/** * Shows a given submission form * * This is the submission it is modular to allow us to write as little as * possible. It takes a type and formats a form for the user. Currently the * types is story. If no type is provided, Story is assumed. * * @param string $type type of submission ('story') * @param string $mode calendar mode ('personal' or empty string) * @return string HTML for submission form * */ function submissionform($type = 'story', $mode = '') { global $_CONF, $_TABLES, $LANG12; $retval = ''; COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]); } else { if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); return $retval; } else { $retval .= COM_startBlock($LANG12[19]) . $LANG12[9] . COM_endBlock(); if (strlen($type) > 0 && $type !== 'story') { $formresult = PLG_showSubmitForm($type); if ($formresult == false) { COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1); COM_displayMessageAndAbort(79, '', 410, 'Gone'); } else { $retval .= $formresult; } } else { $retval .= submitstory(); } } } return $retval; }
/** * Shows a given submission form * * This is the submission it is modular to allow us to write as little as * possible. It takes a type and formats a form for the user. Currently the * types is story. If no type is provided, Story is assumed. * * @param string $type type of submission ('story') * @param string $mode story mode ('personal' or empty string) * @param string $topic topic (for stories) * @return string HTML for submission form * */ function submissionform($type = 'story', $mode = '', $topic = '') { global $_CONF, $_TABLES, $_USER, $LANG12, $LANG_LOGIN; $retval = ''; $postmode = $_CONF['postmode']; COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26], false, 'error'); } else { if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) { $display = COM_siteHeader('menu', $LANG_LOGIN[1]); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } else { $retval .= COM_startBlock($LANG12[19], '', COM_getBlockTemplate('_submit_story', 'header')) . $LANG12[9] . COM_endBlock(COM_getBlockTemplate('_submit_story', 'footer')); $retval .= '<div style="border-bottom:1px solid #cccccc"></div>'; if (strlen($type) > 0 && $type != 'story') { $formresult = PLG_showSubmitForm($type); if ($formresult == false) { COM_errorLog("Someone tried to submit an item to the {$type}-plugin, which cannot be found.", 1); COM_displayMessageAndAbort(79, '', 410, 'Gone'); } else { $retval .= $formresult; } } else { $retval .= submitstory($topic); } } } return $retval; }
/** * Shows all polls in system * * List all the polls on the system if no $pid is provided * * @return string HTML for poll listing * */ function polllist() { global $_CONF, $_TABLES, $_PO_CONF, $LANG25, $LANG_POLLS; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); } else { require_once $_CONF['path_system'] . 'lib-admin.php'; $header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true)); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); $text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '', 'form_url' => $_CONF['site_url'] . '/polls/index.php'); $query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(created) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0); $retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr); } return $retval; }
/** * Shows all polls in system * * List all the polls on the system if no $pid is provided * * @return string HTML for poll listing * */ function POLLS_pollList() { global $_CONF, $_TABLES, $_USER, $_PO_CONF, $LANG25, $LANG_LOGIN, $LANG_POLLS; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_PO_CONF['pollsloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); } else { USES_lib_admin(); $header_arr = array(array('text' => $LANG25[9], 'field' => 'topic', 'sort' => true), array('text' => $LANG25[20], 'field' => 'voters', 'sort' => true, 'align' => 'center'), array('text' => $LANG25[3], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'), array('text' => $LANG_POLLS['open_poll'], 'field' => 'is_open', 'sort' => true, 'align' => 'center')); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); $text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => ''); $query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(date) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0); $retval .= ADMIN_list('polls', 'POLLS_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, '', $token = 'dummy'); } return $retval; }
/** * Plugin function to display a specific comment thread * $id Unique idenifier for item comment belongs to * $cid Comment id to display (possibly including sub-comments) * $title Page/comment title * $order 'ASC' or 'DSC' or blank * $format 'threaded', 'nested', or 'flat' * $page Page number of comments to display * $view True to view comment (by cid), false to display (by $pid) */ function _mg_displaycomment($id, $commentid, $title, $order, $format, $page, $view) { global $_CONF, $_USER, $_MG_CONF, $LANG_LOGIN; if (COM_isAnonUser() && $_MG_CONF['loginrequired']) { echo SEC_loginRequiredForm(); exit; } $retval = ''; require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php'; require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-media.php'; list($ptitle, $retval, $themeCSS, $album_id) = MG_displayMediaImage($id, 0, 0, 0); $retval = $themeCSS . $retval; if (SEC_hasRights('mediagallery.admin')) { $delete_option = true; } else { $delete_option = false; } $view = $view == 1 ? true : false; $retval .= CMT_userComments($id, $title, 'mediagallery', $order, $format, $commentid, $page, $view, $delete_option); return $retval; }
