function article_event($event, $step)
{
require_privs('article');
$save = gps('save');
if ($save) {
$step = 'save';
}
$publish = gps('publish');
if ($publish) {
$step = 'publish';
}
switch (strtolower($step)) {
case "":
article_edit();
break;
case "create":
article_edit();
break;
case "publish":
article_post();
break;
case "edit":
article_edit();
break;
case "save":
article_save();
break;
}
}
function send_password($RealName, $name, $email, $password)
{
global $sitename;
require_privs('admin.edit');
$message = gTxt('greeting') . ' ' . $RealName . ',' . n . n . gTxt('you_have_been_registered') . ' ' . $sitename . n . n . gTxt('your_login_is') . ': ' . $name . n . gTxt('your_password_is') . ': ' . $password . n . n . gTxt('log_in_at') . ': ' . hu . 'textpattern/index.php';
return txpMail($email, "[{$sitename}] " . gTxt('your_login_info'), $message);
}
/**
* Dispatch the invoked handler by looking into the global $step
*/
static function dispatch()
{
global $step;
require_privs(__CLASS__);
switch ($step) {
case 'my_name_is':
self::my_name_is();
break;
case 'say_hi':
self::say_hi();
break;
default:
self::ui();
break;
}
}
function _sed_article_copyright_callback($event, $step)
{
if (!empty($event) and $event != 'article') {
return;
}
require_privs('article');
$save = gps('save');
if ($save) {
$step = 'save';
}
$publish = gps('publish');
if ($publish) {
$step = 'publish';
}
switch (strtolower($step)) {
case 'publish':
case 'delete':
case 'save':
_update_cache();
}
}
/**
* Emails a new user with account details and requests they set a password.
*
* @param string $name The login name
* @return bool FALSE on error.
*/
function send_account_activation($name)
{
global $sitename;
require_privs('admin.edit');
$rs = safe_row("user_id, email, nonce, RealName, pass", 'txp_users', "name = '" . doSlash($name) . "'");
if ($rs) {
extract($rs);
$uid = assert_int($user_id);
// The selector becomes an indirect reference to the txp_users row,
// which does not leak information.
$selector = Txp::get('\\Textpattern\\Password\\Random')->generate(12);
$expiryTimestamp = time() + 60 * 60 * ACTIVATION_EXPIRY_HOURS;
$expiryYear = safe_strftime('%Y', $expiryTimestamp);
$expiryMonth = safe_strftime('%B', $expiryTimestamp);
$expiryDay = safe_strftime('%Oe', $expiryTimestamp);
$expiryTime = safe_strftime('%H:%M', $expiryTimestamp);
$expiry = strftime('%Y-%m-%d %H:%M:%S', $expiryTimestamp);
// Use a hash of the nonce, selector and (temporary, already discarded) password.
// This ensures that activation requests expire automatically when:
// a) The person logs in, or
// b) They successfully set their password
// Using the selector in the hash just injects randomness, otherwise two requests
// back-to-back would generate the same activation code.
// Old activation tokens for the same user id are purged when password is set.
$token = bin2hex(pack('H*', substr(hash(HASHING_ALGORITHM, $nonce . $selector . $pass), 0, SALT_LENGTH)));
$activation_code = $token . $selector;
// Remove any previous activation tokens and insert the new one.
