function downloads_getListField_Files($fieldname, $fieldvalue, $A, $icon_arr)
{
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ACCESS, $MESSAGE, $DLM_CSRF_TOKEN;
$retval = false;
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$token = "&" . CSRF_TOKEN . "=" . $DLM_CSRF_TOKEN;
switch ($fieldname) {
case "edit":
$retval = $LANG_ACCESS['readonly'];
if ($access == 3) {
$retval = "<div style=\"white-space:nowrap;\"><a href=\"{$_CONF['site_admin_url']}/plugins/downloads/index.php" . "?lid={$A['lid']}&op=modify&p=list\" title=\"{$LANG_ADMIN['edit']}\">{$icon_arr['edit']}</a>" . LB . "<a href=\"{$_CONF['site_admin_url']}/plugins/downloads/index.php" . "?lid={$A['lid']}&op=clone\" title=\"{$LANG_ADMIN['copy']}\">{$icon_arr['copy']}</a>" . LB;
//$icon = $icon_arr['deleteitem'];
$icon = "<img src=\"{$_CONF['site_url']}/downloads/images/delete.png\" " . "alt=\"\" title=\"{$LANG_ADMIN['delete']}\">";
$retval .= "<a href=\"{$_CONF['site_admin_url']}/plugins/downloads/index.php" . "?lid={$A['lid']}&op=delete" . $token . "\" onclick=\"return confirm('{$MESSAGE[76]}');\">{$icon}</a></div>" . LB;
}
break;
case "title":
$url = COM_buildUrl($_CONF['site_url'] . '/downloads/index.php?id=' . $A['lid']);
$retval = "<a href=\"{$url}\" title=\"{$A['url']}\">{$A['title']}</a>" . LB;
break;
case "cid":
$retval = DB_getItem($_TABLES['downloadcategories'], 'title', "cid='" . addslashes($A['cid']) . "'");
$retval .= getCatName_by_language($A['cid']);
break;
case "date":
$retval = strftime('%Y-%m-%d', $A['date']);
// Fixed format
break;
default:
$retval = $fieldvalue;
break;
}
return $retval;
}
function fncComment($id)
{
global $_CONF;
global $_TABLES;
//
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$mode = '';
if (isset($_REQUEST['mode'])) {
$mode = COM_applyFilter($_REQUEST['mode']);
}
$page = 1;
if (isset($_REQUEST['cpage'])) {
$page = COM_applyFilter($_REQUEST['cpage']);
}
//
$tbl = $_TABLES['USERBOX_base'];
//-----
$sql = "SELECT ";
$sql .= "commentcode ";
$sql .= ",owner_id";
$sql .= ",group_id";
$sql .= ",perm_owner";
$sql .= ",perm_group";
$sql .= ",perm_members";
$sql .= ",perm_anon";
$sql .= " FROM ";
$sql .= " {$tbl} AS t ";
//base
$sql .= " WHERE ";
$sql .= " id=" . $id;
$sql .= " AND t.draft_flag=0" . LB;
//アクセス権のないデータ はのぞく
$sql .= COM_getPermSql('AND');
//公開日以前のデータはのぞく
$sql .= " AND (released <= NOW())";
//公開終了日を過ぎたデータはのぞく
$sql .= " AND (expired=0 OR expired > NOW())";
//
$result = DB_query($sql);
$numrows = DB_numRows($result);
if ($numrows > 0) {
$A = DB_fetchArray($result);
$A = array_map('stripslashes', $A);
if ($A['commentcode'] >= 0) {
$delete_option = SEC_hasRights('userbox.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 ? true : false;
require_once $_CONF['path_system'] . 'lib-comment.php';
$retval .= CMT_userComments($id, $A['topic'], 'userbox', $order, $mode, 0, $page, false, $delete_option, $A['commentcode']);
}
}
return $retval;
}
$album_id = COM_applyFilter($_GET['aid'], true);
$media_id = COM_applyFilter($_GET['mid']);
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file('page', 'view_image.thtml');
$T->set_var('header', $LANG_MG00['plugin']);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('plugin', 'mediagallery');
//
// -- Verify that image really does belong to this album
//
$sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'";
$result = DB_query($sql);
if (DB_numRows($result) < 1) {
die("ERROR #2");
}
// Get Album Info...
$sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
// Check access rights
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access == 0) {
$display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter();
echo $display;
exit;
}
$sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">';
exit;
/**
* Prepare a banner item for rendering
*
* @param array $A banner details
* @param ref $template reference of the banner template
*
*/
function prepare_banner_item($A, &$template)
{
global $_CONF, $_USER, $LANG_ADMIN, $LANG_BANNER, $_IMAGE_TYPE, $LANG_DIRECTION;
$url = COM_buildUrl($_CONF['site_url'] . '/banner/portal.php?what=banner&item=' . $A['bid']);
$template->set_var('banner_url', $url);
$template->set_var('banner_actual_url', $A['url']);
$template->set_var('banner_actual_url_encoded', urlencode($A['url']));
$template->set_var('banner_name', stripslashes($A['title']));
$template->set_var('banner_name_encoded', urlencode($A['title']));
$template->set_var('banner_hits', COM_numberFormat($A['hits']));
$content = stripslashes($A['title']);
$template->set_var('banner_html', $content);
if (!COM_isAnonUser() && !SEC_hasRights('banner.edit')) {
$reporturl = $_CONF['site_url'] . '/banner/index.php?mode=report&bid=' . $A['bid'];
$template->set_var('banner_broken', COM_createLink($LANG_BANNER[117], $reporturl, array('class' => 'pluginSmallText', 'rel' => 'nofollow')));
} else {
$template->set_var('banner_broken', '');
}
$bannerimg = nl2br(stripslashes($A['description']));
$flg_link = empty($A['url']) ? false : true;
$banner = banner_buildBanner($A['bid'], $content, $bannerimg, $flg_link);
$template->set_var('banner_description', $banner);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && SEC_hasRights('banner.edit')) {
$editurl = $_CONF['site_admin_url'] . '/plugins/banner/index.php?mode=edit&bid=' . $A['bid'];
$template->set_var('banner_edit', COM_createLink($LANG_ADMIN['edit'], $editurl));
$edit_icon = "<img src=\"{$_CONF['layout_url']}/images/edit.{$_IMAGE_TYPE}\" " . "alt=\"{$LANG_ADMIN['edit']}\" title=\"{$LANG_ADMIN['edit']}\"" . XHTML . ">";
$attr = array('class' => 'editlink');
$template->set_var('edit_icon', COM_createLink($edit_icon, $editurl, $attr));
} else {
$template->set_var('banner_edit', '');
$template->set_var('edit_icon', '');
}
}
/**
* Helper function for when you want to call SEC_hasAccess and have all the
* values to check in an array.