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ /** * Geeklog common function library */ require_once 'lib-common.php'; // configuration option: // List stories for the current month on top of the overview page // (if set = true) $conf_list_current_month = false; // name of this script define('THIS_SCRIPT', 'directory.php'); $display = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['directoryloginrequired'] == 1)) { $display = COM_createHTMLDocument(SEC_loginRequiredForm(), array('pagetitle' => $LANG_DIR['title'])); COM_output($display); exit; } $theme = isset($_USER['theme']) ? $_USER['theme'] : $_CONF['theme']; clearstatcache(); define('TEMPLATE_EXISTS', file_exists($_CONF['path_themes'] . $theme . '/directory.thtml')); /** * Helper function: Calculate last day of a given month * * @param int $month Month * @param int $year Year * @return int Number of days in that month * @todo Bug: Will fail from 2038 onwards ... * "The last day of any given month can be expressed as the "0" day * of the next month", http://www.php.net/manual/en/function.mktime.php
/** * Displays the contact form * * @param int $uid User ID of article author * @param bool $cc Whether to send a copy of the message to the author * @param string $subject Subject of email * @param string $message Text of message to send * @return string HTML for the contact form * */ function CONTACT_contactform($uid, $cc = false, $subject = '', $message = '') { global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG08, $LANG_CONTACT_1; $retval = ''; if (COM_isAnonUser() && $_CONTACT_CONF['contactloginrequired'] == 1) { $retval .= SEC_loginRequiredForm(); } else { $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } $displayname = COM_getDisplayName($uid); if ($P['emailfromadmin'] == 1 && $isAdmin || $P['emailfromuser'] == 1 && !$isAdmin) { if ($cc) { $cc = ' checked="checked"'; } $retval = ''; $mail_template = COM_newTemplate($_CONF['path'] . 'plugins/contact/templates'); $mail_template->set_file('form', 'contactuserform.thtml'); $mail_template->set_var('contact_form', $LANG_CONTACT_1['contact_form']); $mail_template->set_var('form_message', $_CONTACT_CONF['message']); $mail_template->set_var('lang_username', $LANG_CONTACT_1['name']); $mail_template->set_var('add_your_name', $LANG_CONTACT_1['add_your_name']); if (COM_isAnonUser()) { $sender = ''; if (isset($_POST['author'])) { $sender = strip_tags($_POST['author']); $sender = substr($sender, 0, strcspn($sender, "\r\n")); $sender = htmlspecialchars(trim($sender), ENT_QUOTES); } $mail_template->set_var('username', $sender); } else { $mail_template->set_var('username', COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname'])); } $mail_template->set_var('lang_useremail', $LANG_CONTACT_1['email']); $mail_template->set_var('add_valid_address', $LANG_CONTACT_1['add_valid_address']); if (COM_isAnonUser()) { $email = ''; if (isset($_POST['authoremail'])) { $email = strip_tags($_POST['authoremail']); $email = substr($email, 0, strcspn($email, "\r\n")); $email = htmlspecialchars(trim($email), ENT_QUOTES); } $mail_template->set_var('useremail', $email); } else { $mail_template->set_var('useremail', $_USER['email']); } $mail_template->set_var('cc', $cc); $mail_template->set_var('lang_cc', $LANG08[36]); $mail_template->set_var('lang_cc_description', $LANG08[37]); $mail_template->set_var('lang_message', $LANG_CONTACT_1['message']); $mail_template->set_var('message', htmlspecialchars($message)); $mail_template->set_var('lang_submit', $LANG08[16]); $mail_template->set_var('uid', $uid); PLG_templateSetVars('contact', $mail_template); $mail_template->parse('output', 'form'); $retval .= $mail_template->finish($mail_template->get_var('output')); } else { $retval = COM_startBlock($LANG08[10] . ' ' . $displayname, '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG08[35]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } } return $retval; }
