/**
* Shows the block editor
*
* This will show a block edit form. If this is a glFusion default block it will
* send it off to BLOCK_editDefault().
*
* @param string $bid ID of block to edit
* @param array $B An array of block fields (optional)
* @return string HTML for block editor
*
*/
function BLOCK_edit($bid = '', $B = array())
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG01, $LANG21, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE;
USES_lib_admin();
$retval = '';
$A = array();
if (!empty($bid)) {
$result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE bid ='" . DB_escapeString($bid) . "'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 2 || $access == 0 || BLOCK_hasTopicAccess($A['tid']) < 3) {
$retval .= COM_showMessageText($LANG21[45], $LANG_ACCESS['accessdenied'], true);
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block " . $bid);
return $retval;
}
if ($A['type'] == 'gldefault') {
$retval .= BLOCK_editDefault($A, $access);
return $retval;
}
} else {
$A['bid'] = isset($B['bid']) ? $B['bid'] : 0;
$A['is_enabled'] = isset($B['is_enabled']) ? $B['is_enabled'] : 1;
$A['name'] = isset($B['name']) ? $B['name'] : '';
$A['type'] = isset($B['type']) ? $B['type'] : 'normal';
$A['title'] = isset($B['title']) ? $B['title'] : '';
$A['tid'] = isset($B['tid']) ? $B['tid'] : 'All';
$A['blockorder'] = isset($B['blockorder']) ? $B['blockorder'] : 0;
$A['content'] = isset($B['content']) ? $B['content'] : '';
$A['allow_autotags'] = isset($B['allow_autotags']) && $B['allow_autotags'] == 1 ? 1 : 0;
$A['rdfurl'] = isset($B['rdfurl']) ? $B['rdfurl'] : '';
$A['rdfupdated'] = isset($B['rdfupdated']) ? $B['rdfupdated'] : '';
$A['rdflimit'] = isset($B['rdflimit']) ? $B['rdflimit'] : 0;
$A['onleft'] = isset($B['onleft']) ? $B['onleft'] : 0;
$A['phpblockfn'] = isset($B['phpblockfn']) ? $B['phpblockfn'] : '';
$A['help'] = isset($B['help']) ? $B['help'] : '';
$A['owner_id'] = isset($B['owner_id']) ? $B['owner_id'] : $_USER['uid'];
if (isset($B['group_id'])) {
$A['group_id'] = $B['group_id'];
} else {
if (isset($_GROUPS['Block Admin'])) {
$A['group_id'] = $_GROUPS['Block Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('block.edit');
}
}
if (isset($B['perm_owner'])) {
$A['perm_owner'] = SEC_getPermissionValue($B['perm_owner']);
$A['perm_group'] = SEC_getPermissionValue($B['perm_group']);
$A['perm_members'] = SEC_getPermissionValue($B['perm_members']);
$A['perm_anon'] = SEC_getPermissionValue($B['perm_anon']);
} else {
SEC_setDefaultPermissions($A, $_CONF['default_permissions_block']);
}
$access = 3;
}
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/block.php', 'text' => $LANG_ADMIN['block_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$block_templates = new Template($_CONF['path_layout'] . 'admin/block');
$block_templates->set_file('editor', 'blockeditor.thtml');
$block_templates->set_var('start_block_editor', COM_startBlock($LANG21[3], '', COM_getBlockTemplate('_admin_block', 'header')));
if (!empty($bid) && SEC_hasrights('block.delete')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s >';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$block_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$block_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$block_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$block_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
}
$block_templates->set_var('block_bid', $A['bid']);
// standard Admin strings
$block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']);
$block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']);
$block_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
$block_templates->set_var('lang_save', $LANG_ADMIN['save']);
$block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']);
$block_templates->set_var('lang_allowed_html', $LANG01[123]);
$block_templates->set_var('block_title', htmlspecialchars($A['title'], ENT_QUOTES, COM_getEncodingt()));
$block_templates->set_var('lang_enabled', $LANG21[53]);
if ($A['is_enabled'] == 1) {
$block_templates->set_var('is_enabled', 'checked="checked"');
} else {
$block_templates->set_var('is_enabled', '');
}
$block_templates->set_var('block_help', $A['help']);
$block_templates->set_var('lang_includehttp', $LANG21[51]);
$block_templates->set_var('lang_explanation', $LANG21[52]);
$block_templates->set_var('block_name', $A['name']);
$block_templates->set_var('lang_blockname', $LANG21[48]);
$block_templates->set_var('lang_nospaces', $LANG21[49]);
$block_templates->set_var('lang_all', $LANG21[7]);
$block_templates->set_var('lang_homeonly', $LANG21[43]);
$block_templates->set_var('lang_nohomepage', $LANG21[44]);
if ($A['tid'] == 'all') {
$block_templates->set_var('all_selected', 'selected="selected"');
} else {
if ($A['tid'] == 'homeonly') {
$block_templates->set_var('homeonly_selected', 'selected="selected"');
} else {
if ($A['tid'] == 'allnhp') {
$block_templates->set_var('nohomepage_selected', 'selected="selected"');
}
}
}
$block_templates->set_var('topic_options', COM_topicList('tid,topic', $A['tid'], 1, true));
$block_templates->set_var('lang_side', $LANG21[39]);
$block_templates->set_var('lang_left', $LANG21[40]);
$block_templates->set_var('lang_right', $LANG21[41]);
if ($A['onleft'] == 1) {
$block_templates->set_var('left_selected', 'selected="selected"');
} else {
if ($A['onleft'] == 0) {
$block_templates->set_var('right_selected', 'selected="selected"');
}
}
$block_templates->set_var('lang_blockorder', $LANG21[9]);
$block_templates->set_var('block_order', $A['blockorder']);
$block_templates->set_var('lang_normalblock', $LANG21[12]);
$block_templates->set_var('lang_phpblock', $LANG21[27]);
$block_templates->set_var('lang_portalblock', $LANG21[11]);
if ($A['type'] == 'normal') {
$block_templates->set_var('normal_selected', 'selected="selected"');
} else {
if ($A['type'] == 'phpblock') {
$block_templates->set_var('php_selected', 'selected="selected"');
} else {
if ($A['type'] == 'portal') {
$block_templates->set_var('portal_selected', 'selected="selected"');
}
}
}
$block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$block_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$block_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = '{$A['owner_id']}'"));
$block_templates->set_var('owner_name', $ownername);
$block_templates->set_var('owner', $ownername);
$block_templates->set_var('owner_id', $A['owner_id']);
$block_templates->set_var('lang_group', $LANG_ACCESS['group']);
$block_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$block_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$block_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$block_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$block_templates->set_var('lang_phpblockoptions', $LANG21[28]);
$block_templates->set_var('lang_blockfunction', $LANG21[29]);
$block_templates->set_var('block_phpblockfn', $A['phpblockfn']);
$block_templates->set_var('lang_phpblockwarning', $LANG21[30]);
$block_templates->set_var('lang_portalblockoptions', $LANG21[13]);
$block_templates->set_var('lang_rdfurl', $LANG21[14]);
$block_templates->set_var('max_url_length', 255);
$block_templates->set_var('block_rdfurl', $A['rdfurl']);
$block_templates->set_var('lang_rdflimit', $LANG21[62]);
$block_templates->set_var('block_rdflimit', $A['rdflimit']);
$block_templates->set_var('lang_lastrdfupdate', $LANG21[15]);
if ($A['rdfupdated'] == '1000-01-01 00:00:00') {
$block_templates->set_var('block_rdfupdated', '');
} else {
$block_templates->set_var('block_rdfupdated', $A['rdfupdated']);
}
$block_templates->set_var('lang_normalblockoptions', $LANG21[16]);
$block_templates->set_var('lang_blockcontent', $LANG21[17]);
$block_templates->set_var('lang_autotags', $LANG21[66]);
$block_templates->set_var('lang_use_autotags', $LANG21[67]);
$block_templates->set_var('block_content', htmlspecialchars($A['content'], ENT_QUOTES, COM_getEncodingt()));
$block_templates->set_var('block_text', htmlspecialchars($A['content'], ENT_QUOTES, COM_getEncodingt()));
$block_templates->set_var('block_html', htmlspecialchars($A['content'], ENT_QUOTES, COM_getEncodingt()));
if ($A['allow_autotags'] == 1) {
$block_templates->set_var('allow_autotags', 'checked="checked"');
} else {
$block_templates->set_var('allow_autotags', '');
}
$block_templates->set_var('gltoken_name', CSRF_TOKEN);
$block_templates->set_var('gltoken', SEC_createToken());
$block_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG21[71], $_CONF['layout_url'] . '/images/icons/block.' . $_IMAGE_TYPE));
$block_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
PLG_templateSetVars('blockeditor', $block_templates);
$block_templates->parse('output', 'editor');
$retval .= $block_templates->finish($block_templates->get_var('output'));
return $retval;
}
/**
* Provide a form to edit a new or existing ad.
* @param array $A Array of ad data for edit form
* @param string $mode Edit mode
* @param boolean $admin True for administrator edit, false for normal
* @return string HTML for ad edit form
*/
function adEdit($A, $mode = 'edit', $admin = false)
{
global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT, $LANG_ADMIN, $_USER, $LANG_ACCESS, $_GROUPS, $LANG12, $LANG24, $MESSAGE, $LANG_postmodes;
USES_classifieds_class_adtype();
// Determine if this user is an admin. Deprecates the $admin parameter.
$admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin') ? 1 : 0;
// only valid users allowed
if (COM_isAnonUser() || $_CONF_ADVT['usercanedit'] == 0 && !$admin) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']);
}
// We know that we need to have categories, so make sure some exist
// before even trying to display the form. The category dropdown is
// created later since it needs the existing cat_id, if any.
if (DB_count($_TABLES['ad_category']) < 1) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_categories'], 'info');
}
$time = time();
// used to compare now with expiration date
if ($admin) {
$T = new Template(CLASSIFIEDS_PI_PATH . '/templates/admin');
$T->set_file('adedit', "adminedit.thtml");
$action_url = CLASSIFIEDS_ADMIN_URL . '/index.php';
} else {
$T = new Template(CLASSIFIEDS_PI_PATH . '/templates');
$T->set_file('adedit', "submitform.thtml");
$action_url = CLASSIFIEDS_URL . '/index.php';
}
// Set up the wysiwyg editor, if available
switch (PLG_getEditorType()) {
case 'ckeditor':
$T->set_var('show_htmleditor', true);
PLG_requestEditor('classifieds', 'classifieds_entry', 'ckeditor_classifieds.thtml');
PLG_templateSetVars('classifieds_entry', $T);
break;
case 'tinymce':
$T->set_var('show_htmleditor', true);
PLG_requestEditor('classifieds', 'classifieds_entry', 'tinymce_classifieds.thtml');
PLG_templateSetVars('classifieds_entry', $T);
break;
default:
// don't support others right now
$T->set_var('show_htmleditor', false);
break;
}
switch ($mode) {
case 'editsubmission':
case 'moderate':
$savemode = 'savesubmission';
$delete_img = 'delsubimg';
$delete_ad = 'deletesubmission';
$type = 'moderate';
$saveoption = $LANG_ADMIN['moderate'];
$cancel_url = $_CONF['site_admin_url'] . '/moderation.php';
break;
case 'edit':
$savemode = 'savesubmission';
$delete_img = 'delsubimg';
$delete_ad = 'deletesubmission';
$saveoption = $LANG_ADMIN['save'];
$type = 'submission';
$cancel_url = $action_url;
break;
case 'update_ad':
default:
$savemode = 'update_ad';
$delete_img = 'delete_img';
$delete_ad = 'delete_ad';
$saveoption = $LANG_ADMIN['save'];
$type = '';
$cancel_url = $action_url;
break;
}
// Admins (only) use this form for submissions as well as edits,
// so we need to expect an empty array.
if (empty($A['ad_id'])) {
if (!$admin) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']);
}
$A['ad_id'] = COM_makeSid();
$A['subject'] = '';
$A['descript'] = '';
$A['price'] = '';
$A['url'] = '';
$A['exp_date'] = '';
$A['add_date'] = time();
$A['ad_type'] = 0;
$A['perm_owner'] = $_CONF_ADVT['default_permissions'][0];
$A['perm_group'] = $_CONF_ADVT['default_permissions'][1];
$A['perm_members'] = $_CONF_ADVT['default_permissions'][2];
$A['perm_anon'] = $_CONF_ADVT['default_permissions'][3];
$A['uid'] = $_USER['uid'];
if (isset($_REQUEST['cat'])) {
$A['cat_id'] = intval($_REQUEST['cat']);
} else {
$A['cat_id'] = 0;
}
$catsql = "SELECT cat_id,perm_anon,keywords\n FROM {$_TABLES['ad_category']} ";
if ($A['cat_id'] > 0) {
$catsql .= "WHERE cat_id = {$A['cat_id']} ";
} else {
$catsql .= "ORDER BY cat_name ASC ";
}
$catsql .= "LIMIT 1";
$r = DB_query($catsql, 1);
if ($r && DB_numRows($r) > 0) {
$row = DB_fetchArray($r, false);
$A['cat_id'] = $row['cat_id'];
$A['keywords'] = trim($row['keywords']);
} else {
$A['cat_id'] = 0;
$A['keywords'] = '';
}
$A['owner_id'] = $_USER['uid'];
// Set ad owner to current user for new ads
$A['group_id'] = isset($_GROUPS['classifieds Admin']) ? $_GROUPS['classifieds Admin'] : SEC_getFeatureGroup('classifieds.edit');
$A['exp_sent'] = 0;
// set expiration & duration info for a new ad
$T->set_var('expiration_date', $LANG_ADVT['runfor']);
// "run for: X days"
$comments_enabled = $_CONF_ADVT['commentsupport'] == 1 ? 0 : 1;
$T->set_var("sel_{$comments_enabled}", 'selected');
if ($_CONF_ADVT['purchase_enabled']) {
USES_classifieds_class_userinfo();
$User = new adUserInfo();
$T->set_var('days', min($_CONF_ADVT['default_duration'], $User->getMaxDays()));
} else {
$T->set_var('days', $_CONF_ADVT['default_duration']);
}
$photocount = 0;
// No photos yet with a new ad
} else {
// This is an existing ad with values already in $A
$T->set_var('expiration_date', $LANG_ADVT['expiration']);
$T->set_var('days', '0');
// Disable the perm_anon checkbox if it's disabled by the category.
if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') {
$T->set_var('vis_disabled', 'disabled');
}
// get the photo information
$sql = "SELECT photo_id, filename \n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$A['ad_id']}'";
$photo = DB_query($sql, 1);
// save the count of photos for later use
if ($photo) {
$photocount = DB_numRows($photo);
} else {
$photocount = 0;
}
$comments_enabled = (int) $A['comments_enabled'];
$T->set_var("sel_{$comments_enabled}", 'selected');
}
// Get the max image size in MB and set the message
$img_max = $_CONF['max_image_size'] / 1048576;
// Show in MB
// Sanitize entries from the database
$A['subject'] = htmlspecialchars($A['subject']);
$A['descript'] = htmlspecialchars($A['descript']);
$A['keywords'] = htmlspecialchars($A['keywords']);
$A['price'] = htmlspecialchars($A['price']);
$A['url'] = htmlspecialchars($A['url']);
$A['ad_type'] = (int) $A['ad_type'];
// set expiration & duration based on existing info
if ($A['exp_date'] == '') {
$T->set_var('row_exp_date', '');
} else {
if ($A['exp_date'] < $time) {
$T->set_var('already_expired', $LANG_ADVT['already_expired']);
} else {
$T->set_var('row_exp_date', date("d M Y", $A['exp_date']));
}
}
$T->set_var(array('post_options' => $post_options, 'change_editormode' => 'onchange="change_editmode(this);"', 'glfusionStyleBasePath' => $_CONF['site_url'] . '/fckeditor', 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken(), 'has_delbtn' => 'true', 'txt_photo' => "{$LANG_ADVT['photo']}<br />" . sprintf($LANG_ADVT['image_max'], $img_max), 'type' => $type, 'action_url' => $action_url, 'max_file_size' => $_CONF['max_image_size'], 'row_cat_id' => $A['cat_id'], 'row_ad_id' => $A['ad_id'], 'row_subject' => $A['subject'], 'row_descript' => $A['descript'], 'row_price' => $A['price'], 'row_url' => $A['url'], 'keywords' => $A['keywords'], 'exp_date' => $A['exp_date'], 'add_date' => $A['add_date'], 'ad_type_selection' => AdType::makeSelection($A['ad_type']), 'sel_list_catid' => CLASSIFIEDS_buildCatSelection($A['cat_id']), 'saveoption' => $saveoption, 'cancel_url' => $cancel_url));
// set expiration & duration based on existing info
if ($A['exp_date'] == '') {
$T->set_var('row_exp_date', '');
} else {
if ($A['exp_date'] < $time) {
$T->set_var('already_expired', $LANG_ADVT['already_expired']);
} else {
$T->set_var('row_exp_date', date("d M Y", $A['exp_date']));
}
}
// Set up permission editor on the admin template if needed.
// Otherwise, set hidden values with existing permissions
if ($admin) {
// Set up owner selection
$T->set_var(array('ownerselect' => CLASSIFIEDS_userDropdown($A['owner_id']), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], 3)));
} else {
$ownername = COM_getDisplayName($A['owner_id']);
$T->set_var(array('owner_id' => $A['owner_id'], 'ownername' => $ownername, 'perm_owner' => $A['perm_owner'], 'perm_group' => $A['perm_group'], 'perm_members' => $A['perm_members'], 'perm_anon' => $A['perm_anon'], 'group_id' => $A['group_id']));
if ($A['perm_anon'] == 2) {
$T->set_var('perm_anon_chk', 'checked');
}
}
// Set up the photo fields. Use $photocount defined above.
