function migrate_deletestory($sid) { global $_TABLES, $_CONF; $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'"); $nrows = DB_numRows($result); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); $filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename']; if (!@unlink($filename)) { // log the problem but don't abort the script COM_errorLog('Unable to remove the following image from the article: ' . $filename); } // remove unscaled image, if it exists $lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1); $lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large; if (file_exists($lFilename_large_complete)) { if (!@unlink($lFilename_large_complete)) { // ;og the problem but don't abort the script COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete); } } } DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)); DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid)); DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid)); // update RSS feed and Older Stories block COM_rdfUpToDateCheck(); COM_olderStuff(); return; }
/** * Handles a comment submission * * @copyright Vincent Furia 2005 * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @return string HTML (possibly a refresh) */ function handleSubmit() { global $_CONF, $_TABLES, $LANG03; $display = ''; $type = COM_applyFilter($_POST['type']); $sid = COM_applyFilter($_POST['sid']); $pid = COM_applyFilter($_POST['pid'], true); $postmode = COM_applyFilter($_POST['postmode']); $title = strip_tags(COM_stripslashes($_POST['title'])); if ($type == 'article') { $commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND') . COM_getTopicSQL('AND')); if (!isset($commentcode) || $commentcode != 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $ret = CMT_saveComment($title, $_POST['comment'], $sid, $pid, 'article', $postmode); if ($ret == -1) { $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); $url .= (strpos($url, '?') ? '&' : '?') . 'msg=15'; $display = COM_refresh($url); } elseif ($ret > 0) { // failure // FIXME: some failures should not return to comment form $display .= COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $LANG03[14], $postmode) . COM_siteFooter(); } else { // success $comments = DB_count($_TABLES['comments'], 'sid', $sid); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); COM_olderStuff(); // update comment count in Older Stories block $display = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$sid}")); } } else { // assume plugin if (!($display = PLG_commentSave($type, $title, $_POST['comment'], $sid, $pid, $postmode))) { $display = COM_refresh($_CONF['site_url'] . '/index.php'); } } return $display; }
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect * */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); return COM_refresh($_CONF['site_admin_url'] . '/topic.php'); } // don't delete topic blocks - assign them to 'all' and disable them DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // delete comments, trackbacks, images associated with stories in this topic $result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); } // delete these DB_delete($_TABLES['stories'], 'tid', $tid); DB_delete($_TABLES['storysubmission'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article'); COM_olderStuff(); return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; $retval = ''; $title = addslashes(COM_stripslashes(strip_tags($title))); $phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn))); if (empty($title)) { $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid) . COM_siteFooter(); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } elseif (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { if ($name != 'older_stories') { $content = ''; } $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid) . COM_siteFooter(); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; if ($allow_autotags == 1) { // Remove any autotags the user doesn't have permission to use $content = PLG_replaceTags($content, '', true); } $content = addslashes($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = addslashes($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL"); } else { $sql = array(); $sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; $sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; DB_query($sql); $bid = DB_insertId(); } if ($type == 'gldefault' && $name == 'older_stories') { COM_olderStuff(); } return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { $retval .= COM_siteHeader('menu', $LANG21[32]); if (empty($name)) { // empty block name $msgtxt = $LANG21[50]; } elseif ($type == 'portal') { // Portal block is missing fields $msgtxt = $LANG21[33]; } elseif ($type == 'phpblock') { // PHP Block is missing field $msgtxt = $LANG21[34]; } elseif ($type == 'normal') { // Normal block is missing field $msgtxt = $LANG21[35]; } elseif ($type == 'gldefault') { // Default geeklog field missing $msgtxt = $LANG21[42]; } else { // Layout block missing content $msgtxt = $LANG21[36]; } $retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid) . COM_siteFooter(); } return $retval; }