/** * Send report about abusive comment * * @param string $cid comment id * @param string $type type of comment ('article', 'poll', ...) * @return string Meta refresh or HTML for error message * */ function CMT_sendReport($cid, $type) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09, $LANG_LOGIN; if (COM_isAnonUser()) { $retval = COM_siteHeader('menu', $LANG_LOGIN[1]); $retval .= SEC_loginRequiredForm(); $retval .= COM_siteFooter(); return $retval; } COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}"); $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid . " AND type = '" . DB_escapeString($type) . "'"); $A = DB_fetchArray($result); $title = $A['title']; $comment = $A['comment']; // strip HTML if posted in HTML mode if (preg_match('/<.*>/', $comment) != 0) { $comment = strip_tags($comment); } $author = COM_getDisplayName($A['uid']); if ($A['uid'] <= 1 && !empty($A['ipaddress'])) { // add IP address for anonymous posters $author .= ' (' . $A['ipaddress'] . ')'; } $mailbody = sprintf($LANG03[26], $username); $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n"; if ($type != 'article' && $type != 'poll') { $mailbody .= "{$LANG09['5']}: {$type}\n"; } if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $comment . "\n\n"; } $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; $to = array(); $to = COM_formatEmailAddress('', $_CONF['site_mail']); COM_mail($to, $mailsubject, $mailbody); COM_updateSpeedlimit('mail'); return COM_refresh($_CONF['site_url'] . '/index.php?msg=27'); }
/** * Kicks off the appropriate search(es) * * Initiates the search engine and returns HTML formatted * results. It also provides support to plugins using a * search API. Backwards compatibility has been incorporated * in this function to allow legacy support to plugins using * the old API calls defined versions prior to Geeklog 1.5.1 * * @return string HTML output for search results * */ public function doSearch() { global $_CONF, $LANG01, $LANG09, $LANG31; // Verify current user can perform requested search if (!$this->_isSearchAllowed()) { return SEC_loginRequiredForm(); } // When full text searches are enabled, make sure the min. query length // is 3 characters. Otherwise, make sure at least one of query string, // author, or topic is not empty. if (empty($this->_query) && empty($this->_author) && empty($this->_topic) || $_CONF['search_use_fulltext'] && strlen($this->_query) < 3) { $retval = '<p>' . $LANG09[41] . '</p>' . LB; $retval .= $this->showForm(); return $retval; } // Build the URL strings $this->_searchURL = $_CONF['site_url'] . '/search.php?query=' . urlencode($this->_query) . (!empty($this->_keyType) ? '&keyType=' . $this->_keyType : '') . (!empty($this->_dateStart) ? '&datestart=' . $this->_dateStart : '') . (!empty($this->_dateEnd) ? '&dateend=' . $this->_dateEnd : '') . (!empty($this->_topic) ? '&topic=' . $this->_topic : '') . (!empty($this->_author) ? '&author=' . $this->_author : '') . ($this->_titlesOnly ? '&title=true' : ''); $url = "{$this->_searchURL}&type={$this->_type}&mode="; $obj = new ListFactory($url . 'search', $_CONF['search_limits'], $_CONF['num_search_results']); $obj->setField('ID', 'id', false); $obj->setField('URL', 'url', false); $show_num = $_CONF['search_show_num']; $show_type = $_CONF['search_show_type']; $show_user = $_CONF['contributedbyline']; $show_hits = !$_CONF['hideviewscount']; $style = isset($_CONF['search_style']) ? $_CONF['search_style'] : 'google'; if ($style == 'table') { $obj->setStyle('table'); // Title Name Display Sort Format $obj->setField($LANG09[62], LF_ROW_NUMBER, $show_num, false, '<b>%d.</b>'); $obj->setField($LANG09[5], LF_SOURCE_TITLE, $show_type, true, '<b>%s</b>'); $obj->setField($LANG09[16], 'title', true, true); $obj->setField($LANG09[63], 'description', true, false); $obj->setField($LANG09[17], 'date', true, true); $obj->setField($LANG09[18], 'uid', $show_user, true); $obj->setField($LANG09[50], 'hits', $show_hits, true); $this->_wordlength = 7; } else { if ($style == 'google') { $sort_uid = $this->_author == '' ? true : false; $sort_date = empty($this->_dateStart) || empty($this->_dateEnd) || $this->_dateStart != $this->_dateEnd ? true : false; $sort_type = $this->_type == 'all' ? true : false; $obj->setStyle('inline'); $obj->setField('', LF_ROW_NUMBER, $show_num, false, '<b>%d.</b>'); $obj->setField($LANG09[16], 'title', true, true, '%s<br' . XHTML . '>'); $obj->setField('', 'description', true, false, '%s<br' . XHTML . '>'); $obj->setField('', '_html', true, false, '<span class="searchresult-byline">'); $obj->setField($LANG09[18], 'uid', $show_user, $sort_uid, $LANG01[104] . ' %s '); $obj->setField($LANG09[17], 'date', true, $sort_date, $LANG01[36] . ' %s'); $obj->setField($LANG09[5], LF_SOURCE_TITLE, $show_type, $sort_type, ' - %s'); $obj->setField($LANG09[50], 'hits', $show_hits, true, ' - %s ' . $LANG09[50]); $obj->setField('', '_html', true, false, '</span>'); $this->_wordlength = 50; } } // get default sort order $default_sort = explode('|', $_CONF['search_def_sort']); $obj->setDefaultSort($default_sort[0], $default_sort[1]); // set this only now, for compatibility with PHP 4 $obj->setRowFunction(array($this, 'searchFormatCallback')); // Start search timer $searchtimer = new timerobject(); $searchtimer->setPrecision(4); $searchtimer->startTimer(); // Have plugins do their searches $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 1; $result_plugins = PLG_doSearch($this->_query, $this->_dateStart, $this->_dateEnd, $this->_topic, $this->_type, $this->_author, $this->_keyType, $page, 5); // Add core searches $result_plugins = array_merge($result_plugins, $this->_searchStories()); // Loop through all plugins separating the new API from the old $new_api = 0; $old_api = 0; $num_results = 0; foreach ($result_plugins as $result) { if (is_a($result, 'SearchCriteria')) { $debug_info = $result->getName() . ' using APIv2'; if ($this->_type != 'all' && $this->_type != $result->getName()) { if ($this->_verbose) { $new_api++; COM_errorLog($debug_info . '. Skipped as type is not ' . $this->_type); } continue; } $api_results = $result->getResults(); if (!empty($api_results)) { $obj->addResultArray($api_results); } $api_callback_func = $result->getCallback(); if (!empty($api_callback_func)) { $debug_info .