Esempio n. 1
0
File: content.php Progetto: cwcw/cms
/**
* Saves the content item an edit form submit
*/
function saveContent(&$access)
{
    global $database, $mainframe, $my;
    global $mosConfig_absolute_path;
    $row = new mosContent($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $isNew = $row->id < 1;
    if ($isNew) {
        // new record
        if (!($access->canEdit || $access->canEditOwn)) {
            mosNotAuth();
            return;
        }
        $row->created = date('Y-m-d H:i:s');
        $row->created_by = $my->id;
    } else {
        // existing record
        if (!($access->canEdit || $access->canEditOwn && $row->created_by == $my->id)) {
            mosNotAuth();
            return;
        }
        $row->modified = date('Y-m-d H:i:s');
        $row->modified_by = $my->id;
    }
    if (trim($row->publish_down) == 'Never') {
        $row->publish_down = '0000-00-00 00:00:00';
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->version++;
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // manage frontpage items
    require_once $mainframe->getPath('class', 'com_frontpage');
    $fp = new mosFrontPage($database);
    if (mosGetParam($_REQUEST, 'frontpage', 0)) {
        // toggles go to first place
        if (!$fp->load($row->id)) {
            // new entry
            $database->setQuery("INSERT INTO #__content_frontpage VALUES ('{$row->id}','1')");
            if (!$database->query()) {
                echo "<script> alert('" . $database->stderr() . "');</script>\n";
                exit;
            }
            $fp->ordering = 1;
        }
    } else {
        // no frontpage mask
        if (!$fp->delete($row->id)) {
            $msg .= $fp->stderr();
        }
        $fp->ordering = 0;
    }
    $fp->updateOrder();
    $row->checkin();
    $row->updateOrder("catid='{$row->catid}'");
    // gets section name of item
    $database->setQuery("SELECT s.title" . "\n FROM #__sections AS s" . "\n WHERE s.scope = 'content'" . "\n AND s.id = '" . $row->sectionid . "'");
    // gets category name of item
    $section = $database->loadResult();
    $database->setQuery("SELECT c.title" . "\n FROM #__categories AS c" . "\n WHERE c.id = '" . $row->catid . "'");
    $category = $database->loadResult();
    if ($isNew) {
        // messaging for new items
        require_once $mosConfig_absolute_path . '/components/com_messages/messages.class.php';
        $database->setQuery("SELECT id FROM #__users WHERE sendEmail = '1'");
        $users = $database->loadResultArray();
        foreach ($users as $user_id) {
            $msg = new mosMessage($database);
            $msg->send($my->id, $user_id, "New Item", sprintf(_ON_NEW_CONTENT, $my->username, $row->title, $section, $category));
        }
    }
    $Itemid = mosGetParam($_POST, 'Returnid', '0');
    mosRedirect('index.php?option=com_content&task=view&id=' . $row->id . '&Itemid=' . $Itemid, $isNew ? _THANK_SUB : _E_ITEM_SAVED);
}
function saveOrder(&$cid)
{
    global $database;
    josSpoofCheck();
    $total = count($cid);
    $order = josGetArrayInts('order');
    $row = new mosContent($database);
    $conditions = array();
    // update ordering values
    for ($i = 0; $i < $total; $i++) {
        $row->load((int) $cid[$i]);
        if ($row->ordering != $order[$i]) {
            $row->ordering = $order[$i];
            if (!$row->store()) {
                echo "<script> alert('" . $database->getErrorMsg() . "'); window.history.go(-1); </script>\n";
                exit;
            }
            // if
            // remember to updateOrder this group
            $condition = "catid=" . (int) $row->catid . " AND state >= 0";
            $found = false;
            foreach ($conditions as $cond) {
                if ($cond[1] == $condition) {
                    $found = true;
                    break;
                }
            }
            // if
            if (!$found) {
                $conditions[] = array($row->id, $condition);
            }
        }
        // if
    }
    // for
    // execute updateOrder for each group
    foreach ($conditions as $cond) {
        $row->load($cond[0]);
        $row->updateOrder($cond[1]);
    }
    // foreach
    // clean any existing cache files
    mosCache::cleanCache('com_content');
    $msg = 'New ordering saved';
    mosRedirect('index2.php?option=com_typedcontent', $msg);
}
Esempio n. 3
0
/**
* saves Copies of items
**/
function copyItemSave($cid, $sectionid, $option)
{
    global $database, $my, $adminLanguage;
    $sectcat = mosGetParam($_POST, 'sectcat', '');
    //seperate sections and categories from selection
    $sectcat = explode(',', $sectcat);
    list($newsect, $newcat) = $sectcat;
    if (!$newsect && !$newcat) {
        mosRedirect("index.php?option=com_content&sectionid=" . $sectionid . "&mosmsg=" . $adminLanguage->A_COMP_CONTENT_ERR_OCCURRED);
