/**
* Apply a basic filter
*
* @param string|array $var
* @param bool $isNumeric
* @return string|array
*/
public static function applyFilter($var, $isNumeric = false)
{
if (is_array($var)) {
return array_map(__METHOD__, $var);
}
if (is_callable('COM_applyBasicFilter')) {
$var = COM_applyBasicFilter($var);
} else {
// Simulate COM_applyBasicFilter
$var = \GLText::remove4byteUtf8Chars($var);
$var = strip_tags($var);
if (is_callable('COM_killJS')) {
$var = COM_killJS($var);
// doesn't help a lot right now, but still ...
} else {
$var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
}
if ($isNumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
$var = 0;
}
} else {
$var = preg_replace('/\\/\\*.*/', '', $var);
$var = explode("'", $var);
$var = explode('"', $var[0]);
$var = explode('`', $var[0]);
$var = explode(';', $var[0]);
$var = explode(',', $var[0]);
$var = explode('\\', $var[0]);
$var = $var[0];
}
}
return $var;
}
/**
* Apply basic filter if necessary
*
* @param string|array $value
* @return string|array
*/
private function filter($value)
{
if ($this->applyFilter) {
if (is_array($value)) {
$value = array_map(array($this, 'filter'), $value);
} else {
$value = COM_applyBasicFilter($value);
}
}
return $value;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($mode !== 'autotag') {
$_CONF['pagetitle'] = $output['sp_title'];
}
} else {
// an error occured (page not found, access denied, ...)
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter();
}
} else {
if ($mode !== 'autotag') {
COM_404();
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['sp_date']));
$output['updated'] = date('c', strtotime($output['sp_date']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY sp_date DESC";
$sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['sp_date']));
$output_item['updated'] = date('c', strtotime($output_item['sp_date']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = array();
$sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
$sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($output['template_id'] != '') {
$retval = '';
$mode = '';
$xmlObject = simplexml_load_string($output['sp_content']);
// create array of XML data
$tag = array();
foreach ($xmlObject->variable as $variable) {
$key = $variable["name"] . '';
$value = $variable->data;
$tag[$key] = $value;
}
// Loop through variables to replace any autotags first
foreach ($tag as &$value) {
$value = PLG_replaceTags($value);
}
$args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
$svc_msg = array();
if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
$retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
$output['sp_content'] = $retval['sp_content'];
}
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
} else {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['deny_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['created']));
$output['updated'] = date('c', strtotime($output['modified']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['page_title'] = $output['sp_page_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY modified DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['created']));
$output_item['updated'] = date('c', strtotime($output_item['modified']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['page_title'] = $output_item['sp_page_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Get an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_get_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
$output = array();
$retval = '';
if (!isset($_CONF['atom_max_stories'])) {
$_CONF['atom_max_stories'] = 10;
// set a resonable default
}
$svc_msg['output_fields'] = array('draft_flag', 'hits', 'numemails', 'comments', 'trackbacks', 'featured', 'commentcode', 'statuscode', 'expire_date', 'postmode', 'advanced_editor_mode', 'frontpage', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon');
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['sid'])) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
if (empty($args['sid'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (empty($args['mode'])) {
$args['mode'] = 'view';
}
if (!$svc_msg['gl_feed']) {
$sid = $args['sid'];
$mode = $args['mode'];
$story = new Story();
$retval = $story->loadFromDatabase($sid, $mode);
if ($retval != STORY_LOADED_OK) {
$output = $retval;
return PLG_RET_ERROR;
}
reset($story->_dbFields);
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output[$fieldname] = $story->{$varname};
}
$output['username'] = $story->_username;
$output['fullname'] = $story->_fullname;
if ($args['gl_svc']) {
if ($output['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['expire_date'] = date('c', $output['expire']);
}
$output['id'] = $output['sid'];
$output['category'] = array($output['tid']);
$output['published'] = date('c', $output['date']);
$output['updated'] = date('c', $output['date']);
if (empty($output['bodytext'])) {
$output['content'] = $output['introtext'];
} else {
$output['content'] = $output['introtext'] . LB . '[page_break]' . LB . $output['bodytext'];
}
$output['content_type'] = $output['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $sid;
}
} else {
$output = array();
$mode = $args['mode'];
$sql = array();
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
} else {
$offset = 0;
}
$max_items = $_CONF['atom_max_stories'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$limit_pgsql = " LIMIT {$max_items} OFFSET {$offset}";
$order = " ORDER BY unixdate DESC";
$sql['mysql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, " . "u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " . "WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit;