= ' with Callback Function.'; $obj->setCallback($result->getLabel(), $result->getName(), $api_callback_func, $result->getRank(), $result->getTotal()); } else { if ($result->getSQL() != '' || $result->getFTSQL() != '') { if ($_CONF['search_use_fulltext'] == true && $result->getFTSQL() != '') { $sql = $result->getFTSQL(); } else { $sql = $result->getSQL(); } $sql = $this->_convertsql($sql); $debug_info .= ' with SQL = ' . print_r($sql, 1); $obj->setQuery($result->getLabel(), $result->getName(), $sql, $result->getRank()); } } $this->_url_rewrite[$result->getName()] = $result->UrlRewriteEnable(); $this->_append_query[$result->getName()] = $result->AppendQueryEnable(); if ($this->_verbose) { $new_api++; COM_errorLog($debug_info); } } else { if (is_a($result, 'Plugin') && $result->num_searchresults != 0) { // Some backwards compatibility if ($this->_verbose) { $old_api++; $debug_info = $result->plugin_name . ' using APIv1 with backwards compatibility.'; $debug_info .= ' Count: ' . $result->num_searchresults; $debug_info .= ' Headings: ' . implode(',', $result->searchheading); COM_errorLog($debug_info); } // Find the column heading names that closely match what we are looking for // There may be issues here on different languages, but this _should_ capture most of the data $col_title = $this->_findColumn($result->searchheading, array($LANG09[16], $LANG31[4], 'Question', 'Site Page')); //Title,Subject $col_desc = $this->_findColumn($result->searchheading, array($LANG09[63], 'Answer')); $col_date = $this->_findColumn($result->searchheading, array($LANG09[17])); //'Date','Date Added','Last Updated','Date & Time' $col_user = $this->_findColumn($result->searchheading, array($LANG09[18], 'Submited by')); $col_hits = $this->_findColumn($result->searchheading, array($LANG09[50], $LANG09[23], 'Downloads', 'Clicks')); //'Hits','Views' $label = str_replace($LANG09[59], '', $result->searchlabel); $num_results += $result->num_itemssearched; // Extract the results for ($i = 0; $i < 5; $i++) { // If the plugin does not repect the $perpage perameter force it here. $j = $i + $page * 5 - 5; if ($j >= count($result->searchresults)) { break; } $old_row = $result->searchresults[$j]; if ($col_date != -1) { // Convert the date back to a timestamp $date = $old_row[$col_date]; $date = substr($date, 0, strpos($date, '@')); $date = $date == '' ? $old_row[$col_date] : strtotime($date); } $api_results = array(LF_SOURCE_NAME => $result->plugin_name, LF_SOURCE_TITLE => $label, 'title' => $col_title == -1 ? '<i>' . $LANG09[70] . '</i>' : $old_row[$col_title], 'description' => $col_desc == -1 ? '<i>' . $LANG09[70] . '</i>' : $old_row[$col_desc], 'date' => $col_date == -1 ? ' ' : $date, 'uid' => $col_user == -1 ? ' ' : $old_row[$col_user], 'hits' => $col_hits == -1 ? '0' : str_replace(',', '', $old_row[$col_hits])); preg_match('/href="([^"]+)"/i', $api_results['title'], $links); $api_results['url'] = empty($links) ? '#' : $links[1]; $obj->addResult($api_results); } } } } // Find out how many plugins are on the old/new system if ($this->_verbose) { COM_errorLog('Search Plugins using APIv1: ' . $old_api . ' APIv2: ' . $new_api); } // Execute the queries $results = $obj->ExecuteQueries(); // Searches are done, stop timer $searchtime = $searchtimer->stopTimer(); $escquery = htmlspecialchars($this->_query); $escquery = str_replace(array('{', '}'), array('{', '}'), $escquery); if ($this->_keyType == 'any') { $searchQuery = str_replace(' ', "</b>' " . $LANG09[57] . " '<b>", $escquery); $searchQuery = "<b>'{$searchQuery}'</b>"; } else { if ($this->_keyType == 'all') { $searchQuery = str_replace(' ', "</b>' " . $LANG09[56] . " '<b>", $escquery); $searchQuery = "<b>'{$searchQuery}'</b>"; } else { $searchQuery = $LANG09[55] . " '<b>{$escquery}</b>'"; } } // Clean the query string so that sprintf works as expected $searchQuery = str_replace('%', '%%', $searchQuery); $retval = "{$LANG09[25]} {$searchQuery}. "; if (count($results) == 0) { $retval .= sprintf($LANG09[24], 0); $retval = '<p>' . $retval . '</p>' . LB; $retval .= '<p>' . $LANG09[13] . '</p>' . LB; $retval .= $this->showForm(); } else { $retval .= $LANG09[64] . " ({$searchtime} {$LANG09[27]}). "; $retval .= str_replace('%', '%%', COM_createLink($LANG09[61], $url . 'refine')); $retval = '<p>' . $retval . '</p>' . LB; $retval = $obj->getFormattedOutput($results, $LANG09[11], $retval, '', $_CONF['search_show_sort'], $_CONF['search_show_limit']); } return $retval; }