*
* @param array $A array with the standard permission values
* @return int returns 3 for read/edit 2 for read only 0 for no access
* @see SEC_hasAccess
*/
function SEC_hasAccess2($A)
{
return SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$cal_templates->set_var('lang_description', $LANG_CALJP_1[5]);
$description = $gltext->getDisplayText($A['description'], $A['postmode']);
if (!empty($query)) {
$description = COM_highlightQuery($description, $query);
}
$cal_templates->set_var('event_description', $description);
$cal_templates->set_var('lang_event_type', $LANG_CALJP_1[37]);
$cal_templates->set_var('event_type', $A['event_type']);
$cal_templates->set_var('event_id', $A['eid']);
if ($mode == 'personal') {
$editurl = $_CONF['site_url'] . '/calendarjp/event.php?action=edit' . '&eid=' . $A['eid'];
$cal_templates->set_var('event_edit', COM_createLink($LANG01[4], $editurl));
$img = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="' . $LANG01[4] . '"' . XHTML . '>';
$cal_templates->set_var('edit_icon', COM_createLink($img, $editurl));
} else {
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && SEC_hasRights('calendarjp.edit')) {
$editurl = $_CONF['site_admin_url'] . '/plugins/calendarjp/index.php?mode=edit&eid=' . $A['eid'];
$cal_templates->set_var('event_edit', COM_createLink($LANG01[4], $editurl));
$img = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="' . $LANG01[4] . '"' . XHTML . '>';
$cal_templates->set_var('edit_icon', COM_createLink($img, $editurl));
$cal_templates->set_var('hits_admin', COM_numberFormat($A['hits']));
$cal_templates->set_var('lang_hits_admin', $LANG10[30]);
} else {
$cal_templates->set_var('event_edit', '');
$cal_templates->set_var('edit_icon', '');
}
}
if ($mode == 'personal') {
// personal events don't have a hits counter
$cal_templates->set_var('lang_hits', '');
$cal_templates->set_var('hits', '');
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
// don't delete topic blocks - assign them to 'all' and disable them
DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// delete comments, trackbacks, images associated with stories in this topic
$result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
}
// delete these
DB_delete($_TABLES['stories'], 'tid', $tid);
DB_delete($_TABLES['storysubmission'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article');
COM_olderStuff();
return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
/**
* Check if the current user is allowed to delete trackback comments.
*
* @param string $sid ID of the parent object of the comment
* @param string $type type of the parent object ('article' = story, etc.)
* @return boolean true = user can delete the comment, false = nope
*
*/
function TRB_allowDelete($sid, $type)
{
global $_TABLES;
$allowed = false;
if ($type == 'article') {
$sid = DB_escapeString($sid);
$sql = "SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND', 0, 3);
$result = DB_query($sql);
$A = DB_fetchArray($result);
if (SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && TOPIC_hasMultiTopicAccess('article', $sid) == 3) {
$allowed = true;
} else {
$allowed = false;
}
} else {
$allowed = PLG_handlePingComment($type, $sid, 'delete');
}
return $allowed;
}
/**
* Delete a link
*
* @param string $lid id of link to delete
* @param string $type 'submission' when attempting to delete a submission
* @return string HTML redirect
*
*/
function deleteLink($lid, $type = '')
{
global $_CONF, $_TABLES, $_USER;
if (empty($type)) {
// delete regular link
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='{$lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete link {$lid}.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
DB_delete($_TABLES['links'], 'lid', $lid);
PLG_itemDeleted($lid, 'links');
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3');
} elseif ($type == 'submission') {
if (plugin_ismoderator_links()) {
DB_delete($_TABLES['linksubmission'], 'lid', $lid);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3');
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete link submission {$lid}.");
}
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete link {$lid} of type {$type}.");
}
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
/**
* This function creates html options for Topics, for a single or multi select box
*
* @param string/array $selected_ids Topics Ids to mark as selected
* @param int $include_root_all Include Nothing (0) or Root (1) or All (2) or None (4) in list.
* @param boolean $language_specific If false include all topics for every language
* @param string $remove_id Id of topic to not include (includes any children) (used for selection of parent id)
* @param boolean $remove_archive Remove archive topic from list if any
* @param int $uid User id or 0 = current user
* @return HTML string
*
*/
function TOPIC_getTopicListSelect($selected_ids = array(), $include_root_all = 1, $language_specific = false, $remove_id = '', $remove_archive = false, $uid = 0)
{
global $_TOPICS, $_TABLES, $LANG21;
$retval = '';
if (!is_array($selected_ids)) {
$selected_ids = array($selected_ids);
}
if ($include_root_all > 0) {
$start_topic = 1;
} else {
$start_topic = 2;
}
$total_topic = count($_TOPICS);
$branch_level_skip = 0;
$lang_id = '';
if ($language_specific) {
$lang_id = COM_getLanguageId();
}
// Retrieve Archive Topic if any
$archive_tid = '';
if ($remove_archive) {
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
}
for ($count_topic = $start_topic; $count_topic <= $total_topic; $count_topic++) {
if ($count_topic == 1) {
// Deal with Root or All and None
if ($include_root_all == 1) {
$id = $_TOPICS[$count_topic]['id'];
$title = $_TOPICS[$count_topic]['title'];
$retval .= '<option value="' . $id . '"';
$retval .= ' title="' . $title . '"';
if (in_array($id, $selected_ids)) {
$retval .= ' selected="selected"';
}
$retval .= '>' . $title . '</option>';
} else {
// Check for None
if ($include_root_all == 4 || $include_root_all == 6) {
$id = TOPIC_NONE_OPTION;
$title = $LANG21[47];
$retval .= '<option value="' . $id . '"';
$retval .= ' title="' . $title . '"';
if (in_array($id, $selected_ids)) {
$retval .= ' selected="selected"';
}
$retval .= '>' . $title . '</option>';
}
// Check for All
if ($include_root_all == 2 || $include_root_all == 6) {
$id = TOPIC_ALL_OPTION;
$title = $LANG21[7];
$retval .= '<option value="' . $id . '"';
$retval .= ' title="' . $title . '"';
if (in_array($id, $selected_ids)) {
$retval .= ' selected="selected"';
}
$retval .= '>' . $title . '</option>';
}
}
} else {
// Check to see if we need to include id (this is done for stuff like topic edits that cannot include themselves or child as parent
if ($branch_level_skip >= $_TOPICS[$count_topic]['branch_level']) {
$branch_level_skip = 0;
}
if ($branch_level_skip == 0) {
$id = $_TOPICS[$count_topic]['id'];
if ($uid == 0) {
// Current User
$specified_user_access = $_TOPICS[$count_topic]['access'];
} else {
$specified_user_access = SEC_hasAccess($_TOPICS[$count_topic]['owner_id'], $_TOPICS[$count_topic]['group_id'], $_TOPICS[$count_topic]['perm_owner'], $_TOPICS[$count_topic]['perm_group'], $_TOPICS[$count_topic]['perm_members'], $_TOPICS[$count_topic]['perm_anon'], $uid);
}
// Make sure to show topics for proper language and access level only
if ($archive_tid != $id && $specified_user_access > 0 && $id != $remove_id && ($lang_id == '' || $lang_id != '' && ($_TOPICS[$count_topic]['language_id'] == $lang_id || $_TOPICS[$count_topic]['language_id'] == ''))) {
$title = $_TOPICS[$count_topic]['title'];
$branch_spaces = "";
for ($branch_count = $start_topic; $branch_count <= $_TOPICS[$count_topic]['branch_level']; $branch_count++) {
$branch_spaces .= " ";
}
$retval .= '<option value="' . $id . '"';
$retval .= ' title="' . $title . '"';
if (in_array($id, $selected_ids)) {
$retval .= ' selected="selected"';
}
$retval .= '>' . $branch_spaces . $title . '</option>';
} else {
// Cannot pick child as parent so skip
$branch_level_skip = $_TOPICS[$count_topic]['branch_level'];
}
}
}
}
return $retval;
}
function CUSTOM_MOBILE_blockMenu()
{
$blockmenu .= "<h1>サブメニュー</h1>\n";
$blockmenu .= "<ul>\n";
$b = CUSTOM_MOBILE_getBlocks();
$rb = CUSTOM_MOBILE_getBlocks('right');
$b = array_merge($b, $rb);
foreach ($b as $A) {
if ($A['type'] == 'dynamic' or SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) > 0) {
$blockmenu .= "<li><a href=\"" . BLOCKS . "?bid=" . $A['bid'] . "\">" . $A['title'] . "</a></li>\n";
}
}
$blockmenu .= "</ul>\n";
return $blockmenu;
}
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Entering MG_getRemote()");
COM_errorLog("MG Upload: URL to process: " . htmlentities($URL));
}
$resolution_x = 0;
$resolution_y = 0;
$urlArray = array();
$urlArray = parse_url($URL);
// make sure we have the proper permissions to upload to this album....
