function fncComment($id) { global $_CONF; global $_TABLES; // $order = ''; if (isset($_REQUEST['order'])) { $order = COM_applyFilter($_REQUEST['order']); } $mode = ''; if (isset($_REQUEST['mode'])) { $mode = COM_applyFilter($_REQUEST['mode']); } $page = 1; if (isset($_REQUEST['cpage'])) { $page = COM_applyFilter($_REQUEST['cpage']); } // $tbl = $_TABLES['USERBOX_base']; //----- $sql = "SELECT "; $sql .= "commentcode "; $sql .= ",owner_id"; $sql .= ",group_id"; $sql .= ",perm_owner"; $sql .= ",perm_group"; $sql .= ",perm_members"; $sql .= ",perm_anon"; $sql .= " FROM "; $sql .= " {$tbl} AS t "; //base $sql .= " WHERE "; $sql .= " id=" . $id; $sql .= " AND t.draft_flag=0" . LB; //アクセス権のないデータ はのぞく $sql .= COM_getPermSql('AND'); //公開日以前のデータはのぞく $sql .= " AND (released <= NOW())"; //公開終了日を過ぎたデータはのぞく $sql .= " AND (expired=0 OR expired > NOW())"; // $result = DB_query($sql); $numrows = DB_numRows($result); if ($numrows > 0) { $A = DB_fetchArray($result); $A = array_map('stripslashes', $A); if ($A['commentcode'] >= 0) { $delete_option = SEC_hasRights('userbox.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 ? true : false; require_once $_CONF['path_system'] . 'lib-comment.php'; $retval .= CMT_userComments($id, $A['topic'], 'userbox', $order, $mode, 0, $page, false, $delete_option, $A['commentcode']); } } return $retval; }
/** * Build the admin list of pages * @return string HTML content */ function EXP_adminList() { global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ACCESS, $_CONF_EXP, $LANG_EX00; USES_lib_admin(); $retval = ''; $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => 'Page ID', 'field' => 'exid', 'sort' => true), array('text' => 'Title', 'field' => 'title', 'sort' => true), array('text' => 'URL', 'field' => 'url', 'sort' => true), array('text' => 'Hits', 'field' => 'hits', 'sort' => true)); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/' . $_CONF_EXP['pi_name'] . '/edit.php?exid=0', 'text' => 'Add New'), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $defsort_arr = array('field' => 'exid', 'direction' => 'asc'); $header_str = $LANG_EX00['header'] . ' ' . $LANG_EX00['version'] . ' ' . $_CONF_EXP['pi_version']; $retval .= COM_startBlock($header_str, '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, 'Administer External Pages', plugin_geticon_external()); $text_arr = array('has_extras' => true, 'form_url' => "{$_CONF['site_admin_url']}/plugins/{$_CONF_EXP['pi_name']}/index.php"); $query_arr = array('table' => 'external', 'sql' => "SELECT * FROM {$_TABLES['external']} ", 'query_fields' => array('title', 'url'), 'default_filter' => COM_getPermSql()); $retval .= ADMIN_list('external', 'EXP_getAdminListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
function listpolls() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG25, $LANG_ACCESS; require_once $_CONF['path_system'] . 'lib-admin.php'; $retval = ''; // writing the menu on top $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php?mode=edit', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $retval .= COM_startBlock($LANG25[18], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG25[19], plugin_geticon_polls()); // writing the actual list $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG25[33], 'field' => 'is_open', 'sort' => true)); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); $text_arr = array('has_extras' => true, 'instructions' => $LANG25[19], 'form_url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php'); $query_arr = array('table' => 'polltopics', 'sql' => "SELECT *,UNIX_TIMESTAMP(date) AS unixdate " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSql('AND')); $retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
function getAdminMenu() { global $_SP_CONF, $_USER, $_TABLES, $LANG01, $LANG_MB01, $LANG_LOGO, $LANG_AM, $LANG_SOCIAL, $LANG29, $_CONF, $_DB_dbms, $_GROUPS, $config; $item_array = array(); if (!COM_isAnonUser()) { $plugin_options = PLG_getAdminOptions(); $num_plugins = count($plugin_options); if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit,social.admin', 'OR') or $num_plugins > 0) { // what's our current URL? $elementUrl = COM_getCurrentURL(); $topicsql = ''; if (SEC_isModerator() || SEC_hasRights('story.edit')) { $tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL()); $trows = DB_numRows($tresult); if ($trows > 0) { $tids = array(); for ($i = 0; $i < $trows; $i++) { $T = DB_fetchArray($tresult); $tids[] = $T['tid']; } if (sizeof($tids) > 0) { $topicsql = " (tid IN ('" . implode("','", $tids) . "'))"; } } } $modnum = 0; if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) { if (SEC_hasRights('story.moderate')) { if (empty($topicsql)) { $modnum += DB_count($_TABLES['storysubmission']); } else { $sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql); $S = DB_fetchArray($sresult); $modnum += $S['count']; } } if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) { $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)"; if (!empty($topicsql)) { $sql .= ' AND' . $topicsql; } $result = DB_query($sql . COM_getPermSQL('AND', 0, 3)); $A = DB_fetchArray($result); $modnum += $A['count']; } if ($_CONF['usersubmission'] == 1) { if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) { $modnum += DB_count($_TABLES['users'], 'status', '2'); } } } // now handle submissions for plugins $modnum += PLG_getSubmissionCount(); if (SEC_hasRights('story.edit')) { $url = $_CONF['site_admin_url'] . '/story.php'; $label = $LANG01[11]; if (empty($topicsql)) { $numstories = DB_count($_TABLES['stories']); } else { $nresult = DB_query("SELECT COUNT(*) AS count from {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND')); $N = DB_fetchArray($nresult); $numstories = $N['count']; } $label .= ' (' . COM_numberFormat($numstories) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('block.edit')) { $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql()); list($count) = DB_fetchArray($result); $url = $_CONF['site_admin_url'] . '/block.php'; $label = $LANG01[12] . ' (' . COM_numberFormat($count) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('autotag.admin')) { $url = $_CONF['site_admin_url'] . '/autotag.php'; $label = $LANG_AM['title']; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/clearctl.php'; $label = $LANG01['ctl']; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/menu.php'; $label = $LANG_MB01['menu_builder']; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/logo.php'; $label = $LANG_LOGO['logo_admin']; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('topic.edit')) { $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql()); list($count) = DB_fetchArray($result); $url = $_CONF['site_admin_url'] . '/topic.php'; $label = $LANG01[13] . ' (' . COM_numberFormat($count) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('user.edit')) { $url = $_CONF['site_admin_url'] . '/user.php'; $label = $LANG01[17] . ' (' . COM_numberFormat(DB_count($_TABLES['users']) - 1) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('group.edit')) { if (SEC_inGroup('Root')) { $grpFilter = ''; } else { $elementUsersGroups = SEC_getUserGroups(); $grpFilter = 'WHERE (grp_id IN (' . implode(',', $elementUsersGroups) . '))'; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};"); $A = DB_fetchArray($result); $url = $_CONF['site_admin_url'] . '/group.php'; $label = $LANG01[96] . ' (' . COM_numberFormat($A['count']) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('social.admin')) { $url = $_CONF['site_admin_url'] . '/social.php'; $label = $LANG_SOCIAL['label']; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/envcheck.php'; $label = $LANG01['env_check']; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('user.mail')) { $url = $_CONF['site_admin_url'] . '/mail.php'; $label = $LANG01[105] . ' (N/A)'; $item_array[] = array('label' => $label, 'url' => $url); } if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) { $url = $_CONF['site_admin_url'] . '/syndication.php'; $label = $LANG01[38] . ' (' . COM_numberFormat(DB_count($_TABLES['syndication'])) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) { $url = $_CONF['site_admin_url'] . '/trackback.php'; $label = $LANG01[116] . ' (' . COM_numberFormat(DB_count($_TABLES['pingservice'])) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_hasRights('plugin.edit')) { $url = $_CONF['site_admin_url'] . '/plugins.php'; $label = $LANG01[77] . ' (' . COM_numberFormat(DB_count($_TABLES['plugins'])) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/configuration.php'; $label = $LANG01[129] . ' (' . COM_numberFormat(count($config->_get_groups())) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } // This will show the admin options for all installed plugins (if any) for ($i = 0; $i < $num_plugins; $i++) { $plg = current($plugin_options); $url = $plg->adminurl; $label = $plg->adminlabel; if (empty($plg->numsubmissions)) { $label .= ''; } else { $label .= ' (' . COM_numberFormat($plg->numsubmissions) . ')'; } $item_array[] = array('label' => $label, 'url' => $url); next($plugin_options); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/database.php'; $label = $LANG01[103] . ''; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/logview.php'; $label = $LANG01['logview'] . ''; $item_array[] = array('label' => $label, 'url' => $url); } if ($_CONF['link_documentation'] == 1) { $doclang = COM_getLanguageName(); if (@file_exists($_CONF['path_html'] . 'docs/' . $doclang . '/index.html')) { $docUrl = $_CONF['site_url'] . '/docs/' . $doclang . '/index.html'; } else { $docUrl = $_CONF['site_url'] . '/docs/english/index.html'; } $url = $docUrl; $label = $LANG01[113] . ''; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/vercheck.php'; $label = $LANG01[107] . ' (' . GVERSION . PATCHLEVEL . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if (SEC_isModerator()) { $url = $_CONF['site_admin_url'] . '/moderation.php'; $label = $LANG01[10] . ' (' . COM_numberFormat($modnum) . ')'; $item_array[] = array('label' => $label, 'url' => $url); } if ($_CONF['sort_admin']) { usort($item_array, '_mb_cmp'); } $url = $_CONF['site_admin_url'] . '/index.php'; $label = $LANG29[34]; $cc_item = array('label' => $LANG29[34], 'url' => $url); $item_array = array_merge(array($cc_item), $item_array); } } return $item_array; }
/** * Show topic administration form * * @param string tid ID of topic to edit * @return string HTML for the topic editor */ function edittopic($tid = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG04, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS; $retval = ''; if (empty($tid)) { // new topic - set defaults $A = array('tid' => '', 'topic' => '', 'sortnum' => 0, 'parent_id' => TOPIC_ROOT, 'inherit' => 1, 'hidden' => 0, 'limitnews' => '', 'is_default' => 0, 'archive_flag' => 0); } else { $result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access == 0 || $access == 2) { $retval .= COM_showMessageText($LANG27[13], $LANG27[12]); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); return $retval; } } $token = SEC_createToken(); $retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); if (!is_array($A) || empty($A['owner_id'])) { $A['owner_id'] = $_USER['uid']; // this is the one instance where we default the group // most topics should belong to the Topic Admin group if (isset($_GROUPS['Topic Admin'])) { $A['group_id'] = $_GROUPS['Topic Admin']; } else { $A['group_id'] = SEC_getFeatureGroup('topic.edit'); } SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']); $access = 3; } $topic_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/topic'); $topic_templates->set_file('editor', 'topiceditor.thtml'); if (!empty($tid) && SEC_hasRights('topic.edit')) { $delButton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>'; $jsConfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $topic_templates->set_var('delete_option', sprintf($delButton, $jsConfirm)); $topic_templates->set_var('delete_option_no_confirmation', sprintf($delButton, '')); $topic_templates->set_var('allow_delete', true); $topic_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $topic_templates->set_var('confirm_message', $MESSAGE[76]); $topic_templates->set_var('warning_msg', $LANG27[6]); } if ($_CONF['titletoid'] && empty($tid)) { $_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js'); $topic_templates->set_var('titletoid', true); } $topic_templates->set_var('lang_topicid', $LANG27[2]); $topic_templates->set_var('topic_id', $A['tid']); $topic_templates->set_var('lang_parent_id', $LANG27[32]); $topic_templates->set_var('parent_id_options', TOPIC_getTopicListSelect($A['parent_id'], 1, false, $A['tid'], true)); $topic_templates->set_var('lang_inherit', $LANG27[33]); $topic_templates->set_var('lang_inherit_info', $LANG27[34]); if ($A['inherit'] == 1) { $topic_templates->set_var('inherit_checked', 'checked="checked"'); } else { $topic_templates->set_var('inherit_checked', ''); } $topic_templates->set_var('lang_hidden', $LANG27[35]); $topic_templates->set_var('lang_hidden_info', $LANG27[36]); if ($A['hidden'] == 1) { $topic_templates->set_var('hidden_checked', 'checked="checked"'); } else { $topic_templates->set_var('hidden_checked', ''); } $topic_templates->set_var('lang_donotusespaces', $LANG27[5]); $topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($A['owner_id']); $topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}")); $topic_templates->set_var('owner_name', $ownername); $topic_templates->set_var('owner', $ownername); $topic_templates->set_var('owner_id', $A['owner_id']); $topic_templates->set_var('lang_group', $LANG_ACCESS['group']); $topic_templates->set_var('lang_save', $LANG_ADMIN['save']); $topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access)); $topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']); $topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon'])); // show sort order only if they specified sortnum as the sort method if ($_CONF['sortmethod'] !== 'alpha') { $topic_templates->set_var('lang_sortorder', $LANG27[10]); if ($A['sortnum'] == 0) { $A['sortnum'] = ''; } $topic_templates->set_var('sort_order', '<input type="text" size="5" maxlength="5" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>'); } else { $topic_templates->set_var('lang_sortorder', $LANG27[14]); $topic_templates->set_var('sort_order', $LANG27[15] . '<input type="hidden" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>'); } $topic_templates->set_var('lang_storiesperpage', $LANG27[11]); if ($A['limitnews'] == 0) { $topic_templates->set_var('story_limit', ''); } else { $topic_templates->set_var('story_limit', $A['limitnews']); } $topic_templates->set_var('default_limit', $_CONF['limitnews']); $topic_templates->set_var('lang_defaultis', $LANG27[16]); $topic_templates->set_var('lang_topicname', $LANG27[3]); $topic_templates->set_var('topic_name', htmlspecialchars(stripslashes($A['topic']), ENT_QUOTES, COM_getEncodingt())); if (empty($A['tid'])) { $A['imageurl'] = '/images/topics/'; } $topic_templates->set_var('lang_topicimage', $LANG27[4]); $topic_templates->set_var('lang_uploadimage', $LANG27[27]); $topic_templates->set_var('lang_maxsize', $LANG27[28]); $topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']); $topic_templates->set_var('max_url_length', 255); $topic_templates->set_var('image_url', $A['imageurl']); if (empty($_CONF['image_lib'])) { $scaling = $LANG04[162]; } else { $scaling = $LANG04[161]; } $topic_templates->set_var('icon_max_dimensions', sprintf($LANG04[160], $_CONF['max_topicicon_width'], $_CONF['max_topicicon_height'], $_CONF['max_topicicon_size'], $scaling)); $topic_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']); $topic_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); if (!empty($A['meta_description'])) { $topic_templates->set_var('meta_description', $A['meta_description']); } if (!empty($A['meta_keywords'])) { $topic_templates->set_var('meta_keywords', $A['meta_keywords']); } if ($_CONF['meta_tags'] > 0) { $topic_templates->set_var('hide_meta', ''); } else { $topic_templates->set_var('hide_meta', ' style="display:none;"'); } $topic_templates->set_var('lang_defaulttopic', $LANG27[22]); $topic_templates->set_var('lang_defaulttext', $LANG27[23]); if ($A['is_default'] == 1) { $topic_templates->set_var('default_checked', 'checked="checked"'); } else { $topic_templates->set_var('default_checked', ''); } $topic_templates->set_var('lang_archivetopic', $LANG27[25]); $topic_templates->set_var('lang_archivetext', $LANG27[26]); $topic_templates->set_var('archive_disabled', ''); if ($A['archive_flag'] == 1) { $topic_templates->set_var('archive_checked', 'checked="checked"'); } else { $topic_templates->set_var('archive_checked', ''); // Only 1 topic can be the archive topic - so check if there already is one if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) { $topic_templates->set_var('archive_disabled', 'disabled'); } } if (empty($tid)) { $num_stories = $LANG_ADMIN['na']; } else { $nResult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND ta.tid = '" . DB_escapeString($tid) . "'" . COM_getPermSql('AND')); $N = DB_fetchArray($nResult); $num_stories = COM_numberFormat($N['count']); } $topic_templates->set_var('lang_num_stories', $LANG27[30]); $topic_templates->set_var('num_stories', $num_stories); $topic_templates->set_var('gltoken_name', CSRF_TOKEN); $topic_templates->set_var('gltoken', $token); $topic_templates->parse('output', 'editor'); $retval .= $topic_templates->finish($topic_templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Display a list of routes * * @return string HTML for the list */ function listRoutes() { global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ROUTER, $_IMAGE_TYPE, $securityToken; require_once $_CONF['path_system'] . 'lib-admin.php'; // Writing the menu on top $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/router.php?mode=edit&rid=0', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $notice = $LANG_ROUTER[11]; if (!isset($_CONF['url_rewrite']) || empty($_CONF['url_rewrite'])) { $notice .= ' ' . $LANG_ROUTER[18]; } if (!isset($_CONF['url_routing']) || $_CONF['url_routing'] == Router::ROUTING_DISABLED) { $notice .= ' ' . $LANG_ROUTER[19]; } $retval = COM_startBlock($LANG_ROUTER[2], '', COM_getBlockTemplate('_admin_block', 'header')) . ADMIN_createMenu($menu_arr, $notice, $_CONF['layout_url'] . '/images/icons/router.' . $_IMAGE_TYPE); $headerArray = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'rid', 'sort' => false), array('text' => $LANG_ROUTER[4], 'field' => 'method', 'sort' => true), array('text' => $LANG_ROUTER[5], 'field' => 'rule', 'sort' => true), array('text' => $LANG_ROUTER[6], 'field' => 'route', 'sort' => true), array('text' => $LANG_ROUTER[7], 'field' => 'priority', 'sort' => true)); $defaultSortArray = array('field' => 'priority', 'direction' => 'asc'); $textArray = array('has_extras' => false, 'title' => $LANG_ROUTER[1], 'form_url' => $_CONF['site_admin_url'] . '/router.php'); $queryArray = array('table' => 'routes', 'sql' => "SELECT * FROM {$_TABLES['routes']} WHERE (1 = 1) ", 'query_fields' => array('rule', 'route', 'priority'), 'default_filter' => COM_getPermSql('AND')); $retval .= ADMIN_list('routes', 'ADMIN_getListFieldRoutes', $headerArray, $textArray, $queryArray, $defaultSortArray, '', $securityToken, ''); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
private function _renderMenuItems($pid = 0) { global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE; foreach ($this->_menuitems as $menuitem) { if ($this->_multiLangMode) { $label = $this->getMenuLabel($menuitem['id']); } else { $label = $menuitem['label']; } $target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : ''; $menuitemImage = trim($menuitem['image']); if ($menuitemImage != '') { // Check and see if the full url is entered if (strpos($menuitemImage, 'http') === false) { $menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage; } } if ($i == $this->_menuitemCount) { $lastitem = true; } else { $lastitem = false; } // Check and see if this item is a submenu if ($menuitem['type'] == 3) { // Type Submenu $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']); $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url); if ($this->_type == 'header') { $menuitemimagecss = 'headermenuitemimage'; } else { $menuitemimagecss = 'blocksubmenuitemimage'; } $t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu'); if ($pid == 0) { if ($this->_type == 'header') { $t->set_file('menu', 'headersubmenu.thtml'); } else { $t->set_file('menu', 'submenu.thtml'); } $t->set_var('menuitem_url', $url); if ($menuitemImage != '') { $image = '<img src="' . $menuitemImage . '" border="0"> '; $label = "{$image}<span id=\"{$menuitemimagecss}\">{$label}</span>"; $t->set_var('menuitem_label', $label); } else { $t->set_var('menuitem_label', $label); } if ($pid == 0) { $t->set_var('imgclass', 'drop'); } else { $t->set_var('imgclass', 'fly'); } if ($i == $this->_menuitemCount) { $t->set_var('lastitemclass', 'class="enclose"'); } } else { $t->set_file('menu', 'flysubmenu.thtml'); $t->set_var('menuitem_url', $url); $t->set_var('menuitem_label', $label); } parent::initMenuItems($menuitem['id']); $t->set_var('submenu_items', $this->_renderMenuItems($menuitem['id'])); $t->parse('output', 'menu'); $retval .= $t->finish($t->get_var('output')); } elseif ($menuitem['type'] == 4) { // Core Menu switch ($menuitem['url']) { case "adminmenu": if ($_USER['uid'] > 1) { $_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml'; $_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml'; $plugin_options .= PLG_getAdminOptions(); $nrows = count($plugin_options); if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) { $retval .= COM_adminMenu(); } } break; case "usermenu": if ($_USER['uid'] > 1) { $_BLOCK_TEMPLATE['user_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml'; $_BLOCK_TEMPLATE['useroption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml'; $retval .= COM_userMenu(); } break; case "topicmenu": $_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/procssmenu/menuitem2.thtml,nexmenu/procssmenu/menuitem2_on.thtml'; $retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'"); break; case "linksmenu": if ($this->_linksPlugin) { $retval .= nexmenu_showlinks($pid, $this->_type, 'site', $numcategories, 0, $lastitem); } break; case "spmenu": if ($this->_staticpagesPlugin) { if ($CONF_NEXMENU['sp_labelonly']) { $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 "; $sql .= COM_getPermSql('AND'); $sql .= 'ORDER BY sp_title'; $spquery = DB_query($sql); } else { $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} "; $sql .= COM_getPermSql('WHERE'); $sql .= 'ORDER BY sp_title'; $spquery = DB_query($sql); } while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) { if (trim($sp_label) == '') { $label = $title; } else { $label = $sp_label; } $url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}"; $retval .= "<li><a href=\"{$url}\" {$target}>{$label}</a></li>" . LB; } } break; case "pluginmenu": $result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1"); $nrows = DB_numRows($result); $menu = array(); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); $function = 'plugin_getmenuitems_' . $A['pi_name']; if (function_exists($function)) { $menuitems = $function(); if (is_array($menuitems) and count($menuitems) > 0) { foreach ($menuitems as $plugin_label => $plugin_link) { if ($pid == 0) { $retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB; } else { $retval .= "<li><a href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB; } } } } } break; case "headermenu": $t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu'); $t->set_file(array('menu' => 'siteheader_menuitems.thtml', 'menuitem' => 'headermenu_item.thtml', 'menuitem_last' => 'headermenu_item.thtml')); $plugin_menu = PLG_getMenuItems(); COM_renderMenu($t, $plugin_menu); $t->parse('output', 'menu'); $retval .= $t->finish($t->get_var('output')); break; } // End of menutype == 4 (Core Menu) } elseif ($menuitem['type'] == 5) { if (function_exists($menuitem['url'])) { /* Pass the type of menu to custom php function */ $retval .= $menuitem['url']($this->_type); } } else { $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']); $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url); // what's our current URL? $thisUrl = COM_getCurrentURL(); if ($menuitemImage != '') { if ($this->_type == 'header') { $menuitemimagecss = 'headermenuitemimage'; } else { $menuitemimagecss = 'blockmenuitemimage'; } $image = '<img src="' . $menuitemImage . '" border="0"> '; if ($i == 1 and $pid > 0) { $retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB; } elseif ($i == $menurows and $pid == 0) { $retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB; } elseif ($url == $thisUrl) { $retval .= "<li id=\"menuitem_current\"><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB; } else { $retval .= "<li><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB; } } else { if ($pid == 0) { $retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB; } else { $retval .= "<li><a href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB; } } } $i++; } // Restore Template Setting $_BLOCK_TEMPLATE = $this->_currentBlockTemplate; return $retval; }
} } COM_setArgNames(array('id', 'type')); $id = COM_applyFilter(COM_getArgument('id')); $type = COM_applyFilter(COM_getArgument('type')); if (empty($id)) { TRB_sendTrackbackResponse(1, $TRB_ERROR['illegal_request']); exit; } if (empty($type)) { $type = 'article'; } if ($type == 'article') { // check if they have access to this story $sid = DB_escapeString($id); $result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') AND (date <= NOW()) AND (draft_flag = 0)" . COM_getPermSql('AND') . COM_getTopicSql('AND')); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); if ($A['trackbackcode'] == 0) { TRB_handleTrackbackPing($id, $type); } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { if (PLG_handlePingComment($type, $id, 'acceptByID') === true) { TRB_handleTrackbackPing($id, $type); } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']);
/** * Check if the current user is allowed to delete trackback comments. * * @param string $sid ID of the parent object of the comment * @param string $type type of the parent object ('article' = story, etc.) * @return boolean true = user can delete the comment, false = nope * */ function TRB_allowDelete($sid, $type) { global $_TABLES; $allowed = false; if ($type == 'article') { $sid = DB_escapeString($sid); $sql = "SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND', 0, 3); $result = DB_query($sql); $A = DB_fetchArray($result); if (SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && TOPIC_hasMultiTopicAccess('article', $sid) == 3) { $allowed = true; } else { $allowed = false; } } else { $allowed = PLG_handlePingComment($type, $sid, 'delete'); } return $allowed; }
/** * Prints Command and Control Page or Administration Menu Block * * This will return the command and control items or administration menu items that * the user has sufficient rights to -- Admin Block on the left side. * * @param string $adminMenu True if admin menu, false if command and control page * @param string $help Help file to show (admin menu only) * @param string $title Menu Title (admin menu only) * @param string $position Side being shown on 'left', 'right' or blank. (admin menu only) * @see function COM_adminMenu * */ function COM_commandControl($adminMenu = false, $help = '', $title = '', $position = '') { global $_CONF, $_CONF_FT, $_TABLES, $LANG01, $LANG29, $LANG_LOGVIEW, $LANG_ENVCHECK, $LANG_ADMIN, $_IMAGE_TYPE, $_DB_dbms, $config; $retval = ''; if ($adminMenu) { // what's our current URL? $thisUrl = COM_getCurrentURL(); // Figure out topics sql since used in a few places $topicsql = ''; if (SEC_isModerator() || SEC_hasRights('story.edit')) { $tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL()); $trows = DB_numRows($tresult); if ($trows > 0) { $tids = array(); for ($i = 0; $i < $trows; $i++) { $T = DB_fetchArray($tresult); $tids[] = $T['tid']; } if (count($tids) > 0) { $topicsql = " AND (ta.tid IN ('" . implode("','", $tids) . "'))"; } } } // Template Stuff $adminmenu = COM_newTemplate($_CONF['path_layout']); if (isset($_BLOCK_TEMPLATE['adminnavigation'])) { $adminmenu->set_file('adminnavigation', $_BLOCK_TEMPLATE['adminnavigation']); } else { $adminmenu->set_file('adminnavigation', 'adminnavigation.thtml'); } $blocks = array('option', 'current', 'group', 'count'); foreach ($blocks as $block) { $adminmenu->set_block('adminnavigation', $block); } $adminmenu->set_var('block_name', str_replace('_', '-', 'admin_block')); if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name = 'admin_block'"); } $retval .= COM_startBlock($title, $help, COM_getBlockTemplate('admin_block', 'header', $position)); // Allow anything not in the blocks but in the rest of the template file to be displayed $retval .= $adminmenu->parse('item', 'adminnavigation', true); // Add Command and Control Link $url = $_CONF['site_admin_url'] . '/index.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[14]); $adminmenu->set_var('option_count', $LANG_ADMIN['na']); $retval .= $adminmenu->finish($adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option')); // Get any plugin items $plugins = PLG_getAdminOptions(); } else { // this defines the amount of icons displayed next to another in the CC-block define('ICONS_PER_ROW', 6); // Template Stuff $admin_templates = COM_newTemplate($_CONF['path_layout'] . 'admin'); $admin_templates->set_file(array('cc' => 'commandcontrol.thtml')); $blocks = array('ccgroup', 'ccrow', 'ccitem'); foreach ($blocks as $block) { $admin_templates->set_block('cc', $block); } $retval .= COM_startBlock('Geeklog ' . VERSION . ' -- ' . $LANG29[34], '', COM_getBlockTemplate('_admin_block', 'header')); // Get any plugin items $plugins = PLG_getCCOptions(); } $cc_core = array(); $cc_plugins = array(); $cc_tools = array(); $cc_users = array(); for ($i = 0; $i < count($plugins); $i++) { $cur_plugin = current($plugins); if ($adminMenu) { $item = array('condition' => SEC_hasRights('story.edit'), 'url' => $cur_plugin->adminurl, 'lang' => $cur_plugin->adminlabel, 'num' => $cur_plugin->numsubmissions); } else { $item = array('condition' => SEC_hasRights('story.edit'), 'url' => $cur_plugin->adminurl, 'lang' => $cur_plugin->adminlabel, 'image' => $cur_plugin->plugin_image); } switch ($cur_plugin->admingroup) { case 'core': $cc_core[] = $item; break; case 'tools': $cc_tools[] = $item; break; case 'users': $cc_users[] = $item; break; default: $cc_plugins[] = $item; break; } next($plugins); } // Command & Control Group Layout $ccgroups = array('core', 'plugins', 'tools', 'users'); foreach ($ccgroups as $ccgroup) { // Clear a few things before starting group $cc_arr = array(); $items = array(); if (!$adminMenu) { $admin_templates->clear_var('cc_rows'); $admin_templates->set_var('cc_icon_width', floor(100 / ICONS_PER_ROW)); } switch ($ccgroup) { // Core - Blocks, Content Syndication, Stories, Topics, Submissions, Trackbacks case 'core': $showTrackbackIcon = ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping'); // Count stuff for admin menu $blockcount = 0; $topiccount = 0; $storycount = 0; $submissioncount = 0; $syndicationcount = 0; $trackbackcount = $LANG_ADMIN['na']; if ($adminMenu) { // Find num of blocks $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql()); list($blockcount) = DB_fetchArray($result); // Find num of topics $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql()); list($topiccount) = DB_fetchArray($result); // Find num of stories if (SEC_hasRights('story.edit')) { if (empty($topicsql)) { $storycount = DB_count($_TABLES['stories']); } else { $nresult = DB_query("SELECT COUNT(DISTINCT sid) AS count FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid " . $topicsql . COM_getPermSql('AND')); $N = DB_fetchArray($nresult); $storycount = $N['count']; } } // Find num of submissions if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) { if (SEC_hasRights('story.moderate')) { if (empty($topicsql)) { $submissioncount += DB_count($_TABLES['storysubmission']); } else { $sql = "SELECT COUNT(DISTINCT sid) AS count FROM {$_TABLES['storysubmission']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid " . $topicsql; $sresult = DB_query($sql); $S = DB_fetchArray($sresult); $submissioncount += $S['count']; } } if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) { $sql = "SELECT COUNT(DISTINCT sid) AS count FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND draft_flag = 1"; if (!empty($topicsql)) { $sql .= $topicsql; } $result = DB_query($sql . COM_getPermSQL('AND', 0, 3)); $A = DB_fetchArray($result); $submissioncount += $A['count']; } if ($_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate')) { $submissioncount += DB_count($_TABLES['commentsubmissions']); } if ($_CONF['usersubmission'] == 1) { if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) { $submissioncount += DB_count($_TABLES['users'], 'status', '2'); } } } // now handle submissions for plugins $submissioncount += PLG_getSubmissionCount(); // Find num of syndication if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) { $syndicationcount = COM_numberFormat(DB_count($_TABLES['syndication'])); } // Find num of trackback if ($_CONF['ping_enabled'] && SEC_hasRights('story.ping')) { $trackbackcount = COM_numberFormat(DB_count($_TABLES['pingservice'])); } } $cc_arr = array(array('condition' => SEC_hasRights('topic.edit'), 'url' => $_CONF['site_admin_url'] . '/topic.php', 'lang' => $LANG01[13], 'num' => COM_numberFormat($topiccount), 'image' => $_CONF['layout_url'] . '/images/icons/topic.' . $_IMAGE_TYPE), array('condition' => SEC_hasRights('block.edit'), 'url' => $_CONF['site_admin_url'] . '/block.php', 'lang' => $LANG01[12], 'num' => COM_numberFormat($blockcount), 'image' => $_CONF['layout_url'] . '/images/icons/block.' . $_IMAGE_TYPE), array('condition' => SEC_hasRights('story.edit'), 'url' => $_CONF['site_admin_url'] . '/story.php', 'lang' => $LANG01[11], 'num' => COM_numberFormat($storycount), 'image' => $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE), array('condition' => SEC_hasModerationAccess(), 'url' => $_CONF['site_admin_url'] . '/moderation.php', 'lang' => $LANG01[10], 'num' => COM_numberFormat($submissioncount), 'image' => $_CONF['layout_url'] . '/images/icons/moderation.' . $_IMAGE_TYPE), array('condition' => SEC_hasRights('syndication.edit'), 'url' => $_CONF['site_admin_url'] . '/syndication.php', 'lang' => $LANG01[38], 'num' => $syndicationcount, 'image' => $_CONF['layout_url'] . '/images/icons/syndication.' . $_IMAGE_TYPE), array('condition' => $showTrackbackIcon, 'url' => $_CONF['site_admin_url'] . '/trackback.php', 'lang' => $LANG01[116], 'num' => $trackbackcount, 'image' => $_CONF['layout_url'] . '/images/icons/trackback.' . $_IMAGE_TYPE)); // Merge any items that belong to this group from plugins $cc_arr = array_merge($cc_arr, $cc_core); break; // Plugins - All ungrouped plugins // Plugins - All ungrouped plugins case 'plugins': $cc_arr = $cc_plugins; break; // Tools - Db backups, Clear cache, Log Viewer, GL Version Test, Plugins, Configuration, Documentation, SPAM-X Plugin // Tools - Db backups, Clear cache, Log Viewer, GL Version Test, Plugins, Configuration, Documentation, SPAM-X Plugin case 