    }
    // find section name
    $query = "SELECT a.name" . "\n FROM #__sections AS a" . "\n WHERE a.id = " . $newsect . "";
    $database->setQuery($query);
    $section = $database->loadResult();
    // find category name
    $query = "SELECT  a.name" . "\n FROM #__categories AS a" . "\n WHERE a.id = " . $newcat . "";
    $database->setQuery($query);
    $category = $database->loadResult();
    $total = count($cid);
    for ($i = 0; $i < $total; $i++) {
        $row = new mosContent($database);
        // main query
        $query = "SELECT a.* FROM mos_content AS a" . "\n WHERE a.id = " . $cid[$i] . "";
        $database->setQuery($query);
        $item = $database->loadObjectList();
        // values loaded into array set for store
        $row->id = NULL;
        $row->sectionid = $newsect;
        $row->catid = $newcat;
        $row->hits = '0';
        $row->ordering = '0';
        $row->title = $item[0]->title;
        $row->title_alias = $item[0]->title_alias;
        $row->introtext = $item[0]->introtext;
        $row->fulltext = $item[0]->fulltext;
        $row->state = $item[0]->state;
        $row->mask = $item[0]->mask;
        $row->created = $item[0]->created;
        $row->created_by = $item[0]->created_by;
        $row->created_by_alias = $item[0]->created_by_alias;
        $row->modified = $item[0]->modified;
        $row->modified_by = $item[0]->modified_by;
        $row->checked_out = $item[0]->checked_out;
        $row->checked_out_time = $item[0]->checked_out_time;
        $row->frontpage_up = $item[0]->frontpage_up;
        $row->frontpage_down = $item[0]->frontpage_down;
        $row->publish_up = $item[0]->publish_up;
        $row->publish_down = $item[0]->publish_down;
        $row->images = $item[0]->images;
        $row->attribs = $item[0]->attribs;
        $row->version = $item[0]->parentid;
        $row->parentid = $item[0]->parentid;
        $row->metakey = $item[0]->metakey;
        $row->metadesc = $item[0]->metadesc;
        $row->access = $item[0]->access;
        if (!$row->check()) {
            echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
            exit;
        }
        if (!$row->store()) {
            echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
            exit;
        }
        $row->updateOrder("catid='" . $row->catid . "' AND state >= 0");
    }
    $msg = $total . " " . $adminLanguage->A_COMP_CONTENT_COPIED . ": " . $section . ", " . $adminLanguage->A_COMP_CATEG . ": " . $category;
    mosRedirect('index2.php?option=' . $option . '&sectionid=' . $sectionid . '&mosmsg=' . $msg);
}
Esempio n. 4
0
/**
* Saves the content item an edit form submit
*/
function saveContent(&$access, $task)
{
    global $database, $mainframe, $my;
    global $mosConfig_absolute_path, $mosConfig_offset, $Itemid;
    // simple spoof check security
    josSpoofCheck();
    $nullDate = $database->getNullDate();
    $row = new mosContent($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // sanitise id field
    $row->id = (int) $row->id;
    $isNew = $row->id < 1;
    if ($isNew) {
        // new record
        if (!($access->canEdit || $access->canEditOwn)) {
            mosNotAuth();
            return;
        }
        $row->created = date('Y-m-d H:i:s');
        $row->created_by = $my->id;
    } else {
        // existing record
        if (!($access->canEdit || $access->canEditOwn && $row->created_by == $my->id)) {
            mosNotAuth();
            return;
        }
        $row->modified = date('Y-m-d H:i:s');
        $row->modified_by = $my->id;
    }
    if (strlen(trim($row->publish_up)) <= 10) {
        $row->publish_up .= ' 00:00:00';
    }
    $row->publish_up = mosFormatDate($row->publish_up, _CURRENT_SERVER_TIME_FORMAT, -$mosConfig_offset);
    if (trim($row->publish_down) == 'Never' || trim($row->publish_down) == '') {
        $row->publish_down = $nullDate;
    } else {
        if (strlen(trim($row->publish_down)) <= 10) {
            $row->publish_down .= ' 00:00:00';
        }
        $row->publish_down = mosFormatDate($row->publish_down, _CURRENT_SERVER_TIME_FORMAT, -$mosConfig_offset);
    }
    // code cleaner for xhtml transitional compliance
    $row->introtext = str_replace('<br>', '<br />', $row->introtext);
    $row->fulltext = str_replace('<br>', '<br />', $row->fulltext);
    // remove <br /> take being automatically added to empty fulltext
    $length = strlen($row->fulltext) < 9;
    $search = strstr($row->fulltext, '<br />');
    if ($length && $search) {
        $row->fulltext = NULL;
    }
    $row->title = ampReplace($row->title);
    // Publishing state hardening for Authors
    if (!$access->canPublish) {
        if ($isNew) {
            // For new items - author is not allowed to publish - prevent them from doing so
            $row->state = 0;
        } else {
            // For existing items keep existing state - author is not allowed to change status
            $query = "SELECT state" . "\n FROM #__content" . "\n WHERE id = " . (int) $row->id;
            $database->setQuery($query);
            $state = $database->loadResult();
            if ($state) {
                $row->state = 1;
            } else {
                $row->state = 0;
            }
        }
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->version++;
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // manage frontpage items
    require_once $mainframe->getPath('class', 'com_frontpage');
    $fp = new mosFrontPage($database);
    if (intval(mosGetParam($_REQUEST, 'frontpage', 0))) {
        // toggles go to first place
        if (!$fp->load((int) $row->id)) {
            // new entry
            $query = "INSERT INTO #__content_frontpage" . "\n VALUES ( " . (int) $row->id . ", 1 )";
            $database->setQuery($query);
            if (!$database->query()) {
                echo "<script> alert('" . $database->stderr() . "');</script>\n";
                exit;
            }
            $fp->ordering = 1;
        }
    } else {
        // no frontpage mask
        if (!$fp->delete((int) $row->id)) {
            $msg .= $fp->stderr();
        }
        $fp->ordering = 0;
    }
    $fp->updateOrder();
    $row->checkin();
    $row->updateOrder("catid = " . (int) $row->catid);
    // gets section name of item
    $query = "SELECT s.title" . "\n FROM #__sections AS s" . "\n WHERE s.scope = 'content'" . "\n AND s.id = " . (int) $row->sectionid;
    $database->setQuery($query);
    // gets category name of item
    $section = $database->loadResult();
    $query = "SELECT c.title" . "\n FROM #__categories AS c" . "\n WHERE c.id = " . (int) $row->catid;
    $database->setQuery($query);
    $category = $database->loadResult();
    $category = stripslashes($category);
    if ($isNew) {
        // messaging for new items
        require_once $mosConfig_absolute_path . '/components/com_messages/messages.class.php';
        $query = "SELECT id" . "\n FROM #__users" . "\n WHERE sendEmail = 1";
        $database->setQuery($query);
        $users = $database->loadResultArray();
        foreach ($users as $user_id) {
            $msg = new mosMessage($database);
            $msg->send($my->id, $user_id, "New Item", sprintf(_ON_NEW_CONTENT, $my->username, $row->title, $section, $category));
        }
    }
    $msg = $isNew ? _THANK_SUB : _E_ITEM_SAVED;
    $msg = $my->usertype == 'Publisher' ? _THANK_SUB_PUB : $msg;
    switch ($task) {
        case 'apply':
            $link = $_SERVER['HTTP_REFERER'];
            break;
        case 'apply_new':
            $Itemid = intval(mosGetParam($_POST, 'Returnid', $Itemid));
            $link = 'index.php?option=com_content&task=edit&id=' . $row->id . '&Itemid=' . $Itemid;
            break;
        case 'save':
        default:
            $Itemid = mosGetParam($_POST, 'Returnid', '');
            if ($Itemid) {
                if ($access->canEdit) {
                    $link = 'index.php?option=com_content&task=view&id=' . $row->id . '&Itemid=' . $Itemid;
                } else {
                    $link = 'index.php';
                }
            } else {
                $link = strval(mosGetParam($_POST, 'referer', ''));
            }
            break;
    }
    mosRedirect($link, $msg);
}
Esempio n. 5
0
function saveOrder(&$cid)
{
    global $database;
    $order = mosGetParam($_POST, 'order', array(0));
    $redirect = mosGetParam($_POST, 'redirect', 0);
    $rettask = mosGetParam($_POST, 'returntask', '');
    $row = new mosContent($database);
    $categories = array();
    // update ordering values
    foreach ($cid as $i => $ciditem) {
        $row->load($ciditem);
        if ($row->ordering != $order[$i]) {
            $row->ordering = $order[$i];
            if (!$row->store()) {
                echo "<script> alert('" . $database->getErrorMsg() . "'); window.history.go(-1); </script>\n";
                exit;
            }
            // remember to updateOrder this group
            $categories[$row->catid] = $row->id;
        }
    }
    // execute updateOrder for each group
    foreach ($categories as $catid => $rowid) {
        $row->updateOrder("catid = {$catid} AND state >= 0");
    }
    // foreach
    $msg = T_('New ordering saved');
    switch ($rettask) {
        case 'showarchive':
            mosRedirect('index2.php?option=com_content&task=showarchive&sectionid=' . $redirect, $msg);
            break;
        default:
            mosRedirect('index2.php?option=com_content&sectionid=' . $redirect, $msg);
            break;
    }
    // switch
}
function saveOrder(&$cid)
{
    global $database;
    josSpoofCheck();
    $total = count($cid);
    $redirect = mosGetParam($_POST, 'redirect', 0);
    $rettask = strval(mosGetParam($_POST, 'returntask', ''));