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } /* Store the first CATEGORY as the Topic ID */ if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } /* Apply filters to the parameters passed by the webservice */ if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } /* - START: Set all the defaults - */ if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { /* Permissions */ if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } /* - END: Set all the defaults - */ // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH); } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { /* First load the original story to check if it has been modified */ $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } /* This function is also doing the security checks */ $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_siteHeader('menu', $LANG24[5]); $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output .= COM_siteFooter(); return PLG_RET_ERROR; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_NO_ACCESS_PARAMS: $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_siteHeader('menu'); $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output .= COM_siteFooter(); return PLG_RET_ERROR; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->insertImages(); if (count($errors) > 0) { $output = COM_siteHeader('menu', $LANG24[54]); $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . '<p>'; for ($i = 1; $i <= count($errors); $i++) { $output .= current($errors) . '<br' . XHTML . '>'; next($errors); } $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output .= COM_siteFooter(); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_olderStuff(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Saves a story submission. * * @return integer result code explaining behaviour. */ function saveSubmission() { global $_USER, $_CONF, $_TABLES; $this->_sid = COM_makeSid(); if (COM_isAnonUser()) { $this->_uid = 1; } else { $this->_uid = $_USER['uid']; } $tmptid = addslashes(COM_sanitizeID($this->_tid)); $result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND')); if (DB_numRows($result) == 0) { // user doesn't have access to this topic - bail return STORY_NO_ACCESS_TOPIC; } $T = DB_fetchArray($result); if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) { $this->_sid = addslashes($this->_sid); $this->_tid = $tmptid; $this->_title = addslashes($this->_title); $this->_introtext = addslashes($this->_introtext); $this->_bodytext = addslashes($this->_bodytext); $this->_postmode = addslashes($this->_postmode); DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'"); return STORY_SAVED_SUBMISSION; } else { // post this story directly. First establish the necessary missing data. $this->_sanitizeData(); if (!isset($_CONF['show_topic_icon'])) { $_CONF['show_topic_icon'] = 1; } if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { $this->_frontpage = 0; } elseif (isset($_CONF['frontpage'])) { $this->_frontpage = $_CONF['frontpage']; } else { $this->_frontpage = 1; } $this->_oldsid = $this->_sid; $this->_date = mktime(); $this->_featured = 0; $this->_commentcode = $_CONF['comment_code']; $this->_trackbackcode = $_CONF['trackback_code']; $this->_statuscode = 0; $this->_show_topic_icon = $_CONF['show_topic_icon']; if (COM_isAnonUser()) { $this->_owner_id = 1; } else { $this->_owner_id = $_USER['uid']; } $this->_group_id = $T['group_id']; $this->_perm_owner = $T['perm_owner']; $this->_perm_group = $T['perm_group']; $this->_perm_members = $T['perm_members']; $this->_perm_anon = $T['perm_anon']; $this->saveToDatabase(); PLG_itemSaved($this->_sid, 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); return STORY_SAVED; } }
for ($i = 0; $i < $num_userphoto_images; $i++) { $userphoto_image = DB_fetchArray($result); if (!file_exists($html_path . 'images/userphotos/' . $userphoto_image['photo'])) { // If userphoto image does not exist // Log the error COM_errorLog($LANG_MIGRATE[26] . $LANG_MIGRATE[29] . $userphoto_image['photo'] . $LANG_MIGRATE[30] . $_TABLES['users'] . $LANG_MIGRATE[31] . $html_path . 'images/userphotos/'); $missing_userphoto_images = true; $missing_images = true; } } // did the site URL change? if (!empty($_OLD_CONF['site_url']) & !empty($_CONF['site_url']) && $_OLD_CONF['site_url'] != $_CONF['site_url']) { INST_updateSiteUrl($_OLD_CONF['site_url'], $_CONF['site_url']); } else { // refresh "Older Stories" block COM_olderStuff(); } /** * Import complete. * */ // Check if there are any missing files or plugins if ($missing_images || $missing_plugins > 0 || $disabled_plugins > 0) { $display .= '<h2>' . $LANG_MIGRATE[37] . '</h2>' . LB . '<p>' . $LANG_MIGRATE[38] . '</p>' . LB; // Plugins if ($missing_plugins > 0) { $display .= INST_getAlertMsg($LANG_MIGRATE[32] . ' <code>' . $_CONF['path'] . 'plugins/</code> ' . $LANG_MIGRATE[33], 'notice'); } if ($disabled_plugins > 0) { $display .= INST_getAlertMsg($LANG_MIGRATE[48]); }