$sql['pgsql'] = "SELECT s.*, UNIX_TIMESTAMP(s.date) AS unixdate, UNIX_TIMESTAMP(s.expire) as expireunix, u.username, u.fullname, u.photo, u.email, t.topic, t.imageurl FROM stories s, users u, topics t WHERE (s.uid = u.uid) AND (s.tid = t.tid) FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t WHERE (s.uid = u.uid) AND (s.tid = t.tid)" . COM_getPermSQL('AND', $_USER['uid'], 2, 's') . $order . $limit_pgsql;
$result = DB_query($sql);
$count = 0;
while (($story_array = DB_fetchArray($result, false)) !== false) {
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_CONF['atom_max_stories'];
break;
}
$story = new Story();
$story->loadFromArray($story_array);
// This access check is not strictly necessary
$access = SEC_hasAccess($story_array['owner_id'], $story_array['group_id'], $story_array['perm_owner'], $story_array['perm_group'], $story_array['perm_members'], $story_array['perm_anon']);
$story->_access = min($access, SEC_hasTopicAccess($story->_tid));
if ($story->_access == 0) {
continue;
}
$story->sanitizeData();
reset($story->_dbFields);
$output_item = array();
while (list($fieldname, $save) = each($story->_dbFields)) {
$varname = '_' . $fieldname;
$output_item[$fieldname] = $story->{$varname};
}
if ($args['gl_svc']) {
if ($output_item['statuscode'] == STORY_ARCHIVE_ON_EXPIRE || $output_item['statuscode'] == STORY_DELETE_ON_EXPIRE) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output_item['expire_date'] = date('c', $output_item['expire']);
}
$output_item['id'] = $output_item['sid'];
$output_item['category'] = array($output_item['tid']);
$output_item['published'] = date('c', $output_item['date']);
$output_item['updated'] = date('c', $output_item['date']);
if (empty($output_item['bodytext'])) {
$output_item['content'] = $output_item['introtext'];
} else {
$output_item['content'] = $output_item['introtext'] . LB . '[page_break]' . LB . $output_item['bodytext'];
}
$output_item['content_type'] = $output_item['postmode'] == 'html' ? 'html' : 'text';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Authenticates the user if authentication headers are present
*
* Our handling of the speedlimit here requires some explanation ...
* Atompub clients will usually try to do everything without logging in first.
* Since that would mean that we can't provide feeds for drafts, items with
* special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
* That, however, means that every request from an Atompub client will count
* as one failed login attempt. So doing a couple of requests in quick
* succession will surely get the client blocked. Therefore
* - a request without any login credentials counts as one failed login attempt
* - a request with wrong login credentials counts as two failed login attempts
* - if, after a successful login, we have only one failed attempt on record,
* we reset the speedlimit
* This still ensures that
* - repeated failed logins (without or with invalid credentials) will cause the
* client to be blocked eventually
* - this can not be used for dictionary attacks
*
*/
function WS_authenticate()
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
$username = '';
$password = '';
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}'");
}
/** this does not work! *******************************************************
} elseif (!empty($_SERVER['HTTP_X_WSSE']) &&
(strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) {
// this is loosely based on a code snippet taken from Elgg (elgg.org)
$wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']);
$wsse = explode(',', $wsse);
$username = '';
$pwdigest = '';
$created = '';
$nonce = '';
foreach ($wsse as $element) {
$element = explode('=', $element);
$key = array_shift($element);
if (count($element) == 1) {
$val = $element[0];
} else {
$val = implode('=', $element);
}
$key = trim($key);
$val = trim($val, "\x22\x27");
if ($key == 'Username') {
$username = COM_applyBasicFilter($val);
} elseif ($key == 'PasswordDigest') {
$pwdigest = $val;
} elseif ($key == 'Created') {
$created = $val;
} elseif ($key == 'Nonce') {
$nonce = $val;
}
}
if (!empty($username) && !empty($pwdigest) && !empty($created) &&
!empty($nonce)) {
$uname = DB_escapeString($username);
$pwd = DB_getItem($_TABLES['users'], 'passwd',
"username = '******'");
// ... and here we would need the _unencrypted_ password
if (!empty($pwd)) {
$mydigest = pack('H*', sha1($nonce . $created . $pwd));
$mydigest = base64_encode($mydigest);
if ($pwdigest == $mydigest) {
$password = $pwd;
}
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
}
******************************************************************************/
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header as
* explained at
* http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
$username = COM_applyBasicFilter($username);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
}
} else {
if ($WS_VERBOSE) {
COM_errorLog("WS: No login given");
}
// fallthrough (see below)
}
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
}
if (!empty($username) && !empty($password)) {
if ($_CONF['user_login_method']['3rdparty']) {
// remote users will have to use username@servicename
$u = explode('@', $username);
if (count($u) > 1) {
$sv = $u[count($u) - 1];
if (!empty($sv)) {
$modules = SEC_collectRemoteAuthenticationModules();
foreach ($modules as $smod) {
if (strcasecmp($sv, $smod) == 0) {
array_pop($u);
// drop the service name
$uname = implode('@', $u);
$status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
break;
}
}
}
}
}
if ($status == -1 && $_CONF['user_login_method']['standard']) {
$status = SEC_authenticate($username, $password, $uid);
}
}
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
PLG_loginUser($_USER['uid']);
// Global array of groups current user belongs to
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_CONF['restrict_webservices']) {
if (!SEC_hasRights('webservices.atompub')) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
}
// reset user, groups, and rights, just in case ...
