/**
* Here we do the work
*/
function execute($comment)
{
global $_USER, $LANG_SX00;
$ans = 0;
if (isset($_USER['uid']) && $_USER['uid'] > 1) {
$uid = $_USER['uid'];
} else {
$uid = 1;
}
$sfs = new SFSbase();
if ($sfs->CheckForSpam($comment)) {
$ans = 1;
SPAMX_log($LANG_SX00['foundspam'] . 'Stop Forum Spam (SFS)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
SESS_setVar('spamx_msg', 'Failed Stop Forum Spam IP / username check');
}
// tell the Action module that we've already been triggered
$GLOBALS['sfs_triggered'] = true;
return $ans;
}
/**
* Here we do the work
*/
function execute($comment)
{
global $_USER, $_SPX_CONF, $LANG_SX00;
if (!isset($_SPX_CONF['slc_max_links'])) {
$_SPX_CONF['slc_max_links'] = 5;
}
$tooManyLinks = 0;
if (isset($_USER['uid']) && $_USER['uid'] > 1) {
$uid = $_USER['uid'];
} else {
$uid = 1;
}
$slc = new SLCbase();
$linkCount = $slc->CheckForSpam($comment);
if ($linkCount > $_SPX_CONF['slc_max_links']) {
SPAMX_log($LANG_SX00['foundspam'] . 'Spam Link Counter (SLC)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
$tooManyLinks = 1;
SESS_setVar('spamx_msg', 'Too many links in post');
}
// tell the Action module that we've already been triggered
$GLOBALS['slc_triggered'] = true;
return $tooManyLinks;
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
$msg = COM_getMessage();
if ($msg > 0) {
$pageBody .= COM_showMessage($msg, '', '', 0, 'info');
}
switch ($mode) {
case 'create':
// Got bad account info from registration process, show error
// message and display form again
$pageBody .= newuserform();
break;
default:
if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
SESS_setVar('login_referer', $_SERVER['HTTP_REFERER']);
}
// check to see if this was the last allowed attempt
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]);
} else {
// Show login form
if ($msg != 69 && $msg != 70) {
if ($_CONF['custom_registration'] and function_exists('CUSTOM_loginErrorHandler') && $msg != 0) {
// Typically this will be used if you have a custom main site page and need to control the login process
$pageBody .= CUSTOM_loginErrorHandler($msg);
} else {
$pageBody .= loginform(false, $status);
}
}
}
/**
* Check a security token.
*
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
*
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (_sec_checkToken()) {
SEC_createToken(-1);
return true;
}
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_url'] . '/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_url'] . '/index.php';
}
$method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST';
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$filedata = '';
if (!empty($_FILES)) {
foreach ($_FILES as $key => $file) {
if (is_array($file['name'])) {
foreach ($file['name'] as $offset => $filename) {
if (!empty($file['name'][$offset])) {
$filename = basename($file['tmp_name'][$offset]);
move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'][$offset] = $filename;
}
}
} else {
if (!empty($file['name']) && !empty($file['tmp_name'])) {
$filename = basename($file['tmp_name']);
move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'] = $filename;
}
}
}
$filedata = serialize($_FILES);
}
SESS_setVar('glfusion.auth.method', $method);
SESS_setVar('glfusion.auth.dest', $destination);
SESS_setVar('glfusion.auth.post', $postdata);
SESS_setVar('glfusion.auth.get', $getdata);
if (!empty($filedata)) {
SESS_setVar('glfusion.auth.file', $filedata);
}
$display = COM_siteHeader();
$display .= SEC_tokenreauthForm('', $destination);
$display .= COM_siteFooter();
echo $display;
exit;
}
/**
* Set the view information into a session variable.
* Used to keep track of the last calendar viewed by a visitor so they
* can be returned to the same view after viewing an event detail or
* when returning to the site.
*
* @uses SESS_setVar()
* @param string $type Type of view, 'day', 'month', etc.