    $order = josGetArrayInts('order');
    $row = new mosContent($database);
    $conditions = array();
    // update ordering values
    for ($i = 0; $i < $total; $i++) {
        $row->load((int) $cid[$i]);
        if ($row->ordering != $order[$i]) {
            $row->ordering = $order[$i];
            if (!$row->store()) {
                echo "<script> alert('" . $database->getErrorMsg() . "'); window.history.go(-1); </script>\n";
                exit;
            }
            // if
            // remember to updateOrder this group
            $condition = "catid = " . (int) $row->catid . " AND state >= 0";
            $found = false;
            foreach ($conditions as $cond) {
                if ($cond[1] == $condition) {
                    $found = true;
                    break;
                }
            }
            // if
            if (!$found) {
                $conditions[] = array($row->id, $condition);
            }
        }
        // if
    }
    // for
    // execute updateOrder for each group
    foreach ($conditions as $cond) {
        $row->load($cond[0]);
        $row->updateOrder($cond[1]);
    }
    // foreach
    // clean any existing cache files
    mosCache::cleanCache('com_content');
    $msg = 'Nova ordenação salva';
    switch ($rettask) {
        case 'showarchive':
            mosRedirect('index2.php?option=com_content&task=showarchive&sectionid=' . $redirect, $msg);
            break;
        default:
            mosRedirect('index2.php?option=com_content&sectionid=' . $redirect, $msg);
            break;
    }
    // switch
}
Esempio n. 7
0
/**
* Saves the content item an edit form submit
*/
function saveContent(&$access)
{
    global $database, $mainframe, $my;
    global $mosConfig_absolute_path;
    $row = new mosContent($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // sanitize
    $row->id = intval($row->id);
    $row->catid = intval($row->catid);
    $row->sectionid = intval($row->sectionid);
    $isNew = $row->id < 1;
    if ($isNew) {
        // new record
        if (!($access->canEdit || $access->canEditOwn)) {
            mosNotAuth();
            return;
        }
        $row->created = date('Y-m-d H:i:s');
        $row->created_by = $my->id;
    } else {
        // existing record
        if (!($access->canEdit || $access->canEditOwn && $row->created_by == $my->id)) {
            mosNotAuth();
            return;
        }
        $row->modified = date('Y-m-d H:i:s');
        $row->modified_by = $my->id;
    }
    if (trim($row->publish_down) == 'Never') {
        $row->publish_down = '0000-00-00 00:00:00';
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->version++;
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // manage frontpage items
    require_once $mainframe->getPath('class', 'com_frontpage');
    $fp = new mosFrontPage($database);
    if (mosGetParam($_REQUEST, 'frontpage', 0)) {
        // toggles go to first place
        if (!$fp->load($row->id)) {
            // new entry
            $database->setQuery("INSERT INTO #__content_frontpage VALUES ('{$row->id}','1')");
            if (!$database->query()) {
                echo "<script> alert('" . $database->stderr() . "');</script>\n";
                exit;
            }
            $fp->ordering = 1;
        }
    } else {
        // no frontpage mask
        if (!$fp->delete($row->id)) {
            $msg .= $fp->stderr();
        }
        $fp->ordering = 0;
    }
    $fp->updateOrder();
    $row->checkin();
    $row->updateOrder("catid='{$row->catid}'");
    // gets section name of item
    $database->setQuery("SELECT s.title" . "\n FROM #__sections AS s" . "\n WHERE s.scope = 'content'" . "\n AND s.id = '" . $row->sectionid . "'");
    // gets category name of item
    $section = $database->loadResult();
    $database->setQuery("SELECT c.title" . "\n FROM #__categories AS c" . "\n WHERE c.id = '" . $row->catid . "'");
    $category = $database->loadResult();
    if ($isNew) {
        // messaging for new items
        require_once $mosConfig_absolute_path . '/components/com_messages/messages.class.php';
        $database->setQuery("SELECT id FROM #__users WHERE sendEmail = '1'");
        $users = $database->loadResultArray();
        if ($users) {
            foreach ($users as $user_id) {
                $msg = new mosMessage($database);
                $msg->send($my->id, $user_id, T_("New Item"), sprintf(T_('A new content item has been submitted by [ %s ]  titled [ %s ]  from section [ %s ]  and category  [ %s ]'), $my->username, $row->title, $section, $category));
            }
        }
    }
    $Itemid = mosGetParam($_POST, 'Returnid', '0');
    $msg = $isNew ? T_('Thanks for your submission; it will be reviewed before being posted to the site.') : T_('Item saved successfully.');
    mosRedirect('index.php', $msg);
}