$_USER = array();
$_GROUPS = array();
$_RIGHTS = array();
WS_error(PLG_RET_AUTH_FAILED);
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
}
// if there were less than 2 failed login attempts, reset speedlimit
if (COM_checkSpeedlimit('wsauth', 2) == 0) {
if ($WS_VERBOSE) {
COM_errorLog("WS: Successful login - resetting speedlimit");
}
COM_resetSpeedlimit('wsauth');
}
} else {
COM_updateSpeedlimit('wsauth');
if (!empty($username) && !empty($password)) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
}
} elseif ($WS_VERBOSE) {
COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
}
WS_error(PLG_RET_AUTH_FAILED);
}
}
/**
* Filter parameters passed per GET (URL) or POST.
*
* @param string $parameter the parameter to test
* @param boolean $isnumeric true if $parameter is supposed to be numeric
* @return string the filtered parameter (may now be empty or 0)
* @see COM_applyBasicFilter
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
$p = COM_stripslashes($parameter);
return COM_applyBasicFilter($p, $isnumeric);
}
$fid = COM_applyfilter($_GET['fid'], true);
$op = COM_applyfilter($_GET['op']);
COM_errorLog("Download.php - op:{$op}, uid:{$_USER['uid']}, fid:{$fid}");
if ($op == 'incoming') {
if (!DB_count($_TABLES['nxfile_import_queue'], 'id', $fid)) {
echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
exit;
}
}
if ($op == 'download') {
if (!DB_count($_TABLES['nxfile_files'], 'fid', $fid)) {
echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
exit;
}
include_once $_CONF['path_system'] . 'classes/downloader.class.php';
$version = COM_applyBasicFilter($_GET['version'], true);
if ($version > 0) {
$query = DB_query("SELECT fname,ftype FROM {$_TABLES['nxfile_fileversions']} WHERE fid={$fid} AND version={$version}");
list($fname, $ftype) = DB_fetchARRAY($query);
$cid = DB_getItem($_TABLES['nxfile_files'], "cid", "fid={$fid}");
} else {
$query = DB_query("SELECT cid,fname,ftype,mimetype FROM {$_TABLES['nxfile_files']} WHERE fid={$fid}");
list($cid, $fname, $ftype, $mimetype) = DB_fetchARRAY($query);
}
// Make sure user has access
if (!fm_getPermission($cid, 'view')) {
echo COM_refresh($_CONF['site_url'] . '?msg=1&plugin=nexfile');
exit;
}
if ($ftype == "file") {
$directory = $_FMCONF['storage_path'] . $cid . '/';
/**
* This function will allow plugins to support the use of custom autolinks
* in other site content. Plugins can now use this API when saving content
* and have the content checked for any autolinks before saving.
* The autolink would be like: [story:20040101093000103 here]
*
* @param string $content Content that should be parsed for autolinks
* @param string $namespace Optional Namespace or plugin name collecting tag info
* @param string $operation Optional Operation being performed
* @param string $plugin Optional if you only want to parse using a specific plugin
*
*/
function PLG_replaceTags($content, $namespace = '', $operation = '', $plugin = '')
{
global $_CONF, $_TABLES, $_BLOCK_TEMPLATE, $LANG32, $_AUTOTAGS, $mbMenu, $autoTagUsage;
if (isset($_CONF['disable_autolinks']) && $_CONF['disable_autolinks'] == 1) {
// autolinks are disabled - return $content unchanged
return $content;
}
static $recursionCount = 0;
if ($recursionCount > 5) {
COM_errorLog("AutoTag infinite recursion detected on " . $namespace . " " . $operation);
return $content;
}
$autolinkModules = PLG_collectTags();
$autoTagUsage = PLG_autoTagPerms();
if (!empty($namespace) && !empty($operation)) {
$postFix = '.' . $namespace . '.' . $operation;
} else {
$postFix = '';
}
// For each supported module, scan the content looking for any AutoLink tags
$tags = array();
$contentlen = utf8_strlen($content);
$content_lower = utf8_strtolower($content);
foreach ($autolinkModules as $moduletag => $module) {
$autotag_prefix = '[' . $moduletag . ':';
$offset = 0;
$prev_offset = 0;
while ($offset < $contentlen) {
$start_pos = utf8_strpos($content_lower, $autotag_prefix, $offset);
if ($start_pos === false) {
break;
} else {
$end_pos = utf8_strpos($content_lower, ']', $start_pos);
$next_tag = utf8_strpos($content_lower, '[', $start_pos + 1);
if ($end_pos > $start_pos and ($next_tag === false or $end_pos < $next_tag)) {
$taglength = $end_pos - $start_pos + 1;
$tag = utf8_substr($content, $start_pos, $taglength);
$parms = explode(' ', $tag);
// Extra test to see if autotag was entered with a space
// after the module name
if (utf8_substr($parms[0], -1) == ':') {
$startpos = utf8_strlen($parms[0]) + utf8_strlen($parms[1]) + 2;
$label = str_replace(']', '', utf8_substr($tag, $startpos));
$tagid = $parms[1];
} else {
$label = str_replace(']', '', utf8_substr($tag, utf8_strlen($parms[0]) + 1));
$parms = explode(':', $parms[0]);
if (count($parms) > 2) {
// whoops, there was a ':' in the tag id ...
