public function event_PostAuthentication(&$data) { global $CONF; static $blogid = 0; static $blogs = array(); MediaUtils::$lib_path = preg_replace('#/*$#', '', $this->getDirectory()); MediaUtils::$prefix = (bool) $CONF['MediaPrefix']; MediaUtils::$maxsize = (int) $CONF['MaxUploadSize']; $suffixes = explode(',', $CONF['AllowedTypes']); foreach ($suffixes as $suffix) { $suffix = trim($suffix); if (!in_array($suffix, MediaUtils::$suffixes)) { MediaUtils::$suffixes[] = strtolower($suffix); } } $result = sql_query('SELECT bnumber, bshortname FROM ' . sql_table('blog') . ';'); while (FALSE !== ($row = sql_fetch_assoc($result))) { $blogs[$row['bnumber']] = $row['bshortname']; } MediaUtils::$blogs =& $blogs; if (array_key_exists('blogid', $_GET)) { $blogid = (int) $_GET['blogid']; } else { if (array_key_exists('blogid', $_POST)) { $blogid = (int) $_POST['blogid']; } else { if (array_key_exists('itemid', $_GET) && function_exists('getBlogIDFromItemID')) { $blogid = (int) getBlogIDFromItemID((int) $_GET['itemid']); } else { if (array_key_exists('itemid', $_POST) && function_exists('getBlogIDFromItemID')) { $blogid = (int) getBlogIDFromItemID((int) $_POST['itemid']); } else { if (array_key_exists(MediaUtils::$cookiename, $_COOKIE)) { $blogid = (int) $_COOKIE['blogid']; } else { return; } } } } } MediaUtils::$blogid =& $blogid; MediaUtils::$bshortname =& MediaUtils::$blogs[MediaUtils::$blogid]; return; }
private function _restoreConvertBreaks(&$data) { global $manager; $itemid = intval($data['itemid']); $blogid = intval(getBlogIDFromItemID($itemid)); $b =& $manager->getBlog($blogid); if ($this->memory_bconvertbreaks == true) { $b->setConvertBreaks(true); $b->writeSettings(); } }
/** * Adds a new comment to the database * @param string $timestamp * @param array $comment * @return mixed */ function addComment($timestamp, $comment) { global $CONF, $member, $manager; $blogid = getBlogIDFromItemID($this->itemid); $settings =& $manager->getBlog($blogid); $settings->readSettings(); // begin if: comments disabled if (!$settings->commentsEnabled()) { return _ERROR_COMMENTS_DISABLED; } // end if // begin if: public cannot comment if (!$settings->isPublic() && !$member->isLoggedIn()) { return _ERROR_COMMENTS_NONPUBLIC; } // end if // begin if: comment uses a protected member name if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) { return _ERROR_COMMENTS_MEMBERNICK; } // end if // begin if: email required, but missing (doesn't apply to members) if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) { return _ERROR_EMAIL_REQUIRED; } // end if ## Note usage of mb_strlen() vs strlen() below ## // begin if: commenter's name is too long if (mb_strlen($comment['user']) > 40) { return _ERROR_USER_TOO_LONG; } // end if // begin if: commenter's email is too long if (mb_strlen($comment['email']) > 100) { return _ERROR_EMAIL_TOO_LONG; } // end if // begin if: commenter's url is too long if (mb_strlen($comment['userid']) > 100) { return _ERROR_URL_TOO_LONG; } // end if $comment['timestamp'] = $timestamp; $comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR')); $comment['ip'] = serverVar('REMOTE_ADDR'); // begin if: member is logged in, use that data if ($member->isLoggedIn()) { $comment['memberid'] = $member->getID(); $comment['user'] = ''; $comment['userid'] = ''; $comment['email'] = ''; } else { $comment['memberid'] = 0; } // spam check $continue = FALSE; $plugins = array(); if (isset($manager->subscriptions['ValidateForm'])) { $plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']); } if (isset($manager->subscriptions['PreAddComment'])) { $plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']); } if (isset($manager->subscriptions['PostAddComment'])) { $plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']); } $plugins = array_unique($plugins); while (list(, $plugin) = each($plugins)) { $p = $manager->getPlugin($plugin); $continue = $continue || $p->supportsFeature('handleSpam'); } $spamcheck = array('type' => 'comment', 'body' => $comment['body'], 'id' => $comment['itemid'], 'live' => TRUE, 'return' => $continue); // begin if: member logged in if ($member->isLoggedIn()) { $spamcheck['author'] = $member->displayname; $spamcheck['email'] = $member->email; } else { $spamcheck['author'] = $comment['user']; $spamcheck['email'] = $comment['email']; $spamcheck['url'] = $comment['userid']; } // end if $manager->notify('SpamCheck', array('spamcheck' => &$spamcheck)); if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE) { return _ERROR_COMMENTS_SPAM; } // isValidComment returns either "1" or an error message $isvalid = $this->isValidComment($comment, $spamcheck); if ($isvalid != 1) { return $isvalid; } // begin if: send email to notification address if ($settings->getNotifyAddress() && $settings->notifyOnComment()) { $mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n"; // $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n"; $temp = parse_url($CONF['Self']); if ($temp['scheme']) { $mailto_msg .= createItemLink($this->itemid) . "\n\n"; } else { $tempurl = $settings->getURL(); if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') { $mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n"; } else { $mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n"; } } if ($comment['memberid'] == 0) { $mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n"; $mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n"; } else { $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; } $mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n"; $mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n"; $mailto_msg .= getMailFooter(); $item =& $manager->getItem($this->itemid, 0, 0); $mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')'; $frommail = $member->getNotifyFromMailAddress($comment['email']); $notify =& new NOTIFICATION($settings->getNotifyAddress()); $notify->notify($mailto_title, $mailto_msg, $frommail); } $comment = COMMENT::prepare($comment); $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck)); $name = sql_real_escape_string($comment['user']); $url = sql_real_escape_string($comment['userid']); $email = sql_real_escape_string($comment['email']); $body = sql_real_escape_string($comment['body']); $host = sql_real_escape_string($comment['host']); $ip = sql_real_escape_string($comment['ip']); $memberid = intval($comment['memberid']); $timestamp = date('Y-m-d H:i:s', $comment['timestamp']); $itemid = $this->itemid; $qSql = 'SELECT COUNT(*) AS result ' . 'FROM ' . sql_table('comment') . ' WHERE ' . 'cmail = "' . $url . '"' . ' AND cmember = "' . $memberid . '"' . ' AND cbody = "' . $body . '"' . ' AND citem = "' . $itemid . '"' . ' AND cblog = "' . $blogid . '"'; $result = (int) quickQuery($qSql); if ($result > 0) { return _ERROR_BADACTION; } $query = 'INSERT INTO ' . sql_table('comment') . ' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' . "VALUES ('{$name}', '{$url}', '{$email}', {$memberid}, '{$body}', {$itemid}, '{$timestamp}', '{$host}', '{$ip}', '{$blogid}')"; sql_query($query); // post add comment $commentid = sql_insert_id(); $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck)); // succeeded ! return TRUE; }
/** * Returns one item (Blogger version) */ function _getItemBlogger($itemid, $username, $password) { global $manager; // 1. login $mem = new MEMBER(); if (!$mem->login($username, $password)) { return _error(1, "Could not log in"); } // 2. check if allowed if (!$manager->existsItem($itemid, 1, 1)) { return _error(6, "No such item ({$itemid})"); } $blogid = getBlogIDFromItemID($itemid); if (!$mem->teamRights($blogid)) { return _error(3, "Not a team member"); } // 3. return the item // Structure returned has dateCreated, userid, blogid and content $item =& $manager->getItem($itemid, 1, 1); // (also allow drafts and future items) $blog = new BLOG($blogid); // get category $item['category'] = $blog->getCategoryName($item['catid']); // remove linebreaks if needed if ($blog->convertBreaks()) { $item['body'] = removeBreaks($item['body']); } $content = blogger_specialTags($item) . $item['body']; $newstruct = new xmlrpcval(array("dateCreated" => new xmlrpcval(iso8601_encode($item['timestamp']), "dateTime.iso8601"), "userid" => new xmlrpcval($item['authorid'], "string"), "blogid" => new xmlrpcval($blogid, "string"), "content" => new xmlrpcval($content, "string")), 'struct'); return new xmlrpcresp($newstruct); }