/** * Moderates an item * * This will actually perform moderation (approve or delete) one or more items * * @param array $mid Array of items * @param array $action Array of actions to perform on items * @param string $type Type of items ('story', etc.) * @param int $count Number of items to moderate * @return string HTML for "command and control" page * */ function moderation($mid, $action, $type, $count) { global $_CONF, $_TABLES; $retval = ''; switch ($type) { case 'story': $id = 'sid'; $table = $_TABLES['stories']; $submissiontable = $_TABLES['storysubmission']; $fields = 'sid,uid,tid,title,introtext,date,postmode'; break; case 'comment': $id = 'cid'; $submissiontable = $_TABLES['commentsubmissions']; $sidArray[] = ''; break; default: if (strlen($type) <= 0) { // something is terribly wrong, bail $retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php"); return $retval; } list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type); } // Set true if an valid action other than delete_all is selected $formaction = false; for ($i = 0; $i < $count; $i++) { if (isset($action[$i]) and $action[$i] != '') { $formaction = true; } else { continue; } switch ($action[$i]) { case 'delete': if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $mid[$i]); } if (empty($mid[$i])) { $retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id. Please report this immediately to your site administrator"); return $retval; } if ($type == 'draft') { STORY_deleteStory($mid[$i]); } else { DB_delete($submissiontable, "{$id}", $mid[$i]); } break; case 'approve': if ($type == 'story') { $result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'"); $A = DB_fetchArray($result); $A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = addslashes($A['title']); $A['introtext'] = addslashes($A['introtext']); $A['bodytext'] = addslashes($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'draft') { DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'comment') { $sid = CMT_approveModeration($mid[$i]); if (!in_array($sid, $sidArray)) { $sidArray[$i] = $sid; } } else { // This is called in case this is a plugin. There may be some // plugin specific processing that needs to happen. DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]); $retval .= PLG_approveSubmission($type, $mid[$i]); } } } break; } } // after loop update comment tree and count for each story if (isset($sidArray)) { foreach ($sidArray as $sid) { CMT_rebuildTree($sid); //update comment count of stories; $comments = DB_count($_TABLES['comments'], 'sid', $sid); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); } } //Add new comment users to group comment.submit group if (isset($_POST['publishfuture'])) { for ($i = 0; $i < count($_POST['publishfuture']); $i++) { $uid = COM_applyFilter($_POST['publishfuture'][$i], true); if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) { SEC_addUserToGroup($uid, 'Comment Submitters'); } } } // Check if there was no direct action used on the form // and if the delete_all submit action was used if (!$formaction and isset($_POST['delitem'])) { foreach ($_POST['delitem'] as $delitem) { $delitem = COM_applyFilter($delitem); if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $delitem); } if ($type == 'draft') { STORY_deleteStory($delitem); } else { DB_delete($submissiontable, "{$id}", $delitem); } } } $retval .= commandcontrol(SEC_createToken()); return $retval; }
/** * article: saves a comment * * @param string $title comment title * @param string $comment comment text * @param string $id Item id to which $cid belongs * @param int $pid comment parent * @param string $postmode 'html' or 'text' * @return mixed false for failure, HTML string (redirect?) for success */ function plugin_savecomment_article($title, $comment, $id, $pid, $postmode) { global $_CONF, $_TABLES, $LANG03, $_USER; $retval = ''; $commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND')); if (!isset($commentcode) || $commentcode != 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode); if ($ret > 0) { // failure $msg = ''; if (SESS_isSet('glfusion.commentpresave.error')) { $msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error'); SESS_unSet('glfusion.commentpresave.error'); } else { if (empty($title) || empty($comment)) { $msg = COM_showMessageText($LANG03[12], '', 1, 'error'); } } $retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode); } else { // success $comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id)); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id); COM_olderStuff(); // update comment count in Older Stories block $retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments")); } return $retval; }
/** * Delete an existing story * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_delete_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER; if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } if ($args['gl_svc']) { $args['sid'] = COM_applyBasicFilter($args['sid']); } $sid = $args['sid']; $result = DB_query("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); $access = min($access, SEC_hasTopicAccess($A['tid'])); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}."); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php'); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } STORY_deleteImages($sid); DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article'"); DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid)); // delete Trackbacks DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article';"); PLG_itemDeleted($sid, 'article'); // update RSS feed and Older Stories block COM_rdfUpToDateCheck(); COM_olderStuff(); COM_setMessage(10); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php'); return PLG_RET_OK; }