* @param integer $year Year number
* @param integer $month Month number
* @param integer $day Day number
*/
function EVLIST_setViewSession($type, $year, $month, $day)
{
SESS_setVar('evlist.current', array('view' => $type, 'date' => array($year, $month, $day)));
}
}
$uid = 0;
if (isset($_POST['uid'])) {
$uid = COM_applyFilter($_POST['uid'], true);
} elseif (isset($_GET['uid'])) {
$uid = COM_applyFilter($_GET['uid'], true);
}
$grp_id = 0;
if (isset($_POST['grp_id'])) {
$grp_id = COM_applyFilter($_POST['grp_id'], true);
} elseif (isset($_GET['grp_id'])) {
$grp_id = COM_applyFilter($_GET['grp_id'], true);
} elseif (SESS_isSet('grp_id')) {
$grp_id = SESS_getVar('grp_id');
}
SESS_setVar('grp_id', $grp_id);
$msg = COM_getMessage();
switch ($action) {
case 'edit':
$display .= COM_siteHeader('menu', $LANG28[1]);
if ($uid == 1) {
$display .= COM_siteHeader('menu', $LANG28[11]);
$display .= COM_showMessageFromParameter();
$display .= USER_list();
$display .= COM_siteFooter();
} else {
$display .= USER_edit($uid, $msg);
$display .= COM_siteFooter();
}
break;
case 'save':
$sort_box_raw .= '<option value="8" ' . ($sortOrder == 8 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views'] . '</option>';
$sort_box_raw .= '<option value="9" ' . ($sortOrder == 9 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views_asc'] . '</option>';
$sort_box_raw .= '<option value="10" ' . ($sortOrder == 10 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha'] . '</option>';
$sort_box_raw .= '<option value="11" ' . ($sortOrder == 11 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha_asc'] . '</option>';
} else {
$sort_box = '';
}
$owner_id = $MG_albums[$album_id]->owner_id;
if ($owner_id == '' || !isset($MG_albums[$album_id]->owner_id)) {
$owner_id = 0;
}
$ownername = DB_getItem($_TABLES['users'], 'username', "uid=" . intval($owner_id));
$album_last_update = MG_getUserDateTimeFormat($MG_albums[$album_id]->last_update);
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file(array('page' => 'album_page.thtml', 'noitems' => 'album_page_noitems.thtml'));
SESS_setVar('mediagallery.album.page', $page + 1);
$T->set_var(array('site_url' => $_MG_CONF['site_url'], 'birdseed' => $birdseed, 'birdseed_ul' => $birdseedUL, 'album_title' => PLG_replaceTags($MG_albums[$album_id]->title, 'mediagallery', 'album_title'), 'url_slideshow' => $url_slideshow, 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&sort=' . $sortOrder, $page + 1, ceil($total_items_in_album / $media_per_page)), 'bottom_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&sort=' . $sortOrder, $page + 1, ceil($total_items_in_album / $media_per_page)), 'page_number' => sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages), 'jumpbox' => $album_jumpbox, 'album_jumpbox_raw' => $album_jumpbox_raw, 'album_id' => $album_id, 'lbslideshow' => $lbSlideShow, 'album_description' => $MG_albums[$album_id]->display_album_desc ? PLG_replaceTags($MG_albums[$album_id]->description, 'mediagallery', 'album_description') : '', 'album_id_display' => $MG_albums[0]->owner_id || $_MG_CONF['enable_media_id'] == 1 ? $LANG_MG03['album_id_display'] . $album_id : '', 'lang_slideshow' => $lang_slideshow, 'select_adminbox' => $admin_box, 'admin_box_items' => $admin_box_items, 'admin_menu' => $admin_menu, 'select_sortbox' => $sort_box, 'select_sortbox_raw' => $sort_box_raw, 'album_last_update' => $album_last_update[0], 'album_owner' => $ownername, 'media_count' => $MG_albums[$album_id]->getMediaCount(), 'lang_search' => $LANG_MG01['search']));
if ($MG_albums[$album_id]->enable_rss) {
$rssfeedname = sprintf($_MG_CONF['rss_feed_name'] . "%06d", $album_id);
$feedUrl = MG_getFeedUrl($rssfeedname . '.rss');
$rsslink = '<a href="' . $feedUrl . '"' . ' type="application/rss+xml">';
$rsslink .= '<img src="' . MG_getImageFile('feed.png') . '" style="border:none;" alt=""/></a>';
$T->set_var('rsslink', $rsslink);
} else {
$T->set_var('rsslink', '');
}
$subscribe = '';
if (!COM_isAnonUser()) {
if (PLG_isSubscribed('mediagallery', '', $album_id, $_USER['uid'])) {
$subscribe = '<a class="subscribelink" href="' . $_MG_CONF['site_url'] . '/subscription.php?op=unsubscribe&sid=' . $album_id . '">' . $LANG01['unsubscribe'] . '</a>';
$subscribe_url = $_MG_CONF['site_url'] . '/subscription.php?op=unsubscribe&sid=' . $album_id;
/**
* Complete the login process - setup new session
*
* Complete the login process - create new session for user
*
* @param int $uid User ID of logged in user
* @return none
*
*/
function SESS_completeLogin($uid)
{
global $_TABLES, $_CONF, $_SYSTEM, $_USER;
$request_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
// build the $_USER array
$userdata = SESS_getUserDataFromId($uid);
$_USER = $userdata;
// save old session data
$savedSessionData = json_encode($_SESSION);
// create the session