function _mw_getPost($itemid, $username, $password) { global $manager; // 1. login $mem = new MEMBER(); if (!$mem->login($username, $password)) { return _error(1, "Could not log in"); } // 2. check if allowed if (!$manager->existsItem($itemid, 1, 1)) { return _error(6, "No such item ({$itemid})"); } $blogid = getBlogIDFromItemID($itemid); if (!$mem->teamRights($blogid)) { return _error(3, "Not a team member"); } // 3. return the item $item =& $manager->getItem($itemid, 1, 1); // (also allow drafts and future items) $b = new BLOG($blogid); if ($b->convertBreaks()) { $item['body'] = removeBreaks($item['body']); $item['more'] = removeBreaks($item['more']); } $categoryname = $b->getCategoryName($item['catid']); $newstruct = new xmlrpcval(array("dateCreated" => new xmlrpcval(iso8601_encode($item['timestamp']), "dateTime.iso8601"), "userid" => new xmlrpcval($item['authorid'], "string"), "blogid" => new xmlrpcval($blogid, "string"), "postid" => new xmlrpcval($itemid, "string"), "description" => new xmlrpcval($item['body'], "string"), "title" => new xmlrpcval($item['title'], "string"), "categories" => new xmlrpcval(array(new xmlrpcval($categoryname, "string")), "array"), "mt_text_more" => new xmlrpcval($item['more'], "string"), "mt_allow_comments" => new xmlrpcval($item['closed'] ? 0 : 1, "int"), "mt_allow_pings" => new xmlrpcval(1, "int")), 'struct'); //TODO: add "String link" to struct? //TODO: add "String permaLink" to struct? return new xmlrpcresp($newstruct); }
/** * Returns one item (Nucleus version) */ function _getItem($itemid, $username, $password) { global $manager; // 1. login $mem = new MEMBER(); if (!$mem->login($username, $password)) { return _error(1, "Could not log in"); } // 2. check if allowed if (!$manager->existsItem($itemid, 1, 1)) { return _error(6, "No such item ({$itemid})"); } $blogid = getBlogIDFromItemID($itemid); if (!$mem->teamRights($blogid)) { return _error(3, "Not a team member"); } // 3. return the item // Structure returned has dateCreated, userid, blogid and content $item =& $manager->getItem($itemid, 1, 1); // (also allow drafts and future items) $blog = new BLOG($blogid); if ($blog->convertBreaks()) { $item['body'] = removeBreaks($item['body']); } $newstruct = new xmlrpcval(array("publishDate" => new xmlrpcval(iso8601_encode($item['timestamp']), "dateTime.iso8601"), "userid" => new xmlrpcval($item['authorid'], "string"), "blogid" => new xmlrpcval($blogid, "string"), "title" => new xmlrpcval($item['title'], "string"), "body" => new xmlrpcval($item['body'], "string"), "more" => new xmlrpcval($item['more'], "string"), "draft" => new xmlrpcval($item['draft'], "boolean"), "closed" => new xmlrpcval($item['closed'], "boolean")), 'struct'); return new xmlrpcresp($newstruct); }
/** * Different checks for a category */ function _ifItemCategory($name = '', $value = '') { global $catid, $manager; $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); // when no parameter is defined, just check if a category is selected if ($name != 'catname' && $name != 'catid' || $value == '') { return $b->isValidCategory($catid); } $icatid = $this->currentItem->catid; //$icategory = $this->currentItem->category; // check category name if ($name == 'catname') { $value = $b->getCategoryIdFromName($value); if ($value == $icatid) { return $b->isValidCategory($icatid); } } // check category id if ($name == 'catid' && $value == $icatid) { return $b->isValidCategory($icatid); } return false; }
/** * Tries to create an draft from the data in the current request (comes from * bookmarklet or admin area * * Returns an array with status info: * status = 'added', 'error', 'newcategory' * * @static * * Used by xmlHTTPRequest AutoDraft */ function createDraftFromRequest() { global $member, $manager; $i_author = $member->getID(); $i_body = postVar('body'); $i_title = postVar('title'); $i_more = postVar('more'); if (strtoupper(_CHARSET) != 'UTF-8') { $i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8"); $i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8"); $i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8"); } //$i_actiontype = postVar('actiontype'); $i_closed = intPostVar('closed'); //$i_hour = intPostVar('hour'); //$i_minutes = intPostVar('minutes'); //$i_month = intPostVar('month'); //$i_day = intPostVar('day'); //$i_year = intPostVar('year'); $i_catid = postVar('catid'); $i_draft = 1; $type = postVar('type'); if ($type == 'edit') { $i_blogid = getBlogIDFromItemID(intPostVar('itemid')); } else { $i_blogid = intPostVar('blogid'); } $i_draftid = intPostVar('draftid'); if (!$member->canAddItem($i_catid)) { return array('status' => 'error', 'message' => _ERROR_DISALLOWED); } if (!trim($i_body)) { return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS); } // create new category if needed if (strstr($i_catid, 'newcat')) { // Set in default category $blog =& $manager->getBlog($i_blogid); $i_catid = $blog->getDefaultCategory(); } else { // force blogid (must be same as category id) $i_blogid = getBlogIDFromCatID($i_catid); $blog =& $manager->getBlog($i_blogid); } $posttime = 0; if ($i_draftid > 0) { ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0); $itemid = $i_draftid; } else { $itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft); } // No plugin support in AutoSaveDraft yet //Setting the itemOptions //$aOptions = requestArray('plugoption'); //NucleusPlugin::_applyPluginOptions($aOptions, $itemid); //$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid))); // success return array('status' => 'added', 'draftid' => $itemid); }
function doTemplateVar(&$item, $param1) { $iid = $item->itemid; $bid = getBlogIDFromItemID($iid); switch ($param1) { case 'checkin': if (!$this->testitemcomment($bid, $iid)) { ob_start(array(&$this, 'ob_DoNothing')); } break; case 'checkout': if (!$this->testitemcomment($bid, $iid)) { ob_end_clean(); } break; } }
function _mt_publishPost($itemid, $username, $password) { global $manager; if (!$manager->existsItem($itemid, 1, 1)) { return _error(6, "No such item ({$itemid})"); } // get item data $blogid = getBlogIDFromItemID($itemid); $blog = new BLOG($blogid); $old =& $manager->getItem($itemid, 1, 1); return _edititem($itemid, $username, $password, $old['catid'], $old['title'], $old['body'], $old['more'], $old['draft'], 1, $old['closed']); }
/** * Parse skinvar sticky */ function parse_sticky($itemnumber = 0, $template = '') { global $manager; $itemnumber = intval($itemnumber); $itemarray = array($itemnumber); $b =& $manager->getBlog(getBlogIDFromItemID($itemnumber)); $this->_preBlogContent('sticky', $b); $this->amountfound = $b->readLogFromList($itemarray, $template); $this->_postBlogContent('sticky', $b); }
/** * Handle karma votes */ function doKarma($type) { global $itemid, $member, $CONF, $manager; // check if itemid exists if (!$manager->existsItem($itemid, 0, 0)) { doError(_ERROR_NOSUCHITEM); } $blogid = getBlogIDFromItemID($itemid); $this->checkban($blogid); $karma =& $manager->getKarma($itemid); // check if not already voted if (!$karma->isVoteAllowed(serverVar('REMOTE_ADDR'))) { doError(_ERROR_VOTEDBEFORE); } // check if item does allow voting $item =& $manager->getItem($itemid, 0, 0); if ($item['closed']) { doError(_ERROR_ITEMCLOSED); } switch ($type) { case 'pos': $karma->votePositive(); break; case 'neg': $karma->voteNegative(); break; } // $blogid = getBlogIDFromItemID($itemid); $blog =& $manager->getBlog($blogid); // send email to notification address, if any if ($blog->getNotifyAddress() && $blog->notifyOnVote()) { $mailto_msg = _NOTIFY_KV_MSG . ' ' . $itemid . "\n"; $itemLink = createItemLink(intval($itemid)); $temp = parse_url($itemLink); if (!$temp['scheme']) { $itemLink = $CONF['IndexURL'] . $itemLink; } $mailto_msg .= $itemLink . "\n\n"; if ($member->isLoggedIn()) { $mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n"; } $mailto_msg .= _NOTIFY_IP . ' ' . serverVar('REMOTE_ADDR') . "\n"; $mailto_msg .= _NOTIFY_HOST . ' ' . gethostbyaddr(serverVar('REMOTE_ADDR')) . "\n"; $mailto_msg .= _NOTIFY_VOTE . "\n " . $type . "\n"; $mailto_msg .= getMailFooter(); $mailto_title = _NOTIFY_KV_TITLE . ' ' . strip_tags($item['title']) . ' (' . $itemid . ')'; $frommail = $member->getNotifyFromMailAddress(); $notify = new NOTIFICATION($blog->getNotifyAddress()); $notify->notify($mailto_title, $mailto_msg, $frommail); } $refererUrl = serverVar('HTTP_REFERER'); if ($refererUrl) { $url = $refererUrl; } else { // $url = $CONF['IndexURL'] . 'index.php?itemid=' . $itemid; $url = $itemLink; } redirect($url); exit; }
function bm_doEditForm() { global $member, $manager; $itemid = intRequestVar('itemid'); if (!$manager->existsItem($itemid, 0, 0)) { bm_doError(_ERROR_NOSUCHITEM); } if (!$member->canAlterItem($itemid)) { bm_doError(_ERROR_DISALLOWED); } $item =& $manager->getItem($itemid, 1, 1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid)); $manager->notify('PrepareItemForEdit', array('item' => &$item)); if ($blog->convertBreaks()) { $item['body'] = removeBreaks($item['body']); $item['more'] = removeBreaks($item['more']); } $formfactory = new PAGEFACTORY($blog->getID()); $formfactory->createEditForm('bookmarklet', $item); }
/** * Checks if a member is admin of a blog */ function _ifAdmin($blogName = '') { global $blog, $member, $manager; $b =& $manager->getBlog(getBlogIDFromItemID($this->currentComment['itemid'])); // when no blog found if ($blogName == '' && !is_object($b)) { return 0; } // explicit blog selection if ($blogName != '') { $blogid = getBlogIDFromName($blogName); } if ($blogName == '' || !$manager->existsBlogID($blogid)) { // use current blog $blogid = $b->getID(); } return $member->isBlogAdmin($blogid); }
function event_PostUpdateItem($data) { $tpath = requestVar('plug_custom_url_path'); $item_id = intval($data['itemid']); $tque = 'SELECT itime as result FROM %s WHERE inumber = %d'; $itime = quickQuery(sprintf($tque, sql_table('item'), $item_id)); list($y, $m, $d, $trush) = sscanf($itime, '%d-%d-%d %s'); $param['year'] = sprintf('%04d', $y); $param['month'] = sprintf('%02d', $m); $param['day'] = sprintf('%02d', $d); $ipath = TEMPLATE::fill($tpath, $param); $query = 'SELECT ititle as result FROM %s WHERE inumber = %d'; $iname = quickQuery(sprintf($query, sql_table('item'), $item_id)); $blog_id = intval(getBlogIDFromItemID($item_id)); $this->RegistPath($item_id, $ipath, $blog_id, 'item', $iname); if ($this->pluginCheck('TrackBack')) { $this->convertLocalTrackbackURL($data); } }
private function _sendPingCheck($itemid) { $iid = intval($itemid); global $manager; $item = $manager->getItem($iid, 0, 0); if ($item) { $bid = intval(getBlogIDFromItemID($iid)); if ($this->getBlogOption($bid, 'ping_sendping') == "yes") { $this->sendPings(array('blogid' => $bid)); } } return; }
/** * @todo document this */ function action_banlistnewfromitem() { $this->action_banlistnew(getBlogIDFromItemID(intRequestVar('itemid'))); }