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } $sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); // WE ASSUME $output doesn't have any confidential fields if ($mode !== 'autotag') { $_CONF['pagetitle'] = $output['sp_title']; } } else { // an error occured (page not found, access denied, ...) if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'"); } if ($failflg) { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output .= COM_siteFooter(); } } else { if ($mode !== 'autotag') { COM_404(); } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['sp_date'])); $output['updated'] = date('c', strtotime($output['sp_date'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['category'] = array($output['sp_tid']); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']); $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY sp_date DESC"; $sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count += 1; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['sp_date'])); $output_item['updated'] = date('c', strtotime($output_item['sp_date'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['category'] = array($output_item['sp_tid']); $output_item['content'] = $output_item['sp_content']; $output_item['content_type'] = 'html'; $output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']); } $output[] = $output_item; } } return PLG_RET_OK; }
/** * Shows a profile for a user * * This grabs the user profile for a given user and displays it * * @return string HTML for user profile page * */ function userprofile() { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN; // @param int $user User ID of profile to get // @param int $msg Message to display (if != 0) // @param string $plugin optional plugin name for message $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); return $retval; } if (isset($_GET['uid'])) { $user = COM_applyFilter($_GET['uid'], true); if (!is_numeric($user) || $user < 2) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { if (isset($_GET['username'])) { $username = $_GET['username']; if (!USER_validateUsername($username, 1)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } if (empty($username) || $username == '') { echo COM_refresh($_CONF['site_url'] . '/index.php'); } $username = DB_escapeString($username); $user = DB_getItem($_TABLES['users'], 'uid', "username = '******'"); if ($user < 2) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } $msg = 0; if (isset($_GET['msg'])) { $msg = COM_applyFilter($_GET['msg'], true); } $plugin = ''; if ($msg > 0 && isset($_GET['plugin'])) { $plugin = COM_applyFilter($_GET['plugin']); } $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user); $nrows = DB_numRows($result); if ($nrows == 0) { // no such user echo COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) { COM_displayMessageAndAbort(30, '', 403, 'Forbidden'); } $display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt()); if ($msg > 0) { $retval .= COM_showMessage($msg, $plugin, '', 0, 'info'); } // format date/time to user preference $curtime = COM_getUserDateTimeFormat($A['regdate']); $A['regdate'] = $curtime[0]; $user_templates = new Template($_CONF['path_layout'] . 'users'); $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml')); $user_templates->set_var('layout_url', $_CONF['layout_url']); $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name)); $user_templates->set_var('end_block', COM_endBlock()); $user_templates->set_var('lang_username', $LANG04[2]); $user_templates->set_var('tooltip', COM_getTooltipStyle()); if ($_CONF['show_fullname'] == 1) { if (empty($A['fullname'])) { $username = $A['username']; $fullname = ''; } else { $username = $A['fullname']; $fullname = $A['username']; } } else { $username = $A['username']; $fullname = ''; } $username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt()); $fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt()); if ($A['status'] == USER_ACCOUNT_DISABLED) { $username = sprintf('%s - %s', $username, $LANG28[42]); if (!empty($fullname)) { $fullname = sprintf('% - %s', $fullname, $LANG28[42]); } } $user_templates->set_var('username', $username); $user_templates->set_var('user_fullname', $fullname); if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) { global $_IMAGE_TYPE, $LANG_ADMIN; $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />'; if ($_USER['uid'] == $A['uid']) { $edit_url = "{$_CONF['site_url']}/usersettings.php"; } else { $edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&uid={$A['uid']}"; } $edit_link_url = COM_createLink($edit_icon, $edit_url); $user_templates->set_var('edit_icon', $edit_icon); $user_templates->set_var('edit_link', $edit_link_url); $user_templates->set_var('user_edit', $edit_url); } else { $user_templates->set_var('user_edit', ''); } if (isset($A['photo']) && empty($A['photo'])) { $A['photo'] = '(none)'; // user does not have a photo } $lastlogin = $A['lastlogin']; $lasttime = COM_getUserDateTimeFormat($lastlogin); $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0); $user_templates->set_var('user_photo', $photo); $user_templates->set_var('lang_membersince', $LANG04[67]); $user_templates->set_var('user_regdate', $A['regdate']); if ($_CONF['lastlogin'] && $A['showonline']) { $user_templates->set_var('lang_lastlogin', $LANG28[35]); if (!empty($lastlogin)) { $user_templates->set_var('user_lastlogin', $lasttime[0]); } else { $user_templates->set_var('user_lastlogin', $LANG28[36]); } } if ($A['showonline']) { if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) { $user_templates->set_var('online', 'online'); } } $user_templates->set_var('lang_email', $LANG04[5]); $user_templates->set_var('user_id', $user); if ($A['email'] == '' || $A['emailfromuser'] == 0) { $user_templates->set_var('email_option', ''); } else { $user_templates->set_var('lang_sendemail', $LANG04[81]); $user_templates->parse('email_option', 'email', true); } $user_templates->set_var('lang_homepage', $LANG04[6]); $user_templates->set_var('user_homepage', COM_killJS($A['homepage'])); $user_templates->set_var('lang_location', $LANG04[106]); $user_templates->set_var('user_location', strip_tags($A['location'])); $user_templates->set_var('lang_online', $LANG04[160]); $user_templates->set_var('lang_bio', $LANG04[7]); $user_templates->set_var('user_bio', nl2br($A['about'])); $user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml')); $user_templates->set_var('lang_pgpkey', $LANG04[8]); $user_templates->set_var('user_pgp', nl2br($A['pgpkey'])); $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name)); if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') { $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name)); } $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name)); $user_templates->set_var('lang_title', $LANG09[16]); $user_templates->set_var('lang_date', $LANG09[17]); // for alternative layouts: use these as headlines instead of block titles $user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name); if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') { $user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name); } $user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name); $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL()); $nrows = DB_numRows($result); $tids = array(); for ($i = 0; $i < $nrows; $i++) { $T = DB_fetchArray($result); $tids[] = $T['tid']; } $topics = "'" . implode("','", $tids) . "'"; // list of last 10 stories by this user if (sizeof($tids) > 0) { $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND'); $sql .= " ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); } else { $nrows = 0; } if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']); $user_templates->set_var('article_url', $articleUrl); $C['title'] = str_replace('$', '$', $C['title']); $user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => ''))); $storytime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('story_date', $storytime[0]); $user_templates->parse('story_row', 'strow', true); } } else { $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>'); } if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') { // list of last 10 comments by this user $sidArray = array(); if (sizeof($tids) > 0) { // first, get a list of all stories the current visitor has access to $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND'); $result = DB_query($sql); $numsids = DB_numRows($result); for ($i = 1; $i <= $numsids; $i++) { $S = DB_fetchArray($result); $sidArray[] = $S['sid']; } } $sidList = implode("', '", $sidArray); $sidList = "'{$sidList}'"; // then, find all comments by the user in those stories $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)"; // SQL NOTE: Using a HAVING clause is usually faster than a where if the // field is part of the select // if (!empty ($sidList)) { // $sql .= " AND (sid in ($sidList))"; // } if (!empty($sidList)) { $sql .= " HAVING sid in ({$sidList})"; } $sql .= " ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $C['title'] = str_replace('$', '$', $C['title']); $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid']; $user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => ''))); $commenttime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('comment_date', $commenttime[0]); $user_templates->parse('comment_row', 'row', true); } } else { $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>'); } } // posting stats for this user $user_templates->set_var('lang_number_stories', $LANG04[84]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'); $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_stories', COM_numberFormat($N['count'])); if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') { $user_templates->set_var('lang_number_comments', $LANG04[85]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")"; if (!empty($sidList)) { $sql .= " AND (sid in ({$sidList}))"; } $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_comments', COM_numberFormat($N['count'])); $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name); } // hook to the profile icon display $profileIcons = PLG_profileIconDisplay($user); if (is_array($profileIcons) && count($profileIcons) > 0) { $user_templates->set_block('profile', 'profileicon', 'pi'); for ($x = 0; $x < count($profileIcons); $x++) { if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') { $user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']); $user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']); $user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']); $user_templates->parse('pi', 'profileicon', true); } } } // Call custom registration function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) { $user_templates->set_var('customfields', CUSTOM_userDisplay($user)); } PLG_profileVariablesDisplay($user, $user_templates); $user_templates->parse('output', 'profile'); $retval .= $user_templates->finish($user_templates->get_var('output')); $retval .= PLG_profileBlocksDisplay($user); return $retval; }
/** * Send report about abusive comment * * @param string $cid comment id * @param string $type type of comment ('article', 'polls', ...) * @return string Meta refresh or HTML for error message * */ function CMT_sendReport($cid, $type) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08; if (COM_isAnonUser()) { $retval = SEC_loginRequiredForm(); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27])); return $retval; } COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}"); $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = {$cid} AND type = '{$type}'"); $A = DB_fetchArray($result); $title = stripslashes($A['title']); $comment = stripslashes($A['comment']); // strip HTML if posted in HTML mode if (preg_match('/<.*>/', $comment) != 0) { $comment = strip_tags($comment); } $author = COM_getDisplayName($A['uid']); if ($A['uid'] <= 1 && !empty($A['ipaddress'])) { // add IP address for anonymous posters $author .= ' (' . $A['ipaddress'] . ')'; } $mailbody = sprintf($LANG03[26], $username); $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n"; if ($type != 'article') { $mailbody .= "{$LANG09['5']}: {$type}\n"; } if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $comment . "\n\n"; } $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; if (COM_mail($_CONF['site_mail'], $mailsubject, $mailbody)) { $msg = 27; // message sent } else { $msg = 85; // problem sending the email } COM_updateSpeedlimit('mail'); return COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}"); }
function handleunSubscribe($sid, $type) { global $_CONF, $_TABLES, $_USER; $dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url']; if ($dirty_referer == '') { $dirty_referer = $_CONF['site_url']; } $referer = COM_sanitizeUrl($dirty_referer); $sLength = strlen($_CONF['site_url']); if (substr($referer, 0, $sLength) != $_CONF['site_url']) { $referer = $_CONF['site_url']; } if (strcasecmp($referer, $_CONF['site_url'] . '/users.php') == 0) { $referer = $_CONF['site_url']; } $hasargs = strstr($referer, '?'); if ($hasargs) { $sep = '&'; } else { $sep = '?'; } if (COM_isAnonUser()) { $display = COM_siteHeader(); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } $rc = PLG_unsubscribe('comment', $type, $sid); echo COM_refresh($referer . $sep . 'msg=521' . '#comments'); exit; }
/** * Shows a profile for a user * * This grabs the user profile for a given user and displays it * * @param int $user User ID of profile to get * @param int $msg Message to display (if != 0) * @return string HTML for user profile page * */ function userprofile($user, $msg = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) { $retval .= COM_siteHeader('menu'); $retval .= SEC_loginRequiredForm(); $retval .= COM_siteFooter(); return $retval; } $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = " . (int) $user); $nrows = DB_numRows($result); if ($nrows == 0) { // no such user return COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); $display_name = COM_getDisplayName($user, $A['username'], $A['fullname']); // format date/time to user preference $curtime = COM_getUserDateTimeFormat($A['regdate']); $A['regdate'] = $curtime[0]; $user_templates = new Template($_CONF['path_layout'] . 'users'); $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml')); $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name)); $user_templates->set_var('end_block', COM_endBlock()); $user_templates->set_var('lang_username', $LANG04[2]); if ($_CONF['show_fullname'] == 1) { $user_templates->set_var('username', $A['fullname']); $user_templates->set_var('user_fullname', $A['username']); } else { $user_templates->set_var('username', $A['username']); $user_templates->set_var('user_fullname', $A['fullname']); } if (SEC_hasRights('user.edit')) { global $_IMAGE_TYPE, $LANG_ADMIN; $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />'; $edit_link_url = '<li>' . COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?edit=x&uid={$A['uid']}") . '</li>'; $user_templates->set_var('edit_link', $edit_link_url); } $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0); $user_templates->set_var('user_photo', $photo); $user_templates->set_var('lang_membersince', $LANG04[67]); $user_templates->set_var('user_regdate', $A['regdate']); $user_templates->set_var('lang_email', $LANG04[5]); $user_templates->set_var('user_id', $user); if ($A['email'] != '') { $user_templates->set_var('lang_sendemail', $LANG04[81]); $user_templates->parse('email_option', 'email', true); } else { $user_templates->set_var('email_option', ''); } $user_templates->set_var('lang_homepage', $LANG04[6]); $user_templates->set_var('user_homepage', COM_killJS($A['homepage'])); $user_templates->set_var('lang_location', $LANG04[106]); $user_templates->set_var('user_location', strip_tags($A['location'])); $user_templates->set_var('lang_bio', $LANG04[7]); $user_templates->set_var('user_bio', nl2br($A['about'])); $user_templates->set_var('lang_pgpkey', $LANG04[8]); $user_templates->set_var('user_pgp', nl2br($A['pgpkey'])); $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name)); $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name)); $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name)); $user_templates->set_var('lang_title', $LANG09[16]); $user_templates->set_var('lang_date', $LANG09[17]); // for alternative layouts: use these as headlines instead of block titles $user_templates->set_var('headline_last10stories', $LANG04[82]); $user_templates->set_var('headline_last10comments', $LANG04[10]); $user_templates->set_var('headline_postingstats', $LANG04[83]); $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL()); $nrows = DB_numRows($result); $tids = array(); for ($i = 0; $i < $nrows; $i++) { $T = DB_fetchArray($result); $tids[] = $T['tid']; } $topics = "'" . implode("','", $tids) . "'"; // list of last 10 stories by this user if (sizeof($tids) > 0) { $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND'); $sql .= " ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); } else { $nrows = 0; } if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']); $user_templates->set_var('article_url', $articleUrl); $C['title'] = str_replace('$', '$', $C['title']); $user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => 'b'))); $storytime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('story_date', $storytime[0]); $user_templates->parse('story_row', 'strow', true); } } else { $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>'); } // list of last 10 comments by this user $sidArray = array(); if (sizeof($tids) > 0) { // first, get a list of all stories the current visitor has access to $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND'); $result = DB_query($sql); $numsids = DB_numRows($result); for ($i = 1; $i <= $numsids; $i++) { $S = DB_fetchArray($result); $sidArray[] = $S['sid']; } } $sidList = implode("', '", $sidArray); $sidList = "'" . DB_escapeString($sidList) . "'"; // then, find all comments by the user in those stories $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)"; // SQL NOTE: Using a HAVING clause is usually faster than a where if the // field is part of the select // if (!empty ($sidList)) { // $sql .= " AND (sid in ($sidList))"; // } if (!empty($sidList)) { $sql .= " HAVING sid in ({$sidList})"; } $sql .= " ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 0; $i < $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid']; $C['title'] = str_replace('$', '$', $C['title']); $user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => 'b'))); $commenttime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('comment_date', $commenttime[0]); $user_templates->parse('comment_row', 'row', true); } } else { $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>'); } // posting stats for this user $user_templates->set_var('lang_number_stories', $LANG04[84]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'); $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_stories', COM_numberFormat($N['count'])); $user_templates->set_var('lang_number_comments', $LANG04[85]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = '{$user}')"; if (!empty($sidList)) { $sql .= " AND (sid in ({$sidList}))"; } $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_comments', COM_numberFormat($N['count'])); $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name); // Call custom registration function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) { $user_templates->set_var('customfields', CUSTOM_userDisplay($user)); } PLG_profileVariablesDisplay($user, $user_templates); $user_templates->parse('output', 'profile'); $retval .= $user_templates->finish($user_templates->get_var('output')); $retval .= PLG_profileBlocksDisplay($user); return $retval; }
/** * Display form to email a story to someone. * * @param string $sid ID of article to email * @param bool $cc Whether to send a copy of the message to the author * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @param string $msg Error message code * @return string HTML for email story form * */ function mailstoryform($sid, $cc = false, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0) { global $_CONF, $_TABLES, $_USER, $LANG08; require_once $_CONF['path_system'] . 'lib-story.php'; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); return $retval; } $story = new Story(); $result = $story->loadFromDatabase($sid, 'view'); if ($result != STORY_LOADED_OK) { COM_redirect($_CONF['site_url'] