function display_page($p) { $page = $this->db->quick_query('SELECT * FROM %ppages WHERE page_id=%d', $p); if (!$page) { return $this->error('The page you are looking for does not exist. It may have been deleted or the URL is incorrect.', 404); } $xtpl = new XTemplate('./skins/' . $this->skin . '/page.xtpl'); $this->title($page['page_title']); $this->meta_description($page['page_meta']); $sidebar = null; $content = $this->format($page['page_content'], $page['page_flags']); if ($page['page_flags'] & POST_HTML && $page['page_flags'] & POST_BBCODE) { $content = html_entity_decode($content, ENT_COMPAT, 'UTF-8'); } $xtpl->assign('content', $content); if ($page['page_flags'] & POST_SIDEBAR) { $SideBar = new sidebar($this); $sidebar = $SideBar->build_sidebar(); $xtpl->parse('Page.HasSidebar'); } else { $xtpl->parse('Page.NoSidebar'); } $xtpl->assign('sidebar', $sidebar); $xtpl->parse('Page'); return $xtpl->text('Page'); }
function view_cat($cid) { if ($this->settings['friendly_urls']) { $cid = str_replace('-', ' ', $cid); $cat = $this->db->quick_query("SELECT * FROM %pblogcats WHERE cat_name='%s'", $cid); } else { $cat = $this->db->quick_query('SELECT * FROM %pblogcats WHERE cat_id=%d', $cid); } if (!$cat) { return $this->error('The blog category you are looking for does not exist. It may have been deleted or the URL is incorrect.', 404); } $xtpl = new XTemplate('./skins/' . $this->skin . '/cat.xtpl'); $this->title('Category: ' . $cat['cat_name']); $this->meta_description($cat['cat_description']); $xtpl->assign('cat_name', htmlspecialchars($cat['cat_name'])); $xtpl->assign('cat_desc', $this->format($cat['cat_description'], POST_BBCODE)); $Posts = null; $where = null; if ($this->user['user_level'] > USER_GUEST) { $where = "pc.pc_cat={$cat['cat_id']} AND post_flags & " . POST_PUBLISHED; } else { $where = "pc.pc_cat={$cat['cat_id']} AND post_flags & " . POST_PUBLISHED . " AND !(post_flags & " . POST_MEMBERSONLY . ")"; } $result = $this->db->dbquery('SELECT p.post_id, p.post_subject, p.post_date, u.user_name FROM %ppostcats pc LEFT JOIN %pblogposts p ON p.post_id = pc.pc_post LEFT JOIN %pusers u ON u.user_id=p.post_user WHERE ' . $where . ' ORDER BY p.post_date DESC'); while ($post = $this->db->assoc($result)) { $xtpl->assign('subject', htmlspecialchars($post['post_subject'])); $xtpl->assign('author', htmlspecialchars($post['user_name'])); $xtpl->assign('date', date($this->settings['blog_dateformat'], $post['post_date'])); if ($this->settings['friendly_urls']) { $post_url = $this->settings['site_address'] . $this->clean_url($post['post_subject']) . "-{$post['post_id']}.html"; } else { $post_url = "{$this->settings['site_address']}index.php?a=blog&p={$post['post_id']}"; } $xtpl->assign('post_url', $post_url); $xtpl->parse('Category.Post'); } $SideBar = new sidebar($this); $xtpl->assign('sidebar', $SideBar->build_sidebar()); $xtpl->parse('Category'); return $xtpl->text('Category'); }
function view_post($p) { $post = $this->db->quick_query('SELECT p.*, u.* FROM %pblogposts p LEFT JOIN %pusers u ON u.user_id=p.post_user WHERE post_id=%d', $p); if (isset($this->get['title'])) { if ($this->clean_url($post['post_subject']) != $this->get['title']) { $post = null; } } if (!$post || $post['post_flags'] & POST_MEMBERSONLY && $this->user['user_level'] == USER_GUEST) { return $this->error('The blog entry you are looking for is not available. It may have been deleted, is restricted from viewing, or the URL is incorrect.', 404); } if (!($post['post_flags'] & POST_PUBLISHED)) { if ($this->user['user_level'] < USER_CONTRIBUTOR) { return $this->error('The blog entry you are looking for is not available. It may have been deleted, is restricted from viewing, or the URL is incorrect.', 404); } } $this->title($post['post_subject']); $this->meta_description($post['post_summary']); if (isset($this->post['submit']) || isset($this->post['preview'])) { if ($this->closed_content($post, COMMENT_BLOG)) { return $this->error('Sorry, this blog entry is closed for commenting.', 403); } if ($post['post_flags'] & POST_MEMBERSONLY && $this->user['user_level'] < USER_MEMBER) { return $this->error('Sorry, comments are only available to registered users for this post.', 403); } if ($post['post_flags'] & POST_RESTRICTED_COMMENTS && $this->user['user_level'] < USER_MEMBER) { return $this->error('Sorry, comments are only available to registered users for this post.', 403); } $result = $this->comments->post_comment(COMMENT_BLOG, $post['post_subject'], $p); if (is_string($result)) { return $result; } if (isset($this->post['request_uri'])) { header('Location: ' . $this->post['request_uri']); } if ($this->settings['friendly_urls']) { $link = $this->settings['site_address'] . $this->clean_url($post['post_subject']) . "-{$p}.html&c={$result}#comment-{$result}"; } else { $link = "{$this->settings['site_address']}index.php?a=blog&p={$p}&c={$result}#comment-{$result}"; } header('Location: ' . $link); } if (isset($this->get['num'])) { $num = intval($this->get['num']); } else { $num = $this->settings['blog_commentsperpage']; } if ($num > $this->settings['blog_commentsperpage']) { $num = $this->settings['blog_commentsperpage']; } $min = isset($this->get['min']) ? intval($this->get['min']) : 0; if (isset($this->get['c'])) { $cmt = intval($this->get['c']); // We need to find what page the requested comment is on $coms = $this->db->quick_query("SELECT COUNT(comment_id) count FROM %pblogcomments WHERE comment_post=%d AND comment_id < %d AND comment_type=%d", $p, $cmt, COMMENT_BLOG); if ($coms) { $count = $coms['count'] + 1; } else { $count = 0; } $min = 0; // Start at the first page regardless while ($count > $min + $num) { $min += $num; } } $xtpl = new XTemplate('./skins/' . $this->skin . '/blog_viewpost.xtpl'); $older = null; $newer = null; if ($this->user['user_level'] >= USER_CONTRIBUTOR) { $next_post = $this->db->quick_query('SELECT post_id, post_subject FROM %pblogposts WHERE post_date > %d ORDER BY post_date ASC LIMIT 1', $post['post_date']); } elseif ($this->user['user_level'] > USER_GUEST) { $next_post = $this->db->quick_query('SELECT post_id, post_subject FROM %pblogposts WHERE post_date > %d AND (post_flags & %d) ORDER BY post_date ASC LIMIT 1', $post['post_date'], POST_PUBLISHED); } else { $next_post = $this->db->quick_query('SELECT post_id, post_subject FROM %pblogposts WHERE post_date > %d AND (post_flags & %d) AND !(post_flags & %d) ORDER BY post_date ASC LIMIT 1', $post['post_date'], POST_PUBLISHED, POST_MEMBERSONLY); } if ($next_post) { if ($this->settings['friendly_urls']) { $new_sub_link = $this->settings['site_address'] . $this->clean_url($next_post['post_subject']) . "-{$next_post['post_id']}.html"; } else { $new_sub_link = "{$this->settings['site_address']}index.php?a=blog&p={$next_post['post_id']}"; } $new_sub = htmlspecialchars($next_post['post_subject']); $newer = "<a href=\"{$new_sub_link}\">{$new_sub}</a> »"; } if ($this->user['user_level'] >= USER_CONTRIBUTOR) { $prev_post = $this->db->quick_query('SELECT post_id, post_subject FROM %pblogposts WHERE post_date < %d ORDER BY post_date DESC LIMIT 1', $post['post_date']); } elseif ($this->user['user_level'] > USER_GUEST) { $prev_post = $this->db->quick_query('SELECT post_id, post_subject FROM %pblogposts WHERE post_date < %d AND (post_flags & %d) ORDER BY post_date DESC LIMIT 1', $post['post_date'], POST_PUBLISHED); } else { $prev_post = $this->db->quick_query('SELECT post_id, post_subject FROM %pblogposts WHERE post_date < %d AND (post_flags & %d) AND !(post_flags & %d) ORDER BY post_date DESC LIMIT 1', $post['post_date'], POST_PUBLISHED, POST_MEMBERSONLY); } if ($prev_post) { if ($this->settings['friendly_urls']) { $new_sub_link = $this->settings['site_address'] . $this->clean_url($prev_post['post_subject']) . "-{$prev_post['post_id']}.html"; } else { $new_sub_link = "{$this->settings['site_address']}index.php?a=blog&p={$prev_post['post_id']}"; } $new_sub = htmlspecialchars($prev_post['post_subject']); $older = "« <a href=\"{$new_sub_link}\">{$new_sub}</a>"; } if ($older || $newer) { $xtpl->assign('older', $older); $xtpl->assign('newer', $newer); $xtpl->parse('BlogPost.NavLinks'); } $SideBar = new sidebar($this); $xtpl->assign('sidebar', $SideBar->build_sidebar($post['post_date'])); $xtpl->assign('date', date($this->settings['blog_dateformat'], $post['post_date'])); $subject = htmlspecialchars($post['post_subject']); $xtpl->assign('subject', $subject); $xtpl->assign('unpublished', !($post['post_flags'] & POST_PUBLISHED) ? ' <span style="color:yellow"> [UNPUBLISHED ENTRY]</span>' : null); if (!empty($post['post_image'])) { $xtpl->assign('image', $this->postimages_dir . $post['post_image']); $xtpl->parse('BlogPost.Image'); } $text = str_replace("[more]", "", $post['post_text']); $text = $this->format($text, $post['post_flags']); if ($post['post_flags'] & POST_HTML && $post['post_flags'] & POST_BBCODE) { $text = html_entity_decode($text, ENT_COMPAT, 'UTF-8'); } if ($this->settings['blog_signature_on'] && !empty($post['user_signature'])) { $params = POST_BBCODE | POST_EMOTICONS; $sig = $this->format($post['user_signature'], $params); $text .= '<br /><span class="signature">.........................<br />' . $sig . '</span>'; } $xtpl->assign('text', $text); $xtpl->assign('post_author', htmlspecialchars($post['user_name'])); $xtpl->assign('icon', $this->display_icon($post['user_icon'])); if ($this->settings['friendly_urls']) { $post_link = $this->settings['site_address'] . $this->clean_url($post['post_subject']) . "-{$post['post_id']}.html"; } else { $post_link = "{$this->settings['site_address']}index.php?a=blog&p={$post['post_id']}"; } $post_url = urlencode($post_link); $xtpl->assign('post_url', $post_url); $data = base64_encode($post['post_subject']) . ';' . base64_encode($post_link); $this->generate_social_links($xtpl, $data); $cat_array = $this->get_cat_list($post['post_id']); $xtpl->assign('cat_text', $this->generate_category_links($cat_array)); $xtpl->assign('count', $post['post_comment_count']); $closed = $this->closed_content($post, COMMENT_BLOG); $xtpl->assign('closed', $closed ? ' [Closed]' : null); if (!($post['post_flags'] & POST_MEMBERSONLY) || $post['post_flags'] & POST_MEMBERSONLY && $this->user['user_level'] >= USER_MEMBER) { if ($post['post_comment_count'] > 0) { $xtpl->assign('comments', $this->comments->list_comments(COMMENT_BLOG, $p, $post['post_subject'], $post['post_user'], $post['post_comment_count'], $min, $num, $post_link)); $xtpl->parse('BlogPost.Comments'); } if ($this->user['user_level'] >= USER_MEMBER) { $author = htmlspecialchars($this->user['user_name']); } else { $author = isset($this->cookie[$this->settings['cookie_prefix'] . 'comment_author']) ? htmlspecialchars($this->cookie[$this->settings['cookie_prefix'] . 'comment_author']) : 'Anonymous'; } if ($this->settings['friendly_urls']) { $action_link = $this->settings['site_address'] . $this->clean_url($post['post_subject']) . "-{$post['post_id']}.html#newcomment"; } else { $action_link = "{$this->settings['site_address']}index.php?a=blog&p={$post['post_id']}#newcomment"; } $xtpl->assign('comment_form', $this->comments->generate_comment_form($author, $subject, $action_link, $closed)); } $mod_controls = null; if ($this->user['user_level'] == USER_CONTRIBUTOR && $post['post_user'] == $this->user['user_id']) { $mod_controls = '<div class="mod_controls">[ <a href="index.php?a=blog&s=edit&p=' . $post['post_id'] . '">Edit</a> ] | [ <a href="index.php?a=blog&s=del&p=' . $post['post_id'] . '">Delete</a> ]</div>'; } else { if ($this->user['user_level'] == USER_ADMIN) { $mod_controls = '<div class="mod_controls">[ <a href="index.php?a=blog&s=edit&p=' . $post['post_id'] . '">Edit</a> ] | [ <a href="index.php?a=blog&s=del&p=' . $post['post_id'] . '">Delete</a> ]</div>'; } } $xtpl->assign('mod_controls', $mod_controls); $xtpl->parse('BlogPost'); return $xtpl->text('BlogPost'); }
function forgot_password() { if (!isset($this->post['submit'])) { $xtpl = new XTemplate('./skins/' . $this->skin . '/register.xtpl'); $SideBar = new sidebar($this); $xtpl->assign('sidebar', $SideBar->build_sidebar()); $xtpl->assign('token', $this->generate_token()); $xtpl->assign('action_url', "{$this->settings['site_address']}index.php?a=register&s=forgotpassword"); $xtpl->parse('LostPassword'); return $xtpl->text('LostPassword'); } else { if (!$this->is_valid_token()) { return $this->message('Lost Password Recovery', 'Session security token has expired. Please return to the homepage and try again.'); } $target = $this->db->quick_query("SELECT user_id, user_name, user_password, user_joined, user_email\n\t\t\t\tFROM %pusers WHERE user_name='%s' AND user_id != %d LIMIT 1", $this->post['user_name'], USER_GUEST); if (!isset($target['user_id'])) { return $this->message('Lost Password Recovery', 'No such user exists at this site.'); } $headers = "From: {$this->settings['site_name']} <{$this->settings['email_sys']}>\r\n" . "X-Mailer: PHP/" . phpversion(); $subject = 'Lost Password Recovery'; $message = "{$target['user_name']}:\n\n"; $message .= "Someone has requested a password recovery for your account at {$this->settings['site_name']}.\n"; $message .= "If you do not want to recover a lost password, please ignore or delete this email.\n\n"; $message .= "Go to the below URL to continue with the password recovery:\n"; $message .= "{$this->settings['site_address']}index.php?a=register&s=resetpassword&e=" . md5($target['user_email'] . $target['user_name'] . $target['user_password'] . $target['user_joined']) . "\n\n"; $message .= "Requested from IP: {$this->ip}"; mail($target['user_email'], '[' . $this->settings['site_name'] . '] ' . str_replace('\\n', '\\n', $subject), $message, $headers); return $this->message('Lost Password Recovery', "Lost password recovery request for user {$this->post['user_name']} has been emailed to the registered address with instructions."); } }
function execute() { if ($this->user['user_level'] == USER_GUEST) { return $this->error('Access Denied: You do not have permission to perform that action.', 403); } $errors = array(); $email = $this->user['user_email']; $sig = $this->user['user_signature']; $url = $this->user['user_url']; $stylesheet = $this->user['user_stylesheet']; $gravatar = null; if ($this->is_email($this->user['user_icon'])) { $gravatar = $this->user['user_icon']; } if (isset($this->post['user_email'])) { $email = $this->post['user_email']; } if (isset($this->post['user_sig'])) { $sig = $this->post['user_sig']; } if (isset($this->post['user_url'])) { $url = $this->post['user_url']; } if (isset($this->post['user_stylesheet'])) { $stylesheet = $this->post['user_stylesheet']; } if (isset($this->post['submit'])) { if (isset($this->post['user_email']) && !empty($this->post['user_email'])) { if (!$this->is_email($this->post['user_email'])) { array_push($errors, 'You did not enter a valid email address.'); } } if (isset($this->post['user_gravatar']) && !empty($this->post['user_gravatar'])) { if (!$this->is_email($this->post['user_gravatar'])) { array_push($errors, 'You did not specify a valid Gravatar email address.'); } } if (isset($this->post['user_password']) && isset($this->post['user_pass_confirm'])) { if ($this->post['user_password'] != $this->post['user_pass_confirm']) { array_push($errors, 'Entered passwords do not match.'); } } if (!$this->is_valid_token()) { array_push($errors, 'The security validation token used to verify you are making this change is either invalid or expired. Please try again.'); } } $icon = null; $old_icon = $this->user['user_icon']; if (!isset($this->post['user_gravatar']) || empty($this->post['user_gravatar'])) { if (isset($this->files['user_icon']) && $this->files['user_icon']['error'] == UPLOAD_ERR_OK) { $fname = $this->files['user_icon']['tmp_name']; $system = explode('.', $this->files['user_icon']['name']); $ext = strtolower(end($system)); if (!preg_match('/jpg|jpeg|png|gif/', $ext)) { array_push($errors, 'Invalid icon file type ' . $ext . '. Valid file types are jpg, png and gif.'); } else { $icon = $this->user['user_name'] . '.' . $ext; $new_fname = $this->icon_dir . $this->user['user_name'] . '.' . $ext; if (!move_uploaded_file($fname, $new_fname)) { array_push($errors, 'Post icon failed to upload!'); } else { $this->createthumb($new_fname, $new_fname, $ext, $this->settings['blog_icon_width'], $this->settings['blog_icon_height']); if ($old_icon != 'Anonymous.png') { @unlink($this->icon_dir . $old_icon); } } } } else { $icon = $old_icon; } } else { if ($this->is_email($this->post['user_gravatar'])) { $icon = $this->post['user_gravatar']; if ($old_icon != 'Anonymous.png') { @unlink($this->icon_dir . $old_icon); } } else { $icon = $old_icon; } } if ($this->settings['friendly_urls']) { $action_link = $this->settings['site_address'] . 'profile'; } else { $action_link = "{$this->settings['site_address']}index.php?a=profile"; } if (!isset($this->post['submit']) || count($errors) != 0) { $xtpl = new XTemplate('./skins/' . $this->skin . '/profile.xtpl'); if (count($errors) > 0) { $xtpl->assign('errors', implode($errors, "<br />\n")); $xtpl->parse('Profile.Errors'); } $xtpl->assign('token', $this->generate_token()); $xtpl->assign('action_link', $action_link); $xtpl->assign('name', htmlspecialchars($this->user['user_name'])); $xtpl->assign('email', htmlspecialchars($email)); $xtpl->assign('sig', htmlspecialchars($sig)); $xtpl->assign('url', htmlspecialchars($url)); $xtpl->assign('icon', $this->display_icon($icon)); $xtpl->assign('gravatar', htmlspecialchars($gravatar)); $xtpl->assign('skin', $this->select_input('user_skin', $this->skin, $this->get_skins())); $params = POST_BBCODE | POST_EMOTICONS; $xtpl->assign('sigdisplay', $this->format($sig, $params)); $xtpl->assign('date', date($this->settings['blog_dateformat'], $this->user['user_joined'])); $level = $this->user['user_level']; $comments = $this->db->quick_query('SELECT COUNT(comment_id) count FROM %pblogcomments'); $posts = $this->db->quick_query('SELECT COUNT(comment_id) count FROM %pblogcomments WHERE comment_user=%d', $this->user['user_id']); $xtpl->assign('count', intval($posts['count'])); if ($comments['count'] > 0) { $xtpl->assign('percent', floor($posts['count'] / $comments['count'] * 100)); } else { $xtpl->assign('percent', 0); } if ($level == USER_CONTRIBUTOR || $level == USER_ADMIN) { $blogposts = $this->db->quick_query('SELECT COUNT(post_id) count FROM %pblogposts'); $blogpostcount = $this->db->quick_query('SELECT COUNT(post_id) count FROM %pblogposts WHERE post_user=%d', $this->user['user_id']); $xtpl->assign('blogcount', intval($blogpostcount['count'])); if ($blogposts['count'] > 0) { $xtpl->assign('blogpercent', floor($blogpostcount['count'] / $blogposts['count'] * 100)); } else { $xtpl->assign('blogpercent', 0); } $xtpl->parse('Profile.Contributor'); } $xtpl->assign('width', $this->settings['blog_icon_width']); $xtpl->assign('height', $this->settings['blog_icon_height']); if ($this->user['user_level'] > USER_MEMBER) { $xtpl->assign('stylesheet', htmlspecialchars($stylesheet)); $xtpl->parse('Profile.Stylesheet'); } $SideBar = new sidebar($this); $xtpl->assign('sidebar', $SideBar->build_sidebar()); $xtpl->parse('Profile'); return $xtpl->text('Profile'); } $skins = $this->get_skins(); if (in_array($this->post['user_skin'], $this->skins)) { setcookie($this->settings['cookie_prefix'] . 