function sb_promote() { global $oPluginAdmin; $id = requestVar('id'); echo '<h2>Promoting to blog: ' . $id . '</h2>'; $arr = $oPluginAdmin->plugin->spambayes->nbs->getLogevent($id); $itemid = explode('itemid:', $arr['log']); $itemid = $itemid[1]; echo 'itemid: ' . $itemid . '<br />'; $blogid = getBlogIDFromItemID($itemid); $comment = explode('^^', $arr['content']); $body = addslashes($comment[0]); $host = addslashes($comment[1]); $name = addslashes($comment[2]); $url = addslashes($comment[3]); $ip = addslashes($comment[4]); $memberid = 0; $timestamp = $arr['logtime']; $query = 'INSERT INTO ' . sql_table('comment') . ' (CUSER, CMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' . "VALUES ('{$name}', '{$url}', {$memberid}, '{$body}', {$itemid}, '{$timestamp}', '{$host}', '{$ip}', '{$blogid}')"; sql_query($query); echo '<b>comment added</b><br />'; echo '-- end promote --'; }
/** * returns true if this member can move/update an item to a given category, * false if not (see comments fot the tests that are executed) * * @param itemid * @param newcat (can also be of form 'newcat-x' with x=blogid) */ function canUpdateItem($itemid, $newcat) { global $manager; // item does not exists -> NOK if (!$manager->existsItem($itemid, 1, 1)) { return 0; } // cannot alter item -> NOK if (!$this->canAlterItem($itemid)) { return 0; } // if this is a 'newcat' style newcat // no blog admin of destination blog -> NOK // blog admin of destination blog -> OK if (strstr($newcat, 'newcat')) { // get blogid list($blogid) = sscanf($newcat, 'newcat-%d'); return $this->blogAdminRights($blogid); } // category does not exist -> NOK if (!$manager->existsCategory($newcat)) { return 0; } // get item $item =& $manager->getItem($itemid, 1, 1); // old catid = new catid -> OK if ($item['catid'] == $newcat) { return 1; } // not a valid category -> NOK $validCat = quickQuery('SELECT COUNT(*) AS result FROM ' . sql_table('category') . ' WHERE catid=' . intval($newcat)); if (!$validCat) { return 0; } // get destination blog $source_blogid = getBlogIDFromItemID($itemid); $dest_blogid = getBlogIDFromCatID($newcat); // not a team member of destination blog -> NOK if (!$this->teamRights($dest_blogid)) { return 0; } // if member is author of item -> OK if ($item['authorid'] == $this->getID()) { return 1; } // if member has admin rights on both blogs: OK if ($this->blogAdminRights($dest_blogid) && $this->blogAdminRights($source_blogid)) { return 1; } // all other cases: NOK return 0; }
/** * deletes an item */ function _deleteItem($itemid, $username, $password) { global $manager; // 1. login $mem = new MEMBER(); if (!$mem->login($username, $password)) { return _error(1, "Could not log in"); } // 2. check if allowed if (!$manager->existsItem($itemid, 1, 1)) { return _error(6, "No such item ({$itemid})"); } $blogid = getBlogIDFromItemID($itemid); if (!$mem->teamRights($blogid)) { return _error(3, "Not a team member"); } // delete the item ITEM::delete($itemid); return new xmlrpcresp(new xmlrpcval(1, "boolean")); }
function _createItemLink($itemid) { global $CONF, $manager, $blog; $blogid = getBlogIDFromItemID($itemid); $b =& $manager->getBlog($blogid); $blogurl = $b->getURL(); if (!$blogurl) { if ($blog) { $b_tmp =& $manager->getBlog($CONF['DefaultBlog']); $blogurl = $b_tmp->getURL(); } if (!$blogurl) { $blogurl = $CONF['IndexURL']; if ($CONF['URLMode'] != 'pathinfo') { $blogurl = $CONF['Self']; } } } if ($CONF['URLMode'] == 'pathinfo') { $blogurl = preg_replace('/\\/$/', '', $blogurl); } $CONF['ItemURL'] = $blogurl; return createItemLink($itemid); }
/** * Returns the requested item object. If it is not in the cache, it will * first be loaded and then placed in the cache. * Intended use: $item =& $manager->getItem(1234) */ function &getItem($itemid, $allowdraft, $allowfuture) { $item =& $this->items[$itemid]; // check the draft and future rules if the item was already cached if ($item) { if (!$allowdraft && $item['draft']) { return 0; } $blog =& $this->getBlog(getBlogIDFromItemID($itemid)); if (!$allowfuture && $item['timestamp'] > $blog->getCorrectTime()) { return 0; } } if (!$item) { // load class if needed $this->loadClass('ITEM'); // load item object $item = ITEM::getitem($itemid, $allowdraft, $allowfuture); $this->items[$itemid] = $item; } return $item; }