// If there are photos, read the $photo result. Otherwise,
// or if this is a new ad, just clear the photo area
$T->set_block('adedit', 'PhotoRow', 'PRow');
$i = 0;
if ($photocount > 0) {
while ($prow = DB_fetchArray($photo, false)) {
$i++;
$T->set_var(array('img_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['img_max_width'], $_CONF_ADVT['img_max_height']), 'thumb_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['thumb_max_size'], $_CONF_ADVT['thumb_max_size']), 'seq_no' => $i, 'ad_id' => $A['ad_id'], 'del_img_url' => $action_url . "?mode={$delete_img}&mid={$prow['photo_id']}" . "&id={$A['ad_id']}"));
$T->parse('PRow', 'PhotoRow', true);
}
} else {
$T->parse('PRow', '');
}
// add upload fields for unused images
$T->set_block('adedit', 'UploadFld', 'UFLD');
for ($j = $i; $j < $_CONF_ADVT['imagecount']; $j++) {
$T->parse('UFLD', 'UploadFld', true);
}
$T->parse('output', 'adedit');
return $T->finish($T->get_var('output'));
}
function _initVars()
{
global $_USER, $_GROUPS, $_DLM_CONF, $mytree;
$this->_cid = $this->_createID();
$this->_old_cid = '';
$this->_pid = $mytree->getRootid();
$this->_is_enabled = 1;
$this->_title = '';
$this->_imgurl = '';
$this->_corder = 0;
$this->_owner_id = $_USER['uid'];
if (isset($_GROUPS['Downloads Admin'])) {
$this->_group_id = $_GROUPS['Downloads Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('downloads.edit');
}
SEC_setDefaultPermissions($A, $_DLM_CONF['default_permissions']);
foreach ($A as $key => $val) {
$this->{'_' . $key} = $val;
}
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
if (defined('DEMO_MODE')) {
$output = COM_siteHeader('menu');
$output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
$output .= COM_siteFooter();
return PLG_REG_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_uid'])) {
$args['sp_uid'] = $_USER['uid'];
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if ($args['sp_status'] != 1) {
$args['sp_status'] = 0;
}
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['sp_search'] != 1) {
$args['sp_search'] = 0;
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} else {
if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_status = $args['sp_status'];
$sp_uid = $args['sp_uid'];
$sp_title = $args['sp_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
$sp_search = $args['sp_search'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
/**
* Displays the static page form
*
* @param array $A Data to display
* @param string $error Error message to display
*
*/
function PAGE_form($A, $error = false)
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $action, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG24, $LANG_postmodes, $MESSAGE;
USES_lib_admin();
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php', 'text' => $LANG_STATIC['page_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$template_path = staticpages_templatePath('admin');
if (!empty($sp_id) && ($action == 'edit' || $action == 'clone')) {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['staticpages Admin'])) {
$A['group_id'] = $_GROUPS['staticpages Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
}
SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
$access = 3;
}
$retval = '';
if (empty($A['owner_id'])) {
$error = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$error .= $LANG_STATIC['deny_msg'];
$error .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
if ($error) {
$retval .= $error . '<br/><br/>';
} else {
$sp_template = new Template($template_path);
$sp_template->set_file('form', 'editor.thtml');
$sp_template->set_var('lang_mode', $LANG24[3]);
$sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
$ownername = COM_getDisplayName($A['owner_id']);
$sp_template->set_var(array('sp_search_checked' => $A['sp_search'] == 1 ? ' checked="checked"' : '', 'sp_status_checked' => $A['sp_status'] == 1 ? ' checked="checked"' : '', 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"), 'owner_name' => $ownername, 'owner' => $ownername, 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], $access), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'start_block_editor' => COM_startBlock($LANG_STATIC['staticpages'] . ' :: ' . $LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header')), 'lang_save' => $LANG_ADMIN['save'], 'lang_cancel' => $LANG_ADMIN['cancel'], 'lang_preview' => $LANG_ADMIN['preview'], 'lang_editor' => $LANG_STATIC['staticpageeditor'], 'lang_attributes' => $LANG_STATIC['attributes']));
if (SEC_hasRights('staticpages.delete') && $action != 'clone' && !empty($A['sp_old_id'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$sp_template->set_var('delete_button', true);
$sp_template->set_var('lang_delete_confirm', $MESSAGE[76]);
$sp_template->set_var('lang_delete', $LANG_ADMIN['delete']);
$sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$sp_template->set_var('delete_option', '');
}
$sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
$sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['sp_uid']}"));
$authorname = COM_getDisplayName($A['sp_uid']);
$sp_template->set_var('name', $authorname);
$sp_template->set_var('author', $authorname);
$sp_template->set_var('lang_url', $LANG_STATIC['url']);
$sp_template->set_var('lang_id', $LANG_STATIC['id']);
$sp_template->set_var('sp_uid', $A['sp_uid']);
$sp_template->set_var('sp_id', $A['sp_id']);
$sp_template->set_var('sp_old_id', $A['sp_old_id']);
$sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']));
$sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
$sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
$sp_template->set_var('lang_centerblock_include', $LANG21[51]);
$sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
$sp_template->set_var('centerblock_help', $A['sp_help']);
$sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
$sp_template->set_var('centerblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('centerblock_checked', '');
}
$sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
$sp_template->set_var('lang_position', $LANG_STATIC['position']);
$current_topic = '';
if (isset($A['sp_tid'])) {
$current_topic = $A['sp_tid'];
}
if (empty($current_topic)) {
$current_topic = 'none';
}
$topics = COM_topicList('tid,topic', $current_topic, 1, true);
$alltopics = '<option value="all"';
if ($current_topic == 'all') {
$alltopics .= ' selected="selected"';
}
$alltopics .= '>' . $LANG_STATIC['all_topics'] . '</option>' . LB;
$allnhp = '<option value="allnhp"';
if ($current_topic == 'allnhp') {
$allnhp .= ' selected="selected"';
}
$allnhp .= '>' . $LANG_STATIC['allnhp_topics'] . '</option>' . LB;
$notopic = '<option value="none"';
if ($current_topic == 'none') {
$notopic .= ' selected="selected"';
}
$notopic .= '>' . $LANG_STATIC['no_topic'] . '</option>' . LB;
$sp_template->set_var('topic_selection', '<select name="sp_tid">' . $alltopics . $allnhp . $notopic . $topics . '</select>');
$position = '<select name="sp_where">';
$position .= '<option value="1"';
if ($A['sp_where'] == 1) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_top'] . '</option>';
$position .= '<option value="2"';
if ($A['sp_where'] == 2) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
$position .= '<option value="3"';
if ($A['sp_where'] == 3) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
$position .= '<option value="0"';
if ($A['sp_where'] == 0) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
$position .= '<option value="4"';
if ($A['sp_where'] == 4) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_nonews'] . '</option>';
$position .= '</select>';
$sp_template->set_var('pos_selection', $position);
if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
if (!isset($A['sp_php'])) {
$A['sp_php'] = 0;
}
$selection = '<select name="sp_php">' . LB;
$selection .= '<option value="0"';
if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
$selection .= '<option value="1"';
if ($A['sp_php'] == 1) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
$selection .= '<option value="2"';
if ($A['sp_php'] == 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
$selection .= '</select>';
$sp_template->set_var('php_selector', $selection);
$sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
} else {
$sp_template->set_var('php_selector', '');
$sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
}
$sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
// old variables (for the 1.3-type checkbox)
$sp_template->set_var('php_checked', '');
$sp_template->set_var('php_type', 'hidden');
if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
$sp_template->set_var('exit_checked', 'checked="checked"');
} else {
$sp_template->set_var('exit_checked', '');
}
$sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
$sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
if (isset($A['sp_inblock']) && $A['sp_inblock'] == 1) {
$sp_template->set_var('inblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('inblock_checked', '');
}
$sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
$sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
$curtime = COM_getUserDateTimeFormat($A['unixdate']);
$sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
$sp_template->set_var('sp_formateddate', $curtime[0]);
$sp_template->set_var('sp_date', $curtime[1]);
$sp_template->set_var('lang_title', $LANG_STATIC['title']);
$title = '';
if (isset($A['sp_title'])) {
$title = htmlspecialchars($A['sp_title']);
}
$sp_template->set_var('sp_title', $title);
$sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
$sp_template->set_var('onmenu_checked', 'checked="checked"');
} else {
$sp_template->set_var('onmenu_checked', '');
}
$sp_template->set_var('lang_label', $LANG_STATIC['label']);
if (isset($A['sp_label'])) {
$sp_template->set_var('sp_label', $A['sp_label']);
} else {
$sp_template->set_var('sp_label', '');
}
$sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
$sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
$sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
$sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
$sp_template->set_var('lang_rightblocks', $LANG_STATIC['rightblocks']);
$sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
if (!isset($A['sp_format'])) {
$A['sp_format'] = '';
}
if ($A['sp_format'] == 'noblocks') {
$sp_template->set_var('noblock_selected', 'selected="selected"');
} else {
$sp_template->set_var('noblock_selected', '');
}
if ($A['sp_format'] == 'leftblocks') {
$sp_template->set_var('leftblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('leftblocks_selected', '');
}
if ($A['sp_format'] == 'rightblocks') {
$sp_template->set_var('rightblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('rightblocks_selected', '');
}
if ($A['sp_format'] == 'blankpage') {
$sp_template->set_var('blankpage_selected', 'selected="selected"');
} else {
$sp_template->set_var('blankpage_selected', '');
}
if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
$sp_template->set_var('allblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('allblocks_selected', '');
}
$sp_template->set_var('lang_content', $LANG_STATIC['content']);
$content = '';
if (isset($A['sp_content'])) {
$content = htmlspecialchars($A['sp_content']);
}
$sp_template->set_var('sp_content', $content);
if ($_SP_CONF['filter_html'] == 1) {
$sp_template->set_var('lang_allowedhtml', COM_allowedHTML(SEC_getUserPermissions(), false, 'staticpages', 'page'));
} else {
$sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']);
}
$sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
if (empty($A['sp_hits'])) {
$sp_template->set_var('sp_hits', '0');
$sp_template->set_var('sp_hits_formatted', '0');
} else {
$sp_template->set_var('sp_hits', $A['sp_hits']);
$sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
}
$sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$sp_template->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id']));
$sp_template->set_var('writtenby_dropdown', COM_buildOwnerList('sp_uid', $A['sp_uid']));
$sp_template->set_var('gltoken_name', CSRF_TOKEN);
$sp_template->set_var('gltoken', SEC_createToken());
$sp_template->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions_edit'], plugin_geticon_staticpages()));
PLG_templateSetVars('sp_editor', $sp_template);
$retval .= $sp_template->parse('output', 'form');
}
return $retval;
}
/**
* Show topic administration form
*
* @param string tid ID of topic to edit
* @return string HTML for the topic editor
*
*/
function edittopic($tid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
$retval = '';
if (empty($tid)) {
// new topic - set defaults
$A = array();
$A['tid'] = '';
$A['topic'] = '';
$A['sortnum'] = 0;
$A['limitnews'] = '';
// leave empty!
$A['is_default'] = 0;
$A['archive_flag'] = 0;
} else {
$result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
$retval .= COM_startBlock($LANG27[12], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG27[13];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
return $retval;
}
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
if (!is_array($A) || empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
// this is the one instance where we default the group
// most topics should belong to the Topic Admin group
if (isset($_GROUPS['Topic Admin'])) {
$A['group_id'] = $_GROUPS['Topic Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('topic.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
$access = 3;
}
$topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
$topic_templates->set_file('editor', 'topiceditor.thtml');
$topic_templates->set_var('xhtml', XHTML);
$topic_templates->set_var('site_url', $_CONF['site_url']);
$topic_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$topic_templates->set_var('layout_url', $_CONF['layout_url']);
if (!empty($tid) && SEC_hasRights('topic.edit')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$topic_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$topic_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$topic_templates->set_var('warning_msg', $LANG27[6]);
}
$topic_templates->set_var('lang_topicid', $LANG27[2]);
$topic_templates->set_var('topic_id', $A['tid']);
$topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
$topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$topic_templates->set_var('owner_name', $ownername);
$topic_templates->set_var('owner', $ownername);
$topic_templates->set_var('owner_id', $A['owner_id']);
$topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
$topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
$topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
// show sort order only if they specified sortnum as the sort method
if ($_CONF['sortmethod'] != 'alpha') {
$topic_templates->set_var('lang_sortorder', $LANG27[10]);
if ($A['sortnum'] == 0) {
$A['sortnum'] = '';
}
$topic_templates->set_var('sort_order', '<input type="text" size="3" maxlength="3" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
} else {
$topic_templates->set_var('lang_sortorder', $LANG27[14]);
$topic_templates->set_var('sort_order', $LANG27[15]);
}
$topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
if ($A['limitnews'] == 0) {
$topic_templates->set_var('story_limit', '');
} else {
$topic_templates->set_var('story_limit', $A['limitnews']);
}
$topic_templates->set_var('default_limit', $_CONF['limitnews']);
$topic_templates->set_var('lang_defaultis', $LANG27[16]);
$topic_templates->set_var('lang_topicname', $LANG27[3]);
$topic_templates->set_var('topic_name', stripslashes($A['topic']));
if (empty($A['tid'])) {
$A['imageurl'] = '/images/topics/';
}
$topic_templates->set_var('lang_topicimage', $LANG27[4]);
$topic_templates->set_var('lang_uploadimage', $LANG27[27]);
$topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']);
$topic_templates->set_var('lang_maxsize', $LANG27[28]);
$topic_templates->set_var('max_url_length', 255);
$topic_templates->set_var('image_url', $A['imageurl']);
$topic_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$topic_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($A['meta_description'])) {
$topic_templates->set_var('meta_description', $A['meta_description']);
}
if (!empty($A['meta_keywords'])) {
$topic_templates->set_var('meta_keywords', $A['meta_keywords']);
}
$topic_templates->set_var('lang_defaulttopic', $LANG27[22]);
$topic_templates->set_var('lang_defaulttext', $LANG27[23]);
if ($A['is_default'] == 1) {
$topic_templates->set_var('default_checked', 'checked="checked"');
} else {
$topic_templates->set_var('default_checked', '');
}
$topic_templates->set_var('lang_archivetopic', $LANG27[25]);
$topic_templates->set_var('lang_archivetext', $LANG27[26]);
$topic_templates->set_var('archive_disabled', '');
if ($A['archive_flag'] == 1) {
$topic_templates->set_var('archive_checked', 'checked="checked"');
} else {
$topic_templates->set_var('archive_checked', '');
// Only 1 topic can be the archive topic - so check if there already is one
if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
$topic_templates->set_var('archive_disabled', 'disabled');
}
}
if (empty($tid)) {
$num_stories = $LANG_ADMIN['na'];
} else {
$nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE tid = '" . addslashes($tid) . "'" . COM_getPermSql('AND'));
$N = DB_fetchArray($nresult);
$num_stories = COM_numberFormat($N['count']);
}
$topic_templates->set_var('lang_num_stories', $LANG27[30]);
$topic_templates->set_var('num_stories', $num_stories);
$topic_templates->set_var('gltoken_name', CSRF_TOKEN);
$topic_templates->set_var('gltoken', $token);
$topic_templates->parse('output', 'editor');
$retval .= $topic_templates->finish($topic_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Load a Story object from the sid specified, returning a status result.
* The result will either be a permission denied message, invalid SID
* message, or a loaded ok message. If it's loaded ok, then we've got all
* the exciting gubbins here.
*
* Only used from story admin and submit.php!
*
* @param $sid string Story Identifier, valid glFusion story id from the db.
* @return Integer from a constant.
*/
function loadFromDatabase($sid, $mode = 'edit')
{
global $_TABLES, $_CONF, $_USER, $_GROUPS;
$dtPublish = new Date('now', $_USER['tzid']);
$dtExpire = new Date('now', $_USER['tzid']);
$dtCmtclose = new Date('now', $_USER['tzid']);
$sid = DB_escapeString(COM_applyFilter($sid));
if (!empty($sid) && ($mode == 'edit' || $mode == 'view' || $mode == 'clone')) {
$sql = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, UNIX_TIMESTAMP(s.comment_expire) as cmt_expire_unix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '{$sid}')";
} elseif (!empty($sid) && $mode == 'moderate') {
$sql = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, ' . 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
} elseif ($mode == 'edit') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 0;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = $dtPublish->toUnix();
$this->_expire = $dtExpire->toUnix();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = $dtCmtclose->toUnix() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_title = '';
$this->_introtext = '';
$this->_bodytext = '';
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_hits = 0;
$this->_rating = 0.0;
$this->_votes = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
if ($_CONF['postmode'] != 'plaintext') {
$this->_postmode = 'html';
} else {
$this->_postmode = $_CONF['postmode'];
}
$this->_statuscode = 0;
$this->_featured = 0;
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
if (isset($_GROUPS['Story Admin'])) {
$this->_group_id = $_GROUPS['Story Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('story.edit');
}
$array = array();
SEC_setDefaultPermissions($array, $_CONF['default_permissions_story']);
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_anon = $array['perm_anon'];
$this->_perm_members = $array['perm_members'];
} else {
$this->loadFromArgsArray($_POST);
}
/* if we have SQL, load from it */
if (!empty($sql)) {
$result = DB_query($sql);
if ($result) {
$story = DB_fetchArray($result, false);
if ($story == null) {
return STORY_INVALID_SID;
}
$this->loadFromArray($story);
if (!isset($story['owner_id'])) {
$story['owner_id'] = 1;
}
if (SEC_hasRights('story.edit')) {
$this->_access = 3;
} else {
$access = SEC_hasAccess($story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], $story['perm_members'], $story['perm_anon']);
$this->_access = min($access, SEC_hasTopicAccess($this->_tid));
}
if ($this->_access == 0) {
return STORY_PERMISSION_DENIED;
} elseif ($this->_access == 2 && $mode != 'view') {
return STORY_EDIT_DENIED;
} elseif ($this->_access == 2 && $mode == 'view' && ($this->_draft_flag == 1 || $this->_date > time())) {
return STORY_INVALID_SID;
}
} else {
return STORY_INVALID_SID;
}
}
if ($mode == 'moderate') {
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 1;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_featured = 0;
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '" . DB_escapeString($this->_tid) . "'") == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_statuscode = 0;
$this->_owner_id = $this->_uid;
} elseif ($mode == 'clone') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
$this->_originalSid = '';
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = $dtPublish->toUnix();
$this->_expire = $dtExpire->toUnix();
//time();
// if the original story uses comment expire, update the time
if ($this->_comment_expire != 0) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
}
// reset counters
$this->_hits = 0;
$this->_rating = 0.0;
$this->_votes = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_owner_id = $_USER['uid'];
}
$this->_sanitizeData();
return STORY_LOADED_OK;
}
/**
* Shows the block editor
*
* This will show a block edit form. If this is a Geeklog default block it will
* send it off to editdefaultblock.
*
* @param string $bid ID of block to edit
* @return string HTML for block editor
*
*/
function editblock($bid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG01, $LANG21, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
$retval = '';
if (!empty($bid)) {
$sql['mysql'] = "SELECT * FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'";
$sql['mssql'] = "SELECT bid, is_enabled, name, type, title, blockorder, cast(content as text) as content, rdfurl, ";
$sql['mssql'] .= "rdfupdated, rdflimit, onleft, phpblockfn, help, owner_id,group_id, ";
$sql['mssql'] .= "perm_owner, perm_group, perm_members, perm_anon, allow_autotags, cache_time FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'";
$sql['pgsql'] = "SELECT * FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'";
$result = DB_query($sql);
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 2 || $access == 0 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
$retval .= COM_showMessageText($LANG21[45], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
}
if ($A['type'] == 'gldefault') {
$retval .= editdefaultblock($A, $access);
return $retval;
}
} else {
$A['bid'] = 0;
$A['is_enabled'] = 1;
$A['name'] = '';
$A['type'] = 'normal';
$A['title'] = '';
$A['tid'] = '';
$A['blockorder'] = 0;
$A['cache_time'] = $_CONF['default_cache_time_block'];
$A['content'] = '';
$A['allow_autotags'] = 0;
$A['rdfurl'] = '';
$A['rdfupdated'] = '';
$A['rdflimit'] = 0;
$A['onleft'] = 0;
$A['phpblockfn'] = '';
$A['help'] = '';
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Block Admin'])) {
$A['group_id'] = $_GROUPS['Block Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('block.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_block']);
$access = 3;
if ($_POST['mode'] == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save'])) {
overridePostdata($A);
}
}
$token = SEC_createToken();
$block_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/block');
$block_templates->set_file('editor', 'blockeditor.thtml');
$block_start = COM_startBlock($LANG21[3], '', COM_getBlockTemplate('_admin_block', 'header'));
$block_start .= LB . SEC_getTokenExpiryNotice($token);
$block_templates->set_var('start_block_editor', $block_start);
if (!empty($bid) && SEC_hasrights('block.delete')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$block_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$block_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$block_templates->set_var('allow_delete', true);
$block_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$block_templates->set_var('confirm_message', $MESSAGE[76]);
}
$block_templates->set_var('block_bid', $A['bid']);
// standard Admin strings
$block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']);
$block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']);
$block_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
$block_templates->set_var('lang_save', $LANG_ADMIN['save']);
$block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']);
$block_templates->set_var('lang_allowed_html', $LANG01[123]);
$block_templates->set_var('block_title', stripslashes($A['title']));
$block_templates->set_var('lang_enabled', $LANG21[53]);
if ($A['is_enabled'] == 1) {
$block_templates->set_var('is_enabled', 'checked="checked"');
} else {
$block_templates->set_var('is_enabled', '');
}
$block_templates->set_var('block_help', $A['help']);
$block_templates->set_var('lang_includehttp', $LANG21[51]);
$block_templates->set_var('lang_explanation', $LANG21[52]);
$block_templates->set_var('block_name', $A['name']);
$block_templates->set_var('lang_blockname', $LANG21[48]);
$block_templates->set_var('lang_nospaces', $LANG21[49]);
$block_templates->set_var('topic_selection', TOPIC_getTopicSelectionControl('block', $A['bid'], true, true));
$block_templates->set_var('lang_side', $LANG21[39]);
$block_templates->set_var('lang_left', $LANG21[40]);
$block_templates->set_var('lang_right', $LANG21[41]);
if ($A['onleft'] == 1) {
$block_templates->set_var('left_selected', 'selected="selected"');
} elseif ($A['onleft'] == 0) {
$block_templates->set_var('right_selected', 'selected="selected"');
}
$block_templates->set_var('lang_blockorder', $LANG21[9]);
$block_templates->set_var('block_order', $A['blockorder']);
$block_templates->set_var('lang_normalblock', $LANG21[12]);
$block_templates->set_var('lang_phpblock', $LANG21[27]);
$block_templates->set_var('lang_portalblock', $LANG21[11]);
if ($A['type'] == 'normal') {
$block_templates->set_var('normal_selected', 'selected="selected"');
} elseif ($A['type'] == 'phpblock') {
$block_templates->set_var('php_selected', 'selected="selected"');
} elseif ($A['type'] == 'portal') {
$block_templates->set_var('portal_selected', 'selected="selected"');
}
$block_templates->set_var('lang_cachetime', $LANG21['cache_time']);
$block_templates->set_var('lang_cachetime_desc', $LANG21['cache_time_desc']);
$block_templates->set_var('cache_time', $A['cache_time']);
$block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$block_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$block_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = '{$A['owner_id']}'"));
$block_templates->set_var('owner_name', $ownername);
$block_templates->set_var('owner', $ownername);
$block_templates->set_var('owner_id', $A['owner_id']);
$block_templates->set_var('lang_group', $LANG_ACCESS['group']);
$block_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$block_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$block_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$block_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$block_templates->set_var('lang_phpblockoptions', $LANG21[28]);
$block_templates->set_var('lang_blockfunction', $LANG21[29]);
$block_templates->set_var('block_phpblockfn', $A['phpblockfn']);
$block_templates->set_var('lang_phpblockwarning', $LANG21[30]);
$block_templates->set_var('lang_portalblockoptions', $LANG21[13]);
$block_templates->set_var('lang_rdfurl', $LANG21[14]);
$block_templates->set_var('max_url_length', 255);
$block_templates->set_var('block_rdfurl', $A['rdfurl']);
$block_templates->set_var('lang_rdflimit', $LANG21[62]);
$block_templates->set_var('block_rdflimit', $A['rdflimit']);
$block_templates->set_var('lang_lastrdfupdate', $LANG21[15]);
if ($A['rdfupdated'] == '0000-00-00 00:00:00') {
$block_templates->set_var('block_rdfupdated', '');
} else {
$block_templates->set_var('block_rdfupdated', $A['rdfupdated']);
}
$block_templates->set_var('lang_normalblockoptions', $LANG21[16]);
$block_templates->set_var('lang_blockcontent', $LANG21[17]);
$block_templates->set_var('lang_autotags', $LANG21[66]);
$block_templates->set_var('lang_use_autotags', $LANG21[67]);
$content = htmlspecialchars(stripslashes($A['content']));
$content = str_replace(array('{', '}'), array('{', '}'), $content);
$block_templates->set_var('block_content', $content);
if ($A['allow_autotags'] == 1) {
$block_templates->set_var('allow_autotags', 'checked="checked"');
} else {
$block_templates->set_var('allow_autotags', '');
}
$block_templates->set_var('gltoken_name', CSRF_TOKEN);
$block_templates->set_var('gltoken', $token);
$block_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$block_templates->parse('output', 'editor');
$retval .= $block_templates->finish($block_templates->get_var('output'));
// Shows/Hides relevant block options dynamically
$_SCRIPTS->setJavaScript("\njQuery(function () {\n var \$ = jQuery;\n \$('#admin-blockeditor-type').on('change', function () {\n var fs, i, fieldsets = ['normal', 'phpblock', 'portal'];\n\n for (i = 0; i < 3; i++) {\n if (this.value === fieldsets[i]) {\n \$('#fs-' + fieldsets[i] + '-options').show();\n } else {\n \$('#fs-' + fieldsets[i] + '-options').hide();\n }\n }\n })\n .trigger('change');\n});", true, true);
return $retval;
}
/**
* Shows the block editor
*
* This will show a block edit form. If this is a Geeklog default block it will
* send it off to editdefaultblock.
*
* @param string $bid ID of block to edit
* @return string HTML for block editor
*
*/
function editblock($bid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG01, $LANG21, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
$retval = '';
if (!empty($bid)) {
$sql['mysql'] = "SELECT * FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'";
$sql['mssql'] = "SELECT bid, is_enabled, name, type, title, tid, blockorder, cast(content as text) as content, rdfurl, ";
$sql['mssql'] .= "rdfupdated, rdflimit, onleft, phpblockfn, help, owner_id,group_id, ";
$sql['mssql'] .= "perm_owner, perm_group, perm_members, perm_anon, allow_autotags FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'";
$result = DB_query($sql);
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 2 || $access == 0 || hasBlockTopicAccess($A['tid']) < 3) {
$retval .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[45] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
}
if ($A['type'] == 'gldefault') {
$retval .= editdefaultblock($A, $access);
return $retval;
}
} else {
$A['bid'] = 0;
$A['is_enabled'] = 1;
$A['name'] = '';
$A['type'] = 'normal';
$A['title'] = '';
$A['tid'] = 'All';
$A['blockorder'] = 0;
$A['content'] = '';
$A['allow_autotags'] = 0;
$A['rdfurl'] = '';
$A['rdfupdated'] = '';
$A['rdflimit'] = 0;
$A['onleft'] = 0;
$A['phpblockfn'] = '';
$A['help'] = '';
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Block Admin'])) {
$A['group_id'] = $_GROUPS['Block Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('block.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_block']);
$access = 3;
}
$token = SEC_createToken();
$block_templates = new Template($_CONF['path_layout'] . 'admin/block');
$block_templates->set_file('editor', 'blockeditor.thtml');
$block_templates->set_var('site_url', $_CONF['site_url']);
$block_templates->set_var('xhtml', XHTML);
$block_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$block_templates->set_var('layout_url', $_CONF['layout_url']);
$block_start = COM_startBlock($LANG21[3], '', COM_getBlockTemplate('_admin_block', 'header'));
$block_start .= LB . SEC_getTokenExpiryNotice($token);
$block_templates->set_var('start_block_editor', $block_start);
if (!empty($bid) && SEC_hasrights('block.delete')) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$block_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$block_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
$block_templates->set_var('block_bid', $A['bid']);
// standard Admin strings
$block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']);
$block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']);
$block_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
$block_templates->set_var('lang_save', $LANG_ADMIN['save']);
$block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']);
$block_templates->set_var('lang_allowed_html', $LANG01[123]);
$block_templates->set_var('block_title', stripslashes($A['title']));
$block_templates->set_var('lang_enabled', $LANG21[53]);
if ($A['is_enabled'] == 1) {
$block_templates->set_var('is_enabled', 'checked="checked"');
} else {
$block_templates->set_var('is_enabled', '');
}
$block_templates->set_var('block_help', $A['help']);
$block_templates->set_var('lang_includehttp', $LANG21[51]);
$block_templates->set_var('lang_explanation', $LANG21[52]);
$block_templates->set_var('block_name', $A['name']);
$block_templates->set_var('lang_blockname', $LANG21[48]);
$block_templates->set_var('lang_nospaces', $LANG21[49]);
$block_templates->set_var('lang_all', $LANG21[7]);
$block_templates->set_var('lang_homeonly', $LANG21[43]);
if ($A['tid'] == 'all') {
$block_templates->set_var('all_selected', 'selected="selected"');
} else {
if ($A['tid'] == 'homeonly') {
$block_templates->set_var('homeonly_selected', 'selected="selected"');
}
}
$block_templates->set_var('topic_options', COM_topicList('tid,topic', $A['tid'], 1, true));
$block_templates->set_var('lang_side', $LANG21[39]);
$block_templates->set_var('lang_left', $LANG21[40]);
$block_templates->set_var('lang_right', $LANG21[41]);
if ($A['onleft'] == 1) {
$block_templates->set_var('left_selected', 'selected="selected"');
} else {
if ($A['onleft'] == 0) {
$block_templates->set_var('right_selected', 'selected="selected"');
}
}
$block_templates->set_var('lang_blockorder', $LANG21[9]);
$block_templates->set_var('block_order', $A['blockorder']);
$block_templates->set_var('lang_normalblock', $LANG21[12]);
$block_templates->set_var('lang_phpblock', $LANG21[27]);
$block_templates->set_var('lang_portalblock', $LANG21[11]);
if ($A['type'] == 'normal') {
$block_templates->set_var('normal_selected', 'selected="selected"');
} else {
if ($A['type'] == 'phpblock') {
$block_templates->set_var('php_selected', 'selected="selected"');
} else {
if ($A['type'] == 'portal') {
$block_templates->set_var('portal_selected', 'selected="selected"');
}
}
}
$block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$block_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$block_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = '{$A['owner_id']}'"));
$block_templates->set_var('owner_name', $ownername);
$block_templates->set_var('owner', $ownername);
$block_templates->set_var('owner_id', $A['owner_id']);
$block_templates->set_var('lang_group', $LANG_ACCESS['group']);
$block_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$block_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$block_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$block_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$block_templates->set_var('lang_phpblockoptions', $LANG21[28]);
$block_templates->set_var('lang_blockfunction', $LANG21[29]);
$block_templates->set_var('block_phpblockfn', $A['phpblockfn']);
$block_templates->set_var('lang_phpblockwarning', $LANG21[30]);
$block_templates->set_var('lang_portalblockoptions', $LANG21[13]);
$block_templates->set_var('lang_rdfurl', $LANG21[14]);
$block_templates->set_var('max_url_length', 255);
$block_templates->set_var('block_rdfurl', $A['rdfurl']);
$block_templates->set_var('lang_rdflimit', $LANG21[62]);
$block_templates->set_var('block_rdflimit', $A['rdflimit']);
$block_templates->set_var('lang_lastrdfupdate', $LANG21[15]);
if ($A['rdfupdated'] == '0000-00-00 00:00:00') {
$block_templates->set_var('block_rdfupdated', '');
} else {
$block_templates->set_var('block_rdfupdated', $A['rdfupdated']);
}
$block_templates->set_var('lang_normalblockoptions', $LANG21[16]);
$block_templates->set_var('lang_blockcontent', $LANG21[17]);
$block_templates->set_var('lang_autotags', $LANG21[66]);
$block_templates->set_var('lang_use_autotags', $LANG21[67]);
$block_templates->set_var('block_content', htmlspecialchars(stripslashes($A['content'])));
if ($A['allow_autotags'] == 1) {
$block_templates->set_var('allow_autotags', 'checked="checked"');
} else {
$block_templates->set_var('allow_autotags', '');
}
$block_templates->set_var('gltoken_name', CSRF_TOKEN);
$block_templates->set_var('gltoken', $token);
$block_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$block_templates->parse('output', 'editor');
$retval .= $block_templates->finish($block_templates->get_var('output'));
return $retval;
}
function CMED_editMenuitem($mid, $mode = 'edit', $A = array())
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $_PLUGINS, $_CMED_CONF, $LANG_CMED_EDITOR, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
$retval = '';
if ($mode == 'edit' || $mode == 'clone') {
if (empty($A)) {
$result = DB_query("SELECT * FROM {$_TABLES['menuitems']} WHERE mid ='{$mid}'");
$A = DB_fetchArray($result);
}
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || CMED_hasMenuitemTopicAccess($A['tid']) < 3) {
$retval .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_CMED_EDITOR['message_access1'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit menuitem {$mid}.");
return $retval;
}
$selpmid = CMED_makeSelBox($A['pmid']);
}
if ($mode == 'clone') {
preg_match('/(.*)_clone_(.+)/', $A['mid'], $match);
$label = empty($match[1]) ? $A['mid'] : $match[1];
$A['mid'] = CMED_createMenuitemID($label . '_clone_');
$A['type'] = 'custom';
$access = 3;
}
if ($mode == 'create') {
$A['mid'] = CMED_createMenuitemID();
$A['pmid'] = '';
$A['is_enabled'] = 1;
$A['type'] = 'custom';
$A['mode'] = 'fixation';
$A['label'] = '';
$A['label_var'] = '';
$A['php_function'] = '';
$A['tid'] = 'all';
$A['url'] = '';
$A['icon_url'] = '';
$A['menuorder'] = 0;
$A['pattern'] = '';
$A['is_preg'] = 0;
$A['class_name'] = '';
$selpmid = CMED_makeSelBox();
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['CustomMenu Admin'])) {
$A['group_id'] = $_GROUPS['CustomMenu Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('custommenu.admin');
}
SEC_setDefaultPermissions($A, $_CMED_CONF['default_permissions']);
$access = 3;
}
$T = COM_newTemplate($_CMED_CONF['path_layout']);
$T->set_file('editor', 'menueditor.thtml');
$T->set_var('icon_url', plugin_geticon_custommenu());
$retval .= COM_startBlock($LANG_CMED_EDITOR['custommenueditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
$v = $mode == 'create' || $mode == 'clone' || $A['type'] == 'gldefault' || $A['type'] == 'plugin' && in_array($A['mid'], $_PLUGINS) ? UC_DISABLED : '';
$T->set_var('delete_disabled', $v);
foreach ($LANG_CMED_EDITOR as $key => $val) {
$T->set_var('lang_' . $key, $val);
}
$v = ($mode == 'create' or $mode == 'clone') ? 'save' : 'update';
$T->set_var('lang_save', $LANG_CMED_EDITOR[$v]);
$T->set_var('val_title_fixation', stripslashes($A['label']));
$T->set_var('val_title_variable', stripslashes($A['label_var']));
$T->set_var('val_php_function', stripslashes($A['php_function']));
$T->set_var('val_is_enabled', $A['is_enabled'] == 1 ? UC_CHECKED : '');
$T->set_var('val_menuitemurl', $A['url']);
$T->set_var('val_icon_url', $A['icon_url']);
$T->set_var('val_mid', $A['mid']);
$T->set_var('val_pmid', $A['pmid']);
$T->set_var('selpmid', $selpmid);
$T->set_var('val_old_mid', $A['mid']);
$T->set_var('val_menuorder', $A['menuorder']);
$T->set_var('val_type', $A['type']);
$T->set_var('val_pattern', stripslashes($A['pattern']));
$T->set_var('val_is_preg', $A['is_preg'] == 1 ? UC_CHECKED : '');
$T->set_var('val_class_name', stripslashes($A['class_name']));
$v = $A['type'] == 'gldefault' || $A['type'] == 'plugin' ? UC_READONLY : '';
$T->set_var('mid_readonly', $v);
$T->set_var($A['tid'] . '_selected', UC_SELECTED);
$T->set_var('topic_options', COM_topicList('tid,topic', $A['tid'], 1, true));
$T->set_var('lang_type', $LANG_CMED_EDITOR['type_' . $A['type']]);
$T->set_var($A['type'] . '_selected', UC_SELECTED);
$T->set_var('val_mode_' . $A['mode'], UC_SELECTED);
// user access info
$T->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$T->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$T->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$T->set_var('owner_name', $ownername);
$T->set_var('owner', $ownername);
$T->set_var('owner_id', $A['owner_id']);
$T->set_var('lang_group', $LANG_ACCESS['group']);
$T->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$T->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$T->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$T->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$T->set_var('lang_lockmsg', $LANG_ACCESS['permmsg']);
if (!defined(CSRF_TOKEN)) {
define('CSRF_TOKEN', 'token');
}
$T->set_var('gltoken_name', CSRF_TOKEN);
$T->set_var('gltoken', SEC_createToken());
$T->parse('output', 'editor');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function fncSave($edt_flg, $navbarMenu, $menuno, $template)
{
$pi_name = "databox";
global $_CONF;
global $LANG_DATABOX_ADMIN;
global $_TABLES;
global $_USER;
global $_DATABOX_CONF;
global $LANG_DATABOX_user_menu;
$addition_def = DATABOX_getadditiondef();
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
if ($id == 0) {
$new_flg = true;
} else {
$new_flg = false;
}
$fieldset_id = COM_applyFilter($_POST['fieldset'], true);
$code = COM_applyFilter($_POST['code']);
$code = addslashes(COM_checkHTML(COM_checkWords($code)));
$title = COM_stripslashes($_POST['title']);
$title = addslashes(COM_checkHTML(COM_checkWords($title)));
$page_title = COM_applyFilter($_POST['page_title']);
$page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$language_id = COM_applyFilter($_POST['language_id']);
$language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
$category = $_POST['category'];
//@@@@@
$additionfields = $_POST['afield'];
$additionfields_old = $_POST['afield'];
$additionfields_fnm = $_POST['afield_fnm'];
$additionfields_del = $_POST['afield_del'];
$additionfields_alt = $_POST['afield_alt'];
$additionfields_date = array();
$additionfields = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
// $hits =0;
// $comments=0;
$old_mode = COM_applyFilter($_POST['old_mode']);
$old_mode = addslashes(COM_checkHTML(COM_checkWords($old_mode)));
//-----
$type = 1;
$uuid = $_USER['uid'];
// CHECK はじめ
$err = "";
//id
if ($id == 0) {
//$err.=$LANG_DATABOX_ADMIN['err_uid']."<br/>".LB;
} else {
if (!is_numeric($id)) {
$err .= $LANG_DATABOX_ADMIN['err_id'] . "<br/>" . LB;
}
}
//タイトル必須
if (empty($title)) {
$err .= $LANG_DATABOX_ADMIN['err_title'] . "<br/>" . LB;
}
//文字数制限チェック