$sessid = SESS_newSession($_USER['uid'], $request_ip, $_CONF['session_cookie_timeout']);
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$cookie_domain = $_CONF['cookiedomain'];
$cookie_path = $_CONF['cookie_path'];
setcookie($_COOKIE[$_CONF['cookie_session']], '', time() - 42000, $cookie_path, $cookie_domain, $_CONF['cookiesecure'], true);
}
session_id($sessid);
session_start();
$_SESSION = json_decode($savedSessionData, true);
// initialize session counter
SESS_setVar('session.counter', 1);
if (!isset($_USER['tzid']) || empty($_USER['tzid'])) {
$_USER['tzid'] = $_CONF['timezone'];
}
// Let plugins act on login event
PLG_loginUser($_USER['uid']);
// check and see if they have remember me set
$cooktime = (int) $_USER['cookietimeout'];
if ($cooktime > 0) {
$cookieTimeout = time() + $cooktime;
$token_ttl = $cooktime;
// set userid cookie
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
// set long term cookie
SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
DB_query("UPDATE {$_TABLES['users']} set remote_ip='" . DB_escapeString($request_ip) . "' WHERE uid=" . (int) $_USER['uid'], 1);
if ($_CONF['allow_user_themes']) {
// set theme cookie (or update it )
SEC_setcookie($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
/**
* Save a comment
*
* @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net
* @param string $title Title of comment
* @param string $comment Text of comment
* @param string $sid ID of object receiving comment
* @param int $pid ID of parent comment
* @param string $type Type of comment this is (article, polls, etc)
* @param string $postmode Indicates if text is HTML or plain text
* @return int 0 for success, > 0 indicates error
*
*/
function CMT_saveComment($title, $comment, $sid, $pid, $type, $postmode)
{
global $_CONF, $_TABLES, $_USER, $LANG03;
$ret = 0;
// Get a valid uid
if (empty($_USER['uid'])) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// Sanity check
if (empty($sid) || empty($title) || empty($comment) || empty($type)) {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with one or more missing values.');
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = SESS_getVar('glfusion.commentpresave.error') . '<br/>' . $LANG03[12];
} else {
$msg = $LANG03[12];
}
SESS_setVar('glfusion.commentpresave.error', $msg);
return $ret = 1;
}
// Check that anonymous comments are allowed
if ($uid == 1 && ($_CONF['loginrequired'] == 1 || $_CONF['commentsloginrequired'] == 1)) {
COM_errorLog("CMT_saveComment: IP address {$_SERVER['REMOTE_ADDR']} " . 'attempted to save a comment with anonymous comments disabled for site.');
return $ret = 2;
}
// Check for people breaking the speed limit
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment');
$last = COM_checkSpeedlimit('comment');
if ($last > 0) {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment before the speed limit expired');
return $ret = 3;
}
// Let plugins have a chance to check for spam
$spamcheck = '<h1>' . $title . '</h1><p>' . $comment . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and display message if spam action was taken
if ($result > 0) {
// update speed limit nonetheless
COM_updateSpeedlimit('comment');
// then tell them to get lost ...
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
// Let plugins have a chance to decide what to do before saving the comment, return errors.
if ($someError = PLG_commentPreSave($uid, $title, $comment, $sid, $pid, $type, $postmode)) {
return $someError;
}
$title = COM_checkWords(strip_tags($title));
$comment = CMT_prepareText($comment, $postmode);
// check for non-int pid's
// this should just create a top level comment that is a reply to the original item
if (!is_numeric($pid) || $pid < 0) {
$pid = 0;
}
if (!empty($title) && !empty($comment)) {
COM_updateSpeedlimit('comment');
$title = DB_escapeString($title);
$comment = DB_escapeString($comment);
$type = DB_escapeString($type);
// Insert the comment into the comment table
DB_lockTable($_TABLES['comments']);
if ($pid > 0) {
$result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} WHERE cid = " . (int) $pid . " AND sid = '" . DB_escapeString($sid) . "'");
list($rht, $indent) = DB_fetchArray($result);
if (!DB_error()) {
DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND lft >= {$rht}");
DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '" . DB_escapeString($sid) . "' AND type = '{$type}' AND rht >= {$rht}");
DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "',{$uid},'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht},{$rht}+1,{$indent}+1,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'");
} else {
//replying to non-existent comment or comment in wrong article
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to reply to a non-existent comment or the pid/sid did not match');
$ret = 4;
// Cannot return here, tables locked!
}
} else {
$rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '" . DB_escapeString($sid) . "'");
if (DB_error()) {
$rht = 0;
}
DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'" . DB_escapeString($sid) . "'," . (int) $uid . ",'{$comment}',now(),'{$title}'," . (int) $pid . ",{$rht}+1,{$rht}+2,0,'{$type}','" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'");
}
$cid = DB_insertId();
//set Anonymous user name if present
if (isset($_POST['username'])) {
$name = strip_tags(USER_sanitizeName($_POST['username']));
DB_change($_TABLES['comments'], 'name', DB_escapeString($name), 'cid', (int) $cid);
}
DB_unlockTable($_TABLES['comments']);
CACHE_remove_instance('whatsnew');
if ($type == 'article') {
CACHE_remove_instance('story_' . $sid);
}
// check to see if user has subscribed....
if (!COM_isAnonUser()) {
if (isset($_POST['subscribe']) && $_POST['subscribe'] == 1) {
$itemInfo = PLG_getItemInfo($type, $sid, 'url,title');
if (isset($itemInfo['title'])) {
$id_desc = $itemInfo['title'];
} else {
$id_desc = 'not defined';
}
$rc = PLG_subscribe('comment', $type, $sid, $uid, $type, $id_desc);
} else {
PLG_unsubscribe('comment', $type, $sid);
}
}
// Send notification of comment if no errors and notications enabled for comments
if ($ret == 0 && isset($_CONF['notification']) && in_array('comment', $_CONF['notification'])) {
CMT_sendNotification($title, $comment, $uid, $_SERVER['REMOTE_ADDR'], $type, $cid);
}
if ($ret == 0) {
PLG_sendSubscriptionNotification('comment', $type, $sid, $cid, $uid);
}
} else {
COM_errorLog("CMT_saveComment: {$uid} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
return $ret = 5;
}
return $ret;
}
function COM_setMsg($msg, $type = 'info')
{
$msgArray = array('msg' => $msg, 'type' => $type);
SESS_setVar('glfusion.infoblock', serialize($msgArray));
}
function STORY_list()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24;
USES_lib_admin();
$retval = '';
$form = new Template($_CONF['path_layout'] . 'admin/story/');
$form->set_file('form', 'story_admin.thtml');
if (!empty($_GET['tid'])) {
$current_topic = COM_applyFilter($_GET['tid']);
} elseif (!empty($_POST['tid'])) {
$current_topic = COM_applyFilter($_POST['tid']);
} elseif (!empty($_GET['ptid'])) {
$current_topic = COM_applyFilter($_GET['ptid']);
} else {
if (SESS_isSet('story_admin_topic')) {
$current_topic = SESS_getVar('story_admin_topic');
} else {
$current_topic = $LANG09[9];
}
}
SESS_setVar('story_admin_topic', $current_topic);
if ($current_topic == $LANG09[9]) {
$excludetopics = '';
$seltopics = '';
$topicsql = "SELECT tid,topic FROM {$_TABLES['topics']}" . COM_getPermSQL();
$tresult = DB_query($topicsql);
$trows = DB_numRows($tresult);
if ($trows > 0) {
$excludetopics .= ' (';
for ($i = 1; $i <= $trows; $i++) {
$T = DB_fetchArray($tresult);
if ($i > 1) {
$excludetopics .= ' OR ';
}
$excludetopics .= "tid = '{$T['tid']}'";
$seltopics .= '<option value="' . $T['tid'] . '"';
if ($current_topic == "{$T['tid']}") {
$seltopics .= ' selected="selected"';
}
$seltopics .= '>' . $T['topic'] . ' (' . $T['tid'] . ')' . '</option>' . LB;
}
$excludetopics .= ') ';
}
} else {
$excludetopics = " tid = '{$current_topic}' ";
$seltopics = COM_topicList('tid,topic', $current_topic, 1, true);
}
$alltopics = '<option value="' . $LANG09[9] . '"';
if ($current_topic == $LANG09[9]) {
$alltopics .= ' selected="selected"';
}
$alltopics .= '>' . $LANG09[9] . '</option>' . LB;
$filter = $LANG_ADMIN['topic'] . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">' . $alltopics . $seltopics . '</select>';
$header_arr = array();
$header_arr[] = array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center', 'width' => '35px');
$header_arr[] = array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false, 'align' => 'center', 'width' => '35px');
$header_arr[] = array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true);
$header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true);
$header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false, 'align' => 'center');
$header_arr[] = array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true, 'align' => 'center');
$header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true, 'align' => 'center');
$header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true);
//author
$header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true, 'align' => 'center');
//date
if (SEC_hasRights('story.ping') && ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) {
$header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false, 'align' => 'center');
}
$header_arr[] = array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center');
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']));
if (SEC_inGroup('Root')) {
$menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings');
}
$menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
$form->set_var('block_start', COM_startBlock($LANG24[22], '', COM_getBlockTemplate('_admin_block', 'header')));
$form->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[23], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE));
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/story.php');
$sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, " . "UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . "LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid " . "WHERE 1=1 ";
if (!empty($excludetopics)) {
$excludetopics = 'AND ' . $excludetopics;
}
$query_arr = array('table' => 'stories', 'sql' => $sql, 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'), 'default_filter' => $excludetopics . COM_getPermSQL('AND'));
$token = SEC_createToken();
$form_arr = array('bottom' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>');
$form->set_var('admin_list', ADMIN_list('story', 'STORY_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, $filter, $token, '', $form_arr));
$form->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$retval = $form->parse('output', 'form');
return $retval;
}
/**
* Creates a list of data with a search, filter, clickable headers etc.
*
* @param string $component name of the list
* @param string $fieldfunction name of the function that handles special entries
* @param array $header_arr array of header fields with sortables and table fields
* @param array $text_arr array with different text strings
* @param array $query_arr array with sql-options
* @param array $defsort_arr default sorting values
* @param string $filter additional drop-down filters
* @param string $extra additional values passed to fieldfunction
* @param array $options_arr array of options - used for check-all feature
* @param array $form_arr optional extra forms at top or bottom
* @return string HTML output of function
*
*/
function ADMIN_list($component, $fieldfunction, $header_arr, $text_arr, $query_arr, $defsort_arr, $filter = '', $extra = '', $options_arr = '', $form_arr = '')
{
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ACCESS, $LANG01, $_IMAGE_TYPE, $MESSAGE;
// retrieve the query
if (isset($_GET['q'])) {
$query = strip_tags($_GET['q']);
} else {
if (isset($_POST['q'])) {
$query = strip_tags($_POST['q']);
} else {
if (SESS_isSet($component . '_q')) {
$query = strip_tags(SESS_getVar($component . '_q'));
} else {
$query = '';
}
}
}
// retrieve the query_limit
if (isset($_GET['query_limit'])) {
$query_limit = COM_applyFilter($_GET['query_limit'], true);
} else {
if (isset($_POST['query_limit'])) {
$query_limit = COM_applyFilter($_POST['query_limit'], true);
} else {
if (SESS_isSet($component . '_query_limit')) {
$query_limit = COM_applyFilter(SESS_getVar($component . '_query_limit'), true);
} else {
$query_limit = 50;
}
}
}
// get the current page from the interface. The variable is linked to the
// component, i.e. the plugin/function calling this here to avoid overlap
// the default page number is 1
if (isset($_GET[$component . 'listpage'])) {
$page = COM_applyFilter($_GET[$component . 'listpage'], true);
$curpage = $page;
} else {
if (isset($_POST[$component . 'listpage'])) {
$page = COM_applyFilter($_POST[$component . 'listpage'], true);
$curpage = $page;
} else {
if (SESS_isSet($component . 'listpage')) {
$page = COM_applyFilter(SESS_getVar($component . 'listpage'), true);
$curpage = $page;
} else {
$page = '';
$curpage = 1;
}
}
}
$curpage = $curpage <= 0 ? 1 : $curpage;
// curpagee has to be > 0
// process text_arr for title, help url and form url
$title = (is_array($text_arr) and !empty($text_arr['title'])) ? $text_arr['title'] : '';
$help_url = (is_array($text_arr) and !empty($text_arr['help_url'])) ? $text_arr['help_url'] : '';
$form_url = (is_array($text_arr) and !empty($text_arr['form_url'])) ? $text_arr['form_url'] : '';
// determine what extra options we should use (search, limit, paging)
if (isset($text_arr['has_extras']) && $text_arr['has_extras']) {
# old option, denotes all
$has_search = true;
$has_limit = true;
$has_paging = true;
} else {
$has_search = isset($text_arr['has_search']) && $text_arr['has_search'] ? true : false;
$has_limit = isset($text_arr['has_limit']) && $text_arr['has_limit'] ? true : false;
$has_paging = isset($text_arr['has_paging']) && $text_arr['has_paging'] ? true : false;
}
// process options_arr for chkdelete/chkselect options if any
$chkselect = (is_array($options_arr) and (isset($options_arr['chkselect']) and $options_arr['chkselect'] or isset($options_arr['chkdelete']) and $options_arr['chkdelete'])) ? true : false;
$chkall = (is_array($options_arr) and isset($options_arr['chkall'])) ? $options_arr['chkall'] : true;
$chkname = (is_array($options_arr) and isset($options_arr['chkname'])) ? $options_arr['chkname'] : 'delitem';
$chkfield = (is_array($options_arr) and isset($options_arr['chkfield'])) ? $options_arr['chkfield'] : '';
$chkactions = (is_array($options_arr) and isset($options_arr['chkactions'])) ? $options_arr['chkactions'] : '';
$chkfunction = (is_array($options_arr) and isset($options_arr['chkfunction'])) ? $options_arr['chkfunction'] : 'ADMIN_chkDefault';
$chkminimum = (is_array($options_arr) and isset($options_arr['chkminimum'])) ? $options_arr['chkminimum'] : 1;
# get all template fields.
$admin_templates = new Template($_CONF['path_layout'] . 'admin/lists');
$admin_templates->set_file(array('search' => 'searchmenu.thtml', 'list' => 'list.thtml', 'header' => 'header.thtml', 'row' => 'listitem.thtml', 'field' => 'field.thtml', 'arow' => 'actionrow.thtml'));
# insert std. values into the template
$admin_templates->set_var('form_url', $form_url);
$admin_templates->set_var('lang_edit', $LANG_ADMIN['edit']);
$admin_templates->set_var('lang_delconfirm', $LANG01[125]);
if (isset($form_arr['top'])) {
$admin_templates->set_var('formfields_top', $form_arr['top']);
}
if (isset($form_arr['bottom'])) {
$admin_templates->set_var('formfields_bottom', $form_arr['bottom']);
}
// Check if the delete checkbox and support for the delete all feature should be displayed
if ($chkselect) {
if ($chkall) {
$admin_templates->set_var('header_text', '<input type="checkbox" name="chk_selectall" title="' . $LANG01[126] . '" onclick="caItems(this.form,\'' . $chkname . '\');"/>');
} else {
$admin_templates->set_var('header_text', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />');
}
$admin_templates->set_var('class', 'admin-list-field');
$admin_templates->set_var('header_column_style', 'style="text-align:center;width:25px;"');
// always center checkbox
$admin_templates->parse('header_row', 'header', true);
}
$icon_arr = ADMIN_getIcons();
if ($has_search) {
// show search
$admin_templates->set_var('lang_search', $LANG_ADMIN['search']);
$admin_templates->set_var('lang_submit', $LANG_ADMIN['submit']);
$admin_templates->set_var('last_query', htmlspecialchars($query));
$admin_templates->set_var('filter', $filter);
}
$sql = $query_arr['sql'];
// get sql from array that builds data
if (isset($_GET['orderby']) || SESS_isSet($component . '_orderby')) {
if (isset($_GET['orderby'])) {
$orderbyidx = COM_applyFilter($_GET['orderby'], true);
} else {
$orderbyidx = COM_applyFilter(SESS_getVar($component . '_orderby'), true);
}
if (isset($header_arr[$orderbyidx]['field']) && $header_arr[$orderbyidx]['sort'] != false) {
$orderidx_link = "&orderby={$orderbyidx}";
// preserve the value for paging
$orderby = $header_arr[$orderbyidx]['field'];
// get the field name to sort by
} else {
$orderby = $defsort_arr['field'];
// not set - use default (this could be null)
$orderidx_link = '';
$orderbyidx = '';
}
} else {
$orderby = $defsort_arr['field'];
// not set - use default (this could be null)
$orderidx_link = '';
$orderbyidx = '';
}
// set sort direction. defaults to ASC
if (isset($_GET['direction'])) {
$direction = COM_applyFilter($_GET['direction']);
} else {
if (SESS_isSet($component . '_direction')) {
$direction = SESS_getVar($component . '_direction');
} else {
$direction = $defsort_arr['direction'];
}
}
$direction = strtoupper($direction) == 'DESC' ? 'DESC' : 'ASC';
// retrieve previous sort order field
if (isset($_GET['prevorder'])) {
$prevorder = COM_applyFilter($_GET['prevorder']);
} else {
$prevorder = '';
}
// reverse direction if previous order field was the same (this is a toggle)
if ($orderby == $prevorder) {
// reverse direction if prev. order was the same
$direction = $direction == 'DESC' ? 'ASC' : 'DESC';
}
SESS_setVar($component . 'listpage', $page);
SESS_setVar($component . '_q', $query);
SESS_setVar($component . '_query_limit', $query_limit);
SESS_setVar($component . '_direction', $direction);
SESS_setVar($component . '_orderby', $orderbyidx);
// ok now let's build the order sql
$orderbysql = !empty($orderby) ? "ORDER BY {$orderby} {$direction}" : '';
// assign proper arrow img based upon order
$arrow_img = $direction == 'ASC' ? 'ascending' : 'descending';
$img_arrow_url = "{$_CONF['layout_url']}/images/admin/{$arrow_img}.{$_IMAGE_TYPE}";
$attr['style'] = "vertical-align:text-top;";
$img_arrow = ' ' . COM_createImage($img_arrow_url, $arrow_img, $attr);
# HEADER FIELDS array(text, field, sort, align, class) =====================
// number of columns in each row
$ncols = count($header_arr);
for ($i = 0; $i < $ncols; $i++) {
$header_text = isset($header_arr[$i]['text']) && !empty($header_arr[$i]['text']) ? $header_arr[$i]['text'] : '';
// check to see if field is sortable
if (isset($header_arr[$i]['sort']) && $header_arr[$i]['sort'] != false) {
// add the sort indicator
$header_text .= $orderby == $header_arr[$i]['field'] ? $img_arrow : '';
// change the mouse to a pointer
$th_subtags = " onmouseover=\"this.style.cursor='pointer';\"";
// create an index so we know what to sort
$separator = strpos($form_url, '?') > 0 ? '&' : '?';
// ok now setup the parameters to preserve:
// sort field and direction
$th_subtags .= " onclick=\"window.location.href='{$form_url}{$separator}" . "orderby={$i}&prevorder={$orderby}&direction={$direction}";
// page number
$th_subtags .= !empty($page) ? '&' . $component . 'listpage=' . $page : '';
// query
$th_subtags .= !empty($query) ? '&q=' . urlencode($query) : '';
// query limit
$th_subtags .= !empty($query_limit) ? '&query_limit=' . $query_limit : '';
$th_subtags .= "';\"";
} else {
$th_subtags = '';
}
// apply field styling if specified
if (!empty($header_arr[$i]['header_class'])) {
$admin_templates->set_var('class', $header_arr[$i]['header_class']);
} else {
$admin_templates->set_var('class', 'admin-list-headerfield');
}
// apply field alignment options if specified
$header_column_style = '';
if (!empty($header_arr[$i]['align'])) {
if ($header_arr[$i]['align'] == 'center') {
$header_column_style = 'text-align:center;';
} elseif ($header_arr[$i]['align'] == 'right') {
$header_column_style = 'text-align:right;';
}
}
// apply field wrap option if specified
$header_column_style .= isset($header_arr[$i]['nowrap']) ? ' white-space:nowrap;' : '';
// apply field width option if specified
$header_column_style .= isset($header_arr[$i]['width']) ? ' width:' . $header_arr[$i]['width'] . ';' : '';
// apply field style option if specified
if (!empty($header_column_style)) {
$admin_templates->set_var('header_column_style', 'style="' . $header_column_style . '"');
} else {
$admin_templates->clear_var('header_column_style');
}
// output the header field
$admin_templates->set_var('header_text', $header_text);
$admin_templates->set_var('th_subtags', $th_subtags);
$admin_templates->parse('header_row', 'header', true);
// clear all for next header
$admin_templates->clear_var('th_subtags');
$admin_templates->clear_var('class');
$admin_templates->clear_var('header_text');
}
if ($has_limit) {
$admin_templates->set_var('lang_limit_results', $LANG_ADMIN['limit_results']);
$limit = !empty($query_limit) ? $query_limit : 50;
// query limit (default=50)
if ($query != '') {
# set query into form after search
$admin_templates->set_var('query', urlencode($query));
} else {
$admin_templates->set_var('query', '');
}
$admin_templates->set_var('query_limit', $query_limit);
# choose proper dropdown field for query limit
$admin_templates->set_var($limit . '_selected', 'selected="selected"');
// set the default sql filter (if any)
$filtersql = isset($query_arr['default_filter']) && !empty($query_arr['default_filter']) ? " {$query_arr['default_filter']}" : '';
// now add the query fields
if (!empty($query)) {
# add query fields with search term
$filtersql .= " AND (";
for ($f = 0; $f < count($query_arr['query_fields']); $f++) {
$filtersql .= $query_arr['query_fields'][$f] . " LIKE '%" . DB_escapeString($query) . "%'";
if ($f < count($query_arr['query_fields']) - 1) {
$filtersql .= " OR ";
}
}
$filtersql .= ")";
}
$num_pagessql = $sql . $filtersql;
$num_pagesresult = DB_query($num_pagessql);
$num_rows = DB_numRows($num_pagesresult);
$num_pages = ceil($num_rows / $limit);
$curpage = $num_pages < $curpage ? 1 : $curpage;
// don't go beyond possible results
$offset = ($curpage - 1) * $limit;
$limitsql = "LIMIT {$offset},{$limit}";
// get only current page data
$admin_templates->set_var('lang_records_found', $LANG_ADMIN['records_found']);
$admin_templates->set_var('records_found', COM_numberFormat($num_rows));
}
if ($has_search || $has_limit || $has_paging) {
$admin_templates->parse('search_menu', 'search', true);
} else {
$admin_templates->set_var('search_menu', '');
}
# form the sql query to retrieve the data
if (!isset($filtersql)) {
$filtersql = '';
}
if (!isset($orderbysql)) {
$orderbysql = '';
}
if (!isset($limitsql)) {
$limitsql = '';
}
$sql .= "{$filtersql} {$orderbysql} {$limitsql};";
$result = DB_query($sql);
// number of rows/records to display
$nrows = DB_numRows($result);
$r = 1;
# r is the counter for the actual displayed rows for correct coloring
for ($i = 0; $i < $nrows; $i++) {
# now go through actual data
$A = DB_fetchArray($result);
$row_output = false;
# as long as no fields are returned, dont print row
if ($chkselect) {
$admin_templates->set_var('class', 'admin-list-field');
$admin_templates->set_var('column_style', 'style="text-align:center;"');
// always center checkbox
if ($chkfunction($A)) {
$admin_templates->set_var('itemtext', '<input type="checkbox" name="' . $chkname . '[]" value="' . $A[$chkfield] . '" title="' . $LANG_ADMIN['select'] . '"/>');
} else {
$admin_templates->set_var('itemtext', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />');
}
$admin_templates->parse('item_field', 'field', true);
}
for ($j = 0; $j < $ncols; $j++) {
$fieldname = $header_arr[$j]['field'];
# get field name from headers
$fieldvalue = '';
if (!empty($A[$fieldname])) {
# is there a field in data like that?
$fieldvalue = $A[$fieldname];
# yes, get its data
}
if (!empty($fieldfunction) && !empty($extra)) {
$fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr, $extra);
} else {
if (!empty($fieldfunction)) {
# do we have a fieldfunction?
$fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr);
} else {
# if not just take the value
$fieldvalue = $fieldvalue;
}
}
if ($fieldvalue !== false) {
# return was there, so write line
$row_output = true;
} else {
$fieldvalue = '';
// dont give empty fields
}
if (!empty($header_arr[$j]['field_class'])) {
$admin_templates->set_var('class', $header_arr[$j]['field_class']);
} else {
$admin_templates->set_var('class', 'admin-list-field');
}
// process field alignment option if specified
$column_style = '';
if (!empty($header_arr[$j]['align'])) {
if ($header_arr[$j]['align'] == 'center') {
$column_style = 'text-align:center;';
} elseif ($header_arr[$j]['align'] == 'right') {
$column_style = 'text-align:right;';
}
}
$column_style .= isset($header_arr[$j]['nowrap']) ? ' white-space:nowrap;' : '';
if (!empty($column_style)) {
$admin_templates->set_var('column_style', 'style="' . $column_style . '"');
} else {
$admin_templates->clear_var('column_style');
}
$admin_templates->set_var('itemtext', $fieldvalue);
# write field
$admin_templates->parse('item_field', 'field', true);
}
if ($row_output) {
# there was data in at least one field, so print line
$r++;
# switch to next color
$admin_templates->set_var('cssid', $r % 2 + 1);
# make alternating table color
$admin_templates->parse('item_row', 'row', true);
# process the complete row
}
$admin_templates->clear_var('item_field');
# clear field
}
if ($nrows == 0) {
# there is no data. return notification message.
$message = isset($no_data) ? $text_arr['no_data'] : $LANG_ADMIN['no_results'];
$admin_templates->set_var('message', $message);
} else {
// $footer_cols = ($chkselect) ? $ncols + 1 : $ncols;
// $admin_templates->set_var('footer_row', '<tr><td colspan="' . $footer_cols . '"><div style="margin:2px 0 2px 0;border-top:1px solid #cccccc"></div></td></tr>');
}
// if we displayed data, and chkselect option is available, display the
// actions row for all selected items. provide a delete action as a minimum
if ($nrows > 0 and $chkselect) {
$actions = '<td style="text-align:center;">' . '<img src="' . $_CONF['layout_url'] . '/images/admin/action.' . $_IMAGE_TYPE . '" alt="" /></td>';
$actions .= '<td colspan="' . $ncols . '">' . $LANG_ADMIN['action'] . ' ';
if (empty($chkactions)) {
$actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete'];
} else {
$actions .= $chkactions;
}
$actions .= '</td>';
$admin_templates->set_var('actions', $actions);
$admin_templates->parse('action_row', 'arow', true);
}
// perform the paging
if ($has_paging) {
$hasargs = strstr($form_url, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
if (!empty($query)) {
# port query to next page
$base_url = $form_url . $sep . 'q=' . urlencode($query) . "&query_limit={$query_limit}{$orderidx_link}&direction={$direction}";
} else {
$base_url = $form_url . $sep . "query_limit={$query_limit}{$orderidx_link}&direction={$direction}";
}
if ($num_pages > 1) {
# print actual google-paging
$admin_templates->set_var('google_paging', COM_printPageNavigation($base_url, $curpage, $num_pages, $component . 'listpage='));
} else {
$admin_templates->set_var('google_paging', '');
}
}
// return the html output
$admin_templates->parse('output', 'list');
$retval = !empty($title) ? COM_startBlock($title, $help_url, COM_getBlockTemplate('_admin_block', 'header')) : '';
$retval .= $admin_templates->finish($admin_templates->get_var('output'));
$retval .= !empty($title) ? COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')) : '';
return $retval;
}
