function bloggernewpost($m) { global $xmlrpcerruser; // import user errcode value global $blog_ID, $cache_userdata, $tableposts, $use_rss, $use_weblogsping, $post_autobr; global $post_default_title, $post_default_category; global $cafelogID, $sleep_after_edit; $err = ""; dbconnect(); $username = $m->getParam(2); $password = $m->getParam(3); $content = $m->getParam(4); $username = $username->scalarval(); $password = $password->scalarval(); $content = $content->scalarval(); if (user_pass_ok($username, $password)) { $userdata = get_userdatabylogin($username); $user_ID = $userdata["ID"]; $user_level = $userdata["user_level"]; if ($user_level < 1) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, level 0 users can not post"); } $post_title = addslashes(xmlrpc_getposttitle($content)); $post_category = xmlrpc_getpostcategory($content); $content = xmlrpc_removepostdata($content); $content = format_to_post($content); $time_difference = get_settings("time_difference"); $now = date("Y-m-d H:i:s", time() + $time_difference * 3600); $sql = "INSERT INTO {$tableposts} (post_author, post_date, post_content, post_title, post_category) VALUES ('{$user_ID}','{$now}','{$content}','{$post_title}','{$post_category}')"; $result = mysql_query($sql); if (!$result) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "For some strange yet very annoying reason, your entry couldn't be posted."); } $post_ID = mysql_insert_id(); if (!isset($blog_ID)) { $blog_ID = 1; } if (isset($sleep_after_edit) && $sleep_after_edit > 0) { sleep($sleep_after_edit); } rss_update($blog_ID); pingWeblogs($blog_ID); pingCafelog($cafelogID, $post_title, $post_ID); pingBlogs($blog_ID); pingback($content, $post_ID); logIO("O", "Posted ! ID: {$post_ID}"); return new xmlrpcresp(new xmlrpcval("{$post_ID}")); } else { logIO("O", "Wrong username/password combination <b>{$username} / {$password}</b>"); return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
function mweditpost($params) { // ($postid, $user, $pass, $content, $publish) global $xmlrpcerruser; $xpostid = $params->getParam(0); $xuser = $params->getParam(1); $xpass = $params->getParam(2); $xcontent = $params->getParam(3); $xpublish = $params->getParam(4); $ID = $xpostid->scalarval(); $username = $xuser->scalarval(); $password = $xpass->scalarval(); $contentstruct = xmlrpc_decode1($xcontent); $postdata = wp_get_single_post($ID); if (!$postdata) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "No such post {$ID}."); } $userdata = get_userdatabylogin($username); $user_ID = $userdata->ID; $user_level = $userdata->user_level; $post_author_ID = $postdata->post_author; $post_authordata = get_userdata($post_author_ID); if ($user_ID != $post_author_ID && $user_level <= $post_authordata->user_level) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, you do not have the right to edit this post."); } // Check login if (user_pass_ok($username, $password)) { if ($user_level < 1) { return new xmlrpcresp(0, $xmlrpcerruser + 1, "Sorry, level 0 users cannot edit posts"); } extract($postdata); $post_title = $contentstruct['title']; $post_content = format_to_post($contentstruct['description']); $catnames = $contentstruct['categories']; logIO("O", "Cat Count" . count($catnames)); foreach ($catnames as $cat) { $post_category[] = get_cat_ID($cat); } $post_excerpt = $contentstruct['mt_excerpt']; $post_more = $contentstruct['mt_text_more']; $post_status = $xpublish->scalarval() ? 'publish' : 'draft'; if ($post_more) { $post_content = $post_content . "\n<!--more-->\n" . $post_more; } $comment_status = 1 == $contentstruct['mt_allow_comments'] ? 'open' : 'closed'; $ping_status = $contentstruct['mt_allow_pings'] ? 'open' : 'closed'; $time_difference = get_settings("time_difference"); $dateCreated = $contentstruct['dateCreated']; $dateCreated = $dateCreated ? iso8601_decode($contentstruct['dateCreated']) : time() + $time_difference * 3600; $post_date = date("Y-m-d H:i:s", $dateCreated); // We've got all the data -- post it: $newpost = compact('ID', 'post_content', 'post_title', 'post_category', 'post_status', 'post_excerpt', 'comment_status', 'ping_status', 'post_date'); $newpost_ID = wp_update_post($newpost); if (!$newpost_ID) { return new xmlrpcresp(0, $xmlrpcerruser + 2, "For some strange yet very annoying reason, your entry could not be posted."); } if (!isset($blog_ID)) { $blog_ID = 1; } if (isset($sleep_after_edit) && $sleep_after_edit > 0) { sleep($sleep_after_edit); } pingWeblogs($blog_ID); pingCafelog($cafelogID, $post_title, $post_ID); pingBlogs($blog_ID); pingback($content, $post_ID); trackback_url_list($content_struct['mt_tb_ping_urls'], $post_ID); logIO("O", "(MW) Edited ! ID: {$post_ID}"); $myResp = new xmlrpcval($ID, "string"); return new xmlrpcresp($myResp); } else { logIO("O", "(MW) Wrong username/password combination <b>{$username} / {$password}</b>"); return new xmlrpcresp(0, $xmlrpcerruser + 3, 'Wrong username/password combination ' . $username . ' / ' . starify($password)); } }
if ($autobr) { $content = autobrize($content); } if (!$thisisforfunonly) { $post_title = addslashes(trim($post_title)); $content = addslashes(trim($content)); $sql = "INSERT INTO {$tableposts} (post_author, post_date, post_content, post_title, post_category) VALUES ({$post_author}, '{$post_date}', '{$content}', '{$post_title}', {$post_category})"; $result = mysql_query($sql) or die('Couldn\'t add post: ' . mysql_error()); $post_ID = mysql_insert_id(); if (isset($sleep_after_edit) && $sleep_after_edit > 0) { sleep($sleep_after_edit); } $blog_ID = 1; rss_update($blog_ID); pingWeblogs($blog_ID); pingCafelog($cafelogID, $post_title, $post_ID); pingBlogs($blog_ID); pingback($content, $post_ID); } echo "\n<p><b>Posted title:</b> {$post_title}<br />"; echo "\n<b>Posted content:</b><br /><xmp>" . $content . '</xmp></p>'; if (!$pop3->delete($iCount)) { echo '<p>oops ' . $pop3->ERROR . '</p></div>'; $pop3->reset(); exit; } else { echo "<p>Mission complete, message <b>{$iCount}</b> deleted </p>"; } } else { echo '<p><b>Level 0 users can\'t post.</b></p>'; }