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId);
$aResult = DB_query($sql);
$aRows = DB_numRows($aResult);
if ($aRows != 1) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
$albumInfo = DB_fetchArray($aResult);
$access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']);
if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
$errors = 0;
$errMsg = '';
sleep(1);
// We do this to make sure we don't get dupe sid's
$new_media_id = COM_makesid();
$media_time = time();
$media_upload_time = time();
$media_user_id = $_USER['uid'];
// we expect the mime type (player type) to be passed to this function
// - Image
// - Video - Windows Media
// - Video - QuickTime
// - Video - Flash Video
// - Audio - Windows Media
// - Audio - QuickTime
// - Audio - MP3
// - Embed - YouTube/Google/etc...
switch ($mimeType) {
case 'embed':
$format_type = MG_EMB;
$mimeExt = 'flv';
$mediaType = 5;
break;
case 'image/gif':
$format_type = MG_GIF;
$mimeExt = 'gif';
$mediaType = 0;
break;
case 'image/jpg':
$format_type = MG_JPG;
$mimeExt = 'jpg';
$mediaType = 0;
break;
case 'image/png':
$format_type = MG_PNG;
$mimeExt = 'png';
$mediaType = 0;
break;
case 'image/bmp':
$format_type = MG_BMP;
$mimeExt = 'bmp';
$mediaType = 0;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
$mimeExt = 'swf';
$mediaType = 1;
break;
case 'video/quicktime':
$format_type = MG_MOV;
$mimeExt = 'mov';
$mediaType = 1;
break;
case 'video/x-flv':
$format_type = MG_RFLV;
$mimeExt = 'flv';
$mediaType = 1;
break;
case 'video/x-ms-asf':
$format_type = MG_ASF;
$mimeExt = 'asf';
$mediaType = 1;
break;
case 'audio/mpeg':
$format_type = MG_MP3;
$mimeExt = 'mp3';
$mediaType = 2;
break;
case 'audio/x-ms-wma':
$format_type = MG_ASF;
$mimeExt = 'wma';
$mediaType = 2;
break;
}
if (!($MG_albums[$albumId]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
// create the unique filename to store this under
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
$disp_media_filename = $media_filename . '.' . $mimeExt;
// for remote files this will be a 0 byte file
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
// now we pretent to process the file
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_time = time();
// create a 0 byte file in the orig directory...
touch($media_orig);
if ($errors) {
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
// Now we need to process an uploaded thumbnail
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail);
COM_errorLog("MG Upload: thumbnail: " . $thumbnail);
}
if ($attachedThumbnail == 1 && $thumbnail != '') {
// see if it is remote, if yes go get it...
if (preg_match("/http/i", $thumbnail)) {
$tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg';
$rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail);
$tmp_image_size = @getimagesize($tmp_thumbnail);
if ($tmp_image_size != false) {
$resolution_x = $tmp_image_size[0];
$resolution_y = $tmp_image_size[1];
}
$thumbnail = $tmp_thumbnail;
} else {
$rc = true;
}
if ($rc == true) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName);
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) {
// && !SEC_hasRights('mediagallery.create')) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$pathParts = array();
$pathParts = explode('/', $urlArray['path']);
$ppCount = count($pathParts);
$pPath = '';
for ($i = 1; $i < $ppCount - 1; $i++) {
$pPath .= '/' . $pathParts[$i];
}
$videoFile = $pathParts[$ppCount - 1];
if ($mediaType != 5) {
$original_filename = $videoFile;
} else {
$original_filename = '';
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) {
$resolution_x = 320;
$resolution_y = 240;
}
$remoteURL = DB_escapeString($URL);
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$media_count = $albumInfo['media_count'] + 1;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'");
if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) {
if ($attachedThumbnail == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Setting album cover filename to " . $covername);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'");
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albumId);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
return array(true, $errMsg);
}
/**
* Deletes a given comment
* (lifted from comment.php)
* @param int $cid Comment ID
* @param string $sid ID of object comment belongs to
* @param string $type Comment type (e.g. article, poll, etc)
* @return string Returns string needed to redirect page to right place
*
*/
public function delcomment($cid, $sid, $type)
{
global $_CONF, $_TABLES, $LANG_SX00;
$type = COM_applyFilter($type);
$sid = COM_applyFilter($sid);
switch ($type) {
case 'article':
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article');
$comments = DB_count($_TABLES['comments'], array('sid', 'type'), array($sid, 'article'));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
} else {
COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
}
break;
default:
// assume plugin
PLG_commentDelete($type, COM_applyFilter($cid, true), $sid);
break;
}
SPAMX_log($LANG_SX00['spamdeleted']);
}
/**
* Recurse through the category table building an option list
* sorted by id.
*
* @param integer $sel Category ID to be selected in list
* @param integer $papa_id Parent category ID
* @param string $char Separator characters
* @param string $not 'NOT' to exclude $items, '' to include
* @param string $items Optional comma-separated list of items to include or exclude
* @return string HTML option list, without <select> tags
*/
public static function buildSelection($sel = 0, $papa_id = 0, $char = '', $not = '', $items = '')
{
global $_TABLES, $_GROUPS;
$str = '';
// Locate the parent category of this one, or the root categories
// if papa_id is 0.
$sql = "SELECT cat_id, cat_name, papa_id, owner_id, group_id,\n perm_owner, perm_group, perm_members, perm_anon\n FROM {$_TABLES['ad_category']}\n WHERE papa_id = {$papa_id} ";
if (!empty($items)) {
$sql .= " AND cat_id {$not} IN ({$items}) ";
}
$sql .= COM_getPermSQL('AND') . ' ORDER BY cat_name ASC ';
//echo $sql;die;
//COM_errorLog($sql);
$result = DB_query($sql);
// If there is no parent, just return.
if (!$result) {
return '';
}
while ($row = DB_fetchArray($result, false)) {
$txt = $char . $row['cat_name'];
$selected = $row['cat_id'] == $sel ? 'selected' : '';
if ($row['papa_id'] == 0) {
$style = 'class="adCatRoot"';
} else {
$style = '';
}
if (SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']) < 3) {
$disabled = 'disabled="true"';
} else {
$disabled = '';
}
$str .= "<option value=\"{$row['cat_id']}\" {$style} {$selected} {$disabled}>";
$str .= $txt;
$str .= "</option>\n";
$str .= adCategory::buildSelection($sel, $row['cat_id'], $char . '-', $not, $items);
}
//echo $str;die;
return $str;
}
/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || hasBlockTopicAccess($A['tid']) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
}
DB_delete($_TABLES['blocks'], 'bid', $bid);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
function PAGE_getListField($fieldname, $fieldvalue, $A, $icon_arr, $token)
{
global $_CONF, $_USER, $LANG_ADMIN, $LANG_STATIC, $LANG_ACCESS, $_TABLES;
$retval = '';
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$enabled = $A['sp_status'] == 1 ? true : false;
$dt = new Date('now', $_USER['tzid']);
switch ($fieldname) {
case 'edit':
if ($access == 3) {
$attr['title'] = $LANG_ADMIN['edit'];
$retval = COM_createLink($icon_arr['edit'], $_CONF['site_admin_url'] . '/plugins/staticpages/index.php' . '?edit=x&sp_id=' . $A['sp_id'], $attr);
} else {
$retval = $icon_arr['blank'];
}
break;
case 'copy':
if ($access >= 2) {
$attr['title'] = $LANG_ADMIN['copy'];
$retval = COM_createLink($icon_arr['copy'], $_CONF['site_admin_url'] . '/plugins/staticpages/index.php' . '?clone=x&sp_id=' . $A['sp_id'], $attr);
} else {
$retval = $icon_arr['blank'];
}
break;
case "sp_title":
$sp_title = $A['sp_title'];
if ($enabled) {
$url = COM_buildUrl($_CONF['site_url'] . '/page.php?page=' . $A['sp_id']);
$retval = COM_createLink($sp_title, $url, array('title' => $LANG_STATIC['title_display']));
} else {
$retval = '<span class="disabledfield">' . $sp_title . '</span>';
}
break;
case 'access':
if ($access == 3) {
$privs = $LANG_ACCESS['edit'];
} else {
$privs = $LANG_ACCESS['readonly'];
}
$retval = $enabled ? $privs : '<span class="disabledfield">' . $privs . '</span>';
break;
case "sp_uid":
$owner = COM_getDisplayName($A['sp_uid']);
$retval = $enabled ? $owner : '<span class="disabledfield">' . $owner . '</span>';
break;
case "sp_centerblock":
if ($A['sp_centerblock']) {
switch ($A['sp_where']) {
case '1':
$where = $LANG_STATIC['centerblock_top'];
break;
case '2':
$where = $LANG_STATIC['centerblock_feat'];
break;
case '3':
$where = $LANG_STATIC['centerblock_bottom'];
break;
default:
$where = $LANG_STATIC['centerblock_entire'];
break;
}
} else {
$where = $LANG_STATIC['centerblock_no'];
}
$retval = $enabled ? $where : '<span class="disabledfield">' . $where . '</span>';
break;
case "unixdate":
$dt->setTimestamp($A['unixdate']);
$datetime = $dt->format($_CONF['daytime'], true);
$retval = $enabled ? $datetime : '<span class="disabledfield">' . $datetime . '</span>';
break;
case 'delete':
if ($access == 3) {
$attr['title'] = $LANG_ADMIN['delete'];
$attr['onclick'] = "return confirm('" . $LANG_STATIC['delete_confirm'] . "');";
$retval = COM_createLink($icon_arr['delete'], $_CONF['site_admin_url'] . '/plugins/staticpages/index.php' . '?delete=x&sp_id=' . $A['sp_id'] . '&' . CSRF_TOKEN . '=' . $token, $attr);
} else {
$retval = $icon_arr['blank'];
}
break;
case 'sp_status':
if ($access == 3) {
if ($enabled) {
$switch = ' checked="checked"';
$title = 'title="' . $LANG_ADMIN['disable'] . '" ';
} else {
$title = 'title="' . $LANG_ADMIN['enable'] . '" ';
$switch = '';
}
$retval = '<input class="sp-enabler" type="checkbox" name="enabledstaticpages[' . $A['sp_id'] . ']" ' . $title . 'onclick="submit()" value="1"' . $switch . '/>';
$retval .= '<input type="hidden" name="sp_idarray[' . $A['sp_id'] . ']" value="1" />';
} else {
$retval = $enabled ? $LANG_ACCESS['yes'] : $LANG_ACCESS['No'];
}
break;
default:
$retval = $enabled ? $fieldvalue : '<span class="disabledfield">' . $fieldvalue . '</span>';
break;
}
return $retval;
}
/**
* Checks to see if current user has access to a topic
*
* Checks to see if current user has access to a topic
*
* @param string $tid ID for topic to check on
* @return int returns 3 for read/edit 2 for read only 0 for no access
*
*/
function SEC_hasTopicAccess($tid)
{
global $_TABLES;
if (empty($tid)) {
return 0;
}
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '" . DB_escapeString($tid) . "'");
$A = DB_fetchArray($result);
return SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
/**
* Handles a comment view request
*
* @copyright Vincent Furia 2005
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param boolean $view View or display (true for view)
* @return string HTML (possibly a refresh)
*/
function handleView($view = true)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS;
$display = '';
if ($view) {
$cid = COM_applyFilter($_REQUEST['cid'], true);
} else {
$cid = COM_applyFilter($_REQUEST['pid'], true);
}
if ($cid <= 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid = {$cid}";
$A = DB_fetchArray(DB_query($sql));
$sid = $A['sid'];
$title = $A['title'];
$type = $A['type'];
$format = $_CONF['comment_mode'];
if (isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if ($format != 'threaded' && $format != 'nested' && $format != 'flat') {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
switch ($type) {
case 'article':
$sql = 'SELECT COUNT(*) AS count, commentcode, owner_id, group_id, perm_owner, perm_group, ' . "perm_members, perm_anon FROM {$_TABLES['stories']} WHERE (sid = '{$sid}') " . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date <= NOW())' . COM_getPermSQL('AND') . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id, group_id, perm_owner, perm_group,perm_members, perm_anon ';
$result = DB_query($sql);
$B = DB_fetchArray($result);
$allowed = $B['count'];
if ($allowed == 1) {
$delete_option = SEC_hasRights('story.edit') && SEC_hasAccess($B['owner_id'], $B['group_id'], $B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']) == 3;
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$page = 0;
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true);
}
$display .= CMT_userComments($sid, $title, $type, $order, $format, $cid, $page, $view, $delete_option, $B['commentcode']);
} else {
$display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_ACCESS['storydenialmsg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
break;
default:
// assume plugin
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$page = 0;
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true);
}
if (!($display = PLG_displayComment($type, $sid, $cid, $title, $order, $format, $page, $view))) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
break;
}
return COM_siteHeader('menu', $title) . COM_showMessageFromParameter() . $display . COM_siteFooter();
}
/**
* Get an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_get_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
$output = array();
$retval = '';
if (!isset($_CONF['atom_max_stories'])) {
$_CONF['atom_max_stories'] = 10;
// set a resonable default
}
$svc_msg['output_fields'] = array('draft_flag', 'hits', 'numemails', 'comments', 'trackbacks', 'featured', 'commentcode', 'statuscode', 'expire_date', 'postmode', 'advanced_editor_mode', 'frontpage', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon');
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['sid'])) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
if (empty($args['sid'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (empty($args['mode'])) {
$args['mode'] = 'view';
}
if (!$svc_msg['gl_feed']) {
$sid = $args['sid'];
$mode = $args['mode'];
$story = new Story();
$retval = $story->loadFromDatabase($sid, $mode);
if ($retval != STORY_LOADED_OK) {
$output = $retval;
return PLG_RET_ERROR;
}
reset($story->_dbFields);
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output[$fieldname] = $story->{$varname};
}
$output['username'] = $story->_username;
$output['fullname'] = $story->_fullname;
if ($args['gl_svc']) {
if ($output['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['expire_date'] = date('c', $output['expire']);
}
$output['id'] = $output['sid'];
$output['category'] = array($output['tid']);
$output['published'] = date('c', $output['date']);
$output['updated'] = date('c', $output['date']);
if (empty($output['bodytext'])) {
$output['content'] = $output['introtext'];
} else {
$output['content'] = $output['introtext'] . LB . '[page_break]' . LB . $output['bodytext'];
}
$output['content_type'] = $output['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $sid;
}
} else {
$output = array();
$mode = $args['mode'];
$sql = array();
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
} else {
$offset = 0;
}
$max_items = $_CONF['atom_max_stories'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$limit_pgsql = " LIMIT {$max_items} OFFSET {$offset}";
$order = " ORDER BY unixdate DESC";
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit;
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl FROM stories s, users u, topics t WHERE (s.uid = u.uid) AND (s.tid = t.tid) FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit_pgsql;
$result = DB_query($sql);
$count = 0;
while (($story_array = DB_fetchArray($result, false)) !== false) {
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_CONF['atom_max_stories'];
break;
}
$story = new Story();
$story->loadFromArray($story_array);
// This access check is not strictly necessary
$access = SEC_hasAccess($story_array['owner_id'], $story_array['group_id'], $story_array['perm_owner'], $story_array['perm_group'], $story_array['perm_members'], $story_array['perm_anon']);
$story->_access = min($access, SEC_hasTopicAccess($story->_tid));
if ($story->_access == 0) {
continue;
}
$story->sanitizeData();
reset($story->_dbFields);
$output_item = array();
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output_item[$fieldname] = $story->{$varname};
}
if ($args['gl_svc']) {
if ($output_item['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output_item['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output_item['expire_date'] = date('c', $output_item['expire']);
}
$output_item['id'] = $output_item['sid'];
$output_item['category'] = array($output_item['tid']);
$output_item['published'] = date('c', $output_item['date']);
$output_item['updated'] = date('c', $output_item['date']);
if (empty($output_item['bodytext'])) {
$output_item['content'] = $output_item['introtext'];
} else {
$output_item['content'] = $output_item['introtext'] . LB . '[page_break]' . LB . $output_item['bodytext'];
}
$output_item['content_type'] = $output_item['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
}
TOPIC_deleteTopicAssignments('block', $bid);
DB_delete($_TABLES['blocks'], 'bid', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
/**
* Delete a poll
*
* @param string $pid ID of poll to delete
* @return string HTML redirect
*
*/
function deletePoll($pid)
{
global $_CONF, $_TABLES, $_USER;
$pid = addslashes($pid);
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$Q = DB_fetchArray($result);
$access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid}.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
DB_delete($_TABLES['polltopics'], 'pid', $pid);
DB_delete($_TABLES['pollanswers'], 'pid', $pid);
DB_delete($_TABLES['pollquestions'], 'pid', $pid);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($pid, 'polls'));
PLG_itemDeleted($pid, 'polls');
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20');
}
/**
* Determine whether the current user has access to this event
*
* @param integer $level Access level required
* @return boolean True = has sufficieng access, False = not
*/
public function hasAccess($level = 3)
{
// Admin & editor has all rights
if ($this->isAdmin) {
return true;
}
$access = SEC_hasAccess($this->owner_id, $this->group_id, $this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon);
return $access >= $level ? true : false;
}
function links_delete_category($cid)
{
global $_TABLES, $LANG_LINKS_ADMIN;
$cid = addslashes($cid);
if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// item exists so check access rights
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,\n perm_members,perm_anon FROM {$_TABLES['linkcategories']}\n WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access > 2) {
// has edit rights
// Check for subfolders and sublinks
$sf = DB_count($_TABLES['linkcategories'], 'pid', $cid);
$sl = DB_count($_TABLES['links'], 'cid', $cid);
if ($sf == 0 && $sl == 0) {
// No subfolder/links so OK to delete
DB_delete($_TABLES['linkcategories'], 'cid', $cid);
PLG_itemDeleted($cid, 'links.category');
return 13;
} else {
// Subfolders and/or sublinks exist so return a message
return 14;
}
} else {
// no access
return 15;
COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username']));
}
} else {
// no such category
return 16;
}
}
/**
* Displays the static page editor form
*
* @param array $A Data to display
* @return string HTML for the static page editor
*
*/
function staticpageeditor_form($A)
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS;
if (!empty($sp_id) && $mode == 'edit') {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
if ($mode != 'clone') {
$A['sp_inblock'] = $_SP_CONF['in_block'];
}
$A['owner_id'] = $_USER['uid'];
if (isset($_GROUPS['Static Page Admin'])) {
$A['group_id'] = $_GROUPS['Static Page Admin'];
} else {
$A['group_id'] = SEC_getFeatureGroup('staticpages.edit');
}
SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']);
$access = 3;
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$A['advanced_editor_mode'] = 1;
}
}
$retval = '';
$sp_template = COM_newTemplate(CTL_plugin_templatePath('staticpages', 'admin'));
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$sp_template->set_file('form', 'editor_advanced.thtml');
// Shouldn't really have to check if anonymous user but who knows...
if (COM_isAnonUser()) {
$link_message = "";
} else {
$link_message = $LANG01[138];
}
$sp_template->set_var('noscript', COM_getNoScript(false, '', $link_message));
// Setup Advanced Editor
COM_setupAdvancedEditor('/staticpages/adveditor.js', 'staticpages.edit');
$sp_template->set_var('lang_expandhelp', $LANG24[67]);
$sp_template->set_var('lang_reducehelp', $LANG24[68]);
$sp_template->set_var('lang_toolbar', $LANG24[70]);
$sp_template->set_var('toolbar1', $LANG24[71]);
$sp_template->set_var('toolbar2', $LANG24[72]);
$sp_template->set_var('toolbar3', $LANG24[73]);
$sp_template->set_var('toolbar4', $LANG24[74]);
$sp_template->set_var('toolbar5', $LANG24[75]);
$sp_template->set_var('lang_nojavascript', $LANG24[77]);
$sp_template->set_var('lang_postmode', $LANG24[4]);
if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
$sp_template->set_var('show_adveditor', '');
$sp_template->set_var('show_htmleditor', 'none');
} else {
$sp_template->set_var('show_adveditor', 'none');
$sp_template->set_var('show_htmleditor', '');
}
$post_options = '<option value="html" selected="selected">' . $LANG_postmodes['html'] . '</option>';
if (isset($A['postmode']) && $A['postmode'] == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
$sp_template->set_var('post_options', $post_options);
$sp_template->set_var('change_editormode', 'onchange="change_editmode(this);"');
} else {
$sp_template->set_file('form', 'editor.thtml');
}
// Add JavaScript
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$sp_template->set_var('titletoid', true);
}
$sp_template->set_var('lang_mode', $LANG24[3]);
$sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode']));
$sp_template->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$sp_template->set_var('lang_owner', $LANG_ACCESS['owner']);
$owner_name = COM_getDisplayName($A['owner_id']);
$owner_username = DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}");
$sp_template->set_var('owner_id', $A['owner_id']);
$sp_template->set_var('owner', $owner_name);
$sp_template->set_var('owner_name', $owner_name);
$sp_template->set_var('owner_username', $owner_username);
if ($A['owner_id'] > 1) {
$profile_link = $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['owner_id'];
$sp_template->set_var('start_owner_anchortag', '<a href="' . $profile_link . '">');
$sp_template->set_var('end_owner_anchortag', '</a>');
$sp_template->set_var('owner_link', COM_createLink($owner_name, $profile_link));
$photo = '';
if ($_CONF['allow_user_photo']) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$A['owner_id']}");
if (!empty($photo)) {
$camera_icon = '<img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" alt=""' . XHTML . '>';
$sp_template->set_var('camera_icon', COM_createLink($camera_icon, $profile_link));
}
}
if (empty($photo)) {
$sp_template->set_var('camera_icon', '');
}
} else {
$sp_template->set_var('start_owner_anchortag', '');
$sp_template->set_var('end_owner_anchortag', '');
$sp_template->set_var('owner_link', $owner_name);
}
$sp_template->set_var('lang_group', $LANG_ACCESS['group']);
$sp_template->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access));
$sp_template->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']));
$sp_template->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$sp_template->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$sp_template->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$sp_template->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$token = SEC_createToken();
$start_block = COM_startBlock($LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header'));
$start_block .= SEC_getTokenExpiryNotice($token);
$sp_template->set_var('start_block_editor', $start_block);
$sp_template->set_var('lang_save', $LANG_ADMIN['save']);
$sp_template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$sp_template->set_var('lang_preview', $LANG_ADMIN['preview']);
if (SEC_hasRights('staticpages.delete') && $mode != 'clone' && !empty($A['sp_old_id'])) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$sp_template->set_var('delete_option', '');
}
$sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']);
$sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"));
$authorname = COM_getDisplayName($A['owner_id']);
$sp_template->set_var('name', $authorname);
$sp_template->set_var('author', $authorname);
$sp_template->set_var('lang_url', $LANG_STATIC['url']);
$sp_template->set_var('lang_id', $LANG_STATIC['id']);
$sp_template->set_var('sp_uid', $A['owner_id']);
$sp_template->set_var('sp_id', $A['sp_id']);
$sp_template->set_var('sp_old_id', $A['sp_old_id']);
$sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $A['sp_id']));
$sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']);
$sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']);
$sp_template->set_var('lang_centerblock_include', $LANG21[51]);
$sp_template->set_var('lang_centerblock_desc', $LANG21[52]);
$sp_template->set_var('centerblock_help', $A['sp_help']);
$sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']);
if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) {
$sp_template->set_var('centerblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('centerblock_checked', '');
}
$sp_template->set_var('lang_position', $LANG_STATIC['position']);
$position = '<select name="sp_where">';
$position .= '<option value="1"';
if ($A['sp_where'] == 1) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_top'] . '</option>';
$position .= '<option value="2"';
if ($A['sp_where'] == 2) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_feat'] . '</option>';
$position .= '<option value="3"';
if ($A['sp_where'] == 3) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_bottom'] . '</option>';
$position .= '<option value="0"';
if ($A['sp_where'] == 0) {
$position .= ' selected="selected"';
}
$position .= '>' . $LANG_STATIC['position_entire'] . '</option>';
$position .= '</select>';
$sp_template->set_var('pos_selection', $position);
if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) {
if (!isset($A['sp_php'])) {
$A['sp_php'] = 0;
}
$selection = '<select name="sp_php">' . LB;
$selection .= '<option value="0"';
if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB;
$selection .= '<option value="1"';
if ($A['sp_php'] == 1) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB;
$selection .= '<option value="2"';
if ($A['sp_php'] == 2) {
$selection .= ' selected="selected"';
}
$selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB;
$selection .= '</select>';
$sp_template->set_var('php_selector', $selection);
$sp_template->set_var('php_warn', $LANG_STATIC['php_warn']);
} else {
$sp_template->set_var('php_selector', '');
$sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']);
}
$sp_template->set_var('php_msg', $LANG_STATIC['php_msg']);
// old variables (for the 1.3-type checkbox)
$sp_template->set_var('php_checked', '');
$sp_template->set_var('php_type', 'hidden');
if (isset($A['sp_nf']) && $A['sp_nf'] == 1) {
$sp_template->set_var('exit_checked', 'checked="checked"');
} else {
$sp_template->set_var('exit_checked', '');
}
$sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']);
$sp_template->set_var('exit_info', $LANG_STATIC['exit_info']);
if ($A['sp_inblock'] == 1) {
$sp_template->set_var('inblock_checked', 'checked="checked"');
} else {
$sp_template->set_var('inblock_checked', '');
}
$sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']);
$sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']);
if ($A['draft_flag'] == 1) {
$sp_template->set_var('draft_flag_checked', 'checked="checked"');
} else {
$sp_template->set_var('draft_flag_checked', '');
}
$sp_template->set_var('lang_draft', $LANG_STATIC['draft']);
$sp_template->set_var('lang_cache_time', $LANG_STATIC['cache_time']);
$sp_template->set_var('lang_cache_time_desc', $LANG_STATIC['cache_time_desc']);
$sp_template->set_var('cache_time', $A['cache_time']);
$curtime = COM_getUserDateTimeFormat($A['unixdate']);
$sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']);
$sp_template->set_var('sp_formateddate', $curtime[0]);
$sp_template->set_var('sp_date', $curtime[1]);
$sp_template->set_var('lang_title', $LANG_STATIC['title']);
$sp_template->set_var('lang_page_title', $LANG_STATIC['page_title']);
$title = '';
$page_title = '';
if (isset($A['sp_title'])) {
$title = htmlspecialchars(stripslashes($A['sp_title']));
}
if (isset($A['sp_page_title'])) {
$page_title = htmlspecialchars(stripslashes($A['sp_page_title']));
}
$sp_template->set_var('sp_title', $title);
$sp_template->set_var('sp_page_title', $page_title);
$sp_template->set_var('lang_topic', $LANG_STATIC['topic']);
if ($mode != 'clone') {
// want to use default topic selection if new staticpage so pass in blank id
$topic_sp_id = $A['sp_id'];
if (empty($sp_id) && $mode == 'edit') {
// means new
$topic_sp_id = '';
}
$sp_template->set_var('topic_selection', TOPIC_getTopicSelectionControl('staticpages', $topic_sp_id, true, false, true));
} else {
$sp_template->set_var('topic_selection', TOPIC_getTopicSelectionControl('staticpages', $A['clone_sp_id'], true, false, true));
}
$sp_template->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$sp_template->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
if (!empty($A['meta_description'])) {
$sp_template->set_var('meta_description', $A['meta_description']);
}
if (!empty($A['meta_keywords'])) {
$sp_template->set_var('meta_keywords', $A['meta_keywords']);
}
if ($_CONF['meta_tags'] > 0 && $_SP_CONF['meta_tags'] > 0) {
$sp_template->set_var('hide_meta', '');
} else {
$sp_template->set_var('hide_meta', ' style="display:none;"');
}
if ($A['template_flag'] == 1) {
$sp_template->set_var('template_flag_checked', 'checked="checked"');
} else {
$sp_template->set_var('template_flag_checked', '');
}
$sp_template->set_var('lang_template', $LANG_STATIC['template']);
$sp_template->set_var('lang_template_flag_msg', $LANG_STATIC['template_msg']);
$template_list = templatelist($A['template_id']);
$template_none = '<option value=""';
if ($A['template_id'] == "") {
$template_none .= ' selected="selected"';
}
$template_none .= '>' . $LANG_STATIC['none'] . '</option>';
$sp_template->set_var('use_template_selection', '<select name="template_id">' . $template_none . $template_list . '</select>');
$sp_template->set_var('lang_use_template', $LANG_STATIC['use_template']);
$sp_template->set_var('lang_use_template_msg', $LANG_STATIC['use_template_msg']);
$sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']);
if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) {
$sp_template->set_var('onmenu_checked', 'checked="checked"');
} else {
$sp_template->set_var('onmenu_checked', '');
}
$sp_template->set_var('lang_label', $LANG_STATIC['label']);
if (isset($A['sp_label'])) {
$sp_template->set_var('sp_label', $A['sp_label']);
} else {
$sp_template->set_var('sp_label', '');
}
$sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']);
$sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']);
$sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']);
$sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']);
$sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']);
if (!isset($A['sp_format'])) {
$A['sp_format'] = '';
}
if ($A['sp_format'] == 'noblocks') {
$sp_template->set_var('noblock_selected', 'selected="selected"');
} else {
$sp_template->set_var('noblock_selected', '');
}
if ($A['sp_format'] == 'leftblocks') {
$sp_template->set_var('leftblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('leftblocks_selected', '');
}
if ($A['sp_format'] == 'blankpage') {
$sp_template->set_var('blankpage_selected', 'selected="selected"');
} else {
$sp_template->set_var('blankpage_selected', '');
}
if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) {
$sp_template->set_var('allblocks_selected', 'selected="selected"');
} else {
$sp_template->set_var('allblocks_selected', '');
}
$sp_template->set_var('lang_content', $LANG_STATIC['content']);
$content = '';
if (isset($A['sp_content'])) {
$content = htmlspecialchars(stripslashes($A['sp_content']));
$content = str_replace(array('{', '}'), array('{', '}'), $content);
}
$sp_template->set_var('sp_content', $content);
$allowed = COM_allowedHTML('staticpages.edit', false, $_SP_CONF['filter_html']) . COM_allowedAutotags();
$sp_template->set_var('lang_allowedhtml', $allowed);
$sp_template->set_var('lang_allowed_html', $allowed);
$sp_template->set_var('lang_hits', $LANG_STATIC['hits']);
if (empty($A['sp_hits'])) {
$sp_template->set_var('sp_hits', '0');
$sp_template->set_var('sp_hits_formatted', '0');
} else {
$sp_template->set_var('sp_hits', $A['sp_hits']);
$sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits']));
}
$sp_template->set_var('lang_comments', $LANG_STATIC['comments']);
if ($A['commentcode'] == -1) {
$sp_template->set_var('sp_comments', $LANG_ADMIN['na']);
} else {
$num_comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($A['sp_id']), 'staticpages'));
$sp_template->set_var('sp_comments', COM_numberFormat($num_comments));
}
$sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$sp_template->set_var('gltoken_name', CSRF_TOKEN);
$sp_template->set_var('gltoken', $token);
$sp_template->parse('output', 'form');
$retval .= $sp_template->finish($sp_template->get_var('output'));
return $retval;
}
/**
* Return link to "delete event" image
*
* Note: Personal events can be deleted if the current user is the owner of the
* calendar and has _read_ access to them.
*
* @param array $A event permissions and id
* @param string $token security token
* @return string link or empty string
* @TODO This needs to bring up the javascript menu to delete the
* event or just an instance
*/
function EVLIST_deleteImageLink($A, $token)
{
global $_CONF, $LANG_ADMIN, $LANG_EVLIST;
$retval = '';
if (SEC_hasRights('evlist.admin') || SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
$img = "<img data-uk-tooltip\n src=\"{$_CONF['layout_url']}/images/admin/delete.png\"\n alt=\"{$LANG_ADMIN['delete']}\"\n title=\"{$LANG_ADMIN['delete']}\"\n width=\"14\" height=\"14\"\n class=\"gl_mootip\"> ";
$retval = COM_createLink($img, EVLIST_URL . '/event.php?delrepeat=x&rp_id=' . $A['rp_id'] . '&' . CSRF_TOKEN . '=' . $token, array('onclick' => "return confirm('{$LANG_EVLIST['conf_del_repeat']}');", 'title' => $LANG_ADMIN['delete']));
}
return $retval;
}
/**
* Shows Geeklog blocks
*
* Returns HTML for blocks on a given side and, potentially, for
* a given topic. Currently only used by static pages.
*
* @param string $side Side to get blocks for (right or left for now)
* @param string $topic Only get blocks for this topic
* @param string $name Block name (not used)
* @see function COM_showBlock
* @return string HTML Formated blocks
*
*/
function COM_showBlocks($side, $topic = '', $name = 'all')
{
global $_CONF, $_TABLES, $_USER, $LANG21, $topic, $page;
$retval = '';
// Get user preferences on blocks
if (!isset($_USER['noboxes']) || !isset($_USER['boxes'])) {
if (!COM_isAnonUser()) {
$result = DB_query("SELECT boxes,noboxes FROM {$_TABLES['userindex']} " . "WHERE uid = '{$_USER['uid']}'");
list($_USER['boxes'], $_USER['noboxes']) = DB_fetchArray($result);
} else {
$_USER['boxes'] = '';
$_USER['noboxes'] = 0;
}
}
$blocksql['mssql'] = "SELECT bid, is_enabled, name, type, title, tid, blockorder, cast(content as text) as content, ";
$blocksql['mssql'] .= "rdfurl, rdfupdated, rdflimit, onleft, phpblockfn, help, owner_id, ";
$blocksql['mssql'] .= "group_id, perm_owner, perm_group, perm_members, perm_anon, allow_autotags,UNIX_TIMESTAMP(rdfupdated) AS date ";
$blocksql['mysql'] = "SELECT *,UNIX_TIMESTAMP(rdfupdated) AS date ";
$blocksql['pgsql'] = 'SELECT *, date_part(\'epoch\', rdfupdated) AS date ';
$commonsql = "FROM {$_TABLES['blocks']} WHERE is_enabled = 1";
if ($side == 'left') {
$commonsql .= " AND onleft = 1";
} else {
$commonsql .= " AND onleft = 0";
}
if (!empty($topic)) {
$commonsql .= " AND (tid = '{$topic}' OR tid = 'all')";
} else {
if (COM_onFrontpage()) {
$commonsql .= " AND (tid = 'homeonly' OR tid = 'all')";
} else {
$commonsql .= " AND (tid = 'all')";
}
}
if (!empty($_USER['boxes'])) {
$BOXES = str_replace(' ', ',', $_USER['boxes']);
$commonsql .= " AND (bid NOT IN ({$BOXES}) OR bid = '-1')";
}
$commonsql .= ' ORDER BY blockorder,title ASC';
$blocksql['mysql'] .= $commonsql;
$blocksql['mssql'] .= $commonsql;
$blocksql['pgsql'] .= $commonsql;
$result = DB_query($blocksql);
$nrows = DB_numRows($result);
// convert result set to an array of associated arrays
$blocks = array();
for ($i = 0; $i < $nrows; $i++) {
$blocks[] = DB_fetchArray($result);
}
// Check and see if any plugins have blocks to show
$pluginBlocks = PLG_getBlocks($side, $topic, $name);
$blocks = array_merge($blocks, $pluginBlocks);
// sort the resulting array by block order
$column = 'blockorder';
$sortedBlocks = $blocks;
$num_sortedBlocks = count($sortedBlocks);
for ($i = 0; $i < $num_sortedBlocks - 1; $i++) {
for ($j = 0; $j < $num_sortedBlocks - 1 - $i; $j++) {
if ($sortedBlocks[$j][$column] > $sortedBlocks[$j + 1][$column]) {
$tmp = $sortedBlocks[$j];
$sortedBlocks[$j] = $sortedBlocks[$j + 1];
$sortedBlocks[$j + 1] = $tmp;
}
}
}
$blocks = $sortedBlocks;
// Loop though resulting sorted array and pass associative arrays
// to COM_formatBlock
foreach ($blocks as $A) {
if ($A['type'] == 'dynamic' or SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) > 0) {
$retval .= COM_formatBlock($A, $_USER['noboxes']);
}
}
return $retval;
}
function MG_saveMedia($album_id, $actionURL = '')
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
// check permissions...
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery - Error retrieving album cover.");
}
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access != 3 && !SEC_hasRights('mediagallery.admin')) {
COM_errorLog("Someone has tried to illegally manage (save) Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
$numItems = count($_POST['mid']);
for ($i = 0; $i < $numItems; $i++) {
$media[$i]['mid'] = $_POST['mid'][$i];
$media[$i]['seq'] = $_POST['seq'][$i];
$media[$i]['oldseq'] = $_POST['oldseq'][$i];
$media[$i]['title'] = COM_stripslashes($_POST['mtitle'][$i]);
$media[$i]['description'] = COM_stripslashes($_POST['mdesc'][$i]);
$media[$i]['include_ss'] = $_POST['ss'][$i];
$media[$i]['keywords'] = COM_stripslashes($_POST['mkeywords'][$i]);
$media[$i]['cat_id'] = $_POST['cat_id'][$i];
}
for ($i = 0; $i < $numItems; $i++) {
$media_title_safe = substr($media[$i]['title'], 0, 254);
if ($_MG_CONF['htmlallowed'] != 1) {
$media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_title_safe))));
$media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media[$i]['description']))));
} else {
$media_title = addslashes($media_title_safe);
$media_desc = addslashes($media[$i]['description']);
}
if ($media[$i]['include_ss'] == 1) {
$ss = 1;
} else {
$ss = 0;
}
$media_keywords_safe = substr($media[$i]['keywords'], 0, 254);
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$cat_id = $media[$i]['cat_id'];
$sql = "UPDATE {$_TABLES['mg_media']} SET media_title='" . $media_title . "',media_desc='" . $media_desc . "',include_ss=" . intval($ss) . ",media_keywords='" . $media_keywords . "',media_category=" . $cat_id . " WHERE media_id='" . addslashes($media[$i]['mid']) . "'";
DB_query($sql);
$sql = "UPDATE {$_TABLES['mg_media_albums']}" . " SET media_order=" . intval($media[$i]['seq']) . " WHERE album_id=" . intval($album_id) . " AND media_id='" . addslashes($media[$i]['mid']) . "'";
DB_query($sql);
PLG_itemSaved($media[$i]['mid'], 'mediagallery');
}
MG_reorderMedia($album_id);
// Now do the album cover...
$cover = isset($_POST['cover']) ? COM_applyFilter($_POST['cover'], true) : 0;
if ($cover == 0) {
$cover = -1;
}
// get the filename
// we need to fix this so that it pulls the whole media record, if it is a video / audio file
// we need to see if a thumbnail is attached and then act properly.
if ($cover != -1) {
$sql = "SELECT media_type,media_tn_attached,media_filename " . "FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($cover) . "'";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$row = DB_fetchArray($result);
switch ($row['media_type']) {
case 0:
// image
if ($row['media_tn_attached'] == 1) {
$coverFilename = 'tn_' . $row['media_filename'];
} else {
$coverFilename = $row['media_filename'];
}
break;
default:
// we will treat all the non image media the same...
if ($row['media_tn_attached'] == 1) {
$coverFilename = 'tn_' . $row['media_filename'];
} else {
$coverFilename = '';
}
}
}
if ($coverFilename != '') {
DB_change($_TABLES['mg_albums'], 'album_cover', addslashes($cover), 'album_id', intval($album_id));
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $coverFilename, 'album_id', intval($album_id));
}
}
if ($cover == -2) {
// reset
MG_resetAlbumCover($album_id);
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
echo COM_refresh($actionURL);
exit;
}
/**
* Return link to "delete event" image
*
* Note: Personal events can be deleted if the current user is the owner of the
* calendar and has _read_ access to them.
*
* @param string $mode 'personal' for personal events
* @param array $A event permissions and id
* @param string $token security token
* @return string link or empty string
*
*/
function getDeleteImageLink($mode, $A, $token)
{
global $_CONF, $LANG_CALJP_ADMIN, $LANG_CALJP_2, $_IMAGE_TYPE;
$retval = '';
$img = '<img src="' . $_CONF['site_url'] . '/calendarjp/images/delete_event.' . $_IMAGE_TYPE . '" alt="' . $LANG_CALJP_2[30] . '" title="' . $LANG_CALJP_2[30] . '"' . XHTML . '>';
if ($mode == 'personal') {
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) > 0) {
$retval = COM_createLink($img, $_CONF['site_url'] . '/calendarjp/event.php?action=deleteevent&eid=' . $A['eid'] . '&' . CSRF_TOKEN . '=' . $token);
}
} else {
if (SEC_hasRights('calendarjp.edit')) {
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
$retval = COM_createLink($img, $_CONF['site_admin_url'] . '/plugins/calendarjp/index.php?mode=' . $LANG_CALJP_ADMIN[22] . '&eid=' . $A['eid'] . '&' . CSRF_TOKEN . '=' . $token);
}
}
}
return $retval;
}
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER, $_TOPICS;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
COM_redirect($_CONF['site_admin_url'] . '/topic.php');
}
// Update any child topics to root and un hide them
DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// Need to cycle through stories from topic
// Only delete story if only this one topic
// Make sure to check if this topic is default for story. If is make another topic default.
$object_tables[] = $_TABLES['stories'];
$object_tables[] = $_TABLES['storysubmission'];
$object_tables[] = $_TABLES['blocks'];
$object_tables_id[$_TABLES['stories']] = 'sid';
$object_tables_id[$_TABLES['storysubmission']] = 'sid';
$object_tables_id[$_TABLES['blocks']] = 'bid';
$object_type[$_TABLES['stories']] = 'article';
$object_type[$_TABLES['storysubmission']] = 'article';
$object_type[$_TABLES['blocks']] = 'block';
foreach ($object_tables as $object_table) {
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'";
$result = DB_query($sql);
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
// Now check if another topic exists for this story
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'";
$resultB = DB_query($sql);
$numTopics = DB_numRows($resultB);
if ($numTopics == 0) {
// Delete comments, trackbacks, images associated with stories in this topic since only topic
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
if ($object_table == $_TABLES['stories']) {
PLG_itemDeleted($A['sid'], 'article');
}
}
DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]);
} else {
// Story still exists for other topics so make sure one is default
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
if ($A['tdefault'] == 1) {
$B = DB_fetchArray($resultB);
$sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'";
DB_query($sql);
}
}
}
}
}
// Notify of Delete topic so other plugins can deal with their items without topics
PLG_itemDeleted($tid, 'topic');
// delete these
DB_delete($_TABLES['topic_assignments'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article');
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
/**
* used for the list of topics in admin/topic.php
*
* @param string $fieldName
* @param string $fieldValue
* @param array $A
* @param array $icon_arr
* @param string $token
* @return string
*/
function ADMIN_getListField_topics($fieldName, $fieldValue, $A, $icon_arr, $token)
{
global $_CONF, $LANG_ACCESS, $_TABLES, $LANG27, $LANG32;
$retval = false;
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
switch ($fieldName) {
case 'edit':
if ($access == 3) {
$editUrl = $_CONF['site_admin_url'] . '/topic.php?mode=edit&tid=' . $A['tid'];
$retval = COM_createLink($icon_arr['edit'], $editUrl);
}
break;
case 'sortnum':
if ($_CONF['sortmethod'] === 'sortnum') {
$style = 'style="vertical-align: middle;"';
$upImage = $_CONF['layout_url'] . '/images/admin/up.png';
$downImage = $_CONF['layout_url'] . '/images/admin/down.png';
$url = $_CONF['site_admin_url'] . '/topic.php?mode=change_sortnum' . '&tid=' . $A['tid'] . '&' . CSRF_TOKEN . '=' . $token . '&where=';
$retval .= COM_createLink("<img {$style} alt=\"+\" src=\"{$upImage}\"" . XHTML . ">", $url . 'up', array('title' => $LANG32[44]));
$retval .= ' ' . $fieldValue . ' ';
$retval .= COM_createLink("<img {$style} alt=\"-\" src=\"{$downImage}\"" . XHTML . ">", $url . 'dn', array('title' => $LANG32[45]));
} else {
$retval = $fieldValue;
}
break;
case 'image':
$retval = '';
if (!empty($A['imageurl'])) {
$imageUrl = COM_getTopicImageUrl($A['imageurl']);
$image_tag = '<img src="' . $imageUrl . '" width="24" height="24" id="topic-' . $A['tid'] . '" class="admin-topic-image" alt=""' . XHTML . '>';
$url = COM_buildURL($_CONF['site_url'] . '/index.php?topic=' . $A['tid']);
$retval = COM_createLink($image_tag, $url);
}
break;
case 'topic':
$default = $A['is_default'] == 1 ? $LANG27[24] : '';
$level = -1;
$tid = $A['tid'];
while ($tid !== TOPIC_ROOT) {
$tid = DB_getItem($_TABLES['topics'], 'parent_id', "tid = '{$tid}'");
$level++;
}
$level *= 15;
$content = '<span style="margin-left:' . $level . 'px">' . $fieldValue . '</span>';
$url = COM_buildURL($_CONF['site_url'] . '/index.php?topic=' . $A['tid']);
$retval = COM_createLink($content, $url) . $default;
break;
case 'access':
$retval = $LANG_ACCESS['readonly'];
if ($access == 3) {
$retval = $LANG_ACCESS['edit'];
}
break;
case 'inherit':
case 'hidden':
$yes = empty($LANG27[50]) ? 'Yes' : $LANG27[50];
$no = empty($LANG27[50]) ? 'No' : $LANG27[51];
$retval = $fieldValue == 1 ? $yes : $no;
break;
case 'story':
// Retrieve list of inherited topics
$tid_list = TOPIC_getChildList($A['tid']);
// Calculate number of stories in topic, includes any inherited ones
$sql = "SELECT sid FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta " . "WHERE (draft_flag = 0) AND (date <= NOW()) " . COM_getPermSQL('AND') . "AND ta.type = 'article' AND ta.id = sid " . "AND (ta.tid IN({$tid_list}) " . "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '{$A['tid']}'))) " . "GROUP BY sid";
$result = DB_query($sql);
$numRows = DB_numRows($result);
$retval = COM_numberFormat($numRows);
break;
default:
$retval = $fieldValue;
break;
}
return $retval;
}