array_shift($parms);
$tagid = implode(':', $parms);
} else {
$tagid = $parms[1];
}
}
$newtag = array('module' => $module, 'tag' => $moduletag, 'tagstr' => $tag, 'startpos' => $start_pos, 'length' => $taglength, 'parm1' => str_replace(']', '', $tagid), 'parm2' => $label);
$tags[] = $newtag;
} else {
// Error: tags do not match - return with no changes
return $content . $LANG32[32];
}
$prev_offset = $offset;
$offset = $end_pos;
}
}
}
// If we have found 1 or more AutoLink tag
if (count($tags) > 0) {
// Found the [tag] - Now process them all
$recursionCount++;
foreach ($tags as $autotag) {
$permCheck = $autotag['tag'] . $postFix;
if (empty($postFix) || !isset($autoTagUsage[$permCheck]) || $autoTagUsage[$permCheck] == 1) {
$function = 'plugin_autotags_' . $autotag['module'];
if ($autotag['module'] == 'glfusion' and (empty($plugin) or $plugin == 'glfusion')) {
$url = '';
$linktext = $autotag['parm2'];
if ($autotag['tag'] == 'story') {
$autotag['parm1'] = COM_applyFilter($autotag['parm1']);
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $autotag['parm1']);
if (empty($linktext)) {
$linktext = DB_getItem($_TABLES['stories'], 'title', "sid = '" . DB_escapeString($autotag['parm1']) . "'");
}
}
if (!empty($url)) {
$filelink = COM_createLink($linktext, $url);
$content = str_replace($autotag['tagstr'], $filelink, $content);
}
if ($autotag['tag'] == 'story_introtext') {
$url = '';
$linktext = '';
USES_lib_story();
if (isset($_USER['uid']) && $_USER['uid'] > 1) {
$result = DB_query("SELECT maxstories,tids,aids FROM {$_TABLES['userindex']} WHERE uid = {$_USER['uid']}");
$U = DB_fetchArray($result);
} else {
$U['maxstories'] = 0;
$U['aids'] = '';
$U['tids'] = '';
}
$sql = " (date <= NOW()) AND (draft_flag = 0)";
if (empty($topic)) {
$sql .= COM_getLangSQL('tid', 'AND', 's');
}
$sql .= COM_getPermSQL('AND', 0, 2, 's');
if (!empty($U['aids'])) {
$sql .= " AND s.uid NOT IN (" . str_replace(' ', ",", $U['aids']) . ") ";
}
if (!empty($U['tids'])) {
$sql .= " AND s.tid NOT IN ('" . str_replace(' ', "','", $U['tids']) . "') ";
}
$sql .= COM_getTopicSQL('AND', 0, 's') . ' ';
$userfields = 'u.uid, u.username, u.fullname';
$msql = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " . 'UNIX_TIMESTAMP(s.expire) as expireunix, ' . $userfields . ", t.topic, t.imageurl " . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, " . "{$_TABLES['topics']} AS t WHERE s.sid = '" . $autotag['parm1'] . "' AND (s.uid = u.uid) AND (s.tid = t.tid) AND" . $sql;
$result = DB_query($msql);
$nrows = DB_numRows($result);
if ($A = DB_fetchArray($result)) {
$story = new Story();
$story->loadFromArray($A);
$linktext = STORY_renderArticle($story, 'y');
}
$content = str_replace($autotag['tagstr'], $linktext, $content);
}
if ($autotag['tag'] == 'showblock') {
$blockName = COM_applyBasicFilter($autotag['parm1']);
$result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE name = '" . DB_escapeString($blockName) . "'" . COM_getPermSQL('AND'));
if (DB_numRows($result) > 0) {
$skip = 0;
$B = DB_fetchArray($result);
$template = '';
$side = '';
$px = explode(' ', trim($autotag['parm2']));
if (is_array($px)) {
foreach ($px as $part) {
if (substr($part, 0, 9) == 'template:') {
$a = explode(':', $part);
$template = $a[1];
$skip++;
} elseif (substr($part, 0, 5) == 'side:') {
$a = explode(':', $part);
$side = $a[1];
$skip++;
break;
}
}
if ($skip != 0) {
if (count($px) > $skip) {
for ($i = 0; $i < $skip; $i++) {
array_shift($px);
}
$caption = trim(implode(' ', $px));
} else {
$caption = '';
}
}
}
if ($template != '') {
$_BLOCK_TEMPLATE[$blockName] = 'blockheader-' . $template . '.thtml,blockfooter-' . $template . '.thtml';
}
if ($side == 'left') {
$B['onleft'] = 1;
} else {
if ($side == 'right') {
$B['onleft'] = 0;
}
}
$linktext = COM_formatBlock($B);
$content = str_replace($autotag['tagstr'], $linktext, $content);
} else {
$content = str_replace($autotag['tagstr'], '', $content);
}
}
if ($autotag['tag'] == 'menu') {
$menu = '';
$menuID = trim($autotag['parm1']);
$menuHTML = displayMenu($menuID);
$content = str_replace($autotag['tagstr'], $menuHTML, $content);
}
if (isset($_AUTOTAGS[$autotag['tag']])) {
$content = autotags_autotag('parse', $content, $autotag);
}
} else {
if (function_exists($function) and (empty($plugin) or $plugin == $autotag['module'])) {
$content = $function('parse', $content, $autotag);
}
}
}
}
$recursionCount--;
}
return $content;
}
function fncSave($edt_flg, $navbarMenu, $menuno)