'tools': $docsUrl = $_CONF['site_url'] . '/docs/english/index.html'; if ($_CONF['link_documentation'] == 1) { $doclang = COM_getLanguageName(); $docs = 'docs/' . $doclang . '/index.html'; if (file_exists($_CONF['path_html'] . $docs)) { $docsUrl = $_CONF['site_url'] . '/' . $docs; } } $pluginscount = 0; if ($adminMenu) { // Find num of plugins if (SEC_hasRights('plugin.edit')) { $pluginscount = COM_numberFormat(DB_count($_TABLES['plugins'], 'pi_enabled', 1)); } } $cc_arr = array(array('condition' => SEC_hasRights($_CONF_FT, 'OR'), 'url' => $_CONF['site_admin_url'] . '/configuration.php', 'lang' => $LANG01[129], 'num' => count($config->_get_groups()), 'image' => $_CONF['layout_url'] . '/images/icons/configuration.' . $_IMAGE_TYPE), array('condition' => $_CONF['link_documentation'] == 1, 'url' => $docsUrl, 'lang' => $LANG01[113], 'image' => $_CONF['layout_url'] . '/images/icons/docs.' . $_IMAGE_TYPE), array('condition' => SEC_inGroup('Root') && $_CONF['link_versionchecker'] == 1, 'url' => 'http://www.geeklog.net/versionchecker.php?version=' . VERSION, 'lang' => $LANG01[107], 'num' => VERSION, 'image' => $_CONF['layout_url'] . '/images/icons/versioncheck.' . $_IMAGE_TYPE), array('condition' => SEC_hasRights('plugin.edit'), 'url' => $_CONF['site_admin_url'] . '/plugins.php', 'lang' => $LANG01[98], 'num' => $pluginscount, 'image' => $_CONF['layout_url'] . '/images/icons/plugins.' . $_IMAGE_TYPE), array('condition' => $_CONF['allow_mysqldump'] == 1 && $_DB_dbms == 'mysql' && SEC_inGroup('Root'), 'url' => $_CONF['site_admin_url'] . '/database.php', 'lang' => $LANG01[103], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/database.' . $_IMAGE_TYPE), array('condition' => SEC_inGroup('Root'), 'url' => $_CONF['site_admin_url'] . '/clearctl.php', 'lang' => $LANG01['ctl'], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/ctl.' . $_IMAGE_TYPE), array('condition' => SEC_inGroup('Root'), 'url' => $_CONF['site_admin_url'] . '/envcheck.php', 'lang' => $LANG_ENVCHECK['env_check'], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/envcheck.' . $_IMAGE_TYPE), array('condition' => SEC_inGroup('Root'), 'url' => $_CONF['site_admin_url'] . '/logviewer.php', 'lang' => $LANG_LOGVIEW['log_viewer'], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/log_viewer.' . $_IMAGE_TYPE), array('condition' => SEC_inGroup('Root'), 'url' => $_CONF['site_url'] . '/filemanager/index.php?Type=Root', 'lang' => $LANG01['filemanager'], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/filemanager.' . $_IMAGE_TYPE, 'target' => '_blank'), array('condition' => true, 'url' => $_CONF['site_url'] . '/users.php?mode=logout', 'lang' => $LANG01[35], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/logout.' . $_IMAGE_TYPE)); // Merge any items that belong to this group from plugins $cc_arr = array_merge($cc_arr, $cc_tools); break; // Users - Groups, Users, Mail Users // Users - Groups, Users, Mail Users case 'users': $groupcount = 0; $usercount = 0; if ($adminMenu) { // Find num of groups if (SEC_inGroup('Root')) { $grpFilter = ''; } else { $thisUsersGroups = SEC_getUserGroups(); $grpFilter = 'WHERE (grp_id IN (' . implode(',', $thisUsersGroups) . '))'; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};"); $A = DB_fetchArray($result); $groupcount = $A['count']; // Find num of users $usercount = DB_count($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE) - 1; } $cc_arr = array(array('condition' => SEC_hasRights('group.edit'), 'url' => $_CONF['site_admin_url'] . '/group.php', 'lang' => $LANG01[96], 'num' => COM_numberFormat($groupcount), 'image' => $_CONF['layout_url'] . '/images/icons/group.' . $_IMAGE_TYPE), array('condition' => SEC_hasRights('user.edit'), 'url' => $_CONF['site_admin_url'] . '/user.php', 'lang' => $LANG01[17], 'num' => COM_numberFormat($usercount), 'image' => $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE), array('condition' => SEC_hasRights('user.mail'), 'url' => $_CONF['site_admin_url'] . '/mail.php', 'lang' => $LANG01[105], 'num' => '', 'image' => $_CONF['layout_url'] . '/images/icons/mail.' . $_IMAGE_TYPE)); // Merge any items that belong to this group from plugins $cc_arr = array_merge($cc_arr, $cc_users); break; } for ($i = 0; $i < count($cc_arr); $i++) { if ($cc_arr[$i]['condition']) { if ($adminMenu) { // Add Command and Control Link $adminmenu->set_var('option_url', $cc_arr[$i]['url']); $adminmenu->set_var('option_label', $cc_arr[$i]['lang']); if (!empty($cc_arr[$i]['num'])) { $adminmenu->set_var('option_count', $cc_arr[$i]['num']); $adminmenu->set_var('display_count', $adminmenu->parse('item', 'count')); } $adminmenu->set_var('branch_spaces', ' '); if (isset($cc_arr[$i]['target'])) { $adminmenu->set_var('target', ' target="' . $cc_arr[$i]['target'] . '"'); } else { $adminmenu->set_var('target', ''); } $item = $adminmenu->finish($adminmenu->parse('item', $thisUrl == $cc_arr[$i]['url'] ? 'current' : 'option')); $adminmenu->clear_var('display_count'); // incase set before } else { if (!empty($cc_arr[$i]['url'])) { $admin_templates->set_var('page_url', $cc_arr[$i]['url']); $admin_templates->set_var('page_image', $cc_arr[$i]['image']); $admin_templates->set_var('option_label', $cc_arr[$i]['lang']); $admin_templates->set_var('cell_width', (int) (100 / ICONS_PER_ROW) . '%'); if (isset($cc_arr[$i]['target'])) { $admin_templates->set_var('target', ' target="' . $cc_arr[$i]['target'] . '"'); } else { $admin_templates->set_var('target', ''); } $item = $admin_templates->parse('cc_main_options', 'ccitem', false); } } $items[$cc_arr[$i]['lang']] = $item; } } if ($_CONF['sort_admin']) { uksort($items, 'strcasecmp'); } if (!empty($items)) { // Add Group Label now if ($adminMenu) { $adminmenu->set_var('group_label', $LANG29[$ccgroup]); $retval .= $adminmenu->finish($adminmenu->parse('item', 'group')); } else { $admin_templates->set_var('lang_group', $LANG29[$ccgroup]); } // Add items now reset($items); $cols = 0; $cc_main_options = ''; foreach ($items as $key => $val) { if ($adminMenu) { $retval .= $val; } else { $cc_main_options .= $val . LB; $cols++; if ($cols == ICONS_PER_ROW) { $admin_templates->set_var('cc_main_options', $cc_main_options); $admin_templates->parse('cc_rows', 'ccrow', true); $admin_templates->clear_var('cc_main_options'); $cc_main_options = ''; $cols = 0; } } } if (!$adminMenu) { if ($cols > 0) { // "flush out" any unrendered entries $admin_templates->set_var('cc_main_options', $cc_main_options); $admin_templates->parse('cc_rows', 'ccrow', true); $admin_templates->clear_var('cc_main_options'); } $admin_templates->parse('cc_groups', 'ccgroup', true); } } } if ($adminMenu) { $retval .= COM_endBlock(COM_getBlockTemplate('admin_block', 'footer', $position)); } else { $retval .= $admin_templates->finish($admin_templates->parse('output', 'cc')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); } return $retval; }
$order = COM_applyFilter($_GET['order']); } if (isset($_GET['query'])) { $query = COM_applyFilter($_GET['query']); } if (isset($_GET['reply'])) { $reply = COM_applyFilter($_GET['reply']); } } if (empty($sid)) { COM_404(); } if (strcasecmp($order, 'ASC') != 0 && strcasecmp($order, 'DESC') != 0) { $order = ''; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getPermSql('AND')); $A = DB_fetchArray($result); if ($A['count'] > 0) { $ratedIds = array(); if ($_CONF['rating_enabled'] != 0) { $ratedIds = RATING_getRatedIds('article'); } $story = new Story(); $args = array('sid' => $sid, 'mode' => 'view'); $output = STORY_LOADED_OK; $result = PLG_invokeService('story', 'get', $args, $output, $svc_msg); if ($result == PLG_RET_OK) { /* loadFromArray cannot be used, since it overwrites the timestamp */ reset($story->_dbFields); while (list($fieldname, $save) = each($story->_dbFields)) { $varname = '_' . $fieldname;
private function _renderMenuItems() { global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE; foreach ($this->_menuitems as $menuitem) { if ($this->_multiLangMode) { $label = $this->getMenuLabel($menuitem['id']); } else { $label = $menuitem['label']; } $target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : ''; $menuitemImage = trim($menuitem['image']); if ($menuitemImage != '') { // Check and see if the full url is entered if (strpos($menuitemImage, 'http') === false) { $menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage; } } if ($i == $this->_menuitemCount) { $lastitem = true; } else { $lastitem = false; } // Check and see if this item is a submenu if ($menuitem['type'] == 3) { // Type Submenu $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']); $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url); if ($this->_type == 'header') { $menuitemimagecss = 'headermenuitemimage'; } else { $menuitemimagecss = 'blocksubmenuitemimage'; } if ($menuitemImage != '') { $retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");'; } else { $retval .= 'aI("text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");'; } } elseif ($menuitem['type'] == 4) { // Core Menu switch ($menuitem['url']) { case "adminmenu": if ($_USER['uid'] > 1) { $_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml'; $_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml'; $plugin_options .= PLG_getAdminOptions(); $nrows = count($plugin_options); if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) { $retval .= COM_adminMenu(); } } break; case "usermenu": if ($_USER['uid'] > 1) { $_BLOCK_TEMPLATE['user_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml'; $_BLOCK_TEMPLATE['useroption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml'; $retval .= COM_userMenu(); } break; case "topicmenu": $_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml'; $retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'"); break; case "linksmenu": if ($this->_linksPlugin) { $retval .= $this->_milonicLinksPluginSiteLinks(); } break; case "spmenu": if ($this->_staticpagesPlugin) { if ($CONF_NEXMENU['sp_labelonly']) { $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 "; $sql .= COM_getPermSql('AND'); $sql .= 'ORDER BY sp_title'; $spquery = DB_query($sql); } else { $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} "; $sql .= COM_getPermSql('WHERE'); $sql .= 'ORDER BY sp_title'; $spquery = DB_query($sql); } while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) { if (trim($sp_label) == '') { $label = $title; } else { $label = $sp_label; } $url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}"; $retval .= 'aI("text=' . $label . ';url=' . $_CONF['site_url'] . '/staticpages/index.php?page=' . $id . ';");'; } } break; case "pluginmenu": $result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1"); $nrows = DB_numRows($result); $menu = array(); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); $function = 'plugin_getmenuitems_' . $A['pi_name']; if (function_exists($function)) { $menuitems = $function(); if (is_array($menuitems) and count($menuitems) > 0) { foreach ($menuitems as $plugin_label => $plugin_link) { $retval .= 'aI("text=' . $plugin_label . ';' . $target . 'url=' . $plugin_link . ';");'; } } } } break; } // End of menutype == 4 (Core Menu) } elseif ($menuitem['type'] == 5) { if (function_exists($menuitem['url'])) { /* Pass the type of menu to custom php function */ $retval .= $menuitem['url']($this->_type); } } else { $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']); $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url); // what's our current URL? $thisUrl = COM_getCurrentURL(); if ($menuitemImage != '') { $retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';url=' . $url . ';' . $target . ';");'; } else { $retval .= 'aI("text=' . $label . ';url=' . $url . ';' . $target . ';");'; } } $i++; } // Restore Template Setting $_BLOCK_TEMPLATE = $this->_currentBlockTemplate; return $retval; }