if (mb_strlen($description, 'UTF-8') > $_DATABOX_CONF['maxlength_description']) {
$err .= $LANG_DATABOX_ADMIN['description'] . $_DATABOX_CONF['maxlength_description'] . $LANG_DATABOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
//----追加項目チェック
$err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
//errorのあるとき
if ($err != "") {
$retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
$retval['display'] = fncEdit($id, $edt_flg, 3, $err, "edit", $fieldset_id, $template, $old_mode);
return $retval;
}
// CHECK おわり
//-----
// 新規登録時
if ($new_flg) {
$w = DB_getItem($_TABLES['DATABOX_base'], "max(id)", "1=1");
if ($w == "") {
$w = 0;
}
$id = $w + 1;
}
$fields = LB . "id";
$values = LB . "{$id}";
if ($new_flg) {
if ($_DATABOX_CONF['datacode']) {
$code = "000000" . date(Ymdhis);
}
$created = COM_convertDate2Timestamp(date("Y-m-d"), date("H:i::00"));
$modified = $created;
$released = $created;
$commentcode = $_DATABOX_CONF['commentcode'];
$trackbackcode = $_CONF[trackback_code];
$comment_expire = '0000-00-00 00:00:00';
$expired = '0000-00-00 00:00:00';
//
$defaulttemplatesdirectory = null;
$draft_flag = $_DATABOX_CONF['user_draft_default'];
$draft_flag = $_DATABOX_CONF['user_draft_default'];
//---
$meta_description = "";
$meta_keywords = "";
$owner_id = $_USER['uid'];
$group_id = SEC_getFeatureGroup('databox.admin', $_USER['uid']);
$array = array();
SEC_setDefaultPermissions($array, $_DATABOX_CONF['default_permissions']);
$perm_owner = $array['perm_owner'];
$perm_group = $array['perm_group'];
$perm_anon = $array['perm_anon'];
$perm_members = $array['perm_members'];
$draft_flag = $_DATABOX_CONF['user_draft_default'];
$cache_time = $_DATABOX_CONF['default_cache_time'];
//-----
$fields .= ",defaulttemplatesdirectory";
//
$values .= ",'{$defaulttemplatesdirectory}'";
$fields .= ",draft_flag";
$values .= ",{$draft_flag}";
$fields .= ",cache_time";
$values .= ",{$cache_time}";
$fields .= ",meta_description";
//
$values .= ",'{$meta_description}'";
$fields .= ",meta_keywords";
//
$values .= ",'{$meta_keywords}'";
$fields .= ",commentcode";
//
$values .= ",{$commentcode}";
$fields .= ",trackbackcode";
//
$values .= ",{$trackbackcode}";
$fields .= ",comment_expire";
//
if ($comment_expire == '0000-00-00 00:00:00') {
$values .= ",'{$comment_expire}'";
} else {
$values .= ",FROM_UNIXTIME('{$comment_expire}')";
}
$fields .= ",language_id";
//
$values .= ",'{$language_id}'";
$fields .= ",owner_id";
$values .= ",{$owner_id}";
$fields .= ",group_id";
$values .= ",{$group_id}";
$fields .= ",perm_owner";
$values .= ",{$perm_owner}";
$fields .= ",perm_group";
$values .= ",{$perm_group}";
$fields .= ",perm_members";
$values .= ",{$perm_members}";
$fields .= ",perm_anon";
$values .= ",{$perm_anon}";
$fields .= ",modified";
$values .= ",FROM_UNIXTIME('{$modified}')";
$fields .= ",created";
$values .= ",FROM_UNIXTIME('{$created}')";
$fields .= ",expired";
if ($expired == '0000-00-00 00:00:00') {
$values .= ",'{$expired}'";
} else {
$values .= ",FROM_UNIXTIME('{$expired}')";
}
$fields .= ",released";
$values .= ",FROM_UNIXTIME('{$released}')";
$hits = 0;
$comments = 0;
$fields .= ",code";
$values .= ",'{$code}'";
$fields .= ",title";
//
$values .= ",'{$title}'";
$fields .= ",page_title";
//
$values .= ",'{$page_title}'";
$fields .= ",description";
//
$values .= ",'{$description}'";
// $fields.=",hits";//
// $values.=",$hits";
$fields .= ",comments";
//
$values .= ",{$comments}";
$fields .= ",fieldset_id";
//
$values .= ",{$fieldset_id}";
$fields .= ",uuid";
$values .= ",{$uuid}";
if ($edt_flg) {
$return_page = $_CONF['site_url'] . "/" . THIS_SCRIPT;
$return_page .= "?id=" . $id;
} else {
$return_page = $_CONF['site_url'] . '/' . THIS_SCRIPT . '?msg=1';
}
DB_save($_TABLES['DATABOX_base'], $fields, $values);
} else {
$sql = "UPDATE {$_TABLES['DATABOX_base']} set ";
$sql .= " title = '{$title}'";
$sql .= " ,page_title = '{$page_title}'";
$sql .= " ,description = '{$description}'";
$sql .= " ,language_id = '{$language_id}'";
$sql .= " ,modified = FROM_UNIXTIME('{$modified}')";
$sql .= ",uuid='{$uuid}' WHERE id={$id}";
DB_query($sql);
}
//カテゴリ
//$rt=DATABOX_savedatas("category_id",$_TABLES['DATABOX_category'],$id,$category);
$rt = DATABOX_savecategorydatas($id, $category);
//追加項目
if ($old_mode == "copy") {
DATABOX_uploadaddtiondatas_cpy($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
} else {
DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
}
if ($new_flg) {
$rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
} else {
$rt = DATABOX_saveaddtiondatas_update($id, $additionfields, $addition_def, $pi_name);
}
$rt = fncsendmail('data', $id);
$cacheInstance = 'databox__' . $id . '__';
CACHE_remove_instance($cacheInstance);
//exit;//@@@@@debug 用
if ($_DATABOX_CONF['aftersave'] === 'no') {
$retval['title'] = $LANG_DATABOX_ADMIN['piname'] . $LANG_DATABOX_ADMIN['edit'];
$retval['display'] .= fncEdit($id, $edt_flg, 1, $err, "edit", $fieldset_id, $template);
return $retval;
} else {
if ($_DATABOX_CONF['aftersave'] === 'list' or $_DATABOX_CONF['aftersave'] === 'admin') {
$url = $_CONF['site_url'] . "/databox/mydata/data.php";
$item_url = COM_buildURL($url);
$target = 'item';
} else {
$url = $_CONF['site_url'] . "/databox/data.php";
$url .= "?";
//コード使用の時
if ($_DATABOX_CONF['datacode']) {
$url .= "code=" . $code;
$url .= "&m=code";
} else {
$url .= "id=" . $id;
$url .= "&m=id";
}
$item_url = COM_buildUrl($url);
$target = $_DATABOX_CONF['aftersave_admin'];
}
}
$return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, 1);
echo $return_page;
exit;
}
function DLM_convertData()
{
global $_PLUGINS, $_DLM_CONF, $_GROUPS, $_CONF, $_TABLES, $_USER, $_FM_TABLES, $_FM_CONF, $_LANG_CONV, $_SUCCESS;
$retval = '';
if (is_readable($_FM_CONF['filemgmt_FileStore'])) {
$retval .= '<p>' . $_LANG_CONV['readable_fm_file_dir'] . $_FM_CONF['filemgmt_FileStore'] . '</p>' . LB;
} else {
$retval .= '<p>' . $_LANG_CONV['unreadable_fm_file_dir'] . $_FM_CONF['filemgmt_FileStore'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
if (is_writeable($_DLM_CONF['path_filestore'])) {
$retval .= '<p>' . $_LANG_CONV['writeable_dm_file_dir'] . $_DLM_CONF['path_filestore'] . '</p>' . LB;
} else {
$retval .= '<p>' . $_LANG_CONV['unwriteable_dm_file_dir'] . $_DLM_CONF['path_filestore'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloadcategories']}";
list($count) = DB_fetchArray(DB_query($sql));
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$retval .= '<p>' . $_LANG_CONV['num_dm_cat_data'] . $count . '</p>' . LB;
if ($count > 0) {
$retval .= '<p>' . $_LANG_CONV['del_dm_cat_data'] . '</p>' . LB;
DB_query("DELETE FROM {$_TABLES['downloadcategories']}");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloads']}";
list($count) = DB_fetchArray(DB_query($sql));
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$retval .= '<p>' . $_LANG_CONV['num_dm_info_data'] . $count . '</p>' . LB;
if ($count > 0) {
$retval .= '<p>' . $_LANG_CONV['del_dm_info_data'] . '</p>' . LB;
DB_query("DELETE FROM {$_TABLES['downloads']}");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloadvotes']}";
list($count) = DB_fetchArray(DB_query($sql));
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$retval .= '<p>' . $_LANG_CONV['num_dm_vote_data'] . $count . '</p>' . LB;
if ($count > 0) {
$retval .= '<p>' . $_LANG_CONV['del_dm_vote_data'] . '</p>' . LB;
DB_query("DELETE FROM {$_TABLES['downloadvotes']}");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloadhistories']}";
list($count) = DB_fetchArray(DB_query($sql));
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$retval .= '<p>' . $_LANG_CONV['num_dm_history_data'] . $count . '</p>' . LB;
if ($count > 0) {
$retval .= '<p>' . $_LANG_CONV['del_dm_history_data'] . '</p>' . LB;
DB_query("DELETE FROM {$_TABLES['downloadhistories']}");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloadsubmission']}";
list($count) = DB_fetchArray(DB_query($sql));
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$retval .= '<p>' . $_LANG_CONV['num_dm_submission_data'] . $count . '</p>' . LB;
if ($count > 0) {
$retval .= '<p>' . $_LANG_CONV['del_dm_submission_data'] . '</p>' . LB;
DB_query("DELETE FROM {$_TABLES['downloadsubmission']}");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
if (!$_SUCCESS) {
return $retval;
}
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Downloads Admin'])) {
$group_id = $_GROUPS['Downloads Admin'];
} else {
$group_id = SEC_getFeatureGroup('downloads.edit');
}
SEC_setDefaultPermissions($P, $_DLM_CONF['default_permissions']);
foreach ($P as $key => $val) {
${$key} = $val;
}
$sql = "SELECT * FROM {$_FM_TABLES['filemgmt_cat']}";
$result = DB_query($sql);
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$corder = 0;
while ($A = DB_fetchArray($result)) {
foreach ($A as $key => $val) {
${$key} = $val;
}
if ($pid == 0) {
$pid = ROOTID;
}
$corder += 10;
$is_enabled = 1;
if (!empty($imgurl)) {
$imgurl = rawurldecode($imgurl);
$catimg_src = $_FM_CONF['filemgmt_SnapCat'] . $imgurl;
if (!is_readable($catimg_src)) {
$retval .= '<p>' . $_LANG_CONV['unable_to_read_catimg'] . $catimg_src . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$catimg_dest = $_DLM_CONF['path_snapcat'] . DLM_createSafeFileName(DLM_createCatImgFilename($imgurl));
$_SUCCESS = DLM_copyFile_fm2dm($catimg_src, $catimg_dest);
if (!$_SUCCESS) {
$retval .= '<p>' . $_LANG_CONV['unable_to_conv_catimg'] . $catimg_src . '</p>' . LB;
return $retval;
}
}
DB_query("INSERT INTO {$_TABLES['downloadcategories']} " . "(cid, pid, title, imgurl, corder, is_enabled, owner_id, group_id, " . "perm_owner, perm_group, perm_members, perm_anon) " . "VALUES ('{$cid}', '{$pid}', '{$title}', '{$imgurl}', {$corder}, {$is_enabled}, {$owner_id}, {$group_id}, " . "{$perm_owner}, {$perm_group}, {$perm_members}, {$perm_anon})");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT * FROM {$_FM_TABLES['filemgmt_filedetail']}";
$result = DB_query($sql);
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
while ($A = DB_fetchArray($result)) {
foreach ($A as $key => $val) {
${$key} = $val;
}
$project = '';
$description = '';
$detail = '';
$postmode = 'plaintext';
$commentcode = $comments == 1 ? 0 : -1;
$is_released = $status;
$is_listing = $status;
$createddate = date('Y-m-d H:i:s', $date);
$owner_id = $submitter;
$secret_id = md5(uniqid());
$mg_autotag = '';
$tags = '';
$url = rawurldecode($url);
$src_url = $_FM_CONF['filemgmt_FileStore'] . $url;
if (!is_readable($src_url)) {
$retval .= '<p>' . $_LANG_CONV['unable_to_read_dlfile'] . $src_url . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$size = filesize($src_url);
$md5 = md5_file($src_url);
$dest_url = $_DLM_CONF['path_filestore'] . DLM_createSafeFileName($url, $secret_id);
$_SUCCESS = DLM_copyFile_fm2dm($src_url, $dest_url);
if (!$_SUCCESS) {
$retval .= '<p>' . $_LANG_CONV['unable_to_conv_dlfile'] . $src_url . '</p>' . LB;
return $retval;
}
if (!empty($logourl)) {
$logourl = rawurldecode($logourl);
$snap_src = $_FM_CONF['filemgmt_SnapStore'] . $logourl;
if (!is_readable($snap_src)) {
$retval .= '<p>' . $_LANG_CONV['unable_to_read_snapimg'] . $snap_src . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
$logourl = DLM_createSnapFilename($logourl, $_TABLES['downloads'], 'logourl');
$snap_dest = $_DLM_CONF['path_snapstore'] . DLM_createSafeFileName($logourl);
$_SUCCESS = DLM_copyFile_fm2dm($snap_src, $snap_dest);
if (!$_SUCCESS) {
$retval .= '<p>' . $_LANG_CONV['unable_to_conv_snapimg'] . $snap_src . '</p>' . LB;
return $retval;
}
$_SUCCESS = DLM_makeThumbnail(DLM_createSafeFileName($logourl));
if (!$_SUCCESS) {
$retval .= '<p>' . $_LANG_CONV['unable_to_make_tn'] . $snap_src . '</p>' . LB;
return $retval;
}
}
DB_query("INSERT INTO {$_TABLES['downloads']} " . "(lid, cid, title, url, homepage, version, size, secret_id, md5, " . "project, description, detail, postmode, logourl, mg_autotag, tags, " . "date, hits, rating, votes, commentcode, is_released, is_listing, createddate, owner_id" . ") " . "VALUES ('{$lid}', '{$cid}', '{$title}', '{$url}', '{$homepage}', '{$version}', '{$size}', '{$secret_id}', '{$md5}', " . "'{$project}', '{$description}', '{$detail}', '{$postmode}', '{$logourl}', '{$mg_autotag}', '{$tags}', " . "{$date}, {$hits}, {$rating}, {$votes}, '{$commentcode}', {$is_released}, {$is_listing}, '{$createddate}', '{$owner_id}'" . ")");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT * FROM {$_FM_TABLES['filemgmt_filedesc']}";
$result = DB_query($sql);
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
while ($A = DB_fetchArray($result)) {
foreach ($A as $key => $val) {
${$key} = $val;
}
$description = addslashes(stripslashes($description));
$descri = '';
$detail = '';
// Search break page position
$breakPosition = strpos($description, "\r\n\r\n");
if ($breakPosition > 0 and $breakPosition < strlen($description)) {
$descri = substr($description, 0, $breakPosition);
$detail = substr($description, $breakPosition + 4, strlen($description) - $breakPosition - 4);
} else {
$breakPosition = strpos($description, "\n\n");
if ($breakPosition > 0 and $breakPosition < strlen($description)) {
$descri = substr($description, 0, $breakPosition);
$detail = substr($description, $breakPosition + 2, strlen($description) - $breakPosition - 2);
} else {
$breakPosition = strpos($description, "\r\r");
if ($breakPosition > 0 and $breakPosition < strlen($description)) {
$descri = substr($description, 0, $breakPosition);
$detail = substr($description, $breakPosition + 2, strlen($description) - $breakPosition - 2);
} else {
$descri = $description;
}
}
}
DB_query("UPDATE {$_TABLES['downloads']} " . "SET description='{$descri}', detail='{$detail}' " . "WHERE lid='{$lid}'");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT * FROM {$_FM_TABLES['filemgmt_votedata']}";
$result = DB_query($sql);
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
while ($A = DB_fetchArray($result)) {
foreach ($A as $key => $val) {
${$key} = $val;
}
DB_query("INSERT INTO {$_TABLES['downloadvotes']} " . "(ratingid, lid, ratinguser, rating, ratinghostname, ratingtimestamp) " . "VALUES ('{$ratingid}', '{$lid}', '{$ratinguser}', '{$rating}', '{$ratinghostname}', '{$ratingtimestamp}')");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
$sql = "SELECT * FROM {$_FM_TABLES['filemgmt_history']}";
$result = DB_query($sql);
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
while ($A = DB_fetchArray($result)) {
foreach ($A as $key => $val) {
${$key} = $val;
}
DB_query("INSERT INTO {$_TABLES['downloadhistories']} " . "(uid, lid, remote_ip, date) " . "VALUES ('{$uid}', '{$lid}', '{$remote_ip}', '{$date}')");
if (DB_error()) {
$retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB;
$_SUCCESS = false;
return $retval;
}
}
return $retval;
}
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
/* Store the first CATEGORY as the Topic ID */
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
/* Apply filters to the parameters passed by the webservice */
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
/* - START: Set all the defaults - */
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
}
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
$args['alternate_id'] = NULL;
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
/* Permissions */
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
/* - END: Set all the defaults - */
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
/* First load the original story to check if it has been modified */
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
/* This function is also doing the security checks */
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
switch ($result) {
case STORY_DUPLICATE_SID:
if (!$args['gl_svc']) {
if (isset($args['type']) && $args['type'] == 'submission') {
$output .= STORY_edit($sid, 'moderate');
} else {
$output .= STORY_edit($sid, 'error');
}
}
return PLG_RET_ERROR;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
case STORY_EMPTY_REQUIRED_FIELDS:
if (!$args['gl_svc']) {
$output .= STORY_edit($sid, 'error');
}
return PLG_RET_ERROR;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
$upload->setFieldName('file');
//@TODO - better error handling...
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$output .= COM_siteFooter();
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
$curfile['name'] = '';
if (isset($_FILES['file']['name'][$z])) {
$curfile['name'] = $_FILES['file']['name'][$z];
}
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
$ai_img_num++;
} else {
$filenames[] = '';
}
}
$upload->setFileNames($filenames);
$upload->uploadFiles();
//@TODO - better error handling
if ($upload->areErrors()) {
$retval = COM_siteHeader('menu', $LANG24[30]);
$retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
$retval .= STORY_edit($sid, 'error');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
if ($filenames[$z] != '') {
$sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
$result = DB_query($sql, 1);
$row = DB_fetchArray($result);
$ai_img_num = $row['ai_img_num'];
if ($ai_img_num < 1) {
$ai_img_num = 1;
}
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
}
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkImages();
if (count($errors) > 0) {
$output = COM_siteHeader('menu', $LANG24[54]);
$eMsg = $LANG24[55] . '<p>';
for ($i = 1; $i <= count($errors); $i++) {
$eMsg .= current($errors) . '<br />';
next($errors);
}
//@TODO - use return here...
$output .= COM_showMessageText($eMsg, $LANG24[54], true);
$output .= STORY_edit($sid, 'error');
$output .= COM_siteFooter();
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_olderStuff();
if ($story->type == 'submission') {
COM_setMessage(9);
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
/**
* Load a Story object from the sid specified, returning a status result.
* The result will either be a permission denied message, invalid SID
* message, or a loaded ok message. If it's loaded ok, then we've got all
* the exciting gubbins here.
*
* Only used from story admin and submit.php!
*
* @param $sid string Story Identifier, valid geeklog story id from the db.
* @return Integer from a constant.
*/
function loadFromDatabase($sid, $mode = 'edit')
{
global $_TABLES, $_CONF, $_USER;
$sid = addslashes(COM_applyFilter($sid));
if (!empty($sid) && ($mode == 'edit' || $mode == 'view')) {
$sql = array();
$sql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '{$sid}')";
$sql['mssql'] = "SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, CAST(s.introtext AS text) AS introtext, CAST(s.bodytext AS text) AS bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode, " . " UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '{$sid}')";
} elseif (!empty($sid) && $mode == 'editsubmission') {
$sql = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, ' . 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
} elseif ($mode == 'edit') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 0;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = time();
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_title = '';
$this->_meta_description = '';
$this->_meta_keywords = '';
$this->_introtext = '';
$this->_bodytext = '';
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_hits = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] && $_CONF['postmode'] != 'plaintext') {
$this->_advanced_editor_mode = 1;
$this->_postmode = 'adveditor';
} else {
$this->_postmode = $_CONF['postmode'];
$this->_advanced_editor_mode = 0;
}
$this->_statuscode = 0;
$this->_featured = 0;
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
if (isset($_GROUPS['Story Admin'])) {
$this->_group_id = $_GROUPS['Story Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('story.edit');
}
$array = array();
SEC_setDefaultPermissions($array, $_CONF['default_permissions_story']);
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_anon = $array['perm_anon'];
$this->_perm_members = $array['perm_members'];
} else {
$this->loadFromArgsArray($_POST);
}
/* if we have SQL, load from it */
if (!empty($sql)) {
$result = DB_query($sql);
if ($result) {
$story = DB_fetchArray($result, false);
if ($story == null) {
return STORY_INVALID_SID;
}
$this->loadFromArray($story);
if (!isset($story['owner_id'])) {
$story['owner_id'] = 1;
}
$access = SEC_hasAccess($story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], $story['perm_members'], $story['perm_anon']);
$this->_access = min($access, SEC_hasTopicAccess($this->_tid));
if ($this->_access == 0) {
return STORY_PERMISSION_DENIED;
} elseif ($this->_access == 2 && $mode != 'view') {
return STORY_EDIT_DENIED;
} elseif ($this->_access == 2 && $mode == 'view' && ($this->_draft_flag == 1 || $this->_date > time())) {
return STORY_INVALID_SID;
}
} else {
return STORY_INVALID_SID;
}
}
if ($mode == 'editsubmission') {
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 1;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_featured = 0;
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$this->_tid}'") == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_statuscode = 0;
$this->_owner_id = $this->_uid;
}
$this->_sanitizeData();
return STORY_LOADED_OK;
}
/**
* Load a Story object from the sid specified, returning a status result.