safe_delete("txp_token", "reference_id = {$uid} AND type = 'account_activation'");
safe_insert("txp_token", "reference_id = {$uid},\n type = 'account_activation',\n selector = '" . doSlash($selector) . "',\n token = '" . doSlash($token) . "',\n expires = '" . doSlash($expiry) . "'\n ");
$message = gTxt('salutation', array('{name}' => $RealName)) . n . n . gTxt('you_have_been_registered') . ' ' . $sitename . n . n . gTxt('your_login_is') . ': ' . $name . n . n . gTxt('account_activation_confirmation') . n . hu . 'textpattern/index.php?activate=' . $activation_code . n . n . gTxt('link_expires', array('{year}' => $expiryYear, '{month}' => $expiryMonth, '{day}' => $expiryDay, '{time}' => $expiryTime));
if (txpMail($email, "[{$sitename}] " . gTxt('account_activation'), $message)) {
return gTxt('login_sent_to', array('{email}' => $email));
} else {
return array(gTxt('could_not_mail'), E_ERROR);
}
}
}
function ign_manageUsers($event, $step)
{
global $ign_user_db, $ign_user, $txp_user, $myprivs, $ign_levels;
if ($event == 'ign_user_mgmt') {
require_privs('article.publish');
$myprivs = fetch('privs', 'txp_users', 'name', $txp_user);
if (!$step or !in_array($step, array('ign_admin', 'ign_user_delete', 'ign_userList', 'ign_userSave', 'ign_userSaveNew', 'ign_changeEmail', 'ign_changePass', 'ign_update_prefs', 'ign_userChangePass'))) {
ign_admin();
} else {
$step();
}
}
}
/**
* Processes multi-edit actions.
*
* Accessing requires 'admin.edit' privileges.
*/
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
$msg = '';
if (!$selected or !is_array($selected)) {
return author_list();
}
$names = safe_column('name', 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return author_list();
}
switch ($method) {
case 'delete':
$assign_assets = ps('assign_assets');
if (!$assign_assets) {
$msg = array('must_reassign_assets', E_ERROR);
} elseif (in_array($assign_assets, $names)) {
$msg = array('cannot_assign_assets_to_deletee', E_ERROR);
} elseif (remove_user($names, $assign_assets)) {
$changed = $names;
callback_event('authors_deleted', '', 0, $changed);
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
if (change_user_group($names, ps('privs'))) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
foreach ($names as $name) {
$passwd = generate_password(PASSWORD_LENGTH);
if (change_user_password($name, $passwd)) {
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR));
}
}
}
break;
}
if ($changed) {
return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed)))));
}
author_list($msg);
}
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
if (!$selected or !is_array($selected)) {
return author_list();
}
$names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return author_list();
}
switch ($method) {
case 'delete':
$assign_assets = ps('assign_assets');
if ($assign_assets === '') {
$msg = array('must_reassign_assets', E_ERROR);
} elseif (in_array($assign_assets, $names)) {
$msg = array('cannot_assign_assets_to_deletee', E_ERROR);
} elseif (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$assign_assets = doSlash($assign_assets);
$names = join("','", doSlash($names));
// delete private prefs
safe_delete('txp_prefs', "user_name IN ('{$names}')");
// assign dangling assets to their new owner
$reassign = array('textpattern' => 'AuthorID', 'txp_file' => 'author', 'txp_image' => 'author', 'txp_link' => 'author');
foreach ($reassign as $table => $col) {
safe_update($table, "{$col}='{$assign_assets}'", "{$col} IN ('{$names}')");
}
callback_event('authors_deleted', '', 0, $changed);
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
global $levels;
$privilege = ps('privs');
if (!isset($levels[$privilege])) {
return author_list();
}
if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
$failed = array();
foreach ($names as $name) {
$passwd = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($passwd));
if (safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'")) {
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return author_list(array(gTxt('could_not_mail') . ' ' . txpspecialchars($name), E_ERROR));
}
}
}
break;
}
if ($changed) {
return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed)))));
}
author_list($msg);
}
<?php
/*
$HeadURL$
$LastChangedRevision$
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
if ($event == 'css') {
require_privs('css');
switch ($step) {
case '':
css_edit();
break;
case 'css_edit_raw':
css_edit();
break;
case 'css_edit_form':
css_edit();
break;
case 'pour':
css_edit();
break;
case 'css_save':
css_save();
break;
case 'css_copy':
css_copy();
break;
case 'css_save_as':
*
* You should have received a copy of the GNU General Public License
* along with Textpattern. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Languages panel.
*
* @package Admin\Lang
* @since 4.6.0
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
include_once txpath . '/lib/txplib_update.php';
if ($event == 'lang') {
require_privs('lang');
$available_steps = array('get_language' => true, 'get_textpack' => true, 'remove_language' => true, 'save_language' => true, 'list_languages' => false);
if ($step && bouncer($step, $available_steps)) {
$step();
} else {
list_languages();
}
}
/**
* Generate a <select> element of installed languages.
*
* @param string $name The HTML name and ID to assign to the select control
* @param string $val The currently active language identifier (en-gb, fr-fr, ...)
* @return string HTML
*/
function languages($name, $val)
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL: http://textpattern.googlecode.com/svn/development/4.0/textpattern/include/txp_form.php $
$LastChangedRevision: 3118 $
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
global $vars;
$vars = array('Form', 'type', 'name', 'savenew', 'oldname');
$essential_forms = array('comments', 'comments_display', 'comment_form', 'default', 'Links', 'files');
if ($event == 'form') {
require_privs('form');
if (!$step or !in_array($step, array('form_list', 'form_create', 'form_delete', 'form_edit', 'form_multi_edit', 'form_save'))) {
form_edit();
} else {
$step();
}
}
// -------------------------------------------------------------
function form_list($curname)
{
global $step, $essential_forms;
$out[] = startTable('list');
$out[] = tr(tda(sLink('form', 'form_create', gTxt('create_new_form')), ' colspan="3" style="height:30px"'));
$out[] = assHead('form', 'type', '');
$methods = array('delete' => gTxt('delete'));
$rs = safe_rows_start("*", "txp_form", "1 order by type asc, name asc");
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of
the Textpattern license agreement
$HeadURL: https://textpattern.googlecode.com/svn/releases/4.4.0/source/textpattern/include/txp_log.php $
$LastChangedRevision: 3374 $
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
if ($event == 'log') {
require_privs('log');
if (!$step or !in_array($step, array('log_list', 'log_change_pageby', 'log_multi_edit'))) {
$step = 'log_list';
}
$step();
}
//-------------------------------------------------------------
function log_list($message = '')
{
global $event, $log_list_pageby, $expire_logs_after;
pagetop(gTxt('visitor_logs'), $message);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('log_sort_column', 'time');
}
if ($dir === '') {
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Textpattern. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Preferences panel user interface and interaction.
*
* @package Admin\Prefs
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
if ($event == 'prefs') {
require_privs('prefs');
bouncer($step, array('prefs_save' => true, 'prefs_list' => false));
switch (strtolower($step)) {
case "":
case "prefs_list":
prefs_list();
break;
case "prefs_save":
prefs_save();
break;
}
}
/**
* Commits prefs to the database.
*/
function prefs_save()
/___________) (___________\
Textpattern Copyright 2004 by Dean Allen. All rights reserved.
Use of this software denotes acceptance of the Textpattern license agreement
"Mod File Upload" Copyright 2004 by Michael Manfre. All rights reserved.
Use of this mod denotes acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
$levels = array(1 => gTxt('private'), 0 => gTxt('public'));
global $file_statuses;
$file_statuses = array(2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'));
if ($event == 'file') {
require_privs('file');
if (!$step or !in_array($step, array('file_change_max_size', 'file_change_pageby', 'file_db_add', 'file_multi_edit', 'file_edit', 'file_insert', 'file_list', 'file_replace', 'file_save', 'file_reset_count', 'file_create'))) {
file_list();
} else {
$step();
}
}
// -------------------------------------------------------------
function file_list($message = '')
{
global $txpcfg, $extensions, $file_base_path, $file_statuses, $file_list_pageby;
pagetop(gTxt('file'), $message);
extract($txpcfg);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if (!is_dir($file_base_path) or !is_writeable($file_base_path)) {
echo graf(gTxt('file_dir_not_writeable', array('{filedir}' => $file_base_path)), ' id="warning"');
/**
* Processes multi-edit actions.
*
* Accessing requires 'admin.edit' privileges.
*/
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
$msg = '';
if (!$selected or !is_array($selected)) {
return author_list();
}
$clause = '';
if ($method === 'resetpassword') {
$clause = " AND last_access IS NOT NULL";
} elseif ($method === 'resendactivation') {
$clause = " AND last_access IS NULL";
}
$names = safe_column("name", 'txp_users', "name IN (" . join(',', quote_list($selected)) . ") AND name != '" . doSlash($txp_user) . "'" . $clause);
if (!$names) {
return author_list();
}
switch ($method) {
case 'delete':
$assign_assets = ps('assign_assets');
if (!$assign_assets) {
$msg = array('must_reassign_assets', E_ERROR);
} elseif (in_array($assign_assets, $names)) {
$msg = array('cannot_assign_assets_to_deletee', E_ERROR);
} elseif (remove_user($names, $assign_assets)) {
$changed = $names;
callback_event('authors_deleted', '', 0, $changed);
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
if (change_user_group($names, ps('privs'))) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
foreach ($names as $name) {
send_reset_confirmation_request($name);
$changed[] = $name;
}
$msg = 'password_reset_confirmation_request_sent';
break;
case 'resendactivation':
foreach ($names as $name) {
send_account_activation($name);
$changed[] = $name;
}
$msg = 'resend_activation_request_sent';
break;
}
if ($changed) {
return author_list(gTxt($msg, array('{name}' => txpspecialchars(join(', ', $changed)))));
}
author_list($msg);
}
<?php
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
if ($event == 'discuss') {
require_privs('discuss');
if (!$step or !in_array($step, array('discuss_delete', 'discuss_save', 'discuss_list', 'discuss_edit', 'ipban_add', 'discuss_multi_edit', 'ipban_list', 'ipban_unban'))) {
discuss_list();
} else {
$step();
}
}
//-------------------------------------------------------------
function discuss_delete()
{
$discussid = ps('discussid');
safe_delete("txp_discuss", "discussid = {$discussid}");
update_comments_count($discussid);
discuss_list(messenger('message', $discussid, 'deleted'));
}
//-------------------------------------------------------------
function discuss_save()
{
extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'discussid', 'ip', 'visible', 'parentid'))));
<?php
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
*/
$levels = array(1 => gTxt('publisher'), 2 => gTxt('managing_editor'), 3 => gTxt('copy_editor'), 4 => gTxt('staff_writer'), 5 => gTxt('freelancer'), 6 => gTxt('designer'), 0 => gTxt('none'));
if ($event == 'admin') {
require_privs('admin');
$myprivs = fetch('privs', 'txp_users', 'name', $txp_user);
if (!$step or !in_array($step, array('admin', 'author_change_pass', 'author_delete', 'author_list', 'author_save', 'author_save_new', 'change_email', 'change_pass'))) {
admin();
} else {
$step();
}
}
// -------------------------------------------------------------
function admin($message = '')
{
global $myprivs, $txp_user;
pagetop(gTxt('site_administration'), $message);
$themail = fetch('email', 'txp_users', 'name', $txp_user);
echo new_pass_form();
echo change_email_form($themail);
echo author_list();
echo $myprivs == 1 ? new_author_form() : '';
/**
* The editor for sections.
*/
function section_edit()
{
global $event, $step, $all_pages, $all_styles;
require_privs('section.edit');
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method', 'name')));
$is_edit = $name && $step == 'section_edit';
$caption = gTxt('create_section');
$is_default_section = false;
if ($is_edit) {
$rs = safe_row('*', 'txp_section', "name = '" . doSlash($name) . "'");
if ($name == 'default') {
$caption = gTxt('edit_default_section');
$is_default_section = true;
} else {
$caption = gTxt('edit_section');
}
} else {
// Pulls defaults for the new section from the 'default'.