if (isset($pid)) { $display .= POLLS_siteHeader(); if ($msg > 0) { $display .= COM_showMessage($msg, 'polls'); } if (isset($_POST['aid'])) { $eMsg = $LANG_POLLS['answer_all'] . ' "' . DB_getItem($_TABLES['polltopics'], 'topic', "pid = '" . DB_escapeString($pid) . "'") . '"'; $display .= COM_showMessageText($eMsg, $LANG_POLLS['not_saved'], true); } if (DB_getItem($_TABLES['polltopics'], 'is_open', "pid = '" . DB_escapeString($pid) . "'") != 1) { $aid = -1; // poll closed - show result } if (!isset($_COOKIE['poll-' . $pid]) && !POLLS_ipAlreadyVoted($pid) && $aid != -1) { $display .= POLLS_pollVote($pid); } else { $display .= POLLS_pollResults($pid, 400, $order, $mode); } } else { $poll_topic = DB_query("SELECT topic FROM {$_TABLES['polltopics']} WHERE pid='" . DB_escapeString($pid) . "'" . COM_getPermSql('AND')); $Q = DB_fetchArray($poll_topic); if (empty($Q['topic'])) { $display .= POLLS_siteHeader($LANG_POLLS['pollstitle']) . POLLS_pollList(); } else { $display .= POLLS_siteHeader($Q['topic']) . POLLS_pollResults($pid, 400, $order, $mode); } } } } $display .= POLLS_siteFooter(); echo $display;
} } COM_setArgNames(array('id', 'type')); $id = COM_applyFilter(COM_getArgument('id')); $type = COM_applyFilter(COM_getArgument('type')); if (empty($id)) { TRB_sendTrackbackResponse(1, $TRB_ERROR['illegal_request']); exit; } if (empty($type)) { $type = 'article'; } if ($type == 'article') { // check if they have access to this story $sid = DB_escapeString($id); $sql = "SELECT trackbackcode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (sid = '{$sid}') AND (date <= NOW()) AND (draft_flag = 0)" . COM_getPermSql('AND') . " AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 " . COM_getTopicSql('AND', 0, 'ta'); $result = DB_query($sql); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); if ($A['trackbackcode'] == 0) { TRB_handleTrackbackPing($id, $type); } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_access']); } } else { if (PLG_handlePingComment($type, $id, 'acceptByID') === true) { TRB_handleTrackbackPing($id, $type); } else {
/** * Displays a list of topics * * Lists all the topics and their icons. * * @return string HTML for the topic list * */ function TOPIC_list() { global $_CONF, $_TABLES, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $_IMAGE_TYPE; USES_lib_admin(); $retval = ''; $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/topic.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $retval .= COM_startBlock($LANG27[8], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG27[9], $_CONF['layout_url'] . '/images/icons/topic.' . $_IMAGE_TYPE); $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center', 'width' => '35px'), array('text' => $LANG27[10], 'field' => 'sortnum', 'sort' => true, 'align' => 'center'), array('text' => $LANG27[2], 'field' => 'tid', 'sort' => true), array('text' => $LANG27[3], 'field' => 'topic', 'sort' => true), array('text' => $LANG27[38], 'field' => 'is_default', 'sort' => false, 'align' => 'center'), array('text' => $LANG27[39], 'field' => 'archive_flag', 'sort' => false, 'align' => 'center'), array('text' => $LANG27[11], 'field' => 'limitnews', 'sort' => false, 'align' => 'center'), array('text' => $LANG27[35], 'field' => 'sort_by', 'sort' => false, 'align' => 'center', 'nowrap' => 'true'), array('text' => $LANG27[37], 'field' => 'sort_dir', 'sort' => false, 'align' => 'center'), array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center', 'width' => '35px')); $defsort_arr = array('field' => 'sortnum', 'direction' => 'asc'); $text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/topic.php'); $query_arr = array('table' => 'topics', 'sql' => "SELECT * FROM {$_TABLES['topics']} WHERE 1=1", 'query_fields' => array('tid', 'topic'), 'default_filter' => COM_getPermSql('AND')); $token = SEC_createToken(); $form_arr = array('bottom' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>'); $retval .= ADMIN_list('topics', 'TOPIC_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Display main view (list of years) * Displays an overview of all the years and months, starting with the first * year for which a story has been posted. Can optionally display a list of * the stories for the current month at the top of the page. * * @param Template $template reference of the template * @param string $dir_topic current topic * @return string list of all the years in the db */ function DIR_displayAll($template, $dir_topic) { global $_TABLES, $LANG_DIR; $retval = ''; $yearsql = array(); $yearsql['mysql'] = "SELECT DISTINCT YEAR(date) AS year, date\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (draft_flag = 0) AND (date <= NOW())\n AND ta.type = 'article' AND ta.id = sid\n " . COM_getTopicSQL('AND', 0, 'ta') . COM_getPermSql('AND') . COM_getLangSQL('sid', 'AND'); $yearsql['pgsql'] = "SELECT EXTRACT(YEAR from date) AS year\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (draft_flag = 0) AND (date <= NOW())\n AND ta.type = 'article' AND ta.id = sid\n " . COM_getTopicSQL('AND', 0, 'ta') . COM_getPermSql('AND') . COM_getLangSQL('sid', 'AND'); $ySql = array(); $ySql['mysql'] = $yearsql['mysql'] . " GROUP BY year, date ORDER BY date DESC"; $ySql['pgsql'] = $yearsql['pgsql'] . " GROUP BY year, date ORDER BY year DESC"; $yResult = DB_query($ySql); $numYears = DB_numRows($yResult); if ($numYears > 0) { for ($i = 0; $i < $numYears; $i++) { $Y = DB_fetchArray($yResult); if (TEMPLATE_EXISTS) { $template->set_var('section_title', $Y['year']); $retval .= $template->parse('title', 'section-title') . LB; } else { $retval .= '<h3>' . $Y['year'] . '</h3>' . LB; } $retval .= DIR_displayYear($template, $dir_topic, $Y['year']); } } else { if (TEMPLATE_EXISTS) { $retval .= $template->parse('message', 'no-articles') . LB; } else { $retval .= '<p>' . $LANG_DIR['no_articles'] . '</p>' . LB; } } return $retval; }
function _parseElement() { global $_SP_CONF, $_USER, $_TABLES, $LANG01, $_CONF, $_GROUPS; $returnArray = array(); $childArray = array(); $item_array = array(); if ($this->active != 1 && $this->id != 0) { return NULL; } if ($this->group_id == 998 && !COM_isAnonUser()) { return NULL; } if (isset($_REQUEST['topic'])) { $topic = COM_applyFilter($_REQUEST['topic']); } else { $topic = ''; } if (COM_isAnonUser()) { $anon = 1; } else { $anon = 0; } $allowed = true; if ($this->group_id != 998 && $this->id != 0 && !SEC_inGroup($this->group_id)) { return NULL; } if ($this->group_id == 1 && !isset($_GROUPS['Root'])) { return NULL; } switch ($this->type) { case ET_SUB_MENU: $this->replace_macros(); break; case ET_FUSION_ACTION: switch ($this->subtype) { case 0: // home $this->url = $_CONF['site_url'] . '/'; break; case 1: // contribute if ($anon && ($_CONF['loginrequired'] || $_CONF['submitloginrequired'])) { return NULL; } if (empty($topic)) { $this->url = $_CONF['site_url'] . '/submit.php?type=story'; } else { $this->url = $_CONF['site_url'] . '/submit.php?type=story&topic=' . $topic; } $label = $LANG01[71]; break; case 2: // directory if ($anon && ($_CONF['loginrequired'] || $_CONF['directoryloginrequired'])) { return NULL; } $this->url = $_CONF['site_url'] . '/directory.php'; if (!empty($topic)) { $this->url = COM_buildUrl($this->url . '?topic=' . urlencode($topic)); } break; case 3: // prefs if ($anon && ($_CONF['loginrequired'] || $_CONF['profileloginrequired'])) { return NULL; } $this->url = $_CONF['site_url'] . '/usersettings.php?mode=edit'; break; case 4: // search if ($anon && ($_CONF['loginrequired'] || $_CONF['searchloginrequired'])) { return NULL; } $this->url = $_CONF['site_url'] . '/search.php'; break; case 5: // stats if (!SEC_hasRights('stats.view')) { return NULL; } $this->url = $_CONF['site_url'] . '/stats.php'; break; default: // unknown? $this->url = $_CONF['site_url'] . '/'; break; } break; case ET_FUSION_MENU: $this->url = ''; switch ($this->subtype) { case USER_MENU: // if anonymous user - show login entry if (COM_isAnonUser()) { $this->label = $LANG01[58]; $this->url = $_CONF['site_url'] . '/users.php'; $this->target = ''; break; } // logged-in user see My Account entry $item_array = getUserMenu(); $this->label = $LANG01[47]; break; case ADMIN_MENU: $this->url = $_CONF['site_admin_url']; $item_array = getAdminMenu(); break; case TOPIC_MENU: $item_array = getTopicMenu(); break; case STATICPAGE_MENU: $item_array = array(); $order = ''; if (!empty($_SP_CONF['sort_menu_by'])) { $order = ' ORDER BY '; if ($_SP_CONF['sort_menu_by'] == 'date') { $order .= 'sp_date DESC'; } else { if ($_SP_CONF['sort_menu_by'] == 'label') { $order .= 'sp_label'; } else { if ($_SP_CONF['sort_menu_by'] == 'title') { $order .= 'sp_title'; } else { // default to "sort by id" $order .= 'sp_id'; } } } } $result = DB_query('SELECT sp_id, sp_label FROM ' . $_TABLES['staticpage'] . ' WHERE sp_onmenu = 1 AND sp_status = 1' . COM_getPermSql('AND') . $order); $nrows = DB_numRows($result); $menuitems = array(); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']); $label = $A['sp_label']; $item_array[] = array('label' => $label, 'url' => $url); } break; case PLUGIN_MENU: $item_array = array(); $plugin_menu = PLG_getMenuItems(); if (count($plugin_menu) == 0) { $this->access = 0; } else { for ($i = 1; $i <= count($plugin_menu); $i++) { $url = current($plugin_menu); $label = key($plugin_menu); $item_array[] = array('label' => $label, 'url' => $url); next($plugin_menu); } } break; case HEADER_MENU: default: } break; case ET_PLUGIN: $plugin_menus = _mbPLG_getMenuItems(); if (isset($plugin_menus[$this->subtype])) { $this->url = $plugin_menus[$this->subtype]; } else { $this->access = 0; $allowed = 0; } break; case ET_STATICPAGE: $this->url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $this->subtype); break; case ET_URL: $this->replace_macros(); break; case ET_PHP: $functionName = $this->subtype; if (function_exists($functionName)) { $item_array = $functionName(); } break; case ET_TOPIC: $this->url = $_CONF['site_url'] . '/index.php?topic=' . $this->subtype; break; default: break; } if ($this->id != 0 && $this->group_id == 998 && SEC_inGroup('Root')) { return NULL; } if ($allowed == 0 || $this->access == 0) { return NULL; } if ($this->type == ET_FUSION_MENU || $this->type == ET_PHP) { $childArray = $item_array; } else { if (!empty($this->children)) { $howmany = $this->getChildcount(); if ($howmany > 0) { $children = $this->getChildren(); foreach ($children as $child) { $elementArray = $child->_parseElement(); if ($elementArray != NULL) { $childArray[] = $elementArray; } } } } else { $childArray = NULL; } } $returnArray = array('label' => $this->label, 'url' => $this->url, 'target' => $this->target, 'children' => is_array($childArray) ? $childArray : NULL); return $returnArray; }
/** * Display form to email a story to someone. * * @param string $sid ID of article to email * @return string HTML for email story form * */ function mailstoryform($sid, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG_LOGIN; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { $display = COM_siteHeader('menu', $LANG_LOGIN[1]); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND')); $A = DB_fetchArray($result); if ($A['count'] == 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } if ($msg > 0) { $retval .= COM_showMessage($msg, '', '', 0, 'info'); } if (empty($from) && empty($fromemail)) { if (!COM_isAnonUser()) { $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']); $fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}"); } } $postmode = $_CONF['mailuser_postmode']; $mail_template = new Template($_CONF['path_layout'] . 'profiles'); $mail_template->set_file('form', 'contactauthorform.thtml'); if ($postmode == 'html') { $mail_template->set_var('show_htmleditor', true); } else { $mail_template->unset_var('show_htmleditor'); } $mail_template->set_var('lang_postmode', $LANG03[2]); $mail_template->set_var('postmode', $postmode); $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17])); $mail_template->set_var('lang_fromname', $LANG08[20]); $mail_template->set_var('name', $from); $mail_template->set_var('lang_fromemailaddress', $LANG08[21]); $mail_template->set_var('email', $fromemail); $mail_template->set_var('lang_toname', $LANG08[18]); $mail_template->set_var('toname', $to); $mail_template->set_var('lang_toemailaddress', $LANG08[19]); $mail_template->set_var('toemail', $toemail); $mail_template->set_var('lang_shortmessage', $LANG08[27]); $mail_template->set_var('shortmsg', @htmlspecialchars($shortmsg, ENT_COMPAT, COM_getEncodingt())); $mail_template->set_var('lang_warning', $LANG08[22]); $mail_template->set_var('lang_sendmessage', $LANG08[16]); $mail_template->set_var('story_id', $sid); PLG_templateSetVars('emailstory', $mail_template); $mail_template->set_var('end_block', COM_endBlock()); $mail_template->parse('output', 'form'); $retval .= $mail_template->finish($mail_template->get_var('output')); return $retval; }
/** * Return information for a story * This is the story equivalent of PLG_getItemInfo. See lib-plugins.php for * details. * * @param string $sid story ID or '*' * @param string $what comma-separated list of story properties * @param int $uid user ID or 0 = current user * @param array $options (reserved for future extensions) * @return mixed string or array of strings with the information */ function plugin_getiteminfo_story($sid, $what, $uid = 0, $options = array()) { global $_CONF, $_TABLES; // parse $what to see what we need to pull from the database $properties = explode(',', $what); $fields = array(); foreach ($properties as $p) { switch ($p) { case 'date-created': $fields[] = 'UNIX_TIMESTAMP(date) AS unixdate'; break; case 'date-modified': $fields[] = 'UNIX_TIMESTAMP(date) AS unixdate'; break; case 'description': $fields[] = 'introtext'; $fields[] = 'bodytext'; break; case 'excerpt': $fields[] = 'introtext'; break; case 'feed': $fields[] = 'ta.tid'; break; case 'id': $fields[] = 'sid'; break; case 'title': $fields[] = 'title'; break; case 'url': // needed for $sid == '*', but also in case we're only requesting // the URL (so that $fields isn't emtpy) $fields[] = 'sid'; break; default: // nothing to do break; } } $fields = array_unique($fields); if (count($fields) == 0) { $retval = array(); return $retval; } // prepare SQL request if ($sid == '*') { $where = ' WHERE'; } else { $where = " WHERE (sid = '" . DB_escapeString($sid) . "') AND"; } $where .= ' (draft_flag = 0) AND (date <= NOW())'; if ($uid > 0) { $permSql = COM_getPermSql('AND', $uid) . " AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 " . COM_getTopicSql('AND', $uid, 'ta'); } else { $permSql = COM_getPermSql('AND') . " AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 " . COM_getTopicSql('AND', 0, 'ta'); } $sql = "SELECT " . implode(',', $fields) . " FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta" . $where . $permSql; if ($sid != '*') { $sql .= ' LIMIT 1'; } $result = DB_query($sql); $numRows = DB_numRows($result); $retval = array(); for ($i = 0; $i < $numRows; $i++) { $A = DB_fetchArray($result); $props = array(); foreach ($properties as $p) { switch ($p) { case 'date-created': $props['date-created'] = $A['unixdate']; break; case 'date-modified': $props['date-modified'] = $A['unixdate']; break; case 'description': $props['description'] = trim(PLG_replaceTags(stripslashes($A['introtext']) . ' ' . stripslashes($A['bodytext']))); break; case 'excerpt': $excerpt = stripslashes($A['introtext']); if (!empty($A['bodytext'])) { $excerpt .= "\n\n" . stripslashes($A['bodytext']); } $props['excerpt'] = trim(PLG_replaceTags($excerpt)); break; case 'feed': $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "topic = '::all'"); if (empty($feedfile)) { $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "topic = '::frontpage'"); } if (empty($feedfile)) { $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "topic = '{$A['tid']}'"); } if (empty($feedfile)) { $props['feed'] = ''; } else { $props['feed'] = SYND_getFeedUrl($feedfile); } break; case 'id': $props['id'] = $A['sid']; break; case 'title': $props['title'] = stripslashes($A['title']); break; case 'url': if (empty($A['sid'])) { $props['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } else { $props['url'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']); } break; default: // return empty string for unknown properties $props[$p] = ''; break; } } $mapped = array(); foreach ($props as $key => $value) { if ($sid == '*') { if ($value != '') { $mapped[$key] = $value; } } else { $mapped[] = $value; } } if ($sid == '*') { $retval[] = $mapped; } else { $retval = $mapped; break; } } if ($sid != '*' && count($retval) == 1) { $retval = $retval[0]; } return $retval; }
} if (isset($_GET['reply'])) { $reply = COM_applyFilter($_GET['reply']); } if (isset($_GET['cpage'])) { $page = COM_applyFilter($_GET['cpage'], true); } } if (empty($sid)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } if (strcasecmp($order, 'ASC') != 0 && strcasecmp($order, 'DESC') != 0) { $order = ''; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND')); $A = DB_fetchArray($result); if ($A['count'] > 0) { $story = new Story(); $args = array('sid' => $sid, 'mode' => 'view'); $output = STORY_LOADED_OK; $result = PLG_invokeService('story', 'get', $args, $output, $svc_msg); if ($result == PLG_RET_OK) { /* loadFromArray cannot be used, since it overwrites the timestamp */ reset($story->_dbFields); while (list($fieldname, $save) = each($story->_dbFields)) { $varname = '_' . $fieldname; if (array_key_exists($fieldname, $output)) { $story->{$varname} = $output[$fieldname]; } }
/** * Show topic administration form * * @param string tid ID of topic to edit * @return string HTML for the topic editor * */ function edittopic($tid = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE; $retval = ''; if (empty($tid)) { // new topic - set defaults $A = array(); $A['tid'] = ''; $A['topic'] = ''; $A['sortnum'] = 0; $A['limitnews'] = ''; // leave empty! $A['is_default'] = 0; $A['archive_flag'] = 0; } else { $result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access == 0 or $access == 2) { $retval .= COM_startBlock($LANG27[12], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG27[13]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); return $retval; } } $token = SEC_createToken(); $retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); if (!is_array($A) || empty($A['owner_id'])) { $A['owner_id'] = $_USER['uid']; // this is the one instance where we default the group // most topics should belong to the Topic Admin group if (isset($_GROUPS['Topic Admin'])) { $A['group_id'] = $_GROUPS['Topic Admin']; } else { $A['group_id'] = SEC_getFeatureGroup('topic.edit'); } SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']); $access = 3; } $topic_templates = new Template($_CONF['path_layout'] . 'admin/topic'); $topic_templates->set_file('editor', 'topiceditor.thtml'); $topic_templates->set_var('xhtml', XHTML); $topic_templates->set_var('site_url', $_CONF['site_url']); $topic_templates->set_var('site_admin_url', $_CONF['site_admin_url']); $topic_templates->set_var('layout_url', $_CONF['layout_url']); if (!empty($tid) && SEC_hasRights('topic.edit')) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $topic_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $topic_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); $topic_templates->set_var('warning_msg', $LANG27[6]); } $topic_templates->set_var('lang_topicid', $LANG27[2]); $topic_templates->set_var('topic_id', $A['tid']); $topic_templates->set_var('lang_donotusespaces', $LANG27[5]); $topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($A['owner_id']); $topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}")); $topic_templates->set_var('owner_name', $ownername); $topic_templates->set_var('owner', $ownername); $topic_templates->set_var('owner_id', $A['owner_id']); $topic_templates->set_var('lang_group', $LANG_ACCESS['group']); $topic_templates->set_var('lang_save', $LANG_ADMIN['save']); $topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access)); $topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']); $topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon'])); // show sort order only if they specified sortnum as the sort method if ($_CONF['sortmethod'] != 'alpha') { $topic_templates->set_var('lang_sortorder', $LANG27[10]); if ($A['sortnum'] == 0) { $A['sortnum'] = ''; } $topic_templates->set_var('sort_order', '<input type="text" size="3" maxlength="3" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>'); } else { $topic_templates->set_var('lang_sortorder', $LANG27[14]); $topic_templates->set_var('sort_order', $LANG27[15]); } $topic_templates->set_var('lang_storiesperpage', $LANG27[11]); if ($A['limitnews'] == 0) { $topic_templates->set_var('story_limit', ''); } else { $topic_templates->set_var('story_limit', $A['limitnews']); } $topic_templates->set_var('default_limit', $_CONF['limitnews']); $topic_templates->set_var('lang_defaultis', $LANG27[16]); $topic_templates->set_var('lang_topicname', $LANG27[3]); $topic_templates->set_var('topic_name', stripslashes($A['topic'])); if (empty($A['tid'])) { $A['imageurl'] = '/images/topics/'; } $topic_templates->set_var('lang_topicimage', $LANG27[4]); $topic_templates->set_var('lang_uploadimage', $LANG27[27]); $topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']); $topic_templates->set_var('lang_maxsize', $LANG27[28]); $topic_templates->set_var('max_url_length', 255); $topic_templates->set_var('image_url', $A['imageurl']); $topic_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']); $topic_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); if (!empty($A['meta_description'])) { $topic_templates->set_var('meta_description', $A['meta_description']); } if (!empty($A['meta_keywords'])) { $topic_templates->set_var('meta_keywords', $A['meta_keywords']); } $topic_templates->set_var('lang_defaulttopic', $LANG27[22]); $topic_templates->set_var('lang_defaulttext', $LANG27[23]); if ($A['is_default'] == 1) { $topic_templates->set_var('default_checked', 'checked="checked"'); } else { $topic_templates->set_var('default_checked', ''); } $topic_templates->set_var('lang_archivetopic', $LANG27[25]); $topic_templates->set_var('lang_archivetext', $LANG27[26]); $topic_templates->set_var('archive_disabled', ''); if ($A['archive_flag'] == 1) { $topic_templates->set_var('archive_checked', 'checked="checked"'); } else { $topic_templates->set_var('archive_checked', ''); // Only 1 topic can be the archive topic - so check if there already is one if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) { $topic_templates->set_var('archive_disabled', 'disabled'); } } if (empty($tid)) { $num_stories = $LANG_ADMIN['na']; } else { $nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE tid = '" . addslashes($tid) . "'" . COM_getPermSql('AND')); $N = DB_fetchArray($nresult); $num_stories = COM_numberFormat($N['count']); } $topic_templates->set_var('lang_num_stories', $LANG27[30]); $topic_templates->set_var('num_stories', $num_stories); $topic_templates->set_var('gltoken_name', CSRF_TOKEN); $topic_templates->set_var('gltoken', $token); $topic_templates->parse('output', 'editor'); $retval .= $topic_templates->finish($topic_templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Returns a list of stories with a give topic id */ function SITEMAPMENU_listStory($tid) { global $_CONF, $_TABLES, $LANG_DIR; $retval = ''; $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) AS day " . "FROM {$_TABLES['stories']} " . "WHERE (draft_flag = 0) AND (date <= NOW())"; if ($tid != 'all') { $sql .= " AND (tid = '{$tid}')"; } $sql .= COM_getTopicSql('AND') . COM_getPermSql('AND') . " ORDER BY date DESC"; $result = DB_query($sql); $numrows = DB_numRows($result); if ($numrows > 0) { $entries = array(); for ($i = 0; $i < $numrows; $i++) { $A = DB_fetchArray($result); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $A['sid']); $entries[] = '<a class="nav-link" href="' . $url . '">' . SITEMAPMENU_esc(stripslashes($A['title'])) . '</a>'; } $retval .= COM_makeList($entries) . LB; } return $retval; }