* The result will either be a permission denied message, invalid SID
* message, or a loaded ok message. If it's loaded ok, then we've got all
* the exciting gubbins here.
* Only used from story admin and submit.php!
*
* @param string $sid Story Identifier, valid geeklog story id from the db.
* @param string $mode 'edit'|'view'|'clone'|'editsubmission'
* @return int from a constant.
*/
public function loadFromDatabase($sid, $mode = 'edit')
{
global $_TABLES, $_CONF, $_USER, $topic;
$sid = DB_escapeString(COM_applyFilter($sid));
$sql = array();
if (!empty($sid) && ($mode === 'edit' || $mode === 'view' || $mode === 'clone')) {
if (empty($topic)) {
$topic_sql = ' AND ta.tdefault = 1';
} else {
$topic_sql = " AND ta.tid = '{$topic}'";
}
/* Original
$sql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, "
. "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '$sid')";
*/
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) AS expireunix, UNIX_TIMESTAMP(s.comment_expire) AS cmt_expire_unix, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl\n FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE ta.type = 'article' AND ta.id = sid {$topic_sql} AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')";
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, UNIX_TIMESTAMP(s.comment_expire) as cmt_expire_unix, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl\n FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1 AND (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')";
} elseif (!empty($sid) && $mode === 'editsubmission') {
/* Original
$sql['mysql'] = 'SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, '
. 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
$sql['pgsql'] = 'SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, '
. 'u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl, t.group_id, ' . 't.perm_owner, t.perm_group, t.perm_members, t.perm_anon ' . 'FROM ' . $_TABLES['storysubmission'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topics'] . ' AS t WHERE (s.uid = u.uid) AND' . ' (s.tid = t.tid) AND (sid = \'' . $sid . '\')';
*/
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl, t.group_id, t.perm_owner, t.perm_group, t.perm_members, t.perm_anon\n FROM {$_TABLES['storysubmission']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1";
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, u.username, u.fullname, u.photo, u.email, t.tid, t.topic, t.imageurl, t.group_id, t.perm_owner, t.perm_group, t.perm_members, t.perm_anon\n FROM {$_TABLES['storysubmission']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t, {$_TABLES['topic_assignments']} AS ta\n WHERE (s.uid = u.uid) AND (ta.tid = t.tid) AND (sid = '{$sid}')\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1";
} elseif ($mode === 'edit') {
$this->_sid = COM_makesid();
$this->_old_sid = $this->_sid;
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 0;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
if (isset($_CONF['default_cache_time_article'])) {
$this->_cache_time = $_CONF['default_cache_time_article'];
} else {
$this->_cache_time = 0;
}
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_date = $this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_title = '';
$this->_page_title = '';
$this->_meta_description = '';
$this->_meta_keywords = '';
$this->_introtext = '';
$this->_bodytext = '';
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_text_version = GLTEXT_LATEST_VERSION;
$this->_hits = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
if ($_CONF['advanced_editor'] && $_USER['advanced_editor'] && $_CONF['postmode'] !== 'plaintext' && $_CONF['postmode'] !== 'wikitext') {
$this->_advanced_editor_mode = 1;
$this->_postmode = 'adveditor';
} else {
$this->_postmode = $_CONF['postmode'];
$this->_advanced_editor_mode = 0;
}
$this->_statuscode = 0;
$this->_featured = 0;
$this->_cache_time = $_CONF['default_cache_time_article'];
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
if (isset($_GROUPS['Story Admin'])) {
$this->_group_id = $_GROUPS['Story Admin'];
} else {
$this->_group_id = SEC_getFeatureGroup('story.edit');
}
$array = array();
SEC_setDefaultPermissions($array, $_CONF['default_permissions_story']);
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_anon = $array['perm_anon'];
$this->_perm_members = $array['perm_members'];
} else {
$this->loadFromArgsArray($_POST);
}
// if we have SQL, load from it
if (!empty($sql)) {
$result = DB_query($sql);
if ($result) {
$story = DB_fetchArray($result, false);
if ($story == null) {
return STORY_INVALID_SID;
}
$this->loadFromArray($story);
/**
* The above SQL also got the story owner's username etc. from
* the DB. If the user doing the cloning is different from the
* original author, we need to fix those here.
*/
if ($mode === 'clone' && $this->_uid != $_USER['uid']) {
$this->_uid = $_USER['uid'];
$story['owner_id'] = $this->_uid;
$uResult = DB_query("SELECT username, fullname, photo, email FROM {$_TABLES['users']} WHERE uid = {$_USER['uid']}");
list($this->_username, $this->_fullname, $this->_photo, $this->_email) = DB_fetchArray($uResult);
}
if (!isset($story['owner_id'])) {
$story['owner_id'] = 1;
}
$access = SEC_hasAccess($story['owner_id'], $story['group_id'], $story['perm_owner'], $story['perm_group'], $story['perm_members'], $story['perm_anon']);
//$this->_access = min($access, SEC_hasTopicAccess($this->_tid));
//$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid));
if ($mode !== 'view') {
// When editing an article they need access to all topics article is assigned to plus edit access to article itself
$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid));
} else {
// When viewing a article we only care about if it has access to the current topic and article
$this->_access = min($access, TOPIC_hasMultiTopicAccess('article', $sid, $topic));
}
if ($this->_access == 0) {
return STORY_PERMISSION_DENIED;
} elseif ($this->_access == 2 && $mode !== 'view') {
return STORY_EDIT_DENIED;
} elseif ($this->_access == 2 && $mode == 'view' && ($this->_draft_flag == 1 || $this->_date > time())) {
return STORY_INVALID_SID;
}
} else {
return STORY_INVALID_SID;
}
}
if ($mode === 'editsubmission') {
if (isset($_CONF['draft_flag'])) {
$this->_draft_flag = $_CONF['draft_flag'];
} else {
$this->_draft_flag = 1;
}
if (isset($_CONF['show_topic_icon'])) {
$this->_show_topic_icon = $_CONF['show_topic_icon'];
} else {
$this->_show_topic_icon = 1;
}
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_featured = 0;
$this->_cache_time = $_CONF['default_cache_time_article'];
$this->_expire = time();
if ($_CONF['article_comment_close_enabled']) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
} else {
$this->_comment_expire = 0;
}
if (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_text_version = GLTEXT_LATEST_VERSION;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
$this->_statuscode = 0;
$this->_owner_id = $this->_uid;
} elseif ($mode === 'clone') {
// new story, new sid ...
$this->_sid = COM_makeSid();
$this->_old_sid = $this->_sid;
// assign ownership to current user
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
$this->_owner_id = $this->_uid;
// use current date + time
$this->_date = $this->_expire = time();
// if the original story uses comment expire, update the time
if ($this->_comment_expire != 0) {
$this->_comment_expire = time() + $_CONF['article_comment_close_days'] * 86400;
}
// reset counters
$this->_hits = 0;
$this->_comments = 0;
$this->_trackbacks = 0;
$this->_numemails = 0;
}
$this->sanitizeData();
return STORY_LOADED_OK;
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
/**
* Show topic administration form
*
* @param string tid ID of topic to edit
* @param array $T An array of topic fields (optional)
* @return string HTML for the topic editor
*
*/
function TOPIC_edit($tid = '', $T = array(), $msg = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE;
USES_lib_admin();
$retval = '';
$topicEdit = 0;
$assoc_stories_published = 0;
$assoc_stories_draft = 0;
$assoc_images = 0;
$assoc_comments = 0;
$assoc_trackbacks = 0;
if (!empty($tid)) {
$topicEdit = 1;
// existing topic - pull fields from DB
$result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='" . DB_escapeString($tid) . "'");
$A = DB_fetchArray($result);
$access = SEC_inGroup('Topic Admin') ? 3 : SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
$retval .= COM_showMessageText($LANG27[13], $LANG27[12], true);
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
return $retval;
}
// ok let's see what is associated with this topic
$result2 = DB_query("SELECT bid FROM {$_TABLES['blocks']} WHERE tid = '{$tid}'");
$assoc_blocks = DB_numRows($result2);
$result2 = DB_query("SELECT fid FROM {$_TABLES['syndication']} WHERE topic = '{$tid}'");
$assoc_feeds = DB_numRows($result2);
$result2 = DB_query("SELECT sid FROM {$_TABLES['storysubmission']} WHERE tid = '{$tid}'");
$assoc_stories_submitted = DB_numRows($result2);
$result2 = DB_query("SELECT sid, draft_flag FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$total_assoc_stories = DB_numRows($result2);
if ($total_assoc_stories > 0) {
for ($i = 0; $i < $total_assoc_stories; $i++) {
$S = DB_fetchArray($result2);
if ($S['draft_flag'] == 0) {
$assoc_stories_published += 1;
} else {
$assoc_stories_draft += 1;
}
$result3 = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid = '{$S['sid']}'");
$assoc_images += DB_numRows($result3);
$result3 = DB_query("SELECT cid FROM {$_TABLES['comments']} WHERE sid = '{$S['sid']}' AND type = 'article'");
$assoc_comments += DB_numRows($result3);
$result3 = DB_query("SELECT cid FROM {$_TABLES['trackback']} WHERE sid = '{$S['sid']}' AND type = 'article'");
$assoc_trackbacks += DB_numRows($result3);
}
}
} else {
// new topic - retain field values if any in case of failed validation
$A = array();
$A['tid'] = isset($T['tid']) ? $T['tid'] : '';
$A['topic'] = isset($T['topic']) ? $T['topic'] : '';
$A['sortnum'] = isset($T['sortnum']) ? $T['sortnum'] : 0;
$A['limitnews'] = isset($T['limitnews']) ? $T['limitnews'] : '';
// leave empty!
$A['is_default'] = isset($T['is_default']) && $T['is_default'] == 'on' ? 1 : 0;
$A['archive_flag'] = isset($T['archive_flag']) && $T['archive_flag'] == 'on' ? 1 : 0;
$A['sort_by'] = isset($T['sort_by']) ? $T['sort_by'] : 0;
$A['sort_dir'] = isset($T['sort_dir']) && $T['sort_dir'] == 'ASC' ? 'ASC' : 'DESC';
$A['owner_id'] = isset($T['owner_id']) ? $T['owner_id'] : '';
$A['group_id'] = isset($T['group_id']) ? $T['group_id'] : '';
$A['imageurl'] = isset($T['imageurl']) ? $T['imageurl'] : '';
$assoc_stories_submitted = 0;
$assoc_blocks = 0;
$assoc_feeds = 0;
if ($A['sortnum'] != '') {
$tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($A['sortnum']) . '"');
$newSortNum = $tidSortNumber;
} else {
$newSortNum = 0;
}
$A['sortnum'] = $newSortNum;
// an empty owner_id signifies this is a new block, set to current user
// this will also set the default values for group_id as well as the
// default values for topic permissions
if (empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
// this is the one instance where we default the group
// most topics should belong to the Topic Admin group
if (isset($_GROUPS['Topic Admin'])) {
$A['group_id'] = $_GROUPS['Topic Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('topic.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
} else {
if (isset($T['perm_owner'])) {
$A['perm_owner'] = SEC_getPermissionValue($T['perm_owner']);
$A['perm_group'] = SEC_getPermissionValue($T['perm_group']);
$A['perm_members'] = SEC_getPermissionValue($T['perm_members']);
$A['perm_anon'] = SEC_getPermissionValue($T['perm_anon']);
} else {
SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
}
}
$access = 3;
}
// display the topic editor
$topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
$topic_templates->set_file('editor', 'topiceditor.thtml');
// generate input for topic id
if (!empty($topicEdit) && SEC_hasRights('topic.edit')) {
$tid_input = $tid . '<input type="hidden" size="20" maxlength="128" name="tid" value="' . $tid . '"' . XHTML . '>';
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s' . XHTML . '>';
$jsconfirm = ' onclick="return doubleconfirm(\'' . $LANG27[40] . '\',\'' . $LANG27[6] . '\');"';
$topic_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$topic_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$topic_templates->clear_var('lang_donotusespaces');
} else {
$tid_input = '<input class="required alphanumeric" type="text" size="20" maxlength="128" name="tid" id="tid" value="' . $tid . '"' . XHTML . '>';
$topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
}
$topic_templates->set_var('tid_input', $tid_input);
$topic_templates->set_var('lang_topicid', $LANG27[2]);
$topic_templates->set_var('topic_id', $A['tid']);
$topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$topic_templates->set_var('owner_name', $ownername);
$topic_templates->set_var('owner', $ownername);
$topic_templates->set_var('owner_id', $A['owner_id']);
$topic_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id']));
$topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
$topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
$topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$sort_select = '<select id="sortnum" name="sortnum">' . LB;
$sort_select .= '<option value="0">' . 'First Position' . '</option>' . LB;
$result = DB_query("SELECT tid,topic,sortnum FROM {$_TABLES['topics']} ORDER BY sortnum ASC");
if ($topicEdit == 1) {
$testvar = 10;
} else {
$testvar = 0;
}
$order = 10;
while ($row = DB_fetchArray($result)) {
if ($row['tid'] != $tid) {
$test_sortnum = $order + $testvar;
$sort_select .= '<option value="' . $row['tid'] . '"' . ($A['sortnum'] == $test_sortnum ? ' selected="selected"' : '') . '>' . $row['topic'] . ' (' . $row['tid'] . ')' . '</option>' . LB;
}
$order += 10;
}
$sort_select .= '</select>' . LB;
// show sort order only if they specified sortnum as the sort method
if ($_CONF['sortmethod'] != 'alpha') {
$topic_templates->set_var('lang_sortorder', $LANG27[41]);
if ($A['sortnum'] == 0) {
$A['sortnum'] = '';
}
$topic_templates->set_var('sort_order', $sort_select);
} else {
$topic_templates->set_var('lang_sortorder', $LANG27[14]);
$topic_templates->set_var('sort_order', $LANG27[15]);
}
$topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
if ($A['limitnews'] == 0) {
$topic_templates->set_var('story_limit', '');
} else {
$topic_templates->set_var('story_limit', $A['limitnews']);
}
$topic_templates->set_var('default_limit', $_CONF['limitnews']);
$topic_templates->set_var('lang_defaultis', $LANG27[16]);
$topic_templates->set_var('lang_topicname', $LANG27[3]);
$topic_templates->set_var('topic_name', htmlentities($A['topic']));
if (empty($A['tid'])) {
$A['imageurl'] = '/images/topics/';
}
$topic_templates->set_var('lang_topicimage', $LANG27[4]);
$topic_templates->set_var('lang_uploadimage', $LANG27[27]);
$topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']);
$topic_templates->set_var('lang_maxsize', $LANG27[28]);
$topic_templates->set_var('max_url_length', 255);
$topic_templates->set_var('image_url', $A['imageurl']);
if (@getimagesize($_CONF['path_html'] . $A['imageurl']) !== false) {
$topic_templates->set_var('topicimage', $_CONF['site_url'] . $A['imageurl']);
}
$topic_templates->set_var('lang_defaulttopic', $LANG27[22]);
$topic_templates->set_var('lang_defaulttext', $LANG27[23]);
if ($A['is_default'] == 1) {
$topic_templates->set_var('default_checked', 'checked="checked"');
} else {
$topic_templates->set_var('default_checked', '');
}
$topic_templates->set_var('lang_sort_story_by', $LANG27[35]);
$topic_templates->set_var('lang_sort_story_dir', $LANG27[36]);
$sortSelect = '<select name="sort_by" id="sort_by">' . LB;
$sortSelect .= '<option value="0"' . ($A['sort_by'] == 0 ? ' selected="selected"' : '') . '>' . $LANG27[30] . '</option>' . LB;
$sortSelect .= '<option value="1"' . ($A['sort_by'] == 1 ? ' selected="selected"' : '') . '>' . $LANG27[31] . '</option>' . LB;
$sortSelect .= '<option value="2"' . ($A['sort_by'] == 2 ? ' selected="selected"' : '') . '>' . $LANG27[32] . '</option>' . LB;
$sortSelect .= '</select>' . LB;
$topic_templates->set_var('story_sort_select', $sortSelect);
$sort_dir = '<select name="sort_dir" id="sort_dir">' . LB;
$sort_dir .= '<option value="ASC"' . ($A['sort_dir'] == 'ASC' ? ' selected="selected"' : '') . '>' . $LANG27[33] . '</option>' . LB;
$sort_dir .= '<option value="DESC"' . ($A['sort_dir'] == 'DESC' ? ' selected="selected"' : '') . '>' . $LANG27[34] . '</option>' . LB;
$sort_dir .= '</select>';
$topic_templates->set_var('story_sort_dir', $sort_dir);
$topic_templates->set_var('lang_archivetopic', $LANG27[25]);
$topic_templates->set_var('lang_archivetext', $LANG27[26]);
$topic_templates->set_var('archive_disabled', '');
if ($A['archive_flag'] == 1) {
$topic_templates->set_var('archive_checked', 'checked="checked"');
} else {
$topic_templates->set_var('archive_checked', '');
// Only 1 topic can be the archive topic - so check if there already is one
if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
$topic_templates->set_var('archive_disabled', 'disabled');
}
}
$assoc_stories = ($assoc_stories_published > 0 or $assoc_stories_draft > 0 or $assoc_stories_submitted > 0 or $assoc_images > 0 or $assoc_comments > 0 or $assoc_trackbacks > 0);
if ($assoc_blocks > 0 or $assoc_feeds > 0 or $assoc_stories) {
$topic_templates->set_var('lang_assoc_objects', $LANG27[43]);
if ($assoc_stories_published > 0) {
$topic_templates->set_var('lang_assoc_stories_published', $LANG27[44]);
$topic_templates->set_var('assoc_stories_published', $assoc_stories_published);
$topic_templates->set_var('published_story_admin_link', COM_createLink($LANG27[52], $_CONF['site_admin_url'] . '/story.php'));
}
if ($assoc_stories_draft > 0) {
$topic_templates->set_var('lang_assoc_stories_draft', $LANG27[45]);
$topic_templates->set_var('assoc_stories_draft', $assoc_stories_draft);
$topic_templates->set_var('draft_story_admin_link', COM_createLink($LANG27[52], $_CONF['site_admin_url'] . '/story.php'));
}
if ($assoc_stories_submitted > 0) {
$topic_templates->set_var('lang_assoc_stories_submitted', $LANG27[46]);
$topic_templates->set_var('assoc_stories_submitted', $assoc_stories_submitted);
$topic_templates->set_var('moderation_link', COM_createLink($LANG27[53], $_CONF['site_admin_url'] . '/moderation.php'));
}
if ($assoc_images > 0) {
$topic_templates->set_var('lang_assoc_images', $LANG27[47]);
$topic_templates->set_var('assoc_images', $assoc_images);
}
if ($assoc_comments > 0) {
$topic_templates->set_var('lang_assoc_comments', $LANG27[48]);
$topic_templates->set_var('assoc_comments', $assoc_comments);
}
if ($assoc_trackbacks > 0) {
$topic_templates->set_var('lang_assoc_trackbacks', $LANG27[49]);
$topic_templates->set_var('assoc_trackbacks', $assoc_trackbacks);
}
if ($assoc_blocks > 0) {
$topic_templates->set_var('lang_assoc_blocks', $LANG27[50]);
$topic_templates->set_var('assoc_blocks', $assoc_blocks);
$topic_templates->set_var('block_admin_link', COM_createLink($LANG27[54], $_CONF['site_admin_url'] . '/block.php'));
}
if ($assoc_feeds > 0) {
$topic_templates->set_var('lang_assoc_feeds', $LANG27[51]);
$topic_templates->set_var('assoc_feeds', $assoc_feeds);
$topic_templates->set_var('syndication_admin_link', COM_createLink($LANG27[55], $_CONF['site_admin_url'] . '/syndication.php'));
}
}
$topic_templates->set_var('gltoken_name', CSRF_TOKEN);
$topic_templates->set_var('gltoken', SEC_createToken());
$topic_templates->parse('output', 'editor');
if ($msg != '') {
$retval .= COM_showMessageText($msg);
}
$retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/topic.php', 'text' => $LANG_ADMIN['topic_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$retval .= ADMIN_createMenu($menu_arr, $LANG27[57], $_CONF['layout_url'] . '/images/icons/topic.' . $_IMAGE_TYPE);
$retval .= $topic_templates->finish($topic_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Displays the static page editor form
*
* @param array $A Data to display
* @return string HTML for the static page editor
*
*/
function staticpageeditor_form($A)
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS;
if (!empty($sp_id) && $mode == 'edit') {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
if ($mode != 'clone') {
$A['sp_inblock'] = $_SP_CONF['in_block'];
}
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Static Page Admin'])) {
$A['group_id'] = $_GROUPS['Static Page Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
}
SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
$access = 3;
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$A['advanced_editor_mode'] = 1;
}
}
$retval = '';
$sp_template = COM_newTemplate(CTL_plugin_templatePath('staticpages', 'admin'));
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$sp_template->set_file('form', 'editor_advanced.thtml');
// Shouldn't really have to check if anonymous user but who knows...