$rs = safe_row('*', 'txp_section', "name = 'default'");
if ($rs) {
$rs['name'] = $rs['title'] = '';
}
}
if (!$rs) {
sec_section_list(array(gTxt('unknown_section'), E_ERROR));
return;
}
extract($rs, EXTR_PREFIX_ALL, 'sec');
pagetop(gTxt('tab_sections'));
$out = array();
$out[] = n . tag_start('section', array('class' => 'txp-edit')) . hed($caption, 2);
if ($is_default_section) {
$out[] = hInput('name', 'default');
} else {
$out[] = inputLabel('section_name', fInput('text', 'name', $sec_name, '', '', '', INPUT_REGULAR, '', 'section_name'), 'section_name') . inputLabel('section_title', fInput('text', 'title', $sec_title, '', '', '', INPUT_REGULAR, '', 'section_title'), 'section_longtitle');
}
$out[] = inputLabel('section_description', text_area('description', 0, 0, $sec_description, 'section_description', TEXTAREA_HEIGHT_SMALL, INPUT_LARGE), 'section_description');
$out[] = inputLabel('section_page', selectInput('section_page', $all_pages, $sec_page, '', '', 'section_page'), 'uses_page', 'section_uses_page') . inputLabel('section_css', selectInput('css', $all_styles, $sec_css, '', '', 'section_css'), 'uses_style', 'section_uses_css');
if (!$is_default_section) {
$out[] = inputLabel('on_front_page', yesnoradio('on_frontpage', $sec_on_frontpage, '', $sec_name), '', 'section_on_frontpage') . inputLabel('syndicate', yesnoradio('in_rss', $sec_in_rss, '', $sec_name), '', 'section_syndicate') . inputLabel('include_in_search', yesnoradio('searchable', $sec_searchable, '', $sec_name), '', 'section_searchable');
}
$out[] = pluggable_ui('section_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('section') . sInput('section_save') . hInput('old_name', $sec_name) . hInput('search_method', $search_method) . hInput('crit', $crit) . hInput('page', $page) . hInput('sort', $sort) . hInput('dir', $dir) . n . tag_end('section');
echo n . tag_start('div', array('id' => $event . '_container', 'class' => 'txp-container')) . form(join('', $out), '', '', 'post', 'edit-form', '', 'section_details') . n . tag_end('div');
}
/**
* Renders and outputs the section editor panel.
*/
function section_edit()
{
global $event, $step, $all_pages, $all_styles;
require_privs('section.edit');
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method', 'name')));
$is_edit = $name && $step == 'section_edit';
$caption = gTxt('create_section');
$is_default_section = false;
if ($is_edit) {
$rs = safe_row("*", 'txp_section', "name = '" . doSlash($name) . "'");
if ($name == 'default') {
$caption = gTxt('edit_default_section');
$is_default_section = true;
} else {
$caption = gTxt('edit_section');
}
} else {
// Pulls defaults for the new section from the 'default'.
$rs = safe_row("page, css, on_frontpage, in_rss, searchable", 'txp_section', "name = 'default'");
if ($rs) {
$rs['name'] = $rs['title'] = $rs['description'] = '';
}
}
if (!$rs) {
sec_section_list(array(gTxt('unknown_section'), E_ERROR));
return;
}
extract($rs, EXTR_PREFIX_ALL, 'sec');
pagetop(gTxt('tab_sections'));
$out = array();
$out[] = hed($caption, 2);
if ($is_default_section) {
$out[] = hInput('name', 'default');
} else {
$out[] = inputLabel('section_name', fInput('text', 'name', $sec_name, '', '', '', INPUT_REGULAR, '', 'section_name'), 'section_name', '', array('class' => 'txp-form-field edit-section-name')) . inputLabel('section_title', fInput('text', 'title', $sec_title, '', '', '', INPUT_REGULAR, '', 'section_title'), 'section_longtitle', '', array('class' => 'txp-form-field edit-section-longtitle'));
}
$out[] = inputLabel('section_page', selectInput('section_page', $all_pages, $sec_page, '', '', 'section_page'), 'uses_page', 'section_uses_page', array('class' => 'txp-form-field edit-section-uses-page')) . inputLabel('section_css', selectInput('css', $all_styles, $sec_css, '', '', 'section_css'), 'uses_style', 'section_uses_css', array('class' => 'txp-form-field edit-section-uses-css'));
if (!$is_default_section) {
$out[] = inputLabel('on_front_page', yesnoradio('on_frontpage', $sec_on_frontpage, '', $sec_name), '', 'section_on_frontpage', array('class' => 'txp-form-field edit-section-on-frontpage')) . inputLabel('syndicate', yesnoradio('in_rss', $sec_in_rss, '', $sec_name), '', 'section_syndicate', array('class' => 'txp-form-field edit-section-syndicate')) . inputLabel('include_in_search', yesnoradio('searchable', $sec_searchable, '', $sec_name), '', 'section_searchable', array('class' => 'txp-form-field edit-section-searchable'));
}
$out[] = inputLabel('section_description', '<textarea id="section_description" name="description" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_SMALL . '">' . $sec_description . '</textarea>', 'description', 'section_description', array('class' => 'txp-form-field txp-form-field-textarea edit-section-description'));
$out[] = pluggable_ui('section_ui', 'extend_detail_form', '', $rs) . graf(sLink('section', '', gTxt('cancel'), 'txp-button') . fInput('submit', '', gTxt('save'), 'publish'), array('class' => 'txp-edit-actions')) . eInput('section') . sInput('section_save') . hInput('old_name', $sec_name) . hInput('search_method', $search_method) . hInput('crit', $crit) . hInput('page', $page) . hInput('sort', $sort) . hInput('dir', $dir);
echo form(join('', $out), '', '', 'post', 'txp-edit', '', 'section_details');
}
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
//-------------------------------------------------------------
define("cs", ': ');
define("ln", str_repeat('-', 24) . n);
global $files;
$files = array('/include/txp_category.php', '/include/txp_plugin.php', '/include/txp_auth.php', '/include/txp_form.php', '/include/txp_section.php', '/include/txp_tag.php', '/include/txp_list.php', '/include/txp_page.php', '/include/txp_discuss.php', '/include/txp_prefs.php', '/include/txp_log.php', '/include/txp_preview.php', '/include/txp_image.php', '/include/txp_article.php', '/include/txp_css.php', '/include/txp_admin.php', '/include/txp_link.php', '/include/txp_diag.php', '/lib/admin_config.php', '/lib/txplib_misc.php', '/lib/taglib.php', '/lib/txplib_head.php', '/lib/classTextile.php', '/lib/txplib_html.php', '/lib/txplib_db.php', '/lib/IXRClass.php', '/lib/txplib_forms.php', '/publish/taghandlers.php', '/publish/atom.php', '/publish/log.php', '/publish/comment.php', '/publish/search.php', '/publish/rss.php', '/publish.php', '/index.php', '/css.php');
if ($event == 'diag') {
require_privs('diag');
$step = gps('step');
doDiagnostics();
}
function apache_module($m)
{
$modules = apache_get_modules();
return in_array($m, $modules);
}
function test_tempdir($dir)
{
$f = realpath(tempnam($dir, 'txp_'));
if (is_file($f)) {
@unlink($f);
return true;
}
function author_delete()
{
require_privs('admin.edit');
$user_id = assert_int(ps('user_id'));
$name = fetch('Realname', 'txp_users', 'user_id', $user_id);
if ($name) {
$rs = safe_delete('txp_users', "user_id = {$user_id}");
if ($rs) {
admin(gTxt('author_deleted', array('{name}' => $name)));
}
}
}
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
global $vars;
if ($event == 'link') {
require_privs('link');
$vars = array('category', 'url', 'linkname', 'linksort', 'description', 'id');
$available_steps = array('link_list', 'link_edit', 'link_post', 'link_save', 'link_delete', 'link_change_pageby', 'link_multi_edit');
if (!$step or !function_exists($step) or !in_array($step, $available_steps)) {
link_edit();
} else {
$step();
}
}
// -------------------------------------------------------------
function link_list($message = '')
{
global $step, $link_list_pageby;
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
$dir = $dir == 'desc' ? 'desc' : 'asc';
switch ($sort) {
<?php
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL: https://textpattern.googlecode.com/svn/releases/4.4.0/source/textpattern/include/txp_plugin.php $
$LastChangedRevision: 3374 $
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
if ($event == 'plugin') {
require_privs('plugin');
$available_steps = array('plugin_edit', 'plugin_help', 'plugin_list', 'plugin_install', 'plugin_save', 'plugin_verify', 'switch_status', 'plugin_multi_edit');
if (!$step or !in_array($step, $available_steps)) {
$step = 'plugin_list';
}
$step();
}
// -------------------------------------------------------------
function plugin_list($message = '')
{
global $event;
pagetop(gTxt('edit_plugins'), $message);
echo '<div id="' . $event . '_control" class="txp-control-panel">';
echo n . n . startTable('edit', '', 'plugin-install') . tr(tda(plugin_form(), ' colspan="8" style="height: 30px; border: none;"')) . endTable() . '</div>';
extract(gpsa(array('sort', 'dir')));
if ($sort === '') {
<?php
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
if ($event == 'page') {
require_privs('page');
if (!$step or !in_array($step, array('page_edit', 'page_save', 'page_delete', 'page_list'))) {
page_edit();
} else {
$step();
}
}
//-------------------------------------------------------------
function page_edit($message = '')
{
global $step;
pagetop(gTxt('edit_pages'), $message);
extract(gpsa(array('name', 'newname', 'copy')));
if (!$name or $step == 'page_delete') {
$name = safe_field('page', 'txp_section', "name = 'default'");
}
/*
This is Textpattern
Copyright 2005 by Dean Allen
All rights reserved.
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
global $vars, $statuses;
$vars = array('ID', 'Title', 'Title_html', 'Body', 'Body_html', 'Excerpt', 'textile_excerpt', 'Image', 'textile_body', 'Keywords', 'Status', 'Posted', 'Expires', 'Section', 'Category1', 'Category2', 'Annotate', 'AnnotateInvite', 'publish_now', 'reset_time', 'AuthorID', 'sPosted', 'LastModID', 'sLastMod', 'override_form', 'from_view', 'year', 'month', 'day', 'hour', 'minute', 'second', 'url_title', 'custom_1', 'custom_2', 'custom_3', 'custom_4', 'custom_5', 'custom_6', 'custom_7', 'custom_8', 'custom_9', 'custom_10', 'exp_year', 'exp_month', 'exp_day', 'exp_hour', 'exp_minute', 'exp_second', 'sExpires');
$statuses = array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => strong(gTxt('live')), 5 => gTxt('sticky'));
if (!empty($event) and $event == 'article') {
require_privs('article');
$save = gps('save');
if ($save) {
$step = 'save';
}
$publish = gps('publish');
if ($publish) {
$step = 'publish';
}
switch (strtolower($step)) {
case "":
article_edit();
break;
case "create":
article_edit();
break;
<?php
/*
This is Textpattern
Copyright 2005 by Dean Allen
www.textpattern.com
All rights reserved
Use of this software indicates acceptance of the Textpattern license agreement
$HeadURL$
$LastChangedRevision$
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
if ($event == 'section') {
require_privs('section');
global $all_pages, $all_styles;
$all_pages = safe_column('name', 'txp_page', "1=1");
$all_styles = safe_column('name', 'txp_css', "1=1");
$available_steps = array('section_change_pageby' => true, 'sec_section_list' => false, 'section_delete' => true, 'section_save' => true, 'section_edit' => false, 'section_multi_edit' => true, 'section_set_default' => true, 'section_toggle_option' => true);
if ($step && bouncer($step, $available_steps)) {
$step();
} else {
sec_section_list();
}
}
// -------------------------------------------------------------
// So-named to avoid clashing with the <txp:section_list /> tag
function sec_section_list($message = '')
{
global $event, $section_list_pageby;
if (!$dbversion or $dbversion != $thisversion or $txp_using_svn) {
define('TXP_UPDATE', 1);
include txpath . '/update/_update.php';
}
load_elements($event);
register_element_tabs();
if (!empty($admin_side_plugins) and gps('event') != 'plugin') {
load_plugins(1);
}
include txpath . '/lib/txplib_head.php';
// ugly hack, for the people that don't update their admin_config.php
// Get rid of this when we completely remove admin_config and move privs to db
if ($event == 'list') {
require_privs('article');
} else {
require_privs($event);
}
callback_event($event, $step, 1);
// let elements override older /include/txp_foo.php admin pages
if (!controller_name($event)) {
$inc = txpath . '/include/txp_' . $event . '.php';
if (is_readable($inc)) {
include $inc;
}
}
callback_event($event, $step, 0);
$microdiff = getmicrotime() - $microstart;
echo n . comment(gTxt('runtime') . ': ' . substr($microdiff, 0, 6));
end_page();
} else {
txp_die('DB-Connect was succesful, but the textpattern-table was not found.', '503 Service Unavailable');
function admin_multi_edit()
{
global $txp_user;
require_privs('admin.edit');
$selected = ps('selected');
$method = ps('edit_method');
$changed = array();
if (!$selected or !is_array($selected)) {
return admin();
}
$names = safe_column('name', 'txp_users', "name IN ('" . join("','", doSlash($selected)) . "') AND name != '" . doSlash($txp_user) . "'");
if (!$names) {
return admin();
}
switch ($method) {
case 'delete':
if (safe_delete('txp_users', "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_deleted';
}
break;
case 'changeprivilege':
global $levels;
$privilege = ps('privs');
if (!isset($levels[$privilege])) {
return admin();
}
if (safe_update('txp_users', 'privs = ' . intval($privilege), "name IN ('" . join("','", doSlash($names)) . "')")) {
$changed = $names;
$msg = 'author_updated';
}
break;
case 'resetpassword':
$failed = array();
foreach ($names as $name) {
$passwd = generate_password(6);
if (safe_update('txp_users', "pass = password(lower('" . doSlash($passwd) . "'))", "name = '" . doSlash($name) . "'")) {
}
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
if (send_new_password($passwd, $email, $name)) {
$changed[] = $name;
$msg = 'author_updated';
} else {
return admin(gTxt('could_not_mail') . ' ' . htmlspecialchars($name));
}
}
break;
}
if ($changed) {
return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed)))));
}
admin();
}
* Import panel.
*
* @package Admin\Import
*/
if (!defined('txpinterface')) {
die('txpinterface is undefined.');
}
// TO-DO:
// * Improve performance of file imports
// * Test a php_ini format for blogger exports
// * Provide an Export option
// * Write best help
// Keep error display until we add an error handler for this.
error_reporting(E_ALL);
@ini_set("display_errors", "1");
require_privs('import');
/**
* Configuration variables.
*
* A list of HTTP POST variables.
*
* @global array $vars
*/
$vars = array('import_tool', 'import_section', 'import_status', 'import_comments_invite', 'import_blog_id', 'importdb', 'importdblogin', 'importdbpass', 'importdbhost', 'wpdbprefix', 'wpdbcharset');
/**
* Importing options.
*
* These are named after the files in ./import directory.
*
* @global array $tools
*/
function file_save()
{
global $file_base_path, $file_statuses, $txp_user;
$varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')));
extract(doSlash($varray));
$filename = $varray['filename'] = sanitizeForFile(gps('filename'));
if ($filename == '') {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
$id = $varray['id'] = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$varray['permissions'] = $permissions;
$perms = doSlash($permissions);
$rs = safe_row('filename, author', 'txp_file', "id={$id}");
if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) {
require_privs();
}
$old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = 'now()';
} elseif ($created_ts > 0) {
$created = "from_unixtime('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize(build_file_path($file_base_path, $filename));
$constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status')));
callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
$rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = now()" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// Update failed, rollback name.
if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) {
file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
}
update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size'));
file_list(gTxt('file_updated', array('{name}' => $filename)));
}
