function cn_api_get_entry($id = NULL)
{
if (is_null($id)) {
$id = REQ('id');
}
$id = cn_id_alias($id);
$db = db_news_load(db_get_nloc($id));
// Other meta-information
if (isset($db[$id])) {
$_cot = array();
$_cat = cn_get_categories(true);
$_cts = spsep($db[$id]['c']);
foreach ($_cts as $cid) {
$_cot[$cid] = $_cat[$cid]['name'];
}
$db[$id][':cot'] = $_cot;
return $db[$id];
} else {
return array();
}
}
>
<td align="center"><?php
echo $id;
?>
</td>
<td><a href="<?php
echo cn_url_modify("group_id={$id}");
?>
"><?php
echo cn_htmlspecialchars($acl['name']);
?>
</a></td>
<td><?php
$ps = array();
$sp = spsep($acl['acl']);
foreach ($sp as $name) {
$ps[] = '<a href="#" title="' . join('; ', $form_desc[$name]) . '" onclick="return(tiny_msg(this));">' . $name . '</a>';
}
echo join(', ', $ps);
?>
</td>
<td><?php
echo join('<br>', $acl['grp']);
?>
</td>
<td align="center"><?php
echo $acl['system'] ? 'Y' : '';
?>
</td>
<title><?php
echo $__title;
?>
</title>
<link rel="stylesheet" type="text/css" href="<?php
echo getoption('http_script_dir');
?>
/skins/default.css">
<script type="text/javascript" src="<?php
echo getoption('http_script_dir');
?>
/skins/cute.js"></script>
<style>
<?php
if ($__style) {
$_styles = spsep($__style);
foreach ($_styles as $_style) {
$f = fopen(SKIN . DIRECTORY_SEPARATOR . trim($_style), 'r');
fpassthru($f);
fclose($f);
}
unset($__style, $_styles, $_style);
}
?>
body { margin: 0; padding: 0; }
</style>
</head>
<body>
<?php
<?php
cn_form_open('mod, opt');
?>
<input type="hidden" name="category_id" value="<?php
echo $category_id;
?>
" />
<table class="std-table wide">
<tr><th>ID</th> <th>Name</th> <th>Memo</th> <th>Icon</th> <th>Restriction</th> </tr>
<?php
if ($categories) {
foreach ($categories as $id => $category) {
$acl_message = array();
$acls = spsep($category['acl']);
foreach ($acls as $grp) {
$acl_message[] = ucfirst($groups[$grp]['N']);
}
$acl_message = join(', ', $acl_message);
?>
<tr<?php
if ($id == $category_id) {
echo ' class="row_selected"';
}
?>
>
<td align="center"><?php
echo intval($id);
?>
</td>
}
$i = 0;
$showed = 0;
$repeat = true;
$url_archive = $archive;
while ($repeat) {
foreach ($all_news as $news_line) {
$is_in_cat = false;
$news_arr = explode("|", $news_line);
// Prospected news not showing
if ($news_arr[NEW_ID] > time()) {
continue;
}
if (strstr($news_arr[NEW_CAT], ',')) {
// if the article is in multiple categories
$this_cats_arr = spsep($news_arr[NEW_CAT]);
foreach ($this_cats_arr as $this_single_cat) {
if (isset($requested_cats[$this_single_cat]) && isset($requested_cats[$this_single_cat])) {
$is_in_cat = true;
}
}
} elseif (isset($requested_cats[$news_arr[NEW_CAT]]) && isset($requested_cats[$news_arr[NEW_CAT]])) {
$is_in_cat = true;
}
// if User_By, show news only for this user
if (!empty($user_by) && $user_by != $news_arr[NEW_USER]) {
$count_all--;
continue;
}
if (!$is_in_cat and isset($category) and $category) {
continue;
if (!$selected_news) {
msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK");
}
// Check permissions
$have_perm = 0;
if ($member_db[UDB_ACL] == ACL_LEVEL_ADMIN or $member_db[UDB_ACL] == ACL_LEVEL_EDITOR) {
$have_perm = 1;
} elseif ($member_db[UDB_ACL] == ACL_LEVEL_JOURNALIST and $item_db[1] == $member_db[UDB_NAME]) {
$have_perm = 1;
}
if (!$have_perm) {
msg("error", lang("No Access"), lang("You dont have access for this action"), "#GOBACK");
}
// Check access user for category
if (!empty($item_db[NEW_CAT])) {
foreach (spsep($item_db[NEW_CAT]) as $all_this_cat) {
if (!in_array($all_this_cat, $allowed_cats)) {
msg("error", lang("Access Denied"), lang("This article is posted under category which you are not allowed to access."), "#GOBACK");
}
}
}
$CSRF = CSRFMake();
echoheader("options", "Delete News");
echo "<form method=post action=\"{$PHP_SELF}\">\n <table border=0 cellpadding=0 cellspacing=0 width=100% height=100%>\n <tr><td>" . lang('Are you sure you want to delete all selected news') . " (<b>" . count($selected_news) . "</b>)?<br><br>\n <input type=button value=\" No \" onclick=\"javascript:document.location='{$PHP_SELF}?mod=editnews&action=list&source={$source}'\"> <input type=submit value=\" " . lang('Yes') . " \">\n <input type=hidden name=action value=\"do_mass_delete\">\n <input type=hidden name=mod value=\"massactions\">\n <input type=hidden name=source value=\"{$source}\">\n <input type=hidden name=csrf_code value=\"{$CSRF}\">";
if (is_array($selected_news)) {
foreach ($selected_news as $newsid) {
echo "<input type=hidden name=selected_news[] value=\"{$newsid}\">\n";
}
}
echo "</td></tr></table></form>";
echofooter();
function show_social_code($name = 'fb', $news_arr)
{
// External
global $config_http_script_dir, $soc_categories;
// Facebook
global $config_use_fbcomments, $config_fb_inactive, $config_fb_comments, $config_fb_box_width, $config_fbcomments_color;
global $config_use_fblike, $config_fblike_send_btn, $config_fblike_style, $config_fblike_width, $config_fblike_show_faces, $config_fblike_font;
global $config_fblike_color, $config_fblike_verb;
// Twitter
global $config_use_twitter, $config_tw_url, $config_tw_text, $config_tw_via, $config_tw_recommended, $config_tw_show_count, $config_tw_hashtag;
global $config_tw_lang, $config_tw_large;
// allow use fb comments
$soc_allowed = 1;
if (!empty($soc_categories)) {
$tmp_fb_cats = spsep($soc_categories);
$tmp_nw_cats = spsep($news_arr[NEW_CAT]);
$soc_allowed = count(array_intersect($tmp_fb_cats, $tmp_nw_cats)) ? 1 : 0;
}
// Show FB comments
if ($name == 'fb' && $config_use_fbcomments == 'yes' && $config_fb_inactive == 'yes' && $soc_allowed) {
return '<div class="fb-comments cutenews-fb-comments" data-href="' . $config_http_script_dir . '/router.php?subaction=showfull&id=' . $news_arr[NEW_ID] . '" data-num-posts="' . $config_fb_comments . '" data-width="' . $config_fb_box_width . '" data-colorscheme="' . $config_fbcomments_color . '"></div>';
} elseif ($name == 'fb-like' && $config_use_fblike == 'yes' && $soc_allowed) {
return '<div class="fb-like cutenews-fb-comments" data-send="' . ($config_fblike_send_btn == "yes" ? "true" : "false") . '" data-layout="' . $config_fblike_style . '" data-width="' . $config_fblike_width . '" data-show-faces="' . ($config_fblike_show_faces == "yes" ? "true" : "false") . '" data-font="' . $config_fblike_font . '" data-colorscheme="' . $config_fblike_color . '" data-action="' . $config_fblike_verb . '"></div>';
} elseif ($name == 'twitter' && $config_use_twitter == 'yes' && $soc_allowed) {
return '<div class="cutenews-twitter-send"><a href="https://twitter.com/share" class="twitter-share-button" data-url="' . trim($config_tw_url) . '" data-text="' . trim($config_tw_text) . '" data-via="' . trim($config_tw_via) . '" data-related="' . trim($config_tw_recommended) . '" data-count="' . $config_tw_show_count . '" data-hashtags="' . trim($config_tw_hashtag) . '" data-lang="' . $config_tw_lang . '" data-size="' . ($config_tw_large == "yes" ? "large" : "medium") . '"></a><script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script></div>';
}
}
$mail = $user_member[UDB_CBYEMAIL] ? false : $user_member[UDB_EMAIL];
$captcha_enabled = false;
} else {
echo '<div class="blocking_posting_comment">' . lang('Wrong password!') . ' <a href="javascript:document.location = \'' . $_SERVER['HTTP_REFERER'] . '\'">' . lang('Refresh') . '</a></div>';
add_to_log($name, lang('Wrong password (posting comment with exist username)'));
return FALSE;
}
}
} else {
$is_member = false;
}
// ---------------------------------
// Converting to UTF8 [Try]
// ---------------------------------
if ($config_useutf8 == "1" && function_exists('iconv')) {
list($hac) = spsep($config_default_charset);
$name = iconv($hac, 'utf-8', $name);
$comments = iconv($hac, 'utf-8', $comments);
}
// Captcha test (if not disabled force)
if ($captcha != $_SESS['CSW'] && $config_use_captcha && $captcha_enabled) {
echo '<div class="blocking_posting_comment">' . lang('Wrong captcha') . '! <a href="javascript:location.reload(true)">' . lang('Refresh') . '</a></div>';
add_to_log($ip, 'Attack to captcha');
return FALSE;
}
//----------------------------------
// Check if only members can comment
//----------------------------------
if ($config_only_registered_comment == "yes" and !$is_member) {
echo '<div class="blocking_posting_comment">' . lang('Sorry but only registered users can post comments, and') . ' "' . htmlspecialchars($name) . '" ' . lang('is not recognized as valid member') . '.</div>';
return FALSE;
if ($id < $date_from || $id > $date_to) {
continue;
}
$nbp = db_get_nloc($id);
if ($block !== $nbp) {
$ent = db_news_load($block = $nbp);
}
// @syslog internal error
if (empty($ent)) {
continue;
}
$item = $ent[$id];
$MB = function_exists('mb_strtolower');
$Fs = $MB ? mb_strtolower($item['f'], 'UTF-8') : strtolower($item['f']);
$Ss = $MB ? mb_strtolower($item['s'], 'UTF-8') : strtolower($item['s']);
$_query = spsep($search, ' ');
foreach ($_query as $_id => $_val) {
$_query[$_id] = preg_quote($_val, '/');
}
// By user, but user not match
if ($user && !$user != $item['u']) {
continue;
}
// Query string not found
if (!preg_match('/' . join('.*?', $_query) . '/uis', $Fs . $Ss)) {
continue;
}
$st++;
if ($st < $search_st) {
continue;
}
function dashboard_group()
{
global $_CN_access;
$access_desc = array();
$form_desc = array();
$gn = file(SKIN . '/defaults/groups_names.tpl');
foreach ($gn as $G) {
if (($G = trim($G)) == '') {
continue;
}
list($cc, $xgrp, $name_desc) = explode('|', $G, 3);
if (!isset($access_desc[$xgrp])) {
$access_desc[$xgrp] = array();
}
$access_desc[$xgrp][$cc] = $name_desc;
$form_desc[$cc] = explode('|', $name_desc);
}
$ATR = array('C' => 'Configs', 'N' => 'New', 'M' => 'Comment', 'B' => 'Behavior');
// Extension for access rights
list($access_desc, $ATR) = hook('extend_acl_groups', array($access_desc, $ATR));
$grp = array();
$groups = getoption('#grp');
list($group_name, $group_id, $group_grp, $ACL, $delete_group, $reset_group, $mode) = GET('group_name, group_id, group_grp, acl, delete_group, reset_group,mode');
$is_add_edit = false;
// -----------
if (request_type('POST')) {
cn_dsi_check();
if (!$group_name) {
cn_throw_message("Enter group name", 'e');
} elseif ($mode == 'edit') {
$is_edited = true;
// Update exists or new group
if ($group_id > 1) {
if (!empty($groups[$group_id])) {
$is_edited = md5($groups[$group_id]['N'] . $groups[$group_id]['G'] . $groups[$group_id]['A']) != md5($group_name . $group_grp . (!empty($ACL) ? join(',', $ACL) : ''));
}
if ($is_edited) {
$groups[$group_id] = array('#' => $groups[$group_id]['#'], 'N' => $group_name, 'G' => $group_grp, 'A' => !empty($ACL) ? join(',', $ACL) : '');
}
}
if ($group_id == 1) {
cn_throw_message("Can't update admin group", 'e');
} elseif ($is_edited) {
// Save to config
setoption('#grp', $groups);
cn_throw_message("Group updated");
} else {
cn_throw_message("No data for update", 'w');
}
} elseif ($mode == 'add') {
$is_exists = FALSE;
// Check group exists
foreach ($groups as $id => $dt) {
if ($dt['N'] == $group_name) {
$is_exists = TRUE;
break;
}
}
$group_id = max(array_keys($groups)) + 1;
// Update exists or new group
if ($group_id > 1 && !$is_exists) {
$groups[$group_id] = array('#' => '', 'N' => $group_name, 'G' => $group_grp, 'A' => !empty($ACL) ? join(',', $ACL) : '');
// Save to config
setoption('#grp', $groups);
cn_throw_message("Group added");
} elseif ($is_exists) {
cn_throw_message("Group with that name already exist", 'e');
$group_id = 0;
} else {
cn_throw_message("Group not added", 'e');
}
} else {
$edit_system = FALSE;
$edit_exists = FALSE;
$is_add_edit = TRUE;
// Check group exists
foreach ($groups as $id => $dt) {
if ($id == $group_id && $dt['#']) {
$edit_system = TRUE;
}
if ($dt['N'] == $group_name) {
$edit_exists = TRUE;
}
}
// Reset group rights
if ($reset_group && $group_id) {
$cgrp = file(SKIN . '/defaults/groups.tpl');
foreach ($cgrp as $G) {
$G = trim($G);
if ($G[0] === '#') {
continue;
}
list($id, $name, $group, $access) = explode('|', $G);
$id = intval($id);
if ($id == $group_id) {
$ACL = spsep($access === '*' ? $_CN_access['C'] . ',' . $_CN_access['N'] . ',' . $_CN_access['M'] : $access);
$groups[$group_id] = array('#' => TRUE, 'N' => $name, 'G' => $group, 'A' => !empty($ACL) ? join(',', $ACL) : '');
cn_throw_message("Group reset");
}
}
$is_add_edit = FALSE;
} elseif ($edit_exists && !$delete_group) {
if ($group_id == 1) {
cn_throw_message("Can't update admin group", 'e');
} else {
cn_throw_message('Parameters for a group are not correct specified or group already exists', 'e');
}
} elseif ($delete_group && $edit_exists) {
if ($edit_system) {
cn_throw_message("Unable remove system group");
} else {
unset($groups[$group_id]);
$ACL = array();
$group_id = 0;
cn_throw_message("Group removed");
}
}
// Save to config
setoption('#grp', $groups);
}
}
foreach ($groups as $name => $data) {
$_gtext = array();
$G = spsep($data['G']);
foreach ($G as $id) {
if (isset($groups[$id])) {
$_gtext[] = $groups[$id]['N'];
}
}
$grp[$name] = array('system' => $data['#'], 'name' => $data['N'], 'grp' => $_gtext, 'acl' => $data['A']);
}
// Translate ACL to view
$access = array();
$bc = array();
// Get user acl data
if ($group_id && $groups[$group_id]) {
$bc = spsep($groups[$group_id]['A']);
}
foreach ($_CN_access as $Gp => $Ex) {
$Gz = array();
$Ex = spsep($Ex);
$Tr = $access_desc[$ATR[$Gp]];
foreach ($Ex as $id) {
$trp = explode('|', $Tr[$id]);
$d = isset($trp[0]) ? $trp[0] : '';
$t = isset($trp[1]) ? $trp[1] : '';
$c = in_array($id, $bc);
if ($is_add_edit) {
$c = FALSE;
}
$Gz[$id] = array('d' => i18n(array($d, 'DS-')), 't' => i18n(array($t, 'DS-')), 'c' => $c);
}
$access[$ATR[$Gp]] = $Gz;
}
// Group is system
$group_system = $group_id && $groups[$group_id]['#'];
if ($group_id) {
if (!$is_add_edit) {
$group_name = $groups[$group_id]['N'];
$group_grp = $groups[$group_id]['G'];
} else {
$group_name = $group_grp = '';
$group_id = 0;
}
}
cn_assign('grp, group_name, group_id, group_grp, group_system, access, form_desc', $grp, $group_name, $group_id, $group_grp, $group_system, $access, $form_desc);
echoheader('-@dashboard/style.css', 'Groups');
echo exec_tpl('dashboard/group');
echofooter();
}
function cn_modify_bb_cat($e, $t, $c)
{
$rc = intval(substr($c, 1));
$cw = spsep($e['c']);
$c = intval(substr($c, 1)) - 1;
if (count($cw) == 1) {
$c = 0;
}
if (isset($cw[$c]) && $cw[$c] == $rc) {
return str_replace('[$catid]', $cw[$c], $t);
}
return '';
}
function media_invoke()
{
$popup_form = '';
list($path, $opt) = GET('folder, opt', 'GETPOST');
list($do_action, $pending) = GET('do_action, pending', 'POST');
// Change default uploads dir
$udir = cn_path_construct(SERVDIR, 'uploads');
if (getoption('uploads_dir')) {
$udir = preparation_path(getoption('uploads_dir'));
}
$edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads';
$dfile = cn_path_construct($udir, $path);
// Remove root identifier
$path = preparation_path($path);
// Path detection
$path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path);
$root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR;
$just_uploaded = array();
// Get path struct
$pathes = spsep($path, DIRECTORY_SEPARATOR);
if (isset($pathes[0]) && $pathes[0] === '') {
unset($pathes[0]);
}
// Do upload files
if (request_type('POST')) {
cn_dsi_check();
// Allowed Exts.
$AE = spsep(getoption('allowed_extensions'));
// Generate thumbnail after upload
$thumbnail_with_upload = getoption('thumbnail_with_upload');
// UPLOAD FILES
if (REQ('upload', 'POST')) {
list($overwrite) = GET('overwrite');
$is_uploaded = FALSE;
// Try for fopen url upload
if ($upload_from_inet = REQ('upload_from_inet')) {
if (ini_get('allow_url_fopen')) {
// Get filename
$url_name = spsep($upload_from_inet, '/');
$url_name = $url_name[count($url_name) - 1];
$url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name);
$url_name = str_replace('%', '_', $url_name);
// resolve filename
$c_file = $dfile . $url_name;
// Overwrite [if can], or add file
if ($overwrite && file_exists($c_file) || !file_exists($c_file)) {
// Use context for disable error notices
if (function_exists('stream_context_create')) {
$context = stream_context_create(array('http' => array('ignore_errors' => true)));
$fw = fopen($upload_from_inet, 'rb', false, $context);
} else {
// Read file
$fw = fopen($upload_from_inet, 'rb');
}
// --------- (fetch content) ------
ob_start();
fpassthru($fw);
$file_image = ob_get_clean();
fclose($fw);
// ---------
// write2disk
if ($wf = fopen($c_file, 'w')) {
fwrite($wf, $file_image);
fclose($wf);
}
// check image
list($w, $h) = getimagesize($c_file);
if ($w && $h) {
cn_throw_message('File uploaded');
$max_width = getoption('max_thumbnail_width');
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
$is_uploaded = TRUE;
$just_uploaded[$url_name] = TRUE;
} else {
cn_throw_message("Wrong image file", 'e');
unlink($c_file);
}
} else {
cn_throw_message("Can't overwrite or save", 'e');
}
} else {
cn_throw_message('allow_url_fopen=0, check server configurations');
}
}
// Upload from local
foreach ($_FILES['upload_file']['name'] as $id => $name) {
if ($name) {
$ext = NULL;
if (preg_match('/\\.(\\w+)$/i', $name, $c)) {
$ext = strtolower($c[1]);
}
// Check allowed ext
if ($ext && in_array($ext, $AE)) {
// encode url
$name = str_replace('%2F', '/', urlencode($name));
// encoded? replace filename
if (strpos($name, '%') !== FALSE) {
$name = str_replace('%', '', strtolower($name));
}
// check file for exist
if (file_exists($c_file = $dfile . $name)) {
if ($overwrite) {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e');
continue;
}
}
// Upload file to server
if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) {
$just_uploaded[$name] = TRUE;
cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]');
$max_width = getoption('max_thumbnail_width');
list($w, $h) = getimagesize($c_file);
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e');
}
} else {
cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e');
}
} elseif (!$is_uploaded) {
cn_throw_message('No selected files for upload', 'e');
}
}
} elseif ($do_action || $pending) {
list($rm) = GET('rm', 'POST');
// action --> delete entries
if ($do_action == 'delete') {
if (empty($rm)) {
cn_throw_message('No files selected', 'w');
} else {
foreach ($rm as $file) {
if (file_exists($cfile = $dfile . $file)) {
if (is_dir($cfile)) {
rmdir($cfile);
} else {
//get thumbnail path
$path_parts = pathinfo($cfile);
$thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename'];
if (file_exists($thumbnail_path)) {
unlink($thumbnail_path);
}
unlink($cfile);
}
}
if (file_exists($cfile)) {
cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully');
}
}
}
} elseif ($do_action == 'create') {
$popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />';
} elseif ($pending == 'create') {
$new_dir_arr = GET('new_dir', 'POST');
$new_folder = array_pop($new_dir_arr);
$new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder);
if ($new_folder) {
$cfile = $dfile . $new_folder;
if (is_dir($cfile)) {
cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e');
} else {
mkdir($cfile);
if (!is_dir($cfile)) {
cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e');
} else {
cn_throw_message('Folder [' . $new_folder . '] created!');
}
}
} else {
cn_throw_message('Specify folder name', 'w');
}
$popup_form = '';
} elseif ($do_action == 'rename') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>';
$popup_form .= i18n('Tip: Write new file name') . '<br />';
$popup_form .= '<table>';
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> ';
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to rename', 'w');
}
} elseif ($pending == 'rename') {
// ...
list($ids, $place) = GET('ids, place', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
if (in_array(md5($file), $safe_dir)) {
$filename = $place[$id];
if (strpos($filename, '\\') || strpos($filename, '/')) {
cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e');
continue;
}
$renameto = $root_dir . $filename;
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $renameto)) {
if (file_exists($thumb)) {
rename($thumb, $root_dir . '.thumb.' . $filename);
}
cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename)));
} else {
cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'move') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>';
$popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />';
$popup_form .= '<table>';
$folders = array();
$dirs = scan_dir($root_dir);
foreach ($dirs as $entry) {
if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) {
$folders[] = $entry;
}
}
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td>';
$cnt_folders = count($folders);
if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) {
$popup_form .= '<select name="place_folder_' . $id . '">';
foreach ($folders as $dirn) {
if ($dirn != $hfn) {
$popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>';
}
}
$popup_form .= '</select>';
}
if ($root_dir != $udir) {
$popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>';
} else {
$popup_form .= '<nobr> X Move up (You are in root folder)</nobr>';
}
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to move', 'w');
}
} elseif ($pending == 'move') {
// ...
list($ids, $moveup) = GET('ids, moveup', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
list($place_folder) = GET('place_folder_' . $id);
if (in_array(md5($file), $safe_dir)) {
$NF = '';
$foldername = preg_replace('/\\.\\//i', '', $place_folder);
// move this file up
if (isset($moveup[$id]) && count($pathes) > 0) {
$nwfolder = dirname($root_dir);
$foldername = 'up folder';
} else {
$nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername;
if ($rm[0]) {
$NF = $rm[0] . DIRECTORY_SEPARATOR;
}
}
$moveto = $nwfolder . DIRECTORY_SEPARATOR . $file;
//check for image thumbnail
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $moveto)) {
if (file_exists($thumb)) {
rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file);
}
cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername)));
} else {
cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'thumb') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Make thumbnails', $do_action);
} else {
cn_throw_message('Select files to make thumbnail', 'w');
}
} elseif ($pending == 'thumb') {
do_resize_image($root_dir);
} elseif ($do_action == 'resize') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Resize source image', $do_action);
} else {
cn_throw_message('Select files to resize', 'w');
}
} elseif ($pending == 'resize') {
do_resize_image($root_dir, false);
} elseif (!hook('media/post_action')) {
msg_info("Action error");
}
}
}
// Check dir exists
if (is_dir($root_dir)) {
$raw_files = scan_dir($root_dir);
} else {
cn_throw_message('Dir not exists', 'e');
$raw_files = array();
}
$dirs = $files = array();
foreach ($raw_files as $file) {
if (preg_match('/avatar_/', $file)) {
continue;
}
$file_location = "{$root_dir}/{$file}";
if (is_dir($file_location)) {
$dirs[] = array('url' => "{$path}/{$file}", 'name' => $file);
} elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) {
list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file);
$is_thumb = preg_match('/\\.thumb\\./', $file);
$files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1));
}
}
uasort($dirs, 'usort_by_name_asc');
uasort($files, 'usort_by_name_asc');
// Top level (dashboard)
cn_bc_add('Dashboard', cn_url_modify(array('reset')));
cn_bc_add('Media manager', cn_url_modify());
cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir);
if ($opt === 'inline') {
echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general'));
} else {
echoheader('-@media/style.css', 'Media manager');
echo exec_tpl('media/general');
echofooter();
}
}
$use_wysiwyg = $config_use_wysiwyg == "no" ? 0 : 1;
$item_db[NEW_SHORT] = replace_news("admin", $item_db[NEW_SHORT], $use_wysiwyg);
$item_db[NEW_FULL] = replace_news("admin", $item_db[NEW_FULL], $use_wysiwyg);
$CSRF = CSRFMake();
echoheader("editnews", lang("Edit News"));
// make category lines
$i = 0;
if ($subaction == 'doeditnews') {
$item_db[NEW_CAT] = join(',', $category);
}
if (count($cat_lines) > 0) {
$lines_html = false;
foreach ($cat_lines as $single_line) {
$cat_arr = explode("|", $single_line);
$lines_html .= "<td style='font-size:10px;' valign=top><label for='cat{$cat_arr[0]}'>";
if (in_array($cat_arr[NEW_ID], spsep($item_db[NEW_CAT]))) {
$lines_html .= "<input checked style='background-color:transparent; border:0px;' type='checkbox' name='category[]' id='cat{$cat_arr[0]}' value='{$cat_arr[0]}'>{$cat_arr['1']}</label>";
} else {
$lines_html .= "<input style='background-color:transparent; border:0px;' type='checkbox' name='category[]' id='cat{$cat_arr[0]}' value='{$cat_arr[0]}'>{$cat_arr['1']}</label>";
}
$i++;
if ($i % 4 == 0) {
$lines_html .= '<tr>';
}
}
$lines_html .= "</tr>";
}
// Show the Comments for Editing
$Comments_HTML = false;
if ($source == "" or $source == "postponed" or $source == "unapproved") {
$all_comments_db = file(SERVDIR . "/cdata/comments.txt");
function edit_news_action_edit()
{
$flatdb = new FlatDB();
$preview_html = $preview_html_full = '';
$ID = $gstamp = intval(REQ('id', 'GETPOST'));
list($status, $preview) = GET('m, preview');
list($vConcat, $vTags, $faddm, $archive_id, $source) = GET('concat, tags, faddm, archive_id, source', 'GETPOST');
// get news part by day
$news = db_news_load(db_get_nloc($ID));
if ($ID == 0) {
msg_info("Can't edit news without ID");
}
if (!isset($news[$ID])) {
msg_info("News entry not found!");
}
// load entry
$entry = $news[$ID];
$oldentry = $entry;
// disallowed by category
if (!test_cat($entry['c'])) {
msg_info("You can't view entry. Category disallow");
}
// set status message
if ($status == 'added') {
cn_throw_message('News was added');
}
if ($status == 'moved') {
cn_throw_message('Moved to another time');
}
// load more fields
list($morefields) = cn_get_more_fields($entry['mf']);
// do save news?
if (request_type('POST')) {
$flatdb->cache_clean();
// check exists news
if (isset($news[$ID])) {
// extract data
$entry = $storent = $news[$ID];
// Prepare text
list($title, $page, $category, $short_story, $full_story, $if_use_html, $postpone_draft) = GET('title, page, category, short_story, full_story, if_use_html, postpone_draft', 'GETPOST');
// Change date?
list($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year) = GET('from_date_hour, from_date_minutes, from_date_seconds, from_date_month, from_date_day, from_date_year', 'GETPOST');
$c_time = intval(mktime($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year));
// sanitize page name
$page = preg_replace('/[^a-z0-9_\\.]/i', '-', $page);
if (empty($page) && !empty($title) && getoption('auto_news_alias')) {
$page = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($title)));
}
// current source is archive, active (postponed) or draft news
$draft_target = $postpone_draft === 'draft';
// User can't post active news
if (test('Bd') && $draft_target !== 'draft') {
$draft_target = 'draft';
}
// if archive_id is present, unable send to draft
$current_source = $archive_id ? "archive-{$archive_id}" : ($source == 'draft' ? 'draft' : '');
$target_source = $archive_id ? "archive-{$archive_id}" : ($draft_target ? 'draft' : '');
$if_use_html = $if_use_html ? TRUE : (getoption('use_wysiwyg') ? TRUE : FALSE);
$entry['t'] = cn_htmlclear($title);
$entry['c'] = is_array($category) ? join(',', $category) : $category;
$entry['s'] = cn_htmlclear($short_story);
$entry['f'] = cn_htmlclear($full_story);
$entry['ht'] = $if_use_html;
$entry['st'] = $draft_target ? 'd' : '';
$entry['pg'] = $page;
$entry['cc'] = $vConcat ? TRUE : FALSE;
$entry['tg'] = strip_tags($vTags);
// apply more field (for news & frontend)
list($entry, $disallow_message) = cn_more_fields_apply($entry, $faddm);
list($morefields) = cn_get_more_fields($faddm);
// has message from function
if ($disallow_message) {
cn_throw_message($disallow_message, 'e');
}
// Make preview
if ($preview) {
//correct preview links
$gstamp = $entry['id'] = $c_time;
$preview_html = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'active'));
$preview_html_full = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'full'));
} elseif (REQ('do_editsave', 'POST')) {
if (!getoption('disable_title') && empty($title)) {
cn_throw_message('The title cannot be blank', 'e');
}
if (!getoption('disable_short') && empty($short_story)) {
cn_throw_message('The story cannot be blank', 'e');
}
// Check for change alias
$pgts = bt_get_id($ID, 'ts_pg');
if ($pgts && $pgts !== $page) {
if ($page) {
if (bt_get_id($page, 'pg_ts')) {
cn_throw_message('For other news page alias already exists!', 'e');
}
} else {
bt_del_id($pgts, 'pg_ts');
bt_del_id($ID, 'ts_pg');
}
}
// no errors in a[rticle] area
if (cn_get_message('e', 'c') == 0) {
$FlatDB = new FlatDB();
$ida = db_index_load($current_source);
$idd = db_index_load($target_source);
// Time is changed
if ($c_time != intval($ID)) {
// Load next block (or current)
$next = db_news_load(db_get_nloc($c_time));
if (isset($next[$c_time])) {
cn_throw_message('The article time already busy, select another', 'e');
} else {
// set new time
$entry['id'] = $c_time;
$next[$c_time] = $entry;
// remove old news [from source / dest]
if (isset($news[$ID])) {
unset($news[$ID]);
}
if (isset($next[$ID])) {
unset($next[$ID]);
}
// remove old index
if (isset($idd[$ID])) {
unset($idd[$ID]);
}
// Delete old indexes
$_ts_id = bt_get_id($ID, 'nts_id');
bt_del_id($ID, 'nts_id');
// Update
bt_set_id($_ts_id, $c_time, 'nid_ts');
bt_set_id($c_time, $_ts_id, 'nts_id');
// save 2 blocks
db_save_news($news, db_get_nloc($ID));
db_save_news($next, db_get_nloc($c_time));
cn_throw_message('News moved from <b>' . date('Y-m-d H:i:s', $ID) . '</b> to <b>' . date('Y-m-d H:i:s', $c_time) . '</b>');
}
} else {
$news[$ID] = $entry;
db_save_news($news, db_get_nloc($ID));
cn_throw_message('News was edited');
}
// Update page aliases
$_ts_pg = bt_get_id($ID, 'ts_pg');
bt_del_id($ID, 'ts_pg');
bt_del_id($_ts_pg, 'pg_ts');
if ($page) {
bt_set_id($c_time, $page, 'ts_pg');
bt_set_id($page, $c_time, 'pg_ts');
}
// 1) remove from old index
if (isset($ida[$ID])) {
unset($ida[$ID]);
}
// Fill probably unused
$storent['tg'] = isset($storent['tg']) ? $storent['tg'] : '';
// 2) add new index
$idd[$c_time] = db_index_create($entry);
// 3) sync indexes
db_index_save($ida, $current_source);
db_index_update_overall($current_source);
db_index_save($idd, $target_source);
db_index_update_overall($target_source);
// ------
// UPDATE categories
$FlatDB->cn_remove_categories($storent['c'], $storent['id']);
$FlatDB->cn_add_categories($entry['c'], $c_time);
// UPDATE tags
$FlatDB->cn_remove_tags($storent['tg'], $storent['id']);
$FlatDB->cn_add_tags($entry['tg'], $c_time);
// UPDATE date / id storage [with comments count]
$FlatDB->cn_update_date($entry['id'], $storent['id'], count($storent['co']));
// ------
}
}
} else {
msg_info("News entry not found or has been deleted");
}
}
if (empty($entry['pg']) && isset($entry['t']) && getoption('auto_news_alias')) {
$entry['pg'] = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($entry['t'])));
}
// Assign template vars
$category = spsep($entry['c']);
$categories = cn_get_categories(false);
$title = isset($entry['t']) ? $entry['t'] : '';
$short_story = isset($entry['s']) ? $entry['s'] : '';
$page = isset($entry['pg']) ? $entry['pg'] : '';
$full_story = isset($entry['f']) ? $entry['f'] : '';
$is_draft = isset($entry['st']) ? $entry['st'] == 'd' : false;
$vConcat = isset($entry['cc']) ? $entry['cc'] : '';
$vTags = isset($entry['tg']) ? $entry['tg'] : '';
$if_use_html = isset($entry['ht']) ? $entry['ht'] : false;
$is_active_html = test('Csr');
cn_assign('categories, vCategory, vTitle, vPage, vShort, vFull, vUseHtml, preview_html, preview_html_full, gstamp, is_draft, vConcat, vTags, morefields, archive_id, is_active_html', $categories, $category, $title, $page, $short_story, $full_story, $if_use_html, $preview_html, $preview_html_full, $gstamp, $is_draft, $vConcat, $vTags, $morefields, $archive_id, $is_active_html);
cn_assign("EDITMODE", 1);
// show edit page
echoheader("addedit@addedit/main.css", i18n("Edit news"));
echo exec_tpl('addedit/main');
echofooter();
}
}
if ($archive) {
$news_file = SERVDIR . "/cdata/archives/{$archive}.news.arch";
$comm_file = SERVDIR . "/cdata/archives/{$archive}.comments.arch";
} else {
$news_file = SERVDIR . "/cdata/news.txt";
$comm_file = SERVDIR . "/cdata/comments.txt";
}
$allow_add_comment = false;
$allow_full_story = false;
$allow_active_news = false;
$allow_comments = false;
$is_in_category = false;
// article is in multiple categories
$ucat = isset($_GET['ucat']) && $_GET['ucat'] ? $_GET['ucat'] : $category;
foreach (spsep($ucat) as $one_cat) {
if (isset($requested_cats[$one_cat]) && $requested_cats[$one_cat]) {
$is_in_category = true;
}
}
// Default variables
if (empty($number)) {
$number = 0;
}
if (empty($template)) {
$template = 'Default';
}
// <<<------------ Determine what user want to do
hook('show_news_determine_before');
if (empty($CN_HALT) and empty($static) and in_array($subaction, array("showcomments", "showfull", "addcomment")) and (empty($category) or $is_in_category)) {
if ($subaction == "addcomment") {
$start_from = intval($start_from);
// Set default vars
if (!$template) {
$template = 'Default';
}
if (!$number) {
$number = getoption('active_news_def');
}
if (!is_array($requested_cats)) {
$requested_cats = array();
}
if (!is_array($translate)) {
$translate = array();
}
if ($user_by) {
$user_by = spsep($user_by);
}
if ($static_path) {
$PHP_SELF = $static_path;
}
// Backup for PHP_SELF
$_bc_PHP_SELF = $PHP_SELF;
// Reverse news (by user, or site option)
if ($reverse || getoption('reverse_active')) {
$sortby = '';
$dir = 'R';
}
// Override site option by user
if (getoption('reverse_active') && !is_null($reverse) && !$reverse) {
$dir = '';
}
// Get extrn variables
list($snippet) = GET('snippet', 'GPG');
// Default values
if (!$snippet) {
$snippet = 'sandbox';
}
$_snipdb = getoption('#snippets');
$_html = isset($_snipdb[$snippet]) ? $_snipdb[$snippet] : '';
$_assign = array();
// Catch all brackets
if (preg_match_all('/\\[(.*?)\\]/is', $_html, $_c, PREG_SET_ORDER)) {
foreach ($_c as $_vs) {
$_echo = '';
$_options = array();
list($_mod, $_opt) = explode('|', $_vs[1], 2);
$_opts = spsep($_opt);
foreach ($_opts as $_opt) {
list($_id, $_value) = explode('=', $_opt, 2);
$_options[$_id] = is_null($_value) ? TRUE : $_value;
}
// MODULES
if ($_mod == 'news') {
$_gGET = $_GET;
$_GET = array();
foreach ($_options as $_id => $_var) {
${$_id} = $_var;
}
ob_start();
include dirname(__FILE__) . '/show_news.php';
$_echo = ob_get_clean();
$_GET = $_gGET;
echo cn_snippet_open_win(cn_url_modify('mod=media', 'opt=inline', 'faddm=Y', 'callback=faddm_' . $name), array('w' => 1000));
?>
">Select resource</a>
</div>
<?php
} elseif ($item['type'] == 'select') {
?>
<div style="margin: 4px 0 4px 0;">
<select name="faddm[<?php
echo $name;
?>
]">
<?php
$opts = spsep($item['meta'], ';');
foreach ($opts as $opt) {
$lr = explode('=', $opt, 2);
if (count($lr) == 2) {
$r = $lr[1];
} else {
$r = $lr[0];
}
// show option
echo '<option value="' . cn_htmlspecialchars($lr[0]) . '" ' . ($lr[0] === $item['#value'] ? 'selected' : '') . '>' . cn_htmlspecialchars($r) . '</option>';
}
?>
</select>
<span class="name"><?php
echo $name;
?>
// plugin tells us: he is fork, stop
if (hook('fork_archives', false)) {
return;
}
// Check including
$Uri = '//' . dirname($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (strpos($config_http_script_dir, $Uri) !== false && strpos($PHP_SELF, 'show_archives.php') !== false) {
die_stat(403, 'Wrong including show_archives.php! Check manual to get more information about this issue.');
}
// Prepare requested categories
if (preg_match('/[a-z]/i', $category)) {
die_stat(false, "<b>Error</b>!<br>CuteNews has detected that you use \$category = \"" . htmlspecialchars($category) . "\"; but you can call the categories only with their <b>ID</b> numbers and not with names<br>example:<br><blockquote><?PHP<br>\$category = \"1\";<br>include(\"path/to/show_archives.php\");<br>?></blockquote>");
}
hook('show_archives_init');
$category = preg_replace("/ /", "", $category);
$tmp_cats_arr = spsep($category);
foreach ($tmp_cats_arr as $key => $value) {
if ($value != "") {
$requested_cats[$value] = true;
}
}
if (empty($archive)) {
$news_file = SERVDIR . "/cdata/news.txt";
$comm_file = SERVDIR . "/cdata/comments.txt";
} elseif (is_numeric($archive)) {
$news_file = SERVDIR . "/cdata/archives/{$archive}.news.arch";
$comm_file = SERVDIR . "/cdata/archives/{$archive}.comments.arch";
} else {
die_stat(false, "Archive variable is invalid");
}
if ($subaction == "" or !isset($subaction)) {
function GET($var, $method = 'POST')
{
$result = array();
$vars = spsep($var);
foreach ($vars as $var) {
$value = false;
if ($method == 'POST' && isset($_POST[$var])) {
$value = $_POST[$var];
} elseif ($method == 'GET' && isset($_GET[$var])) {
$value = $_GET[$var];
} elseif ($method == 'POSTGET') {
if (isset($_POST[$var])) {
$value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$value = $_GET[$var];
}
} elseif ($method == 'GETPOST') {
if (isset($_GET[$var])) {
$value = $_GET[$var];
} elseif (isset($_POST[$var])) {
$value = $_POST[$var];
}
} elseif ($method == 'REQUEST' && isset($_REQUEST[$var])) {
$value = $_REQUEST[$var];
} elseif ($method == 'COOKIES' && isset($_COOKIES[$var])) {
$value = $_COOKIES[$var];
}
$result[] = $value;
}
return $result;
}