{
$pi_name = "userbox";
global $_CONF;
global $_TABLES;
global $_USER;
global $_USERBOX_CONF;
global $LANG_USERBOX_ADMIN;
global $_FILES;
$addition_def = DATABOX_getadditiondef($pi_name);
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$fieldset_id = COM_applyFilter($_POST['fieldset'], true);
//@@@@@ username fullname
$username = COM_applyFilter($_POST['username']);
$username = addslashes(COM_checkHTML(COM_checkWords($username)));
$fullname = COM_applyFilter($_POST['fullname']);
$fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
$page_title = COM_applyFilter($_POST['page_title']);
$page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
$defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
$draft_flag = COM_applyFilter($_POST['draft_flag'], true);
// $hits =0;
// $comments=0;
$comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
if ($comment_expire_flag) {
$comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
$comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
$comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
$comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
$comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
if ($comment_expire_ampm == 'pm') {
if ($comment_expire_hour < 12) {
$comment_expire_hour = $comment_expire_hour + 12;
}
}
if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
$comment_expire_hour = '00';
}
} else {
$comment_expire_month = 0;
$comment_expire_day = 0;
$comment_expire_year = 0;
$comment_expire_hour = 0;
$comment_expire_minute = 0;
}
$commentcode = COM_applyFilter($_POST['commentcode'], true);
$trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
$cache_time = COM_applyFilter($_POST['cache_time'], true);
$meta_description = $_POST['meta_description'];
$meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
$meta_keywords = $_POST['meta_keywords'];
$meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
$language_id = COM_applyFilter($_POST['language_id']);
$language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
$category = $_POST['category'];
//@@@@@
$additionfields = $_POST['afield'];
$additionfields_old = $_POST['afield'];
$additionfields_fnm = $_POST['afield_fnm'];
$additionfields_del = $_POST['afield_del'];
$additionfields_alt = $_POST['afield_alt'];
$additionfields_date = array();
$dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
//
$owner_id = COM_applyFilter($_POST['owner_id'], true);
$group_id = COM_applyFilter($_POST['group_id'], true);
//
$array['perm_owner'] = $_POST['perm_owner'];
$array['perm_group'] = $_POST['perm_group'];
$array['perm_members'] = $_POST['perm_members'];
$array['perm_anon'] = $_POST['perm_anon'];
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
$perm_group = COM_applyBasicFilter($array['perm_group'], true);
$perm_members = COM_applyBasicFilter($array['perm_members'], true);
$perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
}
//編集日付
$modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
if ($modified_autoupdate == 1) {
//$udate = date('Ymd');
$modified_month = date('m');
$modified_day = date('d');
$modified_year = date('Y');
$modified_hour = date('H');
$modified_minute = date('i');
} else {
$modified_month = COM_applyFilter($_POST['modified_month'], true);
$modified_day = COM_applyFilter($_POST['modified_day'], true);
$modified_year = COM_applyFilter($_POST['modified_year'], true);
$modified_hour = COM_applyFilter($_POST['modified_hour'], true);
$modified_minute = COM_applyFilter($_POST['modified_minute'], true);
$modified_ampm = COM_applyFilter($_POST['modified_ampm']);
if ($modified_ampm == 'pm') {
if ($modified_hour < 12) {
$modified_hour = $modified_hour + 12;
}
}
if ($modified_ampm == 'am' and $modified_hour == 12) {
$modified_hour = '00';
}
}
//公開日
$released_month = COM_applyFilter($_POST['released_month'], true);
$released_day = COM_applyFilter($_POST['released_day'], true);
$released_year = COM_applyFilter($_POST['released_year'], true);
$released_hour = COM_applyFilter($_POST['released_hour'], true);
$released_minute = COM_applyFilter($_POST['released_minute'], true);
if ($released_ampm == 'pm') {
if ($released_hour < 12) {
$released_hour = $released_hour + 12;
}
}
if ($released_ampm == 'am' and $released_hour == 12) {
$released_hour = '00';
}
//公開終了日
$expired_flag = COM_applyFilter($_POST['expired_flag'], true);
if ($expired_flag) {
$expired_month = COM_applyFilter($_POST['expired_month'], true);
$expired_day = COM_applyFilter($_POST['expired_day'], true);
$expired_year = COM_applyFilter($_POST['expired_year'], true);
$expired_hour = COM_applyFilter($_POST['expired_hour'], true);
$expired_minute = COM_applyFilter($_POST['expired_minute'], true);
if ($expired_ampm == 'pm') {
if ($expired_hour < 12) {
$expired_hour = $expired_hour + 12;
}
}
if ($expired_ampm == 'am' and $expired_hour == 12) {
$expired_hour = '00';
}
} else {
$expired_month = 0;
$expired_day = 0;
$expired_year = 0;
$expired_hour = 0;
$expired_minute = 0;
}
$created = COM_applyFilter($_POST['created_un']);
$orderno = mb_convert_kana($_POST['orderno'], "a");
//全角英数字を半角英数字に変換する
$orderno = COM_applyFilter($orderno, true);
//$name = mb_convert_kana($name,"AKV");
//A:半角英数字を全角英数字に変換する
//K:半角カタカナを全角カタカナに変換する
//V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
//$name = str_replace ("'", "’",$name);
//$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
//-----
$type = 1;
$uuid = $_USER['uid'];
// CHECK はじめ
$err = "";
//id
if ($id == 0) {
//$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB;
} else {
if (!is_numeric($id)) {
$err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB;
}
}
//文字数制限チェック
if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) {
$err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) {
$err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) {
$err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
//----追加項目チェック
$err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
//編集日付
$modified = $modified_year . "-" . $modified_month . "-" . $modified_day;
if (checkdate($modified_month, $modified_day, $modified_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB;
}
$modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00");
//公開日
$released = $released_year . "-" . $released_month . "-" . $released_day;
if (checkdate($released_month, $released_day, $released_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB;
}
$released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00");
//コメント受付終了日時
if ($comment_expire_flag) {
if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB;
}
$comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00");
} else {
$comment_expire = '0000-00-00 00:00:00';
//$comment_expire="";
}
//公開終了日
if ($expired_flag) {
if (checkdate($expired_month, $expired_day, $expired_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
}
$expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00");
if ($expired < $released) {
$err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
}
} else {
$expired = '0000-00-00 00:00:00';
//$expired="";
}
//errorのあるとき
if ($err != "") {
$retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
$retval['display'] = fncEdit($id, $edt_flg, 3, $err);
return $retval;
}
// CHECK おわり
if ($id == 0) {
$w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1");
if ($w == "") {
$w = 0;
}
$id = $w + 1;
$created_month = date('m');
$created_day = date('d');
$created_year = date('Y');
$created_hour = date('H');
$created_minute = date('i');
$created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00");
}
$hits = 0;
$comments = 0;
$fields = "id";
$values = "{$id}";
$fields .= ",page_title";
//
$values .= ",'{$page_title}'";
$fields .= ",description";
//
$values .= ",'{$description}'";
$fields .= ",defaulttemplatesdirectory";
//
$values .= ",'{$defaulttemplatesdirectory}'";
//$fields.=",hits";//
//$values.=",$hits";
$fields .= ",comments";
//
$values .= ",{$comments}";
$fields .= ",meta_description";
//
$values .= ",'{$meta_description}'";
$fields .= ",meta_keywords";
//
$values .= ",'{$meta_keywords}'";
$fields .= ",commentcode";
//
$values .= ",{$commentcode}";
$fields .= ",trackbackcode";
//
$values .= ",{$trackbackcode}";
$fields .= ",cache_time";
//
$values .= ",{$cache_time}";
$fields .= ",comment_expire";
//
if ($comment_expire == '0000-00-00 00:00:00') {
$values .= ",'{$comment_expire}'";
} else {
$values .= ",FROM_UNIXTIME('{$comment_expire}')";
}
$fields .= ",language_id";
//
$values .= ",'{$language_id}'";
$fields .= ",owner_id";
$values .= ",{$owner_id}";
$fields .= ",group_id";
$values .= ",{$group_id}";
$fields .= ",perm_owner";
$values .= ",{$perm_owner}";
$fields .= ",perm_group";
$values .= ",{$perm_group}";
$fields .= ",perm_members";
$values .= ",{$perm_members}";
$fields .= ",perm_anon";
$values .= ",{$perm_anon}";
$fields .= ",modified";
$values .= ",FROM_UNIXTIME('{$modified}')";
if ($created != "") {
$fields .= ",created";
$values .= ",FROM_UNIXTIME('{$created}')";
}
$fields .= ",expired";
if ($expired == '0000-00-00 00:00:00') {
$values .= ",'{$expired}'";
} else {
$values .= ",FROM_UNIXTIME('{$expired}')";
}
$fields .= ",released";
$values .= ",FROM_UNIXTIME('{$released}')";
$fields .= ",orderno";
//
$values .= ",{$orderno}";
$fields .= ",fieldset_id";
//
$values .= ",{$fieldset_id}";
$fields .= ",uuid";
$values .= ",{$uuid}";
$fields .= ",draft_flag";
$values .= ",{$draft_flag}";
DB_save($_TABLES['USERBOX_base'], $fields, $values);
//カテゴリ
$rt = DATABOX_savecategorydatas($id, $category, $pi_name);
//追加項目
DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
$rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
//user (コアのテーブル)
//kokoka
$sql = "UPDATE " . $_TABLES['users'] . " SET ";
$sql .= " fullname ='" . $fullname . "'";
$sql .= " WHERE uid=" . $id;
DB_query($sql);
$rt = fncsendmail('data', $id);
$cacheInstance = 'userbox__' . $id . '__';
CACHE_remove_instance($cacheInstance);
//exit;// debug 用
// if ($edt_flg){
// $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
// $return_page.="?id=".$id;
// }else{
// $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
// }
// return COM_refresh ($return_page);
if ($_USERBOX_CONF['aftersave_admin'] === 'no') {
$retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
$retval['display'] .= fncEdit($id, $edt_flg, 1, "");
return $retval;
} else {
if ($_USERBOX_CONF['aftersave_admin'] === 'list') {
$url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php";
$item_url = COM_buildURL($url);
$target = 'item';
} else {
$url = $_CONF['site_url'] . "/userbox/profile.php";
$url .= "?";
//コード使用の時
if ($_USERBOX_CONF['datacode']) {
$url .= "code=" . $username;
$url .= "&m=code";
} else {
$url .= "id=" . $id;
$url .= "&m=id";
}
$item_url = COM_buildUrl($url);
$target = $_USERBOX_CONF['aftersave_admin'];
}
}
$return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1);
echo $return_page;
exit;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
// Topic Permissions
$topic_perms = COM_getTopicSQL('', 0, 'ta');
if ($topic_perms != "") {
$topic_perms = " AND (" . $topic_perms . "";
if (COM_onFrontpage()) {
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
} else {
// $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
$topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
}
}
$topic_perms .= " GROUP BY sp_id";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
$page = $output['sp_id'];
// reset page id so case mimics id perfectly since this affects the cache file and canonical link
// WE ASSUME $output doesn't have any confidential fields
// Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
if (!isset($args['template'])) {
$output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
}
if ($failflg) {
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output = COM_createHTMLDocument($output, array('rightblock' => true));
}
} else {
if ($mode !== 'autotag') {
COM_handle404();
}
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['created']));
$output['updated'] = date('c', strtotime($output['modified']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['page_title'] = $output['sp_page_title'];
$output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY modified DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count++;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['created']));
$output_item['updated'] = date('c', strtotime($output_item['modified']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['page_title'] = $output_item['sp_page_title'];
//$output_item['category'] = array($output_item['sp_tid']);
$output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
//$output_item['content'] = $output_item['sp_content'];
$output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Dispatch the client based on $_SERVER['PATH_INFO']
*
* @return bool when not dispatched
*/
public static function dispatch()
{
global $_CONF, $_TABLES, $LANG_ROUTER;
// URL rewrite is disabled
if (!$_CONF['url_rewrite']) {
return false;
}
// URL routing is not supported
if (!isset($_CONF['url_routing'])) {
return false;
}
$routingType = intval($_CONF['url_routing'], 10);
// URL routing is disabled
if ($routingType === self::ROUTING_DISABLED) {
return false;
}
// $_SERVER['PATH_INFO'] is unavailable
if (!isset($_SERVER['PATH_INFO']) || empty($_SERVER['PATH_INFO'])) {
