LANG_DLM, $LANG_ADMIN;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
$project = DB_getItem($_TABLES['downloads'], 'project', "lid = '" . addslashes($lid) . "'");
if ($project == false) {
return '';
}
$permsql = $_DLM_CONF['has_edit_rights'] ? '' : COM_getPermSQL('AND', 0, 2, 'b');
$result = DB_query("SELECT a.lid, a.title, a.url, a.version, a.size, a.date, a.cid " . "FROM {$_TABLES['downloads']} a " . "LEFT JOIN {$_TABLES['downloadcategories']} b ON a.cid=b.cid " . "WHERE a.project='" . addslashes($project) . "' " . "AND a.project<>'' " . "AND a.is_released=1 " . $permsql . " ORDER BY a.date DESC LIMIT 10");
$header_arr = array(array('text' => $LANG_ADMIN['title'], 'field' => 'title'), array('text' => $LANG_DLM['file'], 'field' => 'url'), array('text' => $LANG_DLM['ver'], 'field' => 'version'), array('text' => $LANG_DLM['size'], 'field' => 'size'), array('text' => $LANG_DLM['submitdate'], 'field' => 'date'));
$data_arr = array();
$text_arr = array('has_menu' => false, 'title' => sprintf($LANG_DLM['projectfilelist'], $project));
while ($A = DB_fetchArray($result)) {
if (!matchLanguage($A['cid'])) {
continue;
}
$data_arr[] = array('title' => COM_createLink($A['title'], COM_buildURL($_CONF['site_url'] . '/downloads/index.php?id=' . $A['lid'])), 'url' => COM_createLink($A['url'], COM_buildURL($_CONF['site_url'] . '/downloads/visit.php?id=' . $A['lid'])), 'version' => $A['version'], 'size' => $A['size'], 'date' => strftime($_DLM_CONF['date_format'], $A['date']));
}
$retval .= ADMIN_simpleList('', $header_arr, $text_arr, $data_arr);
return $retval;
}
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @return string HTML for user profile page
*
*/
function userprofile()
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN;
// @param int $user User ID of profile to get
// @param int $msg Message to display (if != 0)
// @param string $plugin optional plugin name for message
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
return $retval;
}
if (isset($_GET['uid'])) {
$user = COM_applyFilter($_GET['uid'], true);
if (!is_numeric($user) || $user < 2) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
if (isset($_GET['username'])) {
$username = $_GET['username'];
if (!USER_validateUsername($username, 1)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
if (empty($username) || $username == '') {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_escapeString($username);
$user = DB_getItem($_TABLES['users'], 'uid', "username = '******'");
if ($user < 2) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
}
$msg = 0;
if (isset($_GET['msg'])) {
$msg = COM_applyFilter($_GET['msg'], true);
}
$plugin = '';
if ($msg > 0 && isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
$nrows = DB_numRows($result);
if ($nrows == 0) {
// no such user
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
}
$display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt());
if ($msg > 0) {
$retval .= COM_showMessage($msg, $plugin, '', 0, 'info');
}
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('tooltip', COM_getTooltipStyle());
if ($_CONF['show_fullname'] == 1) {
if (empty($A['fullname'])) {
$username = $A['username'];
$fullname = '';
} else {
$username = $A['fullname'];
$fullname = $A['username'];
}
} else {
$username = $A['username'];
$fullname = '';
}
$username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt());
$fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt());
if ($A['status'] == USER_ACCOUNT_DISABLED) {
$username = sprintf('%s - %s', $username, $LANG28[42]);
if (!empty($fullname)) {
$fullname = sprintf('% - %s', $fullname, $LANG28[42]);
}
}
$user_templates->set_var('username', $username);
$user_templates->set_var('user_fullname', $fullname);
if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) {
global $_IMAGE_TYPE, $LANG_ADMIN;
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
if ($_USER['uid'] == $A['uid']) {
$edit_url = "{$_CONF['site_url']}/usersettings.php";
} else {
$edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&uid={$A['uid']}";
}
$edit_link_url = COM_createLink($edit_icon, $edit_url);
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_url);
} else {
$user_templates->set_var('user_edit', '');
}
if (isset($A['photo']) && empty($A['photo'])) {
$A['photo'] = '(none)';
// user does not have a photo
}
$lastlogin = $A['lastlogin'];
$lasttime = COM_getUserDateTimeFormat($lastlogin);
$photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
if ($_CONF['lastlogin'] && $A['showonline']) {
$user_templates->set_var('lang_lastlogin', $LANG28[35]);
if (!empty($lastlogin)) {
$user_templates->set_var('user_lastlogin', $lasttime[0]);
} else {
$user_templates->set_var('user_lastlogin', $LANG28[36]);
}
}
if ($A['showonline']) {
if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) {
$user_templates->set_var('online', 'online');
}
}
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
if ($A['email'] == '' || $A['emailfromuser'] == 0) {
$user_templates->set_var('email_option', '');
} else {
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->parse('email_option', 'email', true);
}
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_online', $LANG04[160]);
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br($A['about']));
$user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml'));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
}
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name);
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name);
}
$user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name);
$result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$nrows = DB_numRows($result);
$tids = array();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (sizeof($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => '')));
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
}
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
// list of last 10 comments by this user
$sidArray = array();
if (sizeof($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray($result);
$sidArray[] = $S['sid'];
}
}
$sidList = implode("', '", $sidArray);
$sidList = "'{$sidList}'";
// then, find all comments by the user in those stories
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty($sidList)) {
$sql .= " HAVING sid in ({$sidList})";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$C['title'] = str_replace('$', '$', $C['title']);
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => '')));
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row', 'row', true);
}
} else {
$user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
}
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")";
if (!empty($sidList)) {
$sql .= " AND (sid in ({$sidList}))";
}
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
}
// hook to the profile icon display
$profileIcons = PLG_profileIconDisplay($user);
if (is_array($profileIcons) && count($profileIcons) > 0) {
$user_templates->set_block('profile', 'profileicon', 'pi');
for ($x = 0; $x < count($profileIcons); $x++) {
if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') {
$user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']);
$user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']);
$user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']);
$user_templates->parse('pi', 'profileicon', true);
}
}
}
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($user));
}
PLG_profileVariablesDisplay($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($user);
return $retval;
}
function links_edit_category($cid, $pid)
{
global $_CONF, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $LANG_ADMIN, $LANG_ACCESS, $_LI_CONF;
$retval = '';
$cid = addslashes($cid);
if (!empty($pid)) {
// have parent id, so making a new subcategory
// get parent access rights
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='" . addslashes($pid) . "'");
$A = DB_fetchArray($result);
$A['owner_id'] = $_USER['uid'];
$A['pid'] = $pid;
} elseif (!empty($cid)) {
// have category id, so editing a category
$sql = "SELECT * FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'" . COM_getPermSQL('AND');
$result = DB_query($sql);
$A = DB_fetchArray($result);
} else {
// nothing, so making a new top-level category
// get default access rights
$A['group_id'] = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Links Admin'");
SEC_setDefaultPermissions($A, $_LI_CONF['category_permissions']);
$A['owner_id'] = $_USER['uid'];
$A['pid'] = $_LI_CONF['root'];
}
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
return COM_showMessage(6, 'links');
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_LINKS_ADMIN[56], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
$T = new Template($_CONF['path'] . 'plugins/links/templates/admin');
$T->set_file(array('page' => 'categoryeditor.thtml'));
$T->set_var('xhtml', XHTML);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
$T->set_var('layout_url', $_CONF['layout_url']);
$T->set_var('lang_pagetitle', $LANG_LINKS_ADMIN[28]);
$T->set_var('lang_link_list', $LANG_LINKS_ADMIN[53]);
$T->set_var('lang_new_link', $LANG_LINKS_ADMIN[51]);
$T->set_var('lang_validate_links', $LANG_LINKS_ADMIN[26]);
$T->set_var('lang_list_categories', $LANG_LINKS_ADMIN[50]);
$T->set_var('lang_new_category', $LANG_LINKS_ADMIN[52]);
$T->set_var('lang_admin_home', $LANG_ADMIN['admin_home']);
$T->set_var('instructions', $LANG_LINKS_ADMIN[29]);
$T->set_var('lang_category', $LANG_LINKS_ADMIN[30]);
$T->set_var('lang_cid', $LANG_LINKS_ADMIN[32]);
$T->set_var('lang_description', $LANG_LINKS_ADMIN[31]);
$T->set_var('lang_topic', $LANG_LINKS_ADMIN[33]);
$T->set_var('lang_parent', $LANG_LINKS_ADMIN[34]);
$T->set_var('lang_save', $LANG_ADMIN['save']);
if (!empty($cid)) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$T->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$T->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$T->set_var('delete_option', '');
}
$T->set_var('lang_cancel', $LANG_ADMIN['cancel']);
if (!empty($cid)) {
$T->set_var('cid_value', $A['cid']);
$T->set_var('old_cid_value', $A['cid']);
$T->set_var('category_options', links_select_box(3, $A['pid']));
$T->set_var('category_value', $A['category']);
$T->set_var('description_value', $A['description']);
} else {
$A['cid'] = COM_makeSid();
$T->set_var('cid_value', $A['cid']);
$T->set_var('old_cid_value', '');
$T->set_var('category_options', links_select_box(3, $A['pid']));
$T->set_var('category_value', '');
$T->set_var('description_value', '');
}
if (!isset($A['tid'])) {
$A['tid'] = 'all';
}
$topics = COM_topicList('tid,topic', $A['tid'], 1, true);
$T->set_var('topic_list', $topics);
$alltopics = '<option value="all"';
if ($A['tid'] == 'all') {
$alltopics .= ' selected="selected"';
}
$alltopics .= '>' . $LANG_LINKS_ADMIN[35] . '</option>' . LB;
$T->set_var('topic_selection', '<select name="tid">' . $alltopics . $topics . '</select>');
if (empty($cid)) {
$num_links = $LANG_ADMIN['na'];
} else {
$nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['links']} WHERE cid='{$cid}'" . COM_getPermSQL('AND'));
$N = DB_fetchArray($nresult);
$num_links = COM_numberFormat($N['count']);
}
$T->set_var('lang_num_links', $LANG_LINKS_ADMIN[61]);
$T->set_var('num_links', $num_links);
// user access info
$T->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$T->set_var('lang_owner', $LANG_ACCESS['owner']);
$T->set_var('owner_name', COM_getDisplayName($A['owner_id']));
$T->set_var('cat_ownerid', $A['owner_id']);
$T->set_var('lang_group', $LANG_ACCESS['group']);
$T->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$T->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$T->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$T->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
$T->set_var('gltoken_name', CSRF_TOKEN);
$T->set_var('gltoken', $token);
$T->parse('output', 'page');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Provide list of stories
*
* @param string $current_topic (optional) currently selected topic
* @return string HTML for the list of stories
*
*/
function liststories($current_topic = '')
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
if (empty($current_topic)) {
$current_topic = TOPIC_ALL_OPTION;
}
$seltopics = TOPIC_getTopicListSelect($current_topic, 2);
if (empty($seltopics)) {
$retval .= COM_showMessage(101);
return $retval;
}
if ($current_topic == TOPIC_ALL_OPTION) {
// Retrieve list of inherited topics
// $tid_list = TOPIC_getChildList(TOPIC_ROOT);
// Retrieve list of all topics user has access to (did not do inherit way since may not see all stories has access too)
$tid_list = TOPIC_getList(0, true, false);
if (empty($tid_list)) {
$retval .= COM_showMessage(101);
return $retval;
}
$excludetopics = " (tid IN ('" . implode("','", $tid_list) . "')) ";
} else {
// Retrieve list of inherited topics
$tid_list = TOPIC_getChildList($current_topic);
// Get list of blocks to display (except for dynamic). This includes blocks for all topics, and child blocks that are inherited
$excludetopics = " (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$current_topic}')))";
/*
$seltopics = COM_topicList('tid,topic', $current_topic, 1, true);
if (empty($seltopics)) {
$retval .= COM_showMessage(101);
return $retval;
}
*/
}
$filter = $LANG_ADMIN['topic'] . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">' . $seltopics . '</select>';
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true));
if ($_CONF['show_fullname'] == 1) {
$header_arr[] = array('text' => $LANG24[7], 'field' => 'fullname', 'sort' => true);
// author
} else {
$header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true);
// author
}
$header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true);
// date
$header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true);
$header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true);
if (SEC_hasRights('story.ping') && ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) {
$header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false);
}
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php?mode=edit', 'text' => $LANG_ADMIN['create_new']));
$menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
$form_arr = array('bottom' => '', 'top' => '');
$retval .= COM_startBlock($LANG24[22], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG24[23], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE);
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/story.php');
$sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, " . "UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . "LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid " . "LEFT JOIN {$_TABLES['topic_assignments']} ta ON ta.type = 'article' AND ta.id = sid " . "WHERE 1=1 ";
if (!empty($excludetopics)) {
$excludetopics = 'AND ' . $excludetopics;
}
$query_arr = array('table' => 'stories', 'sql' => $sql, 'query_group' => "sid,{$_TABLES['users']}.username,{$_TABLES['users']}.fullname", 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'), 'default_filter' => $excludetopics . COM_getPermSQL('AND'));
// Add in topic filter so it is remembered with paging
$pagenavurl = '&tid=' . $current_topic;
$retval .= ADMIN_list('story', 'ADMIN_getListField_stories', $header_arr, $text_arr, $query_arr, $defsort_arr, $filter, '', '', $form_arr, true, $pagenavurl);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
}
}
$sql = " (date <= NOW()) AND (draft_flag = 0)";
if (empty($topic)) {
$sql .= COM_getLangSQL('tid', 'AND', 's');
}
// if a topic was provided only select those stories.
if (!empty($topic)) {
$sql .= " AND s.tid = '{$topic}' ";
} elseif (!$newstories) {
$sql .= " AND frontpage = 1 ";
}
if ($topic != $archivetid) {
$sql .= " AND s.tid != '{$archivetid}' ";
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
if (!empty($U['aids'])) {
$sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
}
if (!empty($U['tids'])) {
$sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
}
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
if ($newstories) {
$sql .= "AND (date >= (date_sub(NOW(), INTERVAL {$_CONF['newstoriesinterval']} SECOND))) ";
}
$offset = ($page - 1) * $limit;
$userfields = 'u.uid, u.username, u.fullname';
if ($_CONF['allow_user_photo'] == 1) {
$userfields .= ', u.photo';
if ($_CONF['use_gravatar']) {
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @param string $currenttopic topic selection for drop-down menu
* @return string HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '', $currenttopic = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
if (!empty($currenttopic)) {
$allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . addslashes($currenttopic) . "'" . COM_getTopicSql('AND'));
if ($allowed != $currenttopic) {
$currenttopic = '';
}
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
// in preview mode, we now need to re-insert the images
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->insertImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode and $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if (empty($currenttopic) && $story->EditElements('tid') == '') {
$story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')));
} elseif ($story->EditElements('tid') == '') {
$story->setTid($currenttopic);
}
$tlist = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true);
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_options', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $story->EditElements('postmode'));
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$story_templates->set_var('lang_allowed_html', COM_allowedHTML('story.edit'));
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// *****************************************
// Add JavaScript
if (!$advanced_editormode) {
$js = '<script type="text/javascript">
//<![CDATA[
function enablearchive(obj) {
var f = obj.form; // all elements have their parent form in "form"
var disable = obj.checked; // Disable when checked
if (f.elements["archiveflag"].checked==true && f.elements["storycode11"].checked==false) {
f.elements["storycode10"].checked=true;
}
f.elements["storycode10"].disabled=!disable;
f.elements["storycode11"].disabled=!disable;
f.elements["expire_month"].disabled=!disable;
f.elements["expire_day"].disabled=!disable;
f.elements["expire_year"].disabled=!disable;
f.elements["expire_hour"].disabled=!disable;
f.elements["expire_minute"].disabled=!disable;
f.elements["expire_ampm"].disabled=!disable;
}
function enablecmtclose(obj) {
var f = obj.form; // all elements have their parent form in "form"
var disable = obj.checked; // Disable when checked
f.elements["cmt_close_month"].disabled=!disable;
f.elements["cmt_close_day"].disabled=!disable;
f.elements["cmt_close_year"].disabled=!disable;
f.elements["cmt_close_hour"].disabled=!disable;
f.elements["cmt_close_minute"].disabled=!disable;
f.elements["cmt_close_ampm"].disabled=!disable;
}
//]]>
</script>' . LB;
} else {
$js = '<script type="text/javascript">
// Setup editor path for FCKeditor JS Functions
geeklogEditorBasePath = "' . $_CONF['site_url'] . '/fckeditor/";
</script>' . LB;
$js .= '<!-- Hide the Advanced Editor as Javascript is required. If JS is enabled then the JS below will un-hide it -->
<script type="text/javascript">
document.getElementById("advanced_editor").style.display=""
</script>';
$_SCRIPTS->setJavaScriptFile('advanced_editor', '/javascript/advanced_editor.js');
$_SCRIPTS->setJavaScriptFile('storyeditor_fckeditor', '/javascript/storyeditor_fckeditor.js');
}
$js .= '<script type="text/javascript">
<!-- This code will only be executed by a browser that supports Javascript -->
var jstest = ' . $js_showarchivedisabled . ';
var jstest2 = ' . $js_showcmtclosedisabled . ';
if (jstest) {
document.frmstory.expire_month.disabled=true;
document.frmstory.expire_day.disabled=true;
document.frmstory.expire_year.disabled=true;
document.frmstory.expire_hour.disabled=true;
document.frmstory.expire_minute.disabled=true;
document.frmstory.expire_ampm.disabled=true;
document.frmstory.storycode10.disabled=true;
document.frmstory.storycode11.disabled=true;
}
if (jstest2) {
document.frmstory.cmt_close_month.disabled=true;
document.frmstory.cmt_close_day.disabled=true;
document.frmstory.cmt_close_year.disabled=true;
document.frmstory.cmt_close_hour.disabled=true;
document.frmstory.cmt_close_minute.disabled=true;
document.frmstory.cmt_close_ampm.disabled=true;
}
</script>';
$_SCRIPTS->setJavaScript($js);
// *****************************************
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
/**
* Performs search on all stories
*
* @return object plugin object
*
*/
private function _searchStories()
{
global $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(DB_escapeString($this->_query));
$sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
$sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
$sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
$sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta ';
$sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
$sql .= 'AND ta.type = \'article\' AND ta.id = sid ';
$sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . COM_getLangSQL('sid', 'AND') . ' ';
if (!empty($this->_topic)) {
// Retrieve list of inherited topics
if ($this->_topic == TOPIC_ALL_OPTION) {
// Stories do not have an all option so just return all stories that meet the requirements and permissions
//$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
} else {
$tid_list = TOPIC_getChildList($this->_topic);
$sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
}
}
if (!empty($this->_author)) {
$sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
}
$search_s = new SearchCriteria('stories', $LANG09[65]);
$columns = array('title' => 'title', 'introtext', 'bodytext');
$sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$sql .= " GROUP BY s.sid";
$search_s->setSQL($sql);
$search_s->setFTSQL($ftsql);
$search_s->setRank(5);
$search_s->setURLRewrite(true);
// Search Story Comments
$sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
$sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, \'0\' AS hits, ';
// MSSQL has a problem when concatenating numeric values
if ($_DB_dbms == 'mssql') {
$sql .= '\'/comment.php?mode=view&cid=\' + CAST(c.cid AS varchar(10)) AS url ';
} else {
$sql .= 'CONCAT(\'/comment.php?mode=view&cid=\',c.cid) AS url ';
}
$sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta, ' . $_TABLES['comments'] . ' AS c ';
$sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
$sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
$sql .= 'AND ta.type = \'article\' AND ta.id = s.sid ' . COM_getTopicSQL('AND', 0, 'ta');
if (!empty($this->_topic)) {
if ($this->_topic == TOPIC_ALL_OPTION) {
// Stories do not have an all option so just return all story comments that meet the requirements and permissions
//$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
} else {
$sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
}
}
if (!empty($this->_author)) {
$sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
}
$search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
$columns = array('title' => 'c.title', 'comment');
$sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$sql .= " GROUP BY id";
$search_c->setSQL($sql);
$search_c->setFTSQL($ftsql);
$search_c->setRank(2);
return array($search_s, $search_c);
}
/**
* Returns an array of (
* 'id' => $id (string),
* 'title' => $title (string),
* 'uri' => $uri (string),
* 'date' => $date (int: Unix timestamp),
* 'image_uri' => $image_uri (string)
* )
*/
public function getItemsByDate($category = '', $all_langs = FALSE)
{
global $_CONF, $_TABLES;
$entries = array();
if (empty(Dataproxy::$startDate) or empty(Dataproxy::$endDate)) {
return $entries;
}
$sql_date = "AND (UNIX_TIMESTAMP(date) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') ";
if (Dataproxy::$isGL150) {
if (Dataproxy::$isGL170) {
$sql = "SELECT pid, topic, UNIX_TIMESTAMP(modified) AS day " . " FROM {$_TABLES['polltopics']} " . "WHERE (UNIX_TIMESTAMP(modified) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') ";
} else {
$sql = "SELECT pid, topic, UNIX_TIMESTAMP(date) AS day " . " FROM {$_TABLES['polltopics']} " . "WHERE (1 = 1) " . $sql_date;
}
if (!Dataproxy::isRoot()) {
$sql .= COM_getPermSQL('AND', Dataproxy::uid());
}
$sql .= " ORDER BY pid";
$result = DB_query($sql);
if (DB_error()) {
return $entries;
}
while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
$entry = array();
$entry['id'] = $A['pid'];
$entry['title'] = stripslashes($A['topic']);
$entry['uri'] = $_CONF['site_url'] . '/polls/index.php?pid=' . urlencode($entry['id']);
$entry['date'] = $A['day'];
$entry['image_uri'] = FALSE;
$entries[] = $entry;
}
} else {
$sql = "SELECT qid, question, UNIX_TIMESTAMP(date) AS day " . "FROM {$_TABLES['pollquestions']} " . "WHERE (1 = 1) " . $sql_date;
if (!Dataproxy::isRoot()) {
$sql .= COM_getPermSQL('AND', Dataproxy::uid());
}
$sql .= " ORDER BY qid";
$result = DB_query($sql);
if (DB_error()) {
return $entries;
}
while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
$entry = array();
$entry['id'] = $A['qid'];
$entry['title'] = stripslashes($A['question']);
$entry['uri'] = $_CONF['site_url'] . '/polls/index.php?qid=' . urlencode($entry['id']) . '&aid=-1';
$entry['date'] = $A['day'];
$entry['image_uri'] = FALSE;
$entries[] = $entry;
}
}
return $entries;
}
function _mg_profileblocksdisplay($uid)
{
global $MG_albums, $_TABLES, $_MG_CONF, $_CONF, $LANG_MG10, $_USER;
$retval = '';
if ($_MG_CONF['profile_hook'] != 1) {
return '';
}
if (COM_isAnonUser() && $_MG_CONF['loginrequired'] == 1) {
return '';
}
if ($uid == '') {
return '';
}
$template = new Template(MG_getTemplatePath(0));
$template->set_file(array('mblock' => 'mediablock.thtml', 'mrow' => 'mediarow.thtml'));
$username = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $uid);
if ($username == '') {
return '';
}
$template->set_var('start_block_last10mediaitems', COM_startBlock($LANG_MG10['last_10'] . $username));
$template->set_var('start_block_useralbums', COM_startBlock($LANG_MG10['albums_owned'] . $username));
$template->set_var('lang_thumbnail', $LANG_MG10['thumbnail']);
$template->set_var('lang_title', $LANG_MG10['title']);
$template->set_var('lang_album', $LANG_MG10['album']);
$template->set_var('lang_album_description', $LANG_MG10['album_desc']);
$template->set_var('lang_upload_date', $LANG_MG10['upload_date']);
$template->set_var('end_block', COM_endBlock());
$class = 0;
$sql = "SELECT a.album_id,m.media_upload_time,m.media_id,m.media_filename,m.mime_type,m.media_mime_ext,m.media_title,m.remote_media,m.media_type FROM {$_TABLES['mg_albums']} as a LEFT JOIN {$_TABLES['mg_media_albums']} as ma\n on a.album_id=ma.album_id LEFT JOIN {$_TABLES['mg_media']} as m on ma.media_id=m.media_id WHERE\n m.media_user_id=" . (int) $uid . " AND a.hidden=0 " . COM_getPermSQL('and') . " ORDER BY m.media_upload_time DESC LIMIT 5";
$result = DB_query($sql);
$mCount = 0;
while ($row = DB_fetchArray($result)) {
$album_id = $row['album_id'];
$album_title = strip_tags($MG_albums[$album_id]->title);
$upload_time = MG_getUserDateTimeFormat($row['media_upload_time']);
$url_media = $_MG_CONF['site_url'] . '/media.php?s=' . $row['media_id'];
$url_album = $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id;
switch ($row['media_type']) {
case 0:
// standard image
$msize = false;
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $row['media_filename'][0] . '/' . $row['media_filename'] . $ext)) {
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/tn/' . $row['media_filename'][0] . '/' . $row['media_filename'] . $ext;
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . $ext);
break;
}
}
break;
case 1:
// video file
switch ($row['mime_type']) {
case 'application/x-shockwave-flash':
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/flash.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'flash.png');
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/quicktime.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'quicktime.png');
break;
case 'video/x-ms-asf':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'video/x-ms-wmx':
case 'video/x-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/wmp.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'wmp.png');
break;
default:
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/video.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'video.png');
break;
}
break;
case 2:
// music file
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/audio.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'audio.png');
break;
case 4:
// other files
switch ($row['media_mime_ext']) {
case 'zip':
case 'arj':
case 'rar':
case 'gz':
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/zip.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'zip.png');
break;
case 'pdf':
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/pdf.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'pdf.png');
break;
default:
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/generic.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'generic.png');
break;
}
break;
case 5:
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/remote.png';
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'remote.png');
break;
}
if ($msize == false) {
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/placeholder.svg';
$msize = array(200, 200);
// @getimagesize($_MG_CONF['path_mediaobjects'] . 'missing.png');
}
$imgwidth = $msize[0];
$imgheight = $msize[1];
if ($imgwidth > $imgheight) {
$ratio = $imgwidth / 120;
$width = 120;
$height = round($imgheight / $ratio);
} else {
$ratio = $imgheight / 120;
$height = 120;
$width = round($imgwidth / $ratio);
}
$template->set_var('mediaitem_image_thumb', $url_thumb);
$template->set_var('mediaitem_image_height', $height);
$template->set_var('mediaitem_image_width', $width);
$template->set_var('mediaitem_image', '<img src="' . $url_thumb . '" alt="" style="width:' . $width . 'px;height:' . $height . 'px" />');
$template->set_var('mediaitem_begin_href', '<a href="' . $url_media . '">');
$template->set_var('mediaitem_title', strip_tags($row['media_title']));
$template->set_var('mediaitem_end_href', '</a>');
$template->set_var('mediaitem_album_begin_href', '<a href="' . $url_album . '">');
$template->set_var('mediaitem_album_title', $album_title);
$template->set_var('mediaitem_date', $upload_time[0]);
$template->set_var('rowclass', $class % 2 ? '1' : '2');
$template->parse('mediaitem_row', 'mrow', true);
$class++;
$mCount++;
}
// end of media block
$template->parse('output', 'mblock', true);
if ($mCount != 0) {
$retval .= $template->finish($template->get_var('output'));
}
$template = new Template(MG_getTemplatePath(0));
$template->set_file(array('mblock' => 'albumblock.thtml', 'arow' => 'albumrow.thtml'));
$template->set_var('start_block_useralbums', COM_startBlock($LANG_MG10['albums_owned'] . $username));
$template->set_var('lang_thumbnail', $LANG_MG10['thumbnail']);
$template->set_var('lang_album', $LANG_MG10['album']);
$template->set_var('lang_album_description', $LANG_MG10['album_desc']);
$template->set_var('end_block', COM_endBlock());
$sql = "SELECT album_id,album_title,album_desc,tn_attached " . "FROM " . $_TABLES['mg_albums'] . " WHERE owner_id=" . (int) $uid . " AND hidden=0 " . COM_getPermSQL('and') . " ORDER BY last_update DESC LIMIT 10";
$result = DB_query($sql);
$aCount = 0;
while ($row = DB_fetchArray($result)) {
$aid = $row['album_id'];
$url_album = $_MG_CONF['site_url'] . '/album.php?aid=' . $row['album_id'];
$url_thumb = '';
$msize = false;
if ($row['tn_attached'] == 1) {
$msize = false;
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $row['album_id'] . $ext)) {
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $row['album_id'] . $ext;
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $row['album_id'] . $ext);
break;
}
}
} else {
$cover_file = $MG_albums[$aid]->findCover();
if ($cover_file != '') {
if (substr($cover_file, 0, 3) == 'tn_') {
$offset = 3;
} else {
$offset = 0;
}
$msize = false;
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $cover_file[$offset] . '/' . $cover_file . $ext)) {
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/tn/' . $cover_file[$offset] . '/' . $cover_file . $ext;
$msize = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $cover_file[$offset] . '/' . $cover_file . $ext);
break;
}
}
}
}
if ($msize == false || $url_thumb == '') {
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/placeholder.svg';
$msize = array(200, 200);
// @getimagesize($_MG_CONF['path_mediaobjects'] . 'empty.png');
}
$imgwidth = $msize[0];
$imgheight = $msize[1];
if ($imgwidth == 0 || $imgheight == 0) {
$url_thumb = $_MG_CONF['mediaobjects_url'] . '/placeholder.svg';
$msize = array(200, 200);
// @getimagesize($_MG_CONF['path_mediaobjects'] . 'empty.png');
$imgwidth = $msize[0];
$imgheight = $msize[1];
if ($imgwidth == 0 || $imgheight == 0) {
continue;
}
}
if ($imgwidth > $imgheight) {
$ratio = $imgwidth / 120;
$width = 120;
$height = round($imgheight / $ratio);
} else {
$ratio = $imgheight / 120;
$height = 120;
$width = round($imgwidth / $ratio);
}
$template->set_var('album_cover_thumb', $url_thumb);
$template->set_var('album_cover_height', $height);
$template->set_var('album_cover_width', $width);
$template->set_var('album_cover', '<img src="' . $url_thumb . '" alt="" style="width:' . $width . 'px;height:' . $height . 'px;border:none;" />');
$template->set_var('album_begin_href', '<a href="' . $url_album . '">');
$template->set_var('album_title', strip_tags($row['album_title']));
$template->set_var('album_end_href', '</a>');
$template->set_var('album_desc', strip_tags($row['album_desc']));
$template->set_var('rowclass', $class % 2 ? '1' : '2');
$template->parse('useralbum_row', 'arow', true);
$class++;
$aCount++;
}
$template->parse('output', 'mblock', true);
if ($aCount != 0) {
$retval .= $template->finish($template->get_var('output'));
}
return $retval;
}
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param int $user User ID of profile to get
* @param int $msg Message to display (if != 0)
* @return string HTML for user profile page
*
*/
function userprofile($user, $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
$retval = '';
if (empty($_USER['username']) && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= COM_siteHeader('menu');
$retval .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('xhtml', XHTML);
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('site_admin_url', $_CONF['site_admin_url']);
$login->set_var('layout_url', $_CONF['layout_url']);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$retval .= $login->finish($login->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$user}");
$nrows = DB_numRows($result);
if ($nrows == 0) {
// no such user
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$display_name = COM_getDisplayName($user, $A['username'], $A['fullname']);
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('xhtml', XHTML);
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
if ($_CONF['show_fullname'] == 1) {
$user_templates->set_var('username', $A['fullname']);
$user_templates->set_var('user_fullname', $A['username']);
} else {
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('user_fullname', $A['fullname']);
}
if (SEC_hasRights('user.edit')) {
global $_IMAGE_TYPE, $LANG_ADMIN;
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
$edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}");
$user_templates->set_var('edit_link', $edit_link_url);
}
$photo = USER_getPhoto($user, $A['photo'], $A['email'], -1);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br(stripslashes($A['about'])));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$nrows = DB_numRows($result);
$tids = array();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (count($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
}
// list of last 10 comments by this user
$sidArray = array();
if (count($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray($result);
$sidArray[] = $S['sid'];
}
}
$sidList = implode("', '", $sidArray);
$sidList = "'{$sidList}'";
// then, find all comments by the user in those stories
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = {$user}) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty($sidList)) {
$sql .= " HAVING sid in ({$sidList})";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row', 'row', true);
}
} else {
$user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$user})";
if (!empty($sidList)) {
$sql .= " AND (sid in ({$sidList}))";
}
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($user));
}
PLG_profileVariablesDisplay($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($user);
return $retval;
}
function PAGE_list()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_ACCESS, $LANG_STATIC;
USES_lib_admin();
$retval = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= COM_startBlock($LANG_STATIC['staticpagelist'], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions'], plugin_geticon_staticpages());
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center'), array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false, 'align' => 'center'), array('text' => $LANG_STATIC['id'], 'field' => 'sp_id', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'sp_title', 'sort' => true), array('text' => $LANG_STATIC['head_centerblock'], 'field' => 'sp_centerblock', 'sort' => true, 'align' => 'center'), array('text' => $LANG_STATIC['writtenby'], 'field' => 'sp_uid', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false, 'align' => 'center'), array('text' => $LANG_STATIC['date'], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center'), array('text' => $LANG_ADMIN['enabled'], 'field' => 'sp_status', 'sort' => true, 'align' => 'center'));
$defsort_arr = array('field' => 'sp_title', 'direction' => 'asc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
// sql query which drives the list
$sql = "SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate " . "FROM {$_TABLES['staticpage']} WHERE 1=1 ";
$query_arr = array('table' => 'staticpage', 'sql' => $sql, 'query_fields' => array('sp_title', 'sp_id'), 'default_filter' => COM_getPermSQL('AND'));
// create the security token, and embed it in the list form
// also set the hidden var which signifies that this list allows for pages
// to be enabled/disabled via checkbox
$token = SEC_createToken();
$form_arr = array('top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>', 'bottom' => '<input type="hidden" name="staticpageenabler" value="true"/>');
$retval .= ADMIN_list('static_pages', 'PAGE_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$outputHandle = outputHandler::getInstance();
$outputHandle->addLinkScript($_CONF['site_url'] . '/javascript/admin.js', HEADER_PRIO_NORMAL, 'text/javascript');
return $retval;
}
$month = COM_getArgument('month');
}
$dir_topic = COM_applyFilter($dir_topic);
if (empty($dir_topic)) {
$dir_topic = 'all';
}
// Topic stuff already set in lib-common but need to double check if URL_Write is_a enabled
//Set topic for rest of site
if ($dir_topic === 'all') {
$topic = '';
} else {
$topic = $dir_topic;
}
// See if user has access to view topic.
if ($topic != '') {
$test_topic = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$topic}' " . COM_getPermSQL('AND'));
if (strtolower($topic) !== strtolower($test_topic)) {
$topic = '';
$dir_topic = 'all';
} else {
$topic = $test_topic;
$dir_topic = $test_topic;
}
}
$year = COM_applyFilter($year, true);
if ($year < 0) {
$year = 0;
}
$month = COM_applyFilter($month, true);
if ($month < 1 || $month > 12) {
$month = 0;
/**
* Create the banner list depending on the category given
*
* @param array $message message(s) to display
* @return string the banner page
*
*/
function banner_list($message)
{
global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS;
$cid = $_BAN_CONF['root'];
$display = '';
if (isset($_GET['category'])) {
$cid = strip_tags(COM_stripslashes($_GET['category']));
} elseif (isset($_POST['category'])) {
$cid = strip_tags(COM_stripslashes($_POST['category']));
}
$cat = addslashes($cid);
$page = 0;
if (isset($_GET['page'])) {
$page = COM_applyFilter($_GET['page'], true);
}
if ($page == 0) {
$page = 1;
}
if (empty($cid)) {
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page);
} else {
$page_title = $LANG_BANNER[114];
}
} else {
if ($cid == $_BAN_CONF['root']) {
$category = $LANG_BANNER['root'];
} else {
$category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'");
}
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page);
} else {
$page_title = sprintf($LANG_BANNER[114] . ': %s', $category);
}
}
// Check has access to this category
if ($cid != $_BAN_CONF['root']) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
$display .= COM_siteHeader('menu', $page_title);
$display .= COM_showMessage(5, 'banner');
$display .= COM_siteFooter();
echo $display;
exit;
}
}
$display .= COM_siteHeader('menu', $page_title);
if (is_array($message) && !empty($message[0])) {
$display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $message[1];
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'banner');
}
}
}
$bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/');
$bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml'));
$bannerlist->set_var('xhtml', XHTML);
$bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114]));
$bannerlist->set_var('layout_url', $_CONF['layout_url']);
if ($_BAN_CONF['bannercols'] > 0) {
// Create breadcrumb trail
$bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid));
// Set dropdown for category jump
$bannerlist->set_var('lang_go', $LANG_BANNER[124]);
$bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid));
// Show categories
$sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'";
$sql .= COM_getLangSQL('cid', 'AND');
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
// Get number of child banner user can see in this category
$ccid = addslashes($C['cid']);
$result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND'));
$D = DB_fetchArray($result1);
// Get number of child categories user can see in this category
$result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND'));
$E = DB_fetchArray($result2);
// Format numbers for display
$display_count = '';
// don't show zeroes
if ($E['count'] > 0) {
$display_count = COM_numberFormat($E['count']);
}
if ($E['count'] > 0 && $D['count'] > 0) {
$display_count .= ', ';
}
if ($D['count'] > 0) {
$display_count .= COM_numberFormat($D['count']);
}
// add brackets if child items exist
if ($display_count != '') {
$display_count = '(' . $display_count . ')';
}
$bannerlist->set_var('category_name', $C['category']);
if ($_BAN_CONF['show_category_descriptions']) {
$bannerlist->set_var('category_description', $C['description']);
} else {
$bannerlist->set_var('category_description', '');
}
$bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid']));
$bannerlist->set_var('category_count', $display_count);
$bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols']));
if (!empty($cid) && $cid == $C['cid']) {
$bannerlist->parse('category_col', 'actcol', true);
} else {
$bannerlist->parse('category_col', 'catcol', true);
}
if ($i % $_BAN_CONF['bannercols'] == 0) {
$bannerlist->parse('category_row', 'catrow', true);
$bannerlist->set_var('category_col', '');
}
}
if ($nrows % $_BAN_CONF['bannercols'] != 0) {
$bannerlist->parse('category_row', 'catrow', true);
}
$bannerlist->parse('category_navigation', 'catnav', true);
} else {
$bannerlist->set_var('category_navigation', '');
}
} else {
$bannerlist->set_var('category_navigation', '');
}
if ($_BAN_CONF['bannercols'] == 0) {
$bannerlist->set_var('category_dropdown', '');
} else {
$bannerlist->parse('category_dropdown', 'catdrop', true);
}
$bannerlist->set_var('site_url', $_CONF['site_url']);
$bannerlist->set_var('cid', $cid);
$bannerlist->set_var('cid_plain', $cid);
$bannerlist->set_var('cid_encoded', urlencode($cid));
$bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]);
// Build SQL for banner
$sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon';
$from_where = " FROM {$_TABLES['banner']}";
if ($_BAN_CONF['bannercols'] > 0) {
if (!empty($cid)) {
$from_where .= " WHERE cid='" . addslashes($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
}
$from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())';
$from_where .= COM_getPermSQL('AND');
} else {
$from_where .= COM_getPermSQL();
}
$order = ' ORDER BY cid ASC,title';
$limit = '';
if ($_BAN_CONF['bannerperpage'] > 0) {
if ($page < 1) {
$start = 0;
} else {
$start = ($page - 1) * $_BAN_CONF['bannerperpage'];
}
$limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage'];
}
$result = DB_query($sql . $from_where . $order . $limit);
$nrows = DB_numRows($result);
if ($nrows == 0) {
if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) {
$result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('banner_details', '');
$bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
}
}
$bannerlist->set_var('page_navigation', '');
} else {
$currentcid = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (strcasecmp($A['cid'], $currentcid) != 0) {
// print the category and banner
if ($i > 0) {
$bannerlist->parse('category_banner', 'catbanner', true);
$bannerlist->set_var('banner_details', '');
}
$currentcid = $A['cid'];
$currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'");
$bannerlist->set_var('banner_category', $currentcategory);
}
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
$result = DB_query('SELECT COUNT(*) AS count ' . $from_where);
list($numbanner) = DB_fetchArray($result);
$pages = 0;
if ($_BAN_CONF['bannerperpage'] > 0) {
$pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']);
if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) {
$pages++;
}
}
if ($pages > 0) {
if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) {
$catbanner = '?category=' . urlencode($currentcid);
} else {
$catbanner = '';
}
$bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages));
} else {
$bannerlist->set_var('page_navigation', '');
}
}
$bannerlist->set_var('blockfooter', COM_endBlock());
$bannerlist->parse('output', 'bannerlist');
$display .= $bannerlist->finish($bannerlist->get_var('output'));
return $display;
}
/**
* Get an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_get_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
$output = array();
$retval = '';
if (!isset($_CONF['atom_max_stories'])) {
$_CONF['atom_max_stories'] = 10;
// set a resonable default
}
$svc_msg['output_fields'] = array('draft_flag', 'hits', 'numemails', 'comments', 'trackbacks', 'featured', 'commentcode', 'statuscode', 'expire_date', 'postmode', 'advanced_editor_mode', 'frontpage', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon');
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['sid'])) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
if (empty($args['sid'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (empty($args['mode'])) {
$args['mode'] = 'view';
}
if (!$svc_msg['gl_feed']) {
$sid = $args['sid'];
$mode = $args['mode'];
$story = new Story();
$retval = $story->loadFromDatabase($sid, $mode);
if ($retval != STORY_LOADED_OK) {
$output = $retval;
return PLG_RET_ERROR;
}
reset($story->_dbFields);
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output[$fieldname] = $story->{$varname};
}
$output['username'] = $story->_username;
$output['fullname'] = $story->_fullname;
if ($args['gl_svc']) {
if ($output['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['expire_date'] = date('c', $output['expire']);
}
$output['id'] = $output['sid'];
$output['category'] = array($output['tid']);
$output['published'] = date('c', $output['date']);
$output['updated'] = date('c', $output['date']);
if (empty($output['bodytext'])) {
$output['content'] = $output['introtext'];
} else {
$output['content'] = $output['introtext'] . LB . '[page_break]' . LB . $output['bodytext'];
}
$output['content_type'] = $output['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $sid;
}
} else {
$output = array();
$mode = $args['mode'];
$sql = array();
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
} else {
$offset = 0;
}
$max_items = $_CONF['atom_max_stories'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$limit_pgsql = " LIMIT {$max_items} OFFSET {$offset}";
$order = " ORDER BY unixdate DESC";
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit;
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl FROM stories s, users u, topics t WHERE (s.uid = u.uid) AND (s.tid = t.tid) FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit_pgsql;
$result = DB_query($sql);
$count = 0;
while (($story_array = DB_fetchArray($result, false)) !== false) {
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_CONF['atom_max_stories'];
break;
}
$story = new Story();
$story->loadFromArray($story_array);
// This access check is not strictly necessary
$access = SEC_hasAccess($story_array['owner_id'], $story_array['group_id'], $story_array['perm_owner'], $story_array['perm_group'], $story_array['perm_members'], $story_array['perm_anon']);
$story->_access = min($access, SEC_hasTopicAccess($story->_tid));
if ($story->_access == 0) {
continue;
}
$story->sanitizeData();
reset($story->_dbFields);
$output_item = array();
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output_item[$fieldname] = $story->{$varname};
}
if ($args['gl_svc']) {
if ($output_item['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output_item['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output_item['expire_date'] = date('c', $output_item['expire']);
}
$output_item['id'] = $output_item['sid'];
$output_item['category'] = array($output_item['tid']);
$output_item['published'] = date('c', $output_item['date']);
$output_item['updated'] = date('c', $output_item['date']);
if (empty($output_item['bodytext'])) {
$output_item['content'] = $output_item['introtext'];
} else {
$output_item['content'] = $output_item['introtext'] . LB . '[page_break]' . LB . $output_item['bodytext'];
}
$output_item['content_type'] = $output_item['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Displays a list of topics
* Lists all the topics and their icons.
*
* @param string $token Security token to use in list
* @return string HTML for the topic list
*/
function listTopics($token)
{
global $_CONF, $_TABLES, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $_SCRIPTS;
require_once $_CONF['path_system'] . 'lib-admin.php';
$_SCRIPTS->setJavaScriptFile('admin.topic', '/javascript/admin.topic.js');
$retval = '';
$retval .= COM_startBlock($LANG27[8], '', COM_getBlockTemplate('_admin_block', 'header'));
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/topic.php?mode=edit', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= ADMIN_createMenu($menu_arr, $LANG27[9], $_CONF['layout_url'] . "/images/icons/topic.png");
$header_arr[] = array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false);
$header_arr[] = array('text' => $LANG27[10], 'field' => 'sortnum', 'sort' => true);
$header_arr[] = array('text' => $LANG27[53], 'field' => 'image', 'sort' => false);
$header_arr[] = array('text' => $LANG27[3], 'field' => 'topic', 'sort' => false);
$header_arr[] = array('text' => $LANG27[2], 'field' => 'tid', 'sort' => true);
$header_arr[] = array('text' => $LANG27[52], 'field' => 'story', 'sort' => false);
$header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false);
$header_arr[] = array('text' => $LANG27[33], 'field' => 'inherit', 'sort' => false);
$header_arr[] = array('text' => $LANG27[35], 'field' => 'hidden', 'sort' => false);
$defsort_arr = array('field' => 'sortnum', 'direction' => 'asc');
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/topic.php');
$query_arr = array('table' => 'topics', 'sql' => "SELECT * FROM {$_TABLES['topics']} WHERE 1=1 ", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL('AND'));
$retval .= ADMIN_list('topics', 'ADMIN_getListField_topics', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
if ($show_submenu == 2) {
$menupid = $pid;
} else {
$menupid = $page;
}
} elseif ($show_submenu == 2) {
// Check to see if parent submenu should be shown
$menupid = DB_getItem($_TABLES['nexcontent_pages'], 'pid', "id='{$pid}'");
if ($menupid == 0) {
$menupid = $pid;
}
} else {
$menupid = $pid;
}
$sql = "SELECT id,sid,name FROM {$_TABLES['nexcontent_pages']} WHERE (pid={$menupid} or id={$menupid}) AND submenu_item = '1' AND is_draft=0 ";
$sql .= COM_getPermSQL('AND');
$sql .= " ORDER by type,pageorder ASC";
$query = DB_query($sql);
if (DB_numRows($query) > 0) {
$navbarMenu = array();
while (list($id, $sid, $name) = DB_fetchArray($query)) {
if ($sid != '') {
$page = $sid;
} else {
$page = $id;
}
$navbarMenu[$name] = $CONF_SE['public_url'] . "/index.php?page={$page}";
}
$pageview->set_var('navbar', nexcontent_submenu($navbarMenu, $title));
$pageview->parse('submenu', 'submenu');
}
/**
* Performs search on all comments
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* Sami Barakat <s.m.barakat AT gmail DOT com>
* @access private
* @return object plugin object
*
*/
function _searchComments()
{
global $_CONF, $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(DB_escapeString(htmlspecialchars($this->_query)));
$sql = "SELECT s.sid AS id, c.title AS title, c.comment AS description, UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, '0' AS hits, ";
if ($_CONF['url_rewrite']) {
$sql .= "CONCAT('/article.php/',s.sid,'#comments') AS url ";
} else {
$sql .= "CONCAT('/article.php?story=',s.sid,'#comments') AS url ";
}
$sql .= "FROM {$_TABLES['users']} AS u, {$_TABLES['comments']} AS c ";
$sql .= "LEFT JOIN {$_TABLES['stories']} AS s ON ((s.sid = c.sid) ";
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ") ";
$sql .= "WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ";
if (!empty($this->_topic)) {
$sql .= "AND (s.tid = '" . DB_escapeString($this->_topic) . "') ";
}
if (!empty($this->_author)) {
$sql .= "AND (c.uid = " . (int) $this->_author . ") ";
}
$search = new SearchCriteria('comments', $LANG09[65] . ' > ' . $LANG09[66]);
$columns = array('comment', 'c.title');
$sql .= $search->getDateRangeSQL('AND', 'UNIX_TIMESTAMP(c.date)', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$search->setSQL($sql);
$search->setFTSQL($ftsql);
$search->setRank(2);
return $search;
}
/**
* Create a category listing page showing the categories in block styling.
* @return string HTML for category listing page
*/
function CLASSIFIEDS_catList_blocks()
{
global $_CONF, $_TABLES, $LANG_ADVT, $_CONF_ADVT;
global $CatListcolors;
$T = new Template(CLASSIFIEDS_PI_PATH . '/templates');
$T->set_file('page', 'catlist_blocks.thtml');
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('site_admin_url', $_CONF['site_admin_url']);
// Get all the root categories
$sql = "SELECT * FROM {$_TABLES['ad_category']} \n WHERE papa_id='' " . COM_getPermSQL('AND', 0, 2) . " ORDER BY cat_name ASC";
//echo $sql;die;
$cats = DB_query($sql);
if (!$cats) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['database_error'], 'alert');
}
// If no root categories exist, display just return a message
if (DB_numRows($cats) == 0) {
$T->set_var('no_cat_found', "<p align=\"center\" class=\"headmsg\">\n {$LANG_ADVT['no_cat_found']}</p>\n");
$T->parse('output', 'page');
return $T->finish($T->get_var('output'));
}
$max = count($CatListcolors);
$i = 0;
while ($catsrow = DB_fetchArray($cats)) {
if ($catsrow['fgcolor'] == '' || $catsrow['bgcolor'] == '') {
if ($i >= $max) {
$i = 0;
}
$bgcolor = $CatListcolors[$i][0];
$fgcolor = $CatListcolors[$i][1];
$hdcolor = $CatListcolors[$i][2];
$i++;
} else {
$fgcolor = $catsrow['fgcolor'];
$bgcolor = $catsrow['bgcolor'];
}
// For each category, find the total ad count (including subcats)
// and display the subcats below it.
$T->set_block('page', 'CatDiv', 'Div');
$T->set_var('bgcolor', $bgcolor);
$T->set_var('fgcolor', $fgcolor);
//$T->set_var('hdcolor', $hdcolor);
$T->set_var('cat_url', CLASSIFIEDS_makeUrl('home', $catsrow['cat_id']));
$T->set_var('cat_name', $catsrow['cat_name']);
$T->set_var('cat_desc', $catsrow['description']);
$T->set_var('cat_ad_count', findTotalAds($catsrow['cat_id']));
if ($catsrow['image']) {
$T->set_var('cat_image', CLASSIFIEDS_thumbUrl('cat/' . $catsrow['image']));
} else {
$T->set_var('cat_image', '');
}
$T->parse('Div', 'CatDiv', true);
}
$T->parse('output', 'page');
return $T->finish($T->get_var('output'));
}