if (COM_isAnonUser()) {
$link_message = "";
} else {
$link_message = $LANG01[138];
}
$sp_template->set_var('noscript', COM_getNoScript(false, '', $link_message));
// Setup Advanced Editor
COM_setupAdvancedEditor('/staticpages/adveditor.js', 'staticpages.edit');
$sp_template->set_var('lang_expandhelp', $LANG24[67]);
$sp_template->set_var('lang_reducehelp', $LANG24[68]);
$sp_template->set_var('lang_toolbar', $LANG24[70]);
$sp_template->set_var('toolbar1', $LANG24[71]);
$sp_template->set_var('toolbar2', $LANG24[72]);
$sp_template->set_var('toolbar3', $LANG24[73]);
$sp_template->set_var('toolbar4', $LANG24[74]);
$sp_template->set_var('toolbar5', $LANG24[75]);
$sp_template->set_var('lang_nojavascript', $LANG24[77]);
$sp_template->set_var('lang_postmode', $LANG24[4]);
if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
$sp_template->set_var('show_adveditor', '');
$sp_template->set_var('show_htmleditor', 'none');
} else {
$sp_template->set_var('show_adveditor', 'none');
$sp_template->set_var('show_htmleditor', '');
}
$post_options = '<option value="html" selected="selected">' . $LANG_postmodes['html'] . '</option>';
if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
$sp_template->set_var('post_options', $post_options);
$sp_template->set_var('change_editormode', 'onchange="change_editmode(this);"');
} else {
$sp_template->set_file('form', 'editor.thtml');
}
// Add JavaScript
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$sp_template->set_var('titletoid', true);
}
$sp_template->set_var('lang_mode', $LANG24[3]);
$sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
$sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$sp_template->set_var('lang_owner', $LANG_ACCESS['owner']);
$owner_name = COM_getDisplayName($A['owner_id']);
$owner_username = DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}");
$sp_template->set_var('owner_id', $A['owner_id']);
$sp_template->set_var('owner', $owner_name);
$sp_template->set_var('owner_name', $owner_name);
$sp_template->set_var('owner_username', $owner_username);
if ($A['owner_id'] > 1) {
$profile_link = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['owner_id'];
$sp_template->set_var('start_owner_anchortag', '<a href="' . $profile_link . '">');
$sp_template->set_var('end_owner_anchortag', '</a>');
$sp_template->set_var('owner_link', COM_createLink($owner_name, $profile_link));
$photo = '';
if ($_CONF['allow_user_photo']) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$A['owner_id']}");
if (!empty($photo)) {
$camera_icon = '<img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" alt=""' . XHTML . '>';
$sp_template->set_var('camera_icon', COM_createLink($camera_icon, $profile_link));
}
}
if (empty($photo)) {
$sp_template->set_var('camera_icon', '');
}
} else {
$sp_template->set_var('start_owner_anchortag', '');
$sp_template->set_var('end_owner_anchortag', '');
$sp_template->set_var('owner_link', $owner_name);
}
$sp_template->set_var('lang_group', $LANG_ACCESS['group']);
$sp_template->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$sp_template->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$token = SEC_createToken();
$start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
$start_block .= SEC_getTokenExpiryNotice($token);
$sp_template->set_var('start_block_editor', $start_block);
$sp_template->set_var('lang_save', $LANG_ADMIN['save']);
$sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$sp_template->set_var('lang_preview', $LANG_ADMIN['preview']);
if (SEC_hasRights('staticpages.delete') && $mode != 'clone' && !empty($A['sp_old_id'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$sp_template->set_var('delete_option', '');
}
$sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
$sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$authorname = COM_getDisplayName($A['owner_id']);
$sp_template->set_var('name', $authorname);
$sp_template->set_var('author', $authorname);
$sp_template->set_var('lang_url', $LANG_STATIC['url']);
$sp_template->set_var('lang_id', $LANG_STATIC['id']);
$sp_template->set_var('sp_uid', $A['owner_id']);
$sp_template->set_var('sp_id', $A['sp_id']);
$sp_template->set_var('sp_old_id', $A['sp_old_id']);
$sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $A['sp_id']));
$sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
$sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
$sp_template->set_var('lang_centerblock_include', $LANG21[51]);
$sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
$sp_template->set_var('centerblock_help', $A['sp_help']);
$sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
$sp_template->set_var('centerblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('centerblock_checked', '');
}
$sp_template->set_var('lang_position', $LANG_STATIC['position']);
$position = '<select name="sp_where">';
$position .= '<option value="1"';
if ($A['sp_where'] == 1) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_top'] . '</option>';
$position .= '<option value="2"';
if ($A['sp_where'] == 2) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
$position .= '<option value="3"';
if ($A['sp_where'] == 3) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
$position .= '<option value="0"';
if ($A['sp_where'] == 0) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
$position .= '</select>';
$sp_template->set_var('pos_selection', $position);
if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
if (!isset($A['sp_php'])) {
$A['sp_php'] = 0;
}
$selection = '<select name="sp_php">' . LB;
$selection .= '<option value="0"';
if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
$selection .= '<option value="1"';
if ($A['sp_php'] == 1) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
$selection .= '<option value="2"';
if ($A['sp_php'] == 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
$selection .= '</select>';
$sp_template->set_var('php_selector', $selection);
$sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
} else {
$sp_template->set_var('php_selector', '');
$sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
}
$sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
// old variables (for the 1.3-type checkbox)
$sp_template->set_var('php_checked', '');
$sp_template->set_var('php_type', 'hidden');
if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
$sp_template->set_var('exit_checked', 'checked="checked"');
} else {
$sp_template->set_var('exit_checked', '');
}
$sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
$sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
if ($A['sp_inblock'] == 1) {
$sp_template->set_var('inblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('inblock_checked', '');
}
$sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
$sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
if ($A['draft_flag'] == 1) {
$sp_template->set_var('draft_flag_checked', 'checked="checked"');
} else {
$sp_template->set_var('draft_flag_checked', '');
}
$sp_template->set_var('lang_draft', $LANG_STATIC['draft']);
$sp_template->set_var('lang_cache_time', $LANG_STATIC['cache_time']);
$sp_template->set_var('lang_cache_time_desc', $LANG_STATIC['cache_time_desc']);
$sp_template->set_var('cache_time', $A['cache_time']);
$curtime = COM_getUserDateTimeFormat($A['unixdate']);
$sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
$sp_template->set_var('sp_formateddate', $curtime[0]);
$sp_template->set_var('sp_date', $curtime[1]);
$sp_template->set_var('lang_title', $LANG_STATIC['title']);
$sp_template->set_var('lang_page_title', $LANG_STATIC['page_title']);
$title = '';
$page_title = '';
if (isset($A['sp_title'])) {
$title = htmlspecialchars(stripslashes($A['sp_title']));
}
if (isset($A['sp_page_title'])) {
$page_title = htmlspecialchars(stripslashes($A['sp_page_title']));
}
$sp_template->set_var('sp_title', $title);
$sp_template->set_var('sp_page_title', $page_title);
$sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
if ($mode != 'clone') {
// want to use default topic selection if new staticpage so pass in blank id
$topic_sp_id = $A['sp_id'];
if (empty($sp_id) && $mode == 'edit') {
// means new
$topic_sp_id = '';
}
$sp_template->set_var('topic_selection', TOPIC_getTopicSelectionControl('staticpages', $topic_sp_id, true, false, true));
} else {
$sp_template->set_var('topic_selection', TOPIC_getTopicSelectionControl('staticpages', $A['clone_sp_id'], true, false, true));
}
$sp_template->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$sp_template->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($A['meta_description'])) {
$sp_template->set_var('meta_description', $A['meta_description']);
}
if (!empty($A['meta_keywords'])) {
$sp_template->set_var('meta_keywords', $A['meta_keywords']);
}
if ($_CONF['meta_tags'] > 0 && $_SP_CONF['meta_tags'] > 0) {
$sp_template->set_var('hide_meta', '');
} else {
$sp_template->set_var('hide_meta', ' style="display:none;"');
}
if ($A['template_flag'] == 1) {
$sp_template->set_var('template_flag_checked', 'checked="checked"');
} else {
$sp_template->set_var('template_flag_checked', '');
}
$sp_template->set_var('lang_template', $LANG_STATIC['template']);
$sp_template->set_var('lang_template_flag_msg', $LANG_STATIC['template_msg']);
$template_list = templatelist($A['template_id']);
$template_none = '<option value=""';
if ($A['template_id'] == "") {
$template_none .= ' selected="selected"';
}
$template_none .= '>' . $LANG_STATIC['none'] . '</option>';
$sp_template->set_var('use_template_selection', '<select name="template_id">' . $template_none . $template_list . '</select>');
$sp_template->set_var('lang_use_template', $LANG_STATIC['use_template']);
$sp_template->set_var('lang_use_template_msg', $LANG_STATIC['use_template_msg']);
$sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
$sp_template->set_var('onmenu_checked', 'checked="checked"');
} else {
$sp_template->set_var('onmenu_checked', '');
}
$sp_template->set_var('lang_label', $LANG_STATIC['label']);
if (isset($A['sp_label'])) {
$sp_template->set_var('sp_label', $A['sp_label']);
} else {
$sp_template->set_var('sp_label', '');
}
$sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
$sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
$sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
$sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
$sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
if (!isset($A['sp_format'])) {
$A['sp_format'] = '';
}
if ($A['sp_format'] == 'noblocks') {
$sp_template->set_var('noblock_selected', 'selected="selected"');
} else {
$sp_template->set_var('noblock_selected', '');
}
if ($A['sp_format'] == 'leftblocks') {
$sp_template->set_var('leftblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('leftblocks_selected', '');
}
if ($A['sp_format'] == 'blankpage') {
$sp_template->set_var('blankpage_selected', 'selected="selected"');
} else {
$sp_template->set_var('blankpage_selected', '');
}
if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
$sp_template->set_var('allblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('allblocks_selected', '');
}
$sp_template->set_var('lang_content', $LANG_STATIC['content']);
$content = '';
if (isset($A['sp_content'])) {
$content = htmlspecialchars(stripslashes($A['sp_content']));
$content = str_replace(array('{', '}'), array('{', '}'), $content);
}
$sp_template->set_var('sp_content', $content);
$allowed = COM_allowedHTML('staticpages.edit', false, $_SP_CONF['filter_html']) . COM_allowedAutotags();
$sp_template->set_var('lang_allowedhtml', $allowed);
$sp_template->set_var('lang_allowed_html', $allowed);
$sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
if (empty($A['sp_hits'])) {
$sp_template->set_var('sp_hits', '0');
$sp_template->set_var('sp_hits_formatted', '0');
} else {
$sp_template->set_var('sp_hits', $A['sp_hits']);
$sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
}
$sp_template->set_var('lang_comments', $LANG_STATIC['comments']);
if ($A['commentcode'] == -1) {
$sp_template->set_var('sp_comments', $LANG_ADMIN['na']);
} else {
$num_comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($A['sp_id']), 'staticpages'));
$sp_template->set_var('sp_comments', COM_numberFormat($num_comments));
}
$sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$sp_template->set_var('gltoken_name', CSRF_TOKEN);
$sp_template->set_var('gltoken', $token);
$sp_template->parse('output', 'form');
$retval .= $sp_template->finish($sp_template->get_var('output'));
return $retval;
}
/**
* Displays the Auto Tag Editor
*
* @tag string tag to edit
* @mode string Mode
*
*/
function autotagseditor($tag, $mode = '')
{
global $_TABLES, $_USER, $_GROUPS, $_AUTO_CONF;
if (!empty($tag) && $mode == 'edit') {
$query = DB_query("SELECT * FROM {$_TABLES['autotags']} WHERE tag = '{$tag}'");
$A = DB_fetchArray($query);
$A['old_tag'] = $A['tag'];
} elseif ($mode == 'edit') {
$A['tag'] = '';
$A['old_tag'] = '';
$A['is_enabled'] = '0';
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Autotags Admin'])) {
$A['group_id'] = $_GROUPS['Autotags Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('autotags.edit');
}
SEC_setDefaultPermissions($A, $_AUTO_CONF['default_autotag_permissions']);
} else {
$A = $_POST;
$A['tag'] = COM_applyFilter($A['tag']);
}
return form($A);
}
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
return PLG_RET_AUTH_FAILED;
}
require_once $_CONF['path_system'] . 'lib-comment.php';
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
// Store the first CATEGORY as the Topic ID
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
// - START: Set all the defaults -
/*
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid',
'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
} */
/* This is a solution for above but the above has issues
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topics selected or available';
return PLG_RET_ERROR;
}
*/
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
// - END: Set all the defaults -
// TEST CODE
/* foreach ($args as $k => $v) {
if (!is_array($v)) {
echo "$k => $v\r\n";
} else {
echo "$k => $v\r\n";
foreach ($v as $k1 => $v1) {
echo " $k1 => $v1\r\n";
}
}
}*/
// exit ();
// END TEST CODE
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
} else {
$args['sid'] = COM_makeSid();
}
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original story to check if it has been modified
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
// This function is also doing the security checks
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
// Check if topics selected if not prompt required field
if ($result == STORY_LOADED_OK) {
if (!TOPIC_checkTopicSelectionControl()) {
$result = STORY_EMPTY_REQUIRED_FIELDS;
}
}
switch ($result) {
case STORY_DUPLICATE_SID:
$output .= COM_errorLog($LANG24[24], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
return PLG_RET_ERROR;
break;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_EMPTY_REQUIRED_FIELDS:
$output .= COM_errorLog($LANG24[31], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output);
return PLG_RET_ERROR;
break;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new Upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $z . '.' . $fextension;
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$output .= '<li>' . $err . '</li>' . LB;
}
$output .= '</ul>' . LB;
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= storyeditor($sid);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s)
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_rdfUpToDateCheck('comment');
STORY_updateLastArticlePublished();
CMT_updateCommentcodes();
if ($story->type == 'submission') {
$output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
/**
* Shows event editor
*
* @param string $action action we are performing: 'edit', 'clone' or 'moderate'
* @param array $A array holding the event's details
* @param string $msg an optional error message to display
* @return string HTML for event editor or error message
*
*/
function CALENDAR_edit($action, $A, $msg = '')
{
global $_CONF, $_USER, $_GROUPS, $_TABLES, $_USER, $_CA_CONF, $LANG_CAL_1, $LANG_CAL_ADMIN, $LANG10, $LANG12, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE;
USES_lib_admin();
$retval = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php', 'text' => $LANG_CAL_ADMIN[40]), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']), array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php?batchadmin=x', 'text' => $LANG_CAL_ADMIN[38]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
switch ($action) {
case 'edit':
case 'clone':
$blocktitle = $LANG_CAL_ADMIN[1];
// Event Editor
$saveoption = $LANG_ADMIN['save'];
// Save
break;
case 'moderate':
$blocktitle = $LANG_CAL_ADMIN[37];
// Moderate Event
$saveoption = $LANG_ADMIN['moderate'];
// Save & Approve
break;
}
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG_CAL_ADMIN[2], true);
}
$event_templates = new Template($_CONF['path'] . 'plugins/calendar/templates/admin');
$event_templates->set_file('editor', 'eventeditor.thtml');
$event_templates->set_var('lang_allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'calendar', 'description'));
$event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]);
if (!isset($A['perm_owner'])) {
$A['perm_owner'][0] = "0";
}
if (!isset($A['perm_group'])) {
$A['perm_group'][0] = "0";
}
if (!isset($A['perm_members'])) {
$A['perm_members'][0] = "0";
}
if (!isset($A['perm_anon'])) {
$A['perm_anon'][0] = "0";
}
if ($action != 'moderate' and !empty($A['eid'])) {
// Get what level of access user has to this object
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
// Uh, oh! User doesn't have access to this object
$retval .= COM_showMessageText($LANG_CAL_ADMIN[17], $LANG_ACCESS['accessdenied'], true);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
} else {
if (!isset($A['owner_id']) || $A['owner_id'] == '') {
$A['owner_id'] = $_USER['uid'];
}
if (isset($_GROUPS['Calendar Admin'])) {
$A['group_id'] = $_GROUPS['Calendar Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('calendar.edit');
}
SEC_setDefaultPermissions($A, $_CA_CONF['default_permissions']);
$access = 3;
}
if ($action == 'moderate') {
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', 'plaintext'));
} else {
if (!isset($A['postmode'])) {
$A['postmode'] = $_CONF['postmode'];
}
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', $A['postmode']));
}
$retval .= COM_startBlock($blocktitle, '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_CAL_ADMIN[41], plugin_geticon_calendar());
if (!empty($A['eid'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$event_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
$event_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$event_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
if ($action == 'moderate') {
$event_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>');
}
} else {
// new event
$A['eid'] = COM_makesid();
$A['status'] = 1;
$A['title'] = '';
$A['description'] = '';
$A['url'] = '';
$A['hits'] = 0;
// in case a start date/time has been passed from the calendar,
// pick it up for the end date/time
if (empty($A['dateend'])) {
$A['dateend'] = $A['datestart'];
}
if (empty($A['timeend'])) {
$A['timeend'] = $A['timestart'];
}
$A['event_type'] = '';
$A['location'] = '';
$A['address1'] = '';
$A['address2'] = '';
$A['city'] = '';
$A['state'] = '';
$A['zipcode'] = '';
$A['allday'] = 0;
}
$event_templates->set_var('event_id', $A['eid']);
$event_templates->set_var('lang_eventtitle', $LANG_ADMIN['title']);
$A['title'] = str_replace('{', '{', $A['title']);
$A['title'] = str_replace('}', '}', $A['title']);
$A['title'] = str_replace('"', '"', $A['title']);
$event_templates->set_var('event_title', $A['title']);
$event_templates->set_var('lang_eventtype', $LANG_CAL_1[37]);
$event_templates->set_var('lang_editeventtypes', $LANG12[50]);
$event_templates->set_var('type_options', CALENDAR_eventTypeList($A['event_type']));
$event_templates->set_var('status_checked', $A['status'] == 1 ? ' checked="checked"' : '');
$event_templates->set_var('lang_eventurl', $LANG_CAL_ADMIN[4]);
$event_templates->set_var('max_url_length', 255);
$event_templates->set_var('event_url', $A['url']);
$event_templates->set_var('lang_includehttp', $LANG_CAL_ADMIN[9]);
$event_templates->set_var('lang_eventstartdate', $LANG_CAL_ADMIN[5]);
//$event_templates->set_var('event_startdate', $A['datestart']);
$event_templates->set_var('lang_starttime', $LANG_CAL_1[30]);
// Combine date/time for easier manipulation
$A['datestart'] = trim($A['datestart'] . ' ' . $A['timestart']);
if (empty($A['datestart'])) {
$start_stamp = time();
} else {
$start_stamp = strtotime($A['datestart']);
}
$A['dateend'] = trim($A['dateend'] . ' ' . $A['timeend']);
if (empty($A['dateend'])) {
$end_stamp = time();
} else {
$end_stamp = strtotime($A['dateend']);
}
$start_month = date('m', $start_stamp);
$start_day = date('d', $start_stamp);
$start_year = date('Y', $start_stamp);
$end_month = date('m', $end_stamp);
$end_day = date('d', $end_stamp);
$end_year = date('Y', $end_stamp);
$start_hour = date('H', $start_stamp);
$start_minute = intval(date('i', $start_stamp) / 15) * 15;
if ($start_hour >= 12) {
$startampm = 'pm';
} else {
$startampm = 'am';
}
$start_hour_24 = $start_hour % 24;
if ($start_hour > 12) {
$start_hour = $start_hour - 12;
} else {
if ($start_hour == 0) {
$start_hour = 12;
}
}
$end_hour = date('H', $end_stamp);
$end_minute = intval(date('i', $end_stamp) / 15) * 15;