/** * @param $all_langs boolean: true = all languages, true = current language * Returns an array of ( * 'id' => $id (string), * 'title' => $title (string), * 'uri' => $uri (string), * 'date' => $date (int: Unix timestamp), * 'image_uri' => $image_uri (string) * ) */ public function getItemsByDate($event_type = '', $all_langs = false) { global $_CONF, $_TABLES; $entries = array(); if (empty(Dataproxy::$startDate) or empty(Dataproxy::$endDate)) { return $entries; } $sql = "SELECT eid, title, UNIX_TIMESTAMP(datestart) AS day1, " . " UNIX_TIMESTAMP(timestart) AS day2 " . "FROM {$_TABLES['eventsjp']} " . "WHERE (UNIX_TIMESTAMP(datestart) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') "; if (!empty($event_type)) { $sql .= "AND (event_type = '" . addslashes($event_type) . "') "; } if (!Dataproxy::isRoot()) { $sql .= COM_getPermSql('AND', Dataproxy::uid()); } $sql .= " ORDER BY day1 DESC, day2 DESC"; $result = DB_query($sql); if (DB_error()) { return $entries; } while (($A = DB_fetchArray($result, FALSE)) !== FALSE) { $entry = array(); $entry['id'] = $A['eid']; $entry['title'] = stripslashes($A['title']); $entry['uri'] = $_CONF['site_url'] . '/calendarjp/event.php?eid=' . $entry['id']; $entry['date'] = (int) $A['day1'] + (int) $A['day2']; $entry['image_uri'] = FALSE; $entries[] = $entry; } return $entries; }
/** * List links * @global array core config vars * @global array core table data * @global array core user data * @global array core lang admin vars * @global array links plugin lang vars * @global array core lang access vars */ function listlinks() { global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_LINKS_ADMIN, $LANG_ACCESS, $_IMAGE_TYPE; require_once $_CONF['path_system'] . 'lib-admin.php'; $retval = ''; $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG_LINKS_ADMIN[2], 'field' => 'lid', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false), array('text' => $LANG_LINKS_ADMIN[14], 'field' => 'category', 'sort' => true)); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?mode=edit', 'text' => $LANG_LINKS_ADMIN[51])); $validate = ''; if (isset($_GET['validate'])) { $token = SEC_createToken(); $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php', 'text' => $LANG_LINKS_ADMIN[53]); $dovalidate_url = $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=validate' . '&' . CSRF_TOKEN . '=' . $token; $dovalidate_text = $LANG_LINKS_ADMIN[58]; $form_arr['top'] = COM_createLink($dovalidate_text, $dovalidate_url); if ($_GET['validate'] == 'enabled') { $header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'beforevalidate', 'sort' => false); $validate = '?validate=enabled'; } else { if ($_GET['validate'] == 'validate') { $header_arr[] = array('text' => $LANG_LINKS_ADMIN[27], 'field' => 'dovalidate', 'sort' => false); $validate = '?validate=validate&' . CSRF_TOKEN . '=' . $token; } } $validate_help = $LANG_LINKS_ADMIN[59]; } else { $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/index.php?validate=enabled', 'text' => $LANG_LINKS_ADMIN[26]); $form_arr = array(); $validate_help = ''; } $defsort_arr = array('field' => 'title', 'direction' => 'asc'); $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/category.php', 'text' => $LANG_LINKS_ADMIN[50]); $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/plugins/links/category.php?mode=edit', 'text' => $LANG_LINKS_ADMIN[52]); $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']); $retval .= COM_startBlock($LANG_LINKS_ADMIN[11], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_LINKS_ADMIN[12] . $validate_help, plugin_geticon_links()); $text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . "/plugins/links/index.php{$validate}"); $query_arr = array('table' => 'links', 'sql' => "SELECT l.lid AS lid, l.cid as cid, l.title AS title, " . "c.category AS category, l.url AS url, l.description AS description, " . "l.owner_id, l.group_id, l.perm_owner, l.perm_group, l.perm_members, l.perm_anon " . "FROM {$_TABLES['links']} AS l " . "LEFT JOIN {$_TABLES['linkcategories']} AS c " . "ON l.cid=c.cid WHERE 1=1", 'query_fields' => array('title', 'category', 'url', 'l.description'), 'default_filter' => COM_getPermSql('AND', 0, 3, 'l')); $retval .= ADMIN_list('links', 'plugin_getListField_links', $header_arr, $text_arr, $query_arr, $defsort_arr, '', '', '', $form_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Save an event to user's personal calendar * * User has seen the confirmation screen and they still wants to * add this event to their calendar. Actually save it now. * * @param string $eid ID of event to save * @return string HTML refresh * */ function saveuserevent($eid) { global $_CONF, $_TABLES, $_USER; if (!COM_isAnonUser()) { // Try to delete the event first in case it has already been added DB_query("DELETE FROM {$_TABLES['personal_eventsjp']} WHERE uid={$_USER['uid']} AND eid='{$eid}'"); $result = DB_query("SELECT eid FROM {$_TABLES['eventsjp']} WHERE (eid = '{$eid}')" . COM_getPermSql('AND')); if (DB_numRows($result) == 1) { $savesql = "INSERT INTO {$_TABLES['personal_eventsjp']} " . "(eid,uid,title,event_type,datestart,dateend,timestart,timeend,allday,location,address1,address2,city,state," . "zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon) SELECT eid," . $_USER['uid'] . ",title,event_type,datestart,dateend,timestart,timeend,allday,location,address1,address2," . "city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon FROM " . "{$_TABLES['eventsjp']} WHERE eid = '{$eid}'"; DB_query($savesql); return COM_refresh($_CONF['site_url'] . '/calendarjp/index.php?mode=personal&msg=24'); } } return COM_refresh($_CONF['site_url'] . '/index.php'); }
/** * Display two lists of blocks, separated by left and right * * @return string HTML for the two lists * */ function listblocks() { global $_CONF, $_TABLES, $LANG_ADMIN, $LANG21, $_IMAGE_TYPE; require_once $_CONF['path_system'] . 'lib-admin.php'; $retval = ''; $token = SEC_createToken(); // writing the menu on top $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/block.php?mode=edit', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $retval .= COM_startBlock($LANG21[19], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG21[25], $_CONF['layout_url'] . '/images/icons/block.' . $_IMAGE_TYPE); reorderblocks(); // Left // Regular Blocks $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG21[65], 'field' => 'blockorder', 'sort' => true), array('text' => $LANG21[46], 'field' => 'move', 'sort' => false), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG21[48], 'field' => 'name', 'sort' => true), array('text' => $LANG_ADMIN['type'], 'field' => 'type', 'sort' => true), array('text' => $LANG_ADMIN['topic'], 'field' => 'topic', 'sort' => true), array('text' => $LANG_ADMIN['enabled'], 'field' => 'is_enabled', 'sort' => true)); $defsort_arr = array('field' => 'blockorder', 'direction' => 'asc'); $text_arr = array('has_extras' => true, 'title' => "{$LANG21['20']} ({$LANG21['40']})", 'form_url' => $_CONF['site_admin_url'] . '/block.php'); $query_arr = array('table' => 'blocks', 'sql' => "SELECT * FROM {$_TABLES['blocks']} WHERE onleft = 1", 'query_fields' => array('title', 'content'), 'default_filter' => COM_getPermSql('AND')); // this is a dummy variable so we know the form has been used if all blocks // should be disabled on one side in order to disable the last one. // The value is the onleft var $form_arr = array('top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"' . XHTML . '>', 'bottom' => '<input type="hidden" name="blockenabler" value="1"' . XHTML . '>'); $retval .= ADMIN_list('blocks', 'ADMIN_getListField_blocks', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr); // Dynamic blocks $dyn_header_arr = array(array('text' => $LANG21[65], 'field' => 'blockorder', 'sort' => true), array('text' => $LANG21[69], 'field' => 'plugin', 'sort' => true), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $LANG21[48], 'field' => 'name', 'sort' => true), array('text' => $LANG_ADMIN['type'], 'field' => 'type', 'sort' => true), array('text' => $LANG_ADMIN['topic'], 'field' => 'topic', 'sort' => true), array('text' => $LANG_ADMIN['enabled'], 'field' => 'is_enabled', 'sort' => true)); $dyn_text_arr = array('title' => "{$LANG21['22']} ({$LANG21['40']})", 'form_url' => $_CONF['site_admin_url'] . '/block.php'); $leftblocks = PLG_getBlocksConfig('left', ''); // Sort Dynamic Blocks on Block Order usort($leftblocks, "cmpDynamicBlocks"); $retval .= ADMIN_simpleList('ADMIN_getListField_dynamicblocks', $dyn_header_arr, $dyn_text_arr, $leftblocks, '', $form_arr); // Right // Regular Blocks $query_arr = array('table' => 'blocks', 'sql' => "SELECT * FROM {$_TABLES['blocks']} WHERE onleft = 0", 'query_fields' => array('title', 'content'), 'default_filter' => COM_getPermSql('AND')); $text_arr = array('has_extras' => true, 'title' => "{$LANG21['20']} ({$LANG21['41']})", 'form_url' => $_CONF['site_admin_url'] . '/block.php'); // this is a dummy-variable so we know the form has been used if all blocks should be disabled // on one side in order to disable the last one. The value is the onleft var $form_arr = array('top' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"' . XHTML . '>', 'bottom' => '<input type="hidden" name="blockenabler" value="0"' . XHTML . '>'); $retval .= ADMIN_list('blocks', 'ADMIN_getListField_blocks', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token, '', $form_arr); // Dynamic blocks $dyn_text_arr = array('title' => "{$LANG21['22']} ({$LANG21['41']})", 'form_url' => $_CONF['site_admin_url'] . '/block.php'); $rightblocks = PLG_getBlocksConfig('right', ''); // Sort Dynamic Blocks on Block Order usort($rightblocks, "cmpDynamicBlocks"); $retval .= ADMIN_simpleList('ADMIN_getListField_dynamicblocks', $dyn_header_arr, $dyn_text_arr, $rightblocks, '', $form_arr); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Returns an array of ( * 'id' => $id (string), * 'title' => $title (string), * 'uri' => $uri (string), * 'date' => $date (int: Unix timestamp), * 'image_uri' => $image_uri (string) * ) */ public function getItemsByDate($tid = '', $all_langs = FALSE) { global $_CONF, $_TABLES; $entries = array(); if (empty(Dataproxy::$startDate) or empty(Dataproxy::$endDate)) { return $entries; } $sql = "SELECT sid, title, UNIX_TIMESTAMP(date) AS day " . " FROM {$_TABLES['stories']} " . "WHERE (draft_flag = 0) AND (date <= NOW()) " . " AND (UNIX_TIMESTAMP(date) BETWEEN '" . Dataproxy::$startDate . "' AND '" . Dataproxy::$endDate . "') "; if (!empty($tid)) { $sql .= "AND (tid = '" . addslashes($tid) . "') "; } if (!Dataproxy::isRoot()) { $sql .= COM_getTopicSql('AND', Dataproxy::uid()) . COM_getPermSql('AND', Dataproxy::uid()); if (function_exists('COM_getLangSQL') and $all_langs === FALSE) { $sql .= COM_getLangSQL('sid', 'AND'); } } $result = DB_query($sql); if (DB_error()) { return $entries; } while (($A = DB_fetchArray($result, FALSE)) !== FALSE) { $entry = array(); $entry['id'] = stripslashes($A['sid']); $entry['title'] = stripslashes($A['title']); $entry['uri'] = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . stripslashes($A['sid'])); $entry['date'] = $A['day']; $entry['imageurl'] = FALSE; $entries[] = $entry; } return $entries; }