/** * Saves a block * * @param string $bid Block ID * @param string $name Block name * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @param int $allow_autotags Flag, indicates if autotags are enabed or not * @return string HTML redirect or error message * */ function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; $retval = ''; $B['bid'] = (int) $bid; $B['name'] = $name; $B['title'] = $title; $B['type'] = $type; $B['blockorder'] = $blockorder; $B['content'] = $content; $B['tid'] = $tid; $B['rdfurl'] = $rdfurl; $B['rdfupdated'] = $rdfupdated; $B['rdflimit'] = $rdflimit; $B['phpblockfn'] = $phpblockfn; $B['onleft'] = $onleft; $B['owner_id'] = $owner_id; $B['group_id'] = $group_id; $B['perm_owner'] = $perm_owner; $B['perm_group'] = $perm_group; $B['perm_members'] = $perm_members; $B['perm_anon'] = $perm_anon; $B['is_enabled'] = $is_enabled; $B['allow_autotags'] = $allow_autotags; $bid = (int) $bid; $MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small"; $filter = sanitizer::getInstance(); $allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML); $filter->setAllowedElements($allowedElements); $filter->setPostmode('html'); $title = $filter->filterHTML($title); $title = DB_escapeString($title); $phpblockfn = DB_escapeString(trim($phpblockfn)); if (empty($title) || !BLOCK_validateName($name)) { if (empty($title)) { $msg = $LANG21[64]; } else { $msg = $LANG21[70]; } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter(); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 1) { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } else { if (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { if ($name != 'older_stories') { $content = ''; } $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter(); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '1000-01-01 00:00:00'; } $name = DB_escapeString($name); if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL"); } else { $sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; DB_query($sql); $bid = DB_insertId(); } if ($type == 'gldefault' && $name == 'older_stories') { COM_olderStuff(); } CTL_clearCache(); COM_setMessage(11); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } else { SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $retval .= COM_siteHeader('menu', $LANG21[32]); if ($type == 'portal') { // Portal block is missing fields $msg = $LANG21[33]; } else { if ($type == 'phpblock') { // PHP Block is missing field $msg = $LANG21[34]; } else { if ($type == 'normal') { // Normal block is missing field $msg = $LANG21[35]; } else { if ($type == 'gldefault') { // Default glFusion field missing $msg = $LANG21[42]; } else { // Layout block missing content $msg = $LANG21[36]; } } } } $retval .= COM_showMessageText($msg, $LANG21[32], true); $retval .= BLOCK_edit($bid, $B); $retval .= COM_siteFooter(); } return $retval; }
/** * Moderates a single item * * This will actually perform moderation (approve or delete) one or more items * * @param string $action Action to perform ('delete' or 'approve') * @param string $type Type of item ('user', 'draftstory', 'story', etc.) * @param string $id ID of item to approve or delete * @return string HTML for "command and control" page * */ function MODERATE_item($action = '', $type = '', $id = '') { global $_CONF, $_TABLES; $retval = ''; if (empty($action)) { // null action $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null action."); return $retval; } if (empty($type)) { // null item type $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate a null item type."); return $retval; } if (empty($id)) { // null item type $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null id."); return $retval; } list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type); switch ($action) { case 'delete': switch ($type) { case 'user': // user if ($id > 1) { USER_deleteAccount($id); } break; case 'story': // story (needs to move to a plugin) DB_delete($submissiontable, "{$key}", $id); break; case 'draftstory': // draft story STORY_deleteStory($id); break; default: // plugin $retval .= PLG_deleteSubmission($type, $id); DB_delete($submissiontable, "{$key}", $id); break; } break; case 'approve': switch ($type) { case 'story': // story (needs to move to a plugin) $result = DB_query("SELECT * FROM {$submissiontable} WHERE {$key} = '{$id}'"); $A = DB_fetchArray($result); $A['related'] = DB_escapeString(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = DB_escapeString($A['title']); $A['introtext'] = DB_escapeString($A['introtext']); $A['bodytext'] = DB_escapeString($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($table, 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($submissiontable, "{$key}", $id); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); break; case 'draftstory': // draft story DB_query("UPDATE {$table} SET draft_flag = 0 WHERE {$key} = '{$id}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); break; case 'user': // user $result = DB_query("SELECT {$fields} FROM {$table} WHERE {$key} = '{$id}'"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); if ($_CONF['registration_type'] == 1) { $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_VERIFICATION . " WHERE {$key} = '{$A['uid']}'"; } else { $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE {$key} = '{$A['uid']}'"; } DB_query($sql); USER_createAndSendPassword($A['username'], $A['email'], $A['uid']); } break; default: // plugin DB_copy($table, $fields, $fields, $submissiontable, $key, $id); $retval .= PLG_approveSubmission($type, $id); break; } break; } // switch ($action) return $retval; }