'skin', $this->post['user_skin'], $this->time + $this->settings['cookie_logintime'], $this->settings['cookie_path'], $this->settings['cookie_domain'], $this->settings['cookie_secure'], true); $this->skin = $this->post['user_skin']; } $url = (!stristr($url, '://') ? 'http://' : null) . $url; if ($url == 'http://') { $url = ''; } $stylesheet = ''; if (isset($this->post['user_stylesheet']) && $this->user['user_level'] > USER_MEMBER) { $stylesheet = $this->post['user_stylesheet']; } $pass = null; if (!empty($this->post['user_password']) && !empty($this->post['user_pass_confirm'])) { $newpass = $this->db->escape(hash('sha256', $this->post['user_password'])); $pass = "******"; $action_link = '/'; } $this->db->dbquery("UPDATE %pusers SET user_email='%s', user_url='%s', user_stylesheet='%s', user_icon='%s', user_signature='%s'{$pass} WHERE user_id=%d", $email, $url, $stylesheet, $icon, $sig, $this->user['user_id']); return $this->message('Edit Your Profile', 'Your profile has been updated.', 'Continue', $action_link); }
function execute() { if (!isset($this->post['search_word']) || empty($this->post['search_word'])) { return $this->message('Search', 'You must enter something to search for. I can\'t read your mind.'); } if (strlen($this->post['search_word']) < 3) { return $this->message('Search', 'You cannot search on a word smaller than 3 letters.'); } $search_query = $this->build_word_query($this->post['search_word']); if ($this->user['user_level'] >= USER_CONTRIBUTOR) { $result = $this->db->dbquery('SELECT p.post_id, p.post_subject, p.post_summary, p.post_date, p.post_user, u.user_name FROM %pblogposts p LEFT JOIN %pusers u ON u.user_id=p.post_user WHERE ' . $search_query . ' ORDER BY p.post_date DESC'); } elseif ($this->user['user_level'] > USER_GUEST) { $result = $this->db->dbquery('SELECT p.post_id, p.post_subject, p.post_summary, p.post_date, p.post_user, u.user_name FROM %pblogposts p LEFT JOIN %pusers u ON u.user_id=p.post_user WHERE ' . $search_query . ' AND (post_flags & %d) ORDER BY p.post_date DESC', POST_PUBLISHED); } else { $result = $this->db->dbquery('SELECT p.post_id, p.post_subject, p.post_summary, p.post_date, p.post_user, u.user_name FROM %pblogposts p LEFT JOIN %pusers u ON u.user_id=p.post_user WHERE ' . $search_query . ' AND (post_flags & %d) AND !(post_flags & %d) ORDER BY p.post_date DESC', POST_PUBLISHED, POST_MEMBERSONLY); } if (!$result) { return $this->message('Search', "No results matching: {$this->post['search_word']}"); } $content = null; $count = 0; $xtpl = new XTemplate('./skins/' . $this->skin . '/search.xtpl'); while ($item = $this->db->assoc($result)) { if ($this->settings['friendly_urls']) { $item_link = $this->clean_url($item['post_subject']) . "-{$item['post_id']}.html"; } else { $item_link = "index.php?a=blog&p={$item['post_id']}"; } $xtpl->assign('item_link', $item_link); $xtpl->assign('date', date($this->settings['blog_dateformat'], $item['post_date'])); $count++; $xtpl->assign('subject', htmlspecialchars($item['post_subject'])); $xtpl->assign('summary', htmlspecialchars($item['post_summary'])); $xtpl->assign('user_name', htmlspecialchars($item['user_name'])); $xtpl->parse('Search.Result'); } if ($count == 0) { $xtpl->assign('content', "No results matching: {$this->post['search_word']}"); } $xtpl->assign('search_word', htmlspecialchars($this->post['search_word'])); $xtpl->assign('count', $count); $xtpl->assign('posts', $count > 1 ? 'blog entries' : 'blog entry'); $SideBar = new sidebar($this); $xtpl->assign('sidebar', $SideBar->build_sidebar()); $xtpl->parse('Search'); return $xtpl->text('Search'); }