/** * Prints administration menu * * This will return the administration menu items that the user has * sufficient rights to -- Admin Block on the left side. * * @param string $help Help file to show * @param string $title Menu Title * @param string $position Side being shown on 'left', 'right' or blank. * @see function COM_userMenu * */ function COM_adminMenu($help = '', $title = '', $position = '') { global $_TABLES, $_CONF, $_CONF_FT, $LANG01, $LANG_ADMIN, $_BLOCK_TEMPLATE, $_DB_dbms, $config; $retval = ''; if (COM_isAnonUser()) { return $retval; } $plugin_options = PLG_getAdminOptions(); $num_plugins = count($plugin_options); if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') or $num_plugins > 0 or SEC_hasConfigAcess()) { // what's our current URL? $thisUrl = COM_getCurrentURL(); $adminmenu = COM_newTemplate($_CONF['path_layout']); if (isset($_BLOCK_TEMPLATE['adminoption'])) { $templates = explode(',', $_BLOCK_TEMPLATE['adminoption']); $adminmenu->set_file(array('option' => $templates[0], 'current' => $templates[1])); } else { $adminmenu->set_file(array('option' => 'adminoption.thtml', 'current' => 'adminoption_off.thtml')); } $adminmenu->set_var('block_name', str_replace('_', '-', 'admin_block')); if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name = 'admin_block'"); } $retval .= COM_startBlock($title, $help, COM_getBlockTemplate('admin_block', 'header', $position)); $topicsql = ''; if (SEC_isModerator() || SEC_hasRights('story.edit')) { $tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL()); $trows = DB_numRows($tresult); if ($trows > 0) { $tids = array(); for ($i = 0; $i < $trows; $i++) { $T = DB_fetchArray($tresult); $tids[] = $T['tid']; } if (count($tids) > 0) { $topicsql = " (tid IN ('" . implode("','", $tids) . "'))"; } } } $modnum = 0; if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) { if (SEC_hasRights('story.moderate')) { if (empty($topicsql)) { $modnum += DB_count($_TABLES['storysubmission']); } else { $sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql); $S = DB_fetchArray($sresult); $modnum += $S['count']; } } if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) { $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)"; if (!empty($topicsql)) { $sql .= ' AND' . $topicsql; } $result = DB_query($sql . COM_getPermSQL('AND', 0, 3)); $A = DB_fetchArray($result); $modnum += $A['count']; } if ($_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate')) { $modnum += DB_count($_TABLES['commentsubmissions']); } if ($_CONF['usersubmission'] == 1) { if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) { $modnum += DB_count($_TABLES['users'], 'status', '2'); } } } if (SEC_hasConfigAcess()) { $url = $_CONF['site_admin_url'] . '/configuration.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[129]); $adminmenu->set_var('option_count', count($config->_get_groups())); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[129]] = $menu_item; } // now handle submissions for plugins $modnum += PLG_getSubmissionCount(); if (SEC_hasRights('story.edit')) { $url = $_CONF['site_admin_url'] . '/story.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[11]); if (empty($topicsql)) { $numstories = DB_count($_TABLES['stories']); } else { $nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND')); $N = DB_fetchArray($nresult); $numstories = $N['count']; } $adminmenu->set_var('option_count', COM_numberFormat($numstories)); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[11]] = $menu_item; } if (SEC_hasRights('block.edit')) { $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql()); list($count) = DB_fetchArray($result); $url = $_CONF['site_admin_url'] . '/block.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[12]); $adminmenu->set_var('option_count', COM_numberFormat($count)); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[12]] = $menu_item; } if (SEC_hasRights('topic.edit')) { $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql()); list($count) = DB_fetchArray($result); $url = $_CONF['site_admin_url'] . '/topic.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[13]); $adminmenu->set_var('option_count', COM_numberFormat($count)); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[13]] = $menu_item; } if (SEC_hasRights('user.edit')) { $url = $_CONF['site_admin_url'] . '/user.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[17]); $active_users = DB_count($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE); $adminmenu->set_var('option_count', COM_numberFormat($active_users - 1)); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[17]] = $menu_item; } if (SEC_hasRights('group.edit')) { if (SEC_inGroup('Root')) { $grpFilter = ''; } else { $thisUsersGroups = SEC_getUserGroups(); $grpFilter = 'WHERE (grp_id IN (' . implode(',', $thisUsersGroups) . '))'; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};"); $A = DB_fetchArray($result); $url = $_CONF['site_admin_url'] . '/group.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[96]); $adminmenu->set_var('option_count', COM_numberFormat($A['count'])); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[96]] = $menu_item; } if (SEC_hasRights('user.mail')) { $url = $_CONF['site_admin_url'] . '/mail.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[105]); $adminmenu->set_var('option_count', $LANG_ADMIN['na']); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[105]] = $menu_item; } if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) { $url = $_CONF['site_admin_url'] . '/syndication.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[38]); $count = COM_numberFormat(DB_count($_TABLES['syndication'])); $adminmenu->set_var('option_count', $count); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[38]] = $menu_item; } if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) { $url = $_CONF['site_admin_url'] . '/trackback.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[116]); if ($_CONF['ping_enabled']) { $count = COM_numberFormat(DB_count($_TABLES['pingservice'])); $adminmenu->set_var('option_count', $count); } else { $adminmenu->set_var('option_count', $LANG_ADMIN['na']); } $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[116]] = $menu_item; } if (SEC_hasRights('plugin.edit')) { $url = $_CONF['site_admin_url'] . '/plugins.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[77]); $adminmenu->set_var('option_count', COM_numberFormat(DB_count($_TABLES['plugins'], 'pi_enabled', 1))); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[77]] = $menu_item; } // This will show the admin options for all installed plugins (if any) for ($i = 0; $i < $num_plugins; $i++) { $plg = current($plugin_options); $adminmenu->set_var('option_url', $plg->adminurl); $adminmenu->set_var('option_label', $plg->adminlabel); if (isset($plg->numsubmissions) && is_numeric($plg->numsubmissions)) { $adminmenu->set_var('option_count', COM_numberFormat($plg->numsubmissions)); } elseif (!empty($plg->numsubmissions)) { $adminmenu->set_var('option_count', $plg->numsubmissions); } else { $adminmenu->set_var('option_count', $LANG_ADMIN['na']); } $menu_item = $adminmenu->parse('item', $thisUrl == $plg->adminurl ? 'current' : 'option', true); $link_array[$plg->adminlabel] = $menu_item; next($plugin_options); } if ($_CONF['allow_mysqldump'] == 1 and $_DB_dbms == 'mysql' and SEC_inGroup('Root')) { $url = $_CONF['site_admin_url'] . '/database.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[103]); $adminmenu->set_var('option_count', $LANG_ADMIN['na']); $menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'); $link_array[$LANG01[103]] = $menu_item; } if ($_CONF['link_documentation'] == 1) { $doclang = COM_getLanguageName(); $docs = 'docs/' . $doclang . '/index.html'; if (file_exists($_CONF['path_html'] . $docs)) { $adminmenu->set_var('option_url', $_CONF['site_url'] . '/' . $docs); } else { $adminmenu->set_var('option_url', $_CONF['site_url'] . '/docs/english/index.html'); } $adminmenu->set_var('option_label', $LANG01[113]); $adminmenu->set_var('option_count', $LANG_ADMIN['na']); $menu_item = $adminmenu->parse('item', 'option'); $link_array[$LANG01[113]] = $menu_item; } if ($_CONF['link_versionchecker'] == 1 and SEC_inGroup('Root')) { $adminmenu->set_var('option_url', 'http://www.geeklog.net/versionchecker.php?version=' . VERSION); $adminmenu->set_var('option_label', $LANG01[107]); $adminmenu->set_var('option_count', VERSION); $menu_item = $adminmenu->parse('item', 'option'); $link_array[$LANG01[107]] = $menu_item; } if ($_CONF['sort_admin']) { uksort($link_array, 'strcasecmp'); } $url = $_CONF['site_admin_url'] . '/moderation.php'; $adminmenu->set_var('option_url', $url); $adminmenu->set_var('option_label', $LANG01[10]); $adminmenu->set_var('option_count', COM_numberFormat($modnum)); $menu_item = $adminmenu->finish($adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option')); $link_array = array($menu_item) + $link_array; foreach ($link_array as $link) { $retval .= $link; } $retval .= COM_endBlock(COM_getBlockTemplate('admin_block', 'footer', $position)); } return $retval; }
/** * Extract story ID (sid) from the URL * Accepts rewritten and old-style URLs. Also checks permissions. * * @param string $url targetURI, a URL on our site * @return string story ID or empty string for error */ function PNB_getSid($url) { global $_CONF, $_TABLES; $retval = ''; $sid = ''; $params = substr($url, strlen($_CONF['site_url'] . '/article.php')); if (substr($params, 0, 1) === '?') { // old-style URL $pos = strpos($params, 'story='); if ($pos !== false) { $part = substr($params, $pos + strlen('story=')); $parts = explode('&', $part); $sid = $parts[0]; } } elseif (substr($params, 0, 1) == '/') { // rewritten URL $parts = explode('/', substr($params, 1)); $sid = $parts[0]; } if (!empty($sid)) { $parts = explode('#', $sid); $sid = $parts[0]; } // okay, so we have a SID - but are they allowed to access the story? if (!empty($sid)) { $testsid = DB_escapeString($sid); $result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND sid = '{$testsid}'" . COM_getPermSql('AND') . COM_getTopicSql('AND', 0, ta)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); if ($A['trackbackcode'] == 0) { $retval = $sid; } } } return $retval; }
$cal_templates->set_var('cal_day_style', 'cal-futureday'); } } if (strlen($curday->daynumber) == 1) { $curday->daynumber = '0' . $curday->daynumber; } $cal_templates->set_var('cal_day_anchortags', COM_createLink($curday->daynumber, $_CONF['site_url'] . '/calendarjp/index.php?view=day&' . addMode($mode) . 'day=' . $curday->daynumber . "&month={$month}&year={$year}", array('class' => 'cal-date')) . '<hr' . XHTML . '>'); if (strlen($month) == 1) { $month = '0' . $month; } if ($mode == 'personal') { $calsql_tbl = $_TABLES['personal_eventsjp']; $calsql_filt = "AND (uid = {$_USER['uid']})"; } else { $calsql_tbl = $_TABLES['eventsjp']; $calsql_filt = COM_getPermSql('AND'); } $calsql = "SELECT eid,title,datestart,dateend,timestart,timeend,allday,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$calsql_tbl} WHERE " . "((datestart >= '{$year}-{$month}-{$curday->daynumber} 00:00:00' " . "AND datestart <= '{$year}-{$month}-{$curday->daynumber} 23:59:59') " . "OR (dateend >= '{$year}-{$month}-{$curday->daynumber} 00:00:00' " . "AND dateend <= '{$year}-{$month}-{$curday->daynumber} 23:59:59') " . "OR ('{$year}-{$month}-{$curday->daynumber}' BETWEEN datestart AND dateend))" . $calsql_filt . " ORDER BY datestart,timestart"; $query2 = DB_query($calsql); $q2_numrows = DB_numRows($query2); if ($q2_numrows > 0) { $entries = ''; for ($z = 1; $z <= $q2_numrows; $z++) { $results = DB_fetchArray($query2); if ($results['title']) { $cal_templates->set_var('cal_day_entries', ''); $entries .= COM_createLink(stripslashes($results['title']), $_CONF['site_url'] . '/calendarjp/event.php?' . addMode($mode) . 'eid=' . $results['eid'], array('class' => 'cal-event')) . '<hr' . XHTML . '>'; } } for ($z = $z; $z <= 4; $z++) { $entries .= '<br' . XHTML . '>';