return false;
}
$pathInfo = COM_applyBasicFilter($_SERVER['PATH_INFO']);
if (self::$debug) {
COM_errorLog(__METHOD__ . ': PATH_INFO = ' . $pathInfo);
}
// Get request type
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
$method = self::HTTP_REQUEST_GET;
break;
case 'POST':
$method = self::HTTP_REQUEST_POST;
break;
case 'PUT':
$method = self::HTTP_REQUEST_PUT;
break;
case 'DELETE':
$method = self::HTTP_REQUEST_DELETE;
break;
case 'HEAD':
$method = self::HTTP_REQUEST_HEAD;
break;
default:
// Unsupported method
COM_errorLog(__METHOD__ . ': unknown HTTP request method "' . $_SERVER['REQUEST_METHOD'] . '" was supplied');
return false;
}
// Get routing rules and routes from database
$sql = "SELECT * FROM {$_TABLES['routes']} WHERE method = " . DB_escapeString($method) . " ORDER BY priority ";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog(__METHOD__ . ': ' . DB_error());
return false;
}
while (($A = DB_fetchArray($result, false)) !== false) {
$rule = $A['rule'];
$route = $A['route'];
// Try simple comparison without placeholders
if (strcasecmp($rule, $pathInfo) === 0) {
$route = $_CONF['site_url'] . $route;
if (self::$debug) {
COM_errorLog(__METHOD__ . ': "' . $pathInfo . '"matched with simple comparison rule "' . $A['rule'] . '", converted into "' . $route . '"');
}
header('Location: ' . $route);
COM_errorLog(__METHOD__ . ': somehow could not redirect');
return false;
}
// Try comparison with placeholders
if (preg_match_all(self::PLACEHOLDER_MATCH, $rule, $matches, PREG_SET_ORDER)) {
// Escape a period and a question mark so that they can safely be used in a regular expression
$rule = str_replace(array('.', '?'), array('\\.', '\\?'), $rule);
$placeHolders = array();
// Replace placeholders in a rule with ones for regular expressions
foreach ($matches as $match) {
$placeHolders[] = $match[1];
$rule = str_replace($match[1], self::PLACEHOLDER_REPLACE, $rule);
}
$rule = '|\\A' . $rule . '\\z|i';
if (!preg_match($rule, $pathInfo, $values)) {
continue;
}
array_shift($values);
foreach ($values as $value) {
if (preg_match(self::VALUE_MATCH, $value)) {
$value = urlencode($value);
}
$placeHolder = array_shift($placeHolders);
$route = str_replace($placeHolder, $value, $route);
}
if (strpos($route, '@') !== false && self::$debug) {
COM_errorLog(sprintf('%s: %s. Rule (rid = %d) = %s, Route = %s', __METHOD__, @$LANG_ROUTER[15], $A['rid'], $A['rule'], $A['route']));
continue;
}
$route = $_CONF['site_url'] . $route;
if (self::$debug) {
COM_errorLog(__METHOD__ . ': "' . $pathInfo . '" matched with regular expression rule "' . $A['rule'] . '", converted into "' . $route . '"');
}
header('Location: ' . $route);
}
}
return false;
}
/**
* Filter parameters passed per GET (URL) or POST.
*
* @param string $parameter the parameter to test
* @param boolean $isnumeric true if $parameter is supposed to be numeric
* @return string the filtered parameter (may now be empty or 0)
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
$p = $parameter;
return COM_applyBasicFilter($p, $isnumeric);
}
/**
* Apply basic filter if necessary
*
* @param $value
* @return string
*/
private function filter($value)
{
return $this->applyFilter ? COM_applyBasicFilter($value) : $value;
}
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = array();
$sql['mysql'] = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$sql['mssql'] = "SELECT sp_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "sp_date,sp_format,commentcode,owner_id,group_id," . "perm_owner,perm_group,perm_members,perm_anon,sp_tid," . "sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
} else {
// an error occured (page not found, access denied, ...)
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$output .= $login->finish($login->get_var('output'));
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
} else {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['deny_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['sp_date']));
$output['updated'] = date('c', strtotime($output['sp_date']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY sp_date DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['mssql'] = "SELECT sp_id,sp_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "sp_date,sp_format,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['sp_date']));
$output_item['updated'] = date('c', strtotime($output_item['sp_date']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