if ($end_hour >= 12) {
$endampm = 'pm';
} else {
$endampm = 'am';
}
$end_hour_24 = $end_hour % 24;
if ($end_hour > 12) {
$end_hour = $end_hour - 12;
} else {
if ($end_hour == 0) {
$end_hour = 12;
}
}
$month_options = COM_getMonthFormOptions($start_month);
$event_templates->set_var('startmonth_options', $month_options);
$month_options = COM_getMonthFormOptions($end_month);
$event_templates->set_var('endmonth_options', $month_options);
$day_options = COM_getDayFormOptions($start_day);
$event_templates->set_var('startday_options', $day_options);
$day_options = COM_getDayFormOptions($end_day);
$event_templates->set_var('endday_options', $day_options);
$year_options = COM_getYearFormOptions($start_year);
$event_templates->set_var('startyear_options', $year_options);
$year_options = COM_getYearFormOptions($end_year);
$event_templates->set_var('endyear_options', $year_options);
if (isset($_CA_CONF['hour_mode']) && $_CA_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($start_hour_24, 24);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour_24, 24);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 24);
} else {
$hour_options = COM_getHourFormOptions($start_hour);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 12);
}
$event_templates->set_var('startampm_selection', CALENDAR_getAmPmFormSelection('start_ampm', $startampm, 'update_ampm()'));
$event_templates->set_var('endampm_selection', CALENDAR_getAmPmFormSelection('end_ampm', $endampm));
$event_templates->set_var('startminute_options', COM_getMinuteFormOptions($start_minute, 15));
$event_templates->set_var('endminute_options', COM_getMinuteFormOptions($end_minute, 15));
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_eventenddate', $LANG_CAL_ADMIN[6]);
$event_templates->set_var('event_enddate', $A['dateend']);
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_endtime', $LANG_CAL_1[29]);
$event_templates->set_var('lang_alldayevent', $LANG_CAL_1[31]);
if ($A['allday'] == 1) {
$event_templates->set_var('allday_checked', 'checked="checked"');
}
$event_templates->set_var('lang_location', $LANG12[51]);
$event_templates->set_var('event_location', $A['location']);
$event_templates->set_var('lang_addressline1', $LANG12[44]);
$event_templates->set_var('event_address1', $A['address1']);
$event_templates->set_var('lang_addressline2', $LANG12[45]);
$event_templates->set_var('event_address2', $A['address2']);
$event_templates->set_var('lang_city', $LANG12[46]);
$event_templates->set_var('event_city', $A['city']);
$event_templates->set_var('lang_state', $LANG12[47]);
$event_templates->set_var('state_options', '');
$event_templates->set_var('event_state', $A['state']);
$event_templates->set_var('lang_zipcode', $LANG12[48]);
$event_templates->set_var('event_zipcode', $A['zipcode']);
$event_templates->set_var('lang_eventlocation', $LANG_CAL_ADMIN[7]);
$event_templates->set_var('event_location', $A['location']);
$event_templates->set_var('lang_eventdescription', $LANG_CAL_ADMIN[8]);
$event_templates->set_var('event_description', $A['description']);
$event_templates->set_var('lang_hits', $LANG10[30]);
$event_templates->set_var('hits', COM_numberFormat($A['hits']));
$event_templates->set_var('lang_save', $saveoption);
$event_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$event_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$event_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$event_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$event_templates->set_var('owner_name', $ownername);
$event_templates->set_var('owner', $ownername);
$event_templates->set_var('owner_id', $A['owner_id']);
$event_templates->set_var('lang_group', $LANG_ACCESS['group']);
$event_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$event_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$event_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$event_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$event_templates->set_var('gltoken_name', CSRF_TOKEN);
$event_templates->set_var('gltoken', SEC_createToken());
$event_templates->parse('output', 'editor');
$retval .= $event_templates->finish($event_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Shows poll editor
*
* Diplays the poll editor form
*
* @param string $pid ID of poll to edit
* @return string HTML for poll editor form
*
*/
function editpoll($pid = '')
{
global $_CONF, $_PO_CONF, $_GROUPS, $_TABLES, $_USER, $LANG25, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $LANG_POLLS;
$retval = '';
if (!empty($pid)) {
$topic = DB_query("SELECT * FROM {$_TABLES['polltopics']} WHERE pid='{$pid}'");
$T = DB_fetchArray($topic);
// Get permissions for poll
$access = SEC_hasAccess($T['owner_id'], $T['group_id'], $T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon']);
if ($access == 0 or $access == 2) {
// User doesn't have access...bail
$retval .= COM_startBlock($LANG25[21], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[22];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
return $retval;
}
}
// writing the menu on top
require_once $_CONF['path_system'] . 'lib-admin.php';
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', 'text' => $LANG_ADMIN['list_all']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$token = SEC_createToken();
$retval .= COM_startBlock($LANG25[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $LANG_POLLS['editinstructions'], plugin_geticon_polls());
$retval .= SEC_getTokenExpiryNotice($token);
$poll_templates = new Template($_CONF['path'] . 'plugins/polls/templates/admin/');
$poll_templates->set_file(array('editor' => 'polleditor.thtml', 'question' => 'pollquestions.thtml', 'answer' => 'pollansweroption.thtml'));
$poll_templates->set_var('xhtml', XHTML);
$poll_templates->set_var('site_url', $_CONF['site_url']);
$poll_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$poll_templates->set_var('layout_url', $_CONF['layout_url']);
if (!empty($pid) and $access == 3 and !empty($T['owner_id'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$poll_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$poll_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$T['pid'] = COM_makeSid();
$T['topic'] = '';
$T['meta_description'] = '';
$T['meta_keywords'] = '';
$T['voters'] = 0;
$T['display'] = 1;
$T['is_open'] = 1;
$T['hideresults'] = 0;
$T['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Polls Admin'])) {
$T['group_id'] = $_GROUPS['Polls Admin'];
} else {
$T['group_id'] = SEC_getFeatureGroup('polls.edit');
}
SEC_setDefaultPermissions($T, $_PO_CONF['default_permissions']);
$T['statuscode'] = 0;
$T['commentcode'] = $_CONF['comment_code'];
$access = 3;
}
$poll_templates->set_var('lang_pollid', $LANG25[6]);
$poll_templates->set_var('poll_id', $T['pid']);
$poll_templates->set_var('lang_donotusespaces', $LANG25[7]);
$poll_templates->set_var('lang_topic', $LANG25[9]);
$poll_templates->set_var('poll_topic', htmlspecialchars($T['topic']));
$poll_templates->set_var('lang_mode', $LANG25[1]);
$poll_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$poll_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($T['meta_description'])) {
$poll_templates->set_var('meta_description', $T['meta_description']);
}
if (!empty($T['meta_keywords'])) {
$poll_templates->set_var('meta_keywords', $T['meta_keywords']);
}
$poll_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $T['statuscode']));
$poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $T['commentcode']));
$poll_templates->set_var('lang_appearsonhomepage', $LANG25[8]);
$poll_templates->set_var('lang_openforvoting', $LANG25[33]);
$poll_templates->set_var('lang_hideresults', $LANG25[37]);
$poll_templates->set_var('poll_hideresults_explain', $LANG25[38]);
$poll_templates->set_var('poll_topic_info', $LANG25[39]);
if ($T['display'] == 1) {
$poll_templates->set_var('poll_display', 'checked="checked"');
}
if ($T['is_open'] == 1) {
$poll_templates->set_var('poll_open', 'checked="checked"');
}
if ($T['hideresults'] == 1) {
$poll_templates->set_var('poll_hideresults', 'checked="checked"');
}
// user access info
$poll_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$poll_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($T['owner_id']);
$poll_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$T['owner_id']}"));
$poll_templates->set_var('owner_name', $ownername);
$poll_templates->set_var('owner', $ownername);
$poll_templates->set_var('owner_id', $T['owner_id']);
$poll_templates->set_var('lang_group', $LANG_ACCESS['group']);
$poll_templates->set_var('group_dropdown', SEC_getGroupDropdown($T['group_id'], $access));
$poll_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$poll_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$poll_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon']));
$poll_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$poll_templates->set_var('lang_answersvotes', $LANG25[10]);
$poll_templates->set_var('lang_save', $LANG_ADMIN['save']);
$poll_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// repeat for several questions
$question_sql = "SELECT question,qid " . "FROM {$_TABLES['pollquestions']} WHERE pid='{$pid}' ORDER BY qid;";
$questions = DB_query($question_sql);
include $_CONF['path_system'] . 'classes/navbar.class.php';
$navbar = new navbar();
for ($j = 0; $j < $_PO_CONF['maxquestions']; $j++) {
$display_id = $j + 1;
if ($j > 0) {
$poll_templates->set_var('style', 'style="display:none;"');
} else {
$poll_templates->set_var('style', '');
}
$navbar->add_menuitem($LANG25[31] . " {$display_id}", "showhidePollsEditorDiv(\"{$j}\",{$j},{$_PO_CONF['maxquestions']});return false;", true);
$Q = DB_fetchArray($questions);
$poll_templates->set_var('question_text', $Q['question']);
$poll_templates->set_var('question_id', $j);
$poll_templates->set_var('lang_question', $LANG25[31] . " {$display_id}");
$poll_templates->set_var('lang_saveaddnew', $LANG25[32]);
// answers
$answer_sql = "SELECT answer,aid,votes,remark " . "FROM {$_TABLES['pollanswers']} WHERE qid='{$j}' AND pid='{$pid}' ORDER BY aid";
$answers = DB_query($answer_sql);
for ($i = 0; $i < $_PO_CONF['maxanswers']; $i++) {
if (isset($answers)) {
$A = DB_fetchArray($answers);
$poll_templates->set_var('answer_text', htmlspecialchars($A['answer']));
$poll_templates->set_var('answer_votes', $A['votes']);
$poll_templates->set_var('remark_text', $A['remark']);
} else {
$poll_templates->set_var('answer_text', '');
$poll_templates->set_var('answer_votes', '');
$poll_templates->set_var('remark_text', '');
}
$poll_templates->parse('answer_option', 'answer', true);
}
$poll_templates->parse('question_list', 'question', true);
$poll_templates->clear_var('answer_option');
}
$navbar->set_selected($LANG25[31] . " 1");
$poll_templates->set_var('navbar', $navbar->generate());
$poll_templates->set_var('gltoken_name', CSRF_TOKEN);
$poll_templates->set_var('gltoken', $token);
$poll_templates->parse('output', 'editor');
$retval .= $poll_templates->finish($poll_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Displays the static page editor form
*
* @param array $A Data to display
* @return string HTML for the static page editor
*
*/
function staticpageeditor_form($A, $error = false)
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG24, $LANG_postmodes, $MESSAGE;
$template_path = staticpages_templatePath('admin');
if (!empty($sp_id) && $mode == 'edit') {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
if ($mode != 'clone') {
$A['sp_inblock'] = $_SP_CONF['in_block'];
}
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Static Page Admin'])) {
$A['group_id'] = $_GROUPS['Static Page Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
}
SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
$access = 3;
if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1 && file_exists($template_path . '/editor_advanced.thtml')) {
$A['advanced_editor_mode'] = 1;
}
}
$retval = '';
$sp_template = new Template($template_path);
if (isset($_CONF['advanced_editor']) && $_CONF['advanced_editor'] == 1 && file_exists($template_path . '/editor_advanced.thtml')) {
$sp_template->set_file('form', 'editor_advanced.thtml');
$sp_template->set_var('lang_expandhelp', $LANG24[67]);
$sp_template->set_var('lang_reducehelp', $LANG24[68]);
$sp_template->set_var('lang_toolbar', $LANG24[70]);
$sp_template->set_var('toolbar1', $LANG24[71]);
$sp_template->set_var('toolbar2', $LANG24[72]);
$sp_template->set_var('toolbar3', $LANG24[73]);
$sp_template->set_var('toolbar4', $LANG24[74]);
$sp_template->set_var('toolbar5', $LANG24[75]);
$sp_template->set_var('lang_nojavascript', $LANG24[77]);
$sp_template->set_var('lang_postmode', $LANG24[4]);
if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
$sp_template->set_var('show_adveditor', '');
$sp_template->set_var('show_htmleditor', 'none');
} else {
$sp_template->set_var('show_adveditor', 'none');
$sp_template->set_var('show_htmleditor', '');
}
$post_options = '<option value="html" selected="selected">' . $LANG_postmodes['html'] . '</option>';
if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
$sp_template->set_var('post_options', $post_options);
$sp_template->set_var('change_editormode', 'onchange="change_editmode(this);"');
} else {
$sp_template->set_file('form', 'editor.thtml');
}
$sp_template->set_var('layout_url', $_CONF['layout_url']);
$sp_template->set_var('lang_mode', $LANG24[3]);
$sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
$sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$sp_template->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$sp_template->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$sp_template->set_var('owner_name', $ownername);
$sp_template->set_var('owner', $ownername);
$sp_template->set_var('owner_id', $A['owner_id']);
$sp_template->set_var('lang_group', $LANG_ACCESS['group']);
$sp_template->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$sp_template->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$sp_template->set_var('site_url', $_CONF['site_url']);
$sp_template->set_var('site_admin_url', $_CONF['site_admin_url']);
$token = SEC_createToken();
$start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
$start_block .= SEC_getTokenExpiryNotice($token);
$sp_template->set_var('start_block_editor', $start_block);
$sp_template->set_var('lang_save', $LANG_ADMIN['save']);
$sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$sp_template->set_var('lang_preview', $LANG_ADMIN['preview']);
if (SEC_hasRights('staticpages.delete') && $mode != 'clone' && !empty($A['sp_old_id'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$sp_template->set_var('delete_option', '');
}
$sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
$sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['sp_uid']}"));
$authorname = COM_getDisplayName($A['sp_uid']);
$sp_template->set_var('name', $authorname);
$sp_template->set_var('author', $authorname);
$sp_template->set_var('lang_url', $LANG_STATIC['url']);
$sp_template->set_var('lang_id', $LANG_STATIC['id']);
$sp_template->set_var('sp_uid', $A['sp_uid']);
$sp_template->set_var('sp_id', $A['sp_id']);
$sp_template->set_var('sp_old_id', $A['sp_old_id']);
$sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $A['sp_id']));
$sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
$sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
$sp_template->set_var('lang_centerblock_include', $LANG21[51]);
$sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
$sp_template->set_var('centerblock_help', $A['sp_help']);
$sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
$sp_template->set_var('centerblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('centerblock_checked', '');
}
$sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
$sp_template->set_var('lang_position', $LANG_STATIC['position']);
$current_topic = '';
if (isset($A['sp_tid'])) {
$current_topic = $A['sp_tid'];
}
if (empty($current_topic)) {
$current_topic = 'none';
}
$topics = COM_topicList('tid,topic', $current_topic, 1, true);
$alltopics = '<option value="all"';
if ($current_topic == 'all') {
$alltopics .= ' selected="selected"';
}
$alltopics .= '>' . $LANG_STATIC['all_topics'] . '</option>' . LB;
$notopic = '<option value="none"';
if ($current_topic == 'none') {
$notopic .= ' selected="selected"';
}
$notopic .= '>' . $LANG_STATIC['no_topic'] . '</option>' . LB;
$sp_template->set_var('topic_selection', '<select name="sp_tid">' . $alltopics . $notopic . $topics . '</select>');
$position = '<select name="sp_where">';
$position .= '<option value="1"';
if ($A['sp_where'] == 1) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_top'] . '</option>';
$position .= '<option value="2"';
if ($A['sp_where'] == 2) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
$position .= '<option value="3"';
if ($A['sp_where'] == 3) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
$position .= '<option value="0"';
if ($A['sp_where'] == 0) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
$position .= '</select>';
$sp_template->set_var('pos_selection', $position);
if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
if (!isset($A['sp_php'])) {
$A['sp_php'] = 0;
}
$selection = '<select name="sp_php">' . LB;
$selection .= '<option value="0"';
if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
$selection .= '<option value="1"';
if ($A['sp_php'] == 1) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
$selection .= '<option value="2"';
if ($A['sp_php'] == 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
$selection .= '</select>';
$sp_template->set_var('php_selector', $selection);
$sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
} else {
$sp_template->set_var('php_selector', '');
$sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
}
$sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
// old variables (for the 1.3-type checkbox)
$sp_template->set_var('php_checked', '');
$sp_template->set_var('php_type', 'hidden');
if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
$sp_template->set_var('exit_checked', 'checked="checked"');
} else {
$sp_template->set_var('exit_checked', '');
}
$sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
$sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
if ($A['sp_inblock'] == 1) {
$sp_template->set_var('inblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('inblock_checked', '');
}
$sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
$sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
$curtime = COM_getUserDateTimeFormat($A['unixdate']);
$sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
$sp_template->set_var('sp_formateddate', $curtime[0]);
$sp_template->set_var('sp_date', $curtime[1]);
$sp_template->set_var('lang_title', $LANG_STATIC['title']);
$title = '';
if (isset($A['sp_title'])) {
$title = htmlspecialchars(stripslashes($A['sp_title']));
}
$sp_template->set_var('sp_title', $title);
$sp_template->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$sp_template->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($A['meta_description'])) {
$sp_template->set_var('meta_description', $A['meta_description']);
}
if (!empty($A['meta_keywords'])) {
$sp_template->set_var('meta_keywords', $A['meta_keywords']);
}
$sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
$sp_template->set_var('onmenu_checked', 'checked="checked"');
} else {
$sp_template->set_var('onmenu_checked', '');
}
$sp_template->set_var('lang_label', $LANG_STATIC['label']);
if (isset($A['sp_label'])) {
$sp_template->set_var('sp_label', $A['sp_label']);
} else {
$sp_template->set_var('sp_label', '');
}
$sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
$sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
$sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
$sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
$sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
if (!isset($A['sp_format'])) {
$A['sp_format'] = '';
}
if ($A['sp_format'] == 'noblocks') {
$sp_template->set_var('noblock_selected', 'selected="selected"');
} else {
$sp_template->set_var('noblock_selected', '');
}
if ($A['sp_format'] == 'leftblocks') {
$sp_template->set_var('leftblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('leftblocks_selected', '');
}
if ($A['sp_format'] == 'blankpage') {
$sp_template->set_var('blankpage_selected', 'selected="selected"');
} else {
$sp_template->set_var('blankpage_selected', '');
}
if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
$sp_template->set_var('allblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('allblocks_selected', '');
}
$sp_template->set_var('lang_content', $LANG_STATIC['content']);
$content = '';
if (isset($A['sp_content'])) {
$content = htmlspecialchars(stripslashes($A['sp_content']));
$content = str_replace(array('{', '}'), array('{', '}'), $content);
}
$sp_template->set_var('sp_content', $content);
if ($_SP_CONF['filter_html'] == 1) {
$allowed = COM_allowedHTML('staticpages.edit');
$sp_template->set_var('lang_allowedhtml', $allowed);
$sp_template->set_var('lang_allowed_html', $allowed);
} else {
$sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']);
$allowed = '<span class="warningsmall">' . $LANG_STATIC['all_html_allowed'] . ',</span>' . LB . '<div dir="ltr" class="warningsmall">';
$autotags = array_keys(PLG_collectTags());
$allowed .= '[' . implode(':], [', $autotags) . ':]';
$allowed .= '</div>';
$sp_template->set_var('lang_allowed_html', $allowed);
}
$sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
if (empty($A['sp_hits'])) {
$sp_template->set_var('sp_hits', '0');
$sp_template->set_var('sp_hits_formatted', '0');
} else {
$sp_template->set_var('sp_hits', $A['sp_hits']);
$sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
}
$sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$sp_template->set_var('xhtml', XHTML);
$sp_template->set_var('gltoken_name', CSRF_TOKEN);
$sp_template->set_var('gltoken', $token);
$sp_template->parse('output', 'form');
$retval .= $sp_template->finish($sp_template->get_var('output'));
return $retval;
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['access_denied_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_label = strip_tags($sp_label);
$meta_description = strip_tags($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$sp_content = addslashes($sp_content);
$sp_title = addslashes($sp_title);
$sp_page_title = addslashes($sp_page_title);
$sp_label = addslashes($sp_label);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
/**
* Shows event editor
*
* @param string $mode Indicates if this is a submission or a regular entry
* @param array $A array holding the event's details
* @param string $msg an optional error message to display
* @return string HTML for event editor or error message
*
*/
function CALENDAR_editEvent($mode, $A, $msg = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $_CA_CONF, $LANG_CAL_1, $LANG_CAL_ADMIN, $LANG10, $LANG12, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.options.stepMinute = 15;" . " geeklog.datetimepicker.set('start', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('end', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
$retval = '';
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG_CAL_ADMIN[2]);
}
$event_templates = COM_newTemplate(CTL_plugin_templatePath('calendar', 'admin'));
$event_templates->set_file('editor', 'eventeditor.thtml');
$allowed = '';
foreach (array('plaintext', 'html') as $pm) {
$allowed .= COM_allowedHTML('calendar.edit', false, 1, $pm);
}
$allowed .= COM_allowedAutotags();
$event_templates->set_var('lang_allowed_html', $allowed);
$event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]);
if ($mode != 'editsubmission' and !empty($A['eid'])) {
// Get what level of access user has to this object
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 or $access == 2) {
// Uh, oh! User doesn't have access to this object
$retval .= COM_showMessageText($LANG_CAL_ADMIN[17], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
} else {
if (empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
}
if (isset($_GROUPS['Calendar Admin'])) {
$A['group_id'] = $_GROUPS['Calendar Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('calendar.edit');
}
SEC_setDefaultPermissions($A, $_CA_CONF['default_permissions']);
$access = 3;
}
if ($mode == 'editsubmission') {
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', 'plaintext'));
} else {
if (!isset($A['postmode'])) {
$A['postmode'] = $_CONF['postmode'];
}
$event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', $A['postmode']));
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_CAL_ADMIN[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
if (!empty($A['eid'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$event_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$event_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$event_templates->set_var('allow_delete', true);
$event_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$event_templates->set_var('confirm_message', $MESSAGE[76]);
if ($mode == 'editsubmission') {
$event_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
} else {
// new event
$A['eid'] = COM_makesid();
$A['title'] = '';
$A['description'] = '';
$A['url'] = '';
$A['hits'] = 0;
// in case a start date/time has been passed from the calendar,
// pick it up for the end date/time
if (empty($A['dateend'])) {
$A['dateend'] = $A['datestart'];
}
if (empty($A['timeend'])) {
$A['timeend'] = $A['timestart'];
}
$A['event_type'] = '';
$A['location'] = '';
$A['address1'] = '';
$A['address2'] = '';
$A['city'] = '';
$A['state'] = '';
$A['zipcode'] = '';
$A['allday'] = 0;
}
$event_templates->set_var('lang_eventid', $LANG_CAL_ADMIN[34]);
$event_templates->set_var('event_id', $A['eid']);
$event_templates->set_var('lang_eventtitle', $LANG_ADMIN['title']);
$A['title'] = str_replace('{', '{', $A['title']);
$A['title'] = str_replace('}', '}', $A['title']);
$A['title'] = str_replace('"', '"', $A['title']);
$event_templates->set_var('event_title', stripslashes($A['title']));
$event_templates->set_var('lang_eventtype', $LANG_CAL_1[37]);
$event_templates->set_var('lang_editeventtypes', $LANG12[50]);
$event_templates->set_var('type_options', CALENDAR_eventTypeList($A['event_type']));
$event_templates->set_var('lang_eventurl', $LANG_CAL_ADMIN[4]);
$event_templates->set_var('max_url_length', 255);
$event_templates->set_var('event_url', $A['url']);
$event_templates->set_var('lang_includehttp', $LANG_CAL_ADMIN[9]);
$event_templates->set_var('lang_eventstartdate', $LANG_CAL_ADMIN[5]);
//$event_templates->set_var('event_startdate', $A['datestart']);
$event_templates->set_var('lang_starttime', $LANG_CAL_1[30]);
// Combine date/time for easier manipulation
$A['datestart'] = trim($A['datestart'] . ' ' . $A['timestart']);
if (empty($A['datestart'])) {
$start_stamp = time();
} else {
$start_stamp = strtotime($A['datestart']);
}
$A['dateend'] = trim($A['dateend'] . ' ' . $A['timeend']);
if (empty($A['dateend'])) {
$end_stamp = time();
} else {
$end_stamp = strtotime($A['dateend']);
}
$start_month = date('m', $start_stamp);
$start_day = date('d', $start_stamp);
$start_year = date('Y', $start_stamp);
$end_month = date('m', $end_stamp);
$end_day = date('d', $end_stamp);
$end_year = date('Y', $end_stamp);
$start_hour = date('H', $start_stamp);
$start_minute = intval(date('i', $start_stamp) / 15) * 15;
if ($start_hour >= 12) {
$startampm = 'pm';
} else {
$startampm = 'am';
}
$start_hour_24 = $start_hour % 24;
if ($start_hour > 12) {
$start_hour = $start_hour - 12;
} else {
if ($start_hour == 0) {
$start_hour = 12;
}
}
$end_hour = date('H', $end_stamp);
$end_minute = intval(date('i', $end_stamp) / 15) * 15;
if ($end_hour >= 12) {
$endampm = 'pm';
} else {
$endampm = 'am';
}
$end_hour_24 = $end_hour % 24;
if ($end_hour > 12) {
$end_hour = $end_hour - 12;
} else {
if ($end_hour == 0) {
$end_hour = 12;
}
}
$month_options = COM_getMonthFormOptions($start_month);
$event_templates->set_var('startmonth_options', $month_options);
$month_options = COM_getMonthFormOptions($end_month);
$event_templates->set_var('endmonth_options', $month_options);
$day_options = COM_getDayFormOptions($start_day);
$event_templates->set_var('startday_options', $day_options);
$day_options = COM_getDayFormOptions($end_day);
$event_templates->set_var('endday_options', $day_options);
$year_options = COM_getYearFormOptions($start_year);
$event_templates->set_var('startyear_options', $year_options);
$year_options = COM_getYearFormOptions($end_year);
$event_templates->set_var('endyear_options', $year_options);
if (isset($_CA_CONF['hour_mode']) && $_CA_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($start_hour_24, 24);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour_24, 24);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 24);
} else {
$hour_options = COM_getHourFormOptions($start_hour);
$event_templates->set_var('starthour_options', $hour_options);
$hour_options = COM_getHourFormOptions($end_hour);
$event_templates->set_var('endhour_options', $hour_options);
$event_templates->set_var('hour_mode', 12);
}
$event_templates->set_var('startampm_selection', COM_getAmPmFormSelection('start_ampm', $startampm));
$event_templates->set_var('endampm_selection', COM_getAmPmFormSelection('end_ampm', $endampm));
$event_templates->set_var('startminute_options', COM_getMinuteFormOptions($start_minute, 15));
$event_templates->set_var('endminute_options', COM_getMinuteFormOptions($end_minute, 15));
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_eventenddate', $LANG_CAL_ADMIN[6]);
$event_templates->set_var('event_enddate', $A['dateend']);
$event_templates->set_var('lang_enddate', $LANG12[13]);
$event_templates->set_var('lang_endtime', $LANG_CAL_1[29]);
$event_templates->set_var('lang_alldayevent', $LANG_CAL_1[31]);
if ($A['allday'] == 1) {
$event_templates->set_var('allday_checked', 'checked="checked"');
}
$event_templates->set_var('lang_location', $LANG12[51]);
$event_templates->set_var('event_location', stripslashes($A['location']));
$event_templates->set_var('lang_addressline1', $LANG12[44]);
$event_templates->set_var('event_address1', stripslashes($A['address1']));
$event_templates->set_var('lang_addressline2', $LANG12[45]);
$event_templates->set_var('event_address2', stripslashes($A['address2']));
$event_templates->set_var('lang_city', $LANG12[46]);
$event_templates->set_var('event_city', stripslashes($A['city']));
$event_templates->set_var('lang_state', $LANG12[47]);
$event_templates->set_var('state_options', '');
$event_templates->set_var('event_state', stripslashes($A['state']));
$event_templates->set_var('lang_zipcode', $LANG12[48]);
$event_templates->set_var('event_zipcode', $A['zipcode']);
$event_templates->set_var('lang_eventlocation', $LANG_CAL_ADMIN[7]);
$event_templates->set_var('event_location', stripslashes($A['location']));
$event_templates->set_var('lang_eventdescription', $LANG_CAL_ADMIN[8]);
$event_templates->set_var('event_description', stripslashes($A['description']));
$event_templates->set_var('lang_hits', $LANG10[30]);
$event_templates->set_var('hits', COM_numberFormat($A['hits']));
$event_templates->set_var('lang_save', $LANG_ADMIN['save']);
$event_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
// user access info
$event_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$event_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$event_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$event_templates->set_var('owner_name', $ownername);
$event_templates->set_var('owner', $ownername);
$event_templates->set_var('owner_id', $A['owner_id']);
$event_templates->set_var('lang_group', $LANG_ACCESS['group']);
$event_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$event_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$event_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']);
$event_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$event_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$event_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$event_templates->set_var('gltoken_name', CSRF_TOKEN);
$event_templates->set_var('gltoken', $token);
$event_templates->parse('output', 'editor');
$retval .= $event_templates->finish($event_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Show topic administration form
*
* @param string tid ID of topic to edit
* @return string HTML for the topic editor
*/
function edittopic($tid = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG04, $LANG27, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS;
$retval = '';
if (empty($tid)) {
// new topic - set defaults
$A = array('tid' => '', 'topic' => '', 'sortnum' => 0, 'parent_id' => TOPIC_ROOT, 'inherit' => 1, 'hidden' => 0, 'limitnews' => '', 'is_default' => 0, 'archive_flag' => 0);
} else {
$result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 0 || $access == 2) {
$retval .= COM_showMessageText($LANG27[13], $LANG27[12]);
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
return $retval;
}
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG27[1], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
if (!is_array($A) || empty($A['owner_id'])) {
$A['owner_id'] = $_USER['uid'];
// this is the one instance where we default the group
// most topics should belong to the Topic Admin group
if (isset($_GROUPS['Topic Admin'])) {
$A['group_id'] = $_GROUPS['Topic Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('topic.edit');
}
SEC_setDefaultPermissions($A, $_CONF['default_permissions_topic']);
$access = 3;
}
$topic_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/topic');
$topic_templates->set_file('editor', 'topiceditor.thtml');
if (!empty($tid) && SEC_hasRights('topic.edit')) {
$delButton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsConfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$topic_templates->set_var('delete_option', sprintf($delButton, $jsConfirm));
$topic_templates->set_var('delete_option_no_confirmation', sprintf($delButton, ''));
$topic_templates->set_var('allow_delete', true);
$topic_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$topic_templates->set_var('confirm_message', $MESSAGE[76]);
$topic_templates->set_var('warning_msg', $LANG27[6]);
}
if ($_CONF['titletoid'] && empty($tid)) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$topic_templates->set_var('titletoid', true);
}
$topic_templates->set_var('lang_topicid', $LANG27[2]);
$topic_templates->set_var('topic_id', $A['tid']);
$topic_templates->set_var('lang_parent_id', $LANG27[32]);
$topic_templates->set_var('parent_id_options', TOPIC_getTopicListSelect($A['parent_id'], 1, false, $A['tid'], true));
$topic_templates->set_var('lang_inherit', $LANG27[33]);
$topic_templates->set_var('lang_inherit_info', $LANG27[34]);
if ($A['inherit'] == 1) {
$topic_templates->set_var('inherit_checked', 'checked="checked"');
} else {
$topic_templates->set_var('inherit_checked', '');
}
$topic_templates->set_var('lang_hidden', $LANG27[35]);
$topic_templates->set_var('lang_hidden_info', $LANG27[36]);
if ($A['hidden'] == 1) {
$topic_templates->set_var('hidden_checked', 'checked="checked"');
} else {
$topic_templates->set_var('hidden_checked', '');
}
$topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
$topic_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($A['owner_id']);
$topic_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$topic_templates->set_var('owner_name', $ownername);
$topic_templates->set_var('owner', $ownername);
$topic_templates->set_var('owner_id', $A['owner_id']);
$topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
$topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
$topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$topic_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
// show sort order only if they specified sortnum as the sort method
if ($_CONF['sortmethod'] !== 'alpha') {
$topic_templates->set_var('lang_sortorder', $LANG27[10]);
if ($A['sortnum'] == 0) {
$A['sortnum'] = '';
}
$topic_templates->set_var('sort_order', '<input type="text" size="5" maxlength="5" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
} else {
$topic_templates->set_var('lang_sortorder', $LANG27[14]);
$topic_templates->set_var('sort_order', $LANG27[15] . '<input type="hidden" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
}
$topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
if ($A['limitnews'] == 0) {
$topic_templates->set_var('story_limit', '');
} else {
$topic_templates->set_var('story_limit', $A['limitnews']);
}
$topic_templates->set_var('default_limit', $_CONF['limitnews']);
$topic_templates->set_var('lang_defaultis', $LANG27[16]);
$topic_templates->set_var('lang_topicname', $LANG27[3]);
$topic_templates->set_var('topic_name', htmlspecialchars(stripslashes($A['topic']), ENT_QUOTES, COM_getEncodingt()));
if (empty($A['tid'])) {
$A['imageurl'] = '/images/topics/';
}
$topic_templates->set_var('lang_topicimage', $LANG27[4]);
$topic_templates->set_var('lang_uploadimage', $LANG27[27]);
$topic_templates->set_var('lang_maxsize', $LANG27[28]);
$topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'] . ' x ' . $_CONF['max_topicicon_height']);
$topic_templates->set_var('max_url_length', 255);
$topic_templates->set_var('image_url', $A['imageurl']);
if (empty($_CONF['image_lib'])) {
$scaling = $LANG04[162];
} else {
$scaling = $LANG04[161];
}
$topic_templates->set_var('icon_max_dimensions', sprintf($LANG04[160], $_CONF['max_topicicon_width'], $_CONF['max_topicicon_height'], $_CONF['max_topicicon_size'], $scaling));
$topic_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$topic_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($A['meta_description'])) {
$topic_templates->set_var('meta_description', $A['meta_description']);
}
if (!empty($A['meta_keywords'])) {
$topic_templates->set_var('meta_keywords', $A['meta_keywords']);
}
if ($_CONF['meta_tags'] > 0) {
$topic_templates->set_var('hide_meta', '');
} else {
$topic_templates->set_var('hide_meta', ' style="display:none;"');
}
$topic_templates->set_var('lang_defaulttopic', $LANG27[22]);
$topic_templates->set_var('lang_defaulttext', $LANG27[23]);
if ($A['is_default'] == 1) {
$topic_templates->set_var('default_checked', 'checked="checked"');
} else {
$topic_templates->set_var('default_checked', '');
}
$topic_templates->set_var('lang_archivetopic', $LANG27[25]);
$topic_templates->set_var('lang_archivetext', $LANG27[26]);
$topic_templates->set_var('archive_disabled', '');
if ($A['archive_flag'] == 1) {
$topic_templates->set_var('archive_checked', 'checked="checked"');
} else {
$topic_templates->set_var('archive_checked', '');
// Only 1 topic can be the archive topic - so check if there already is one
if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
$topic_templates->set_var('archive_disabled', 'disabled');
}
}
if (empty($tid)) {
$num_stories = $LANG_ADMIN['na'];
} else {
$nResult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND ta.tid = '" . DB_escapeString($tid) . "'" . COM_getPermSql('AND'));
$N = DB_fetchArray($nResult);
$num_stories = COM_numberFormat($N['count']);
}
$topic_templates->set_var('lang_num_stories', $LANG27[30]);
$topic_templates->set_var('num_stories', $num_stories);
$topic_templates->set_var('gltoken_name', CSRF_TOKEN);
$topic_templates->set_var('gltoken', $token);
$topic_templates->parse('output', 'editor');
$retval .= $topic_templates->finish($topic_templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Saves banner to the database
*
* @param string $bid ID for banner
* @param string $old_bid old ID for banner
* @param string $cid cid of category banner belongs to
* @param string $categorydd Category banner belong to
* @param string $url URL of banner to save
* @param string $description Description of banner
* @param string $title Title of banner
* @param int $hits Number of hits for banner
* @param int $owner_id ID of owner
* @param int $group_id ID of group banner belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array banner plugin lang admin vars
*
*/
function savebanner($bid, $old_bid, $cid, $categorydd, $url, $description, $title, $publishstart, $publishend, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_BANNER_ADMIN, $_BAN_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// clean 'em up
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$title = addslashes(COM_checkHTML(COM_checkWords($title)));
$cid = addslashes($cid);
//$description = str_replace('<p>','',$description);
//$description = str_replace('</p>','',$description);
if (empty($owner_id)) {
// this is new banner from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Banner Admin'])) {
$group_id = $_GROUPS['Banner Admin'];
} else {
$group_id = SEC_getFeatureGroup('banner.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
if (empty($publishstart)) {
$publishstart = 'NULL';
} else {
$publishstart = "'" . $publishstart . "'";
}
if (empty($publishend)) {
$publishend = 'NULL';
} else {
$publishend = "'" . $publishend . "'";
}
$bid = COM_sanitizeID($bid);
$old_bid = COM_sanitizeID($old_bid);
if (empty($bid)) {
if (empty($old_bid)) {
$bid = COM_makeSid();
} else {
$bid = $old_bid;
}
}
// check for banner id change
if (!empty($old_bid) && $bid != $old_bid) {
// check if new bid is already in use
if (DB_count($_TABLES['banner'], 'bid', $bid) > 0) {
// TBD: abort, display editor with all content intact again
$bid = $old_bid;
// for now ...
}
}
$access = 0;
$old_bid = addslashes($old_bid);
if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE bid = '{$old_bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[31], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}.");
echo $display;
exit;
} elseif (!empty($title) && !empty($description)) {
if ($categorydd != $LANG_BANNER_ADMIN[7] && !empty($categorydd)) {
$cid = addslashes($categorydd);
} else {
if ($categorydd != $LANG_BANNER_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/banner/index.php');
}
}
DB_delete($_TABLES['bannersubmission'], 'bid', $old_bid);
DB_delete($_TABLES['banner'], 'bid', $old_bid);
DB_save($_TABLES['banner'], 'bid,cid,url,description,title,date,publishstart,publishend,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$bid}','{$cid}','{$url}','{$description}','{$title}',NOW(),{$publishstart},{$publishend},'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
// Get category for rdf check
$category = DB_getItem($_TABLES['bannercategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('banner', $category, $bid);
return PLG_afterSaveSwitch($_BAN_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/banner/portal.php?what=banner&item={$bid}"), 'banner', 2);
} else {
// missing fields
$retval .= COM_siteHeader('menu', $LANG_BANNER_ADMIN[1]);
$retval .= COM_errorLog($LANG_BANNER_ADMIN[10], 2);
if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) {
$retval .= editbanner('edit', $old_bid);
} else {
$retval .= editbanner('edit', '');
}
$retval .= COM_siteFooter();
return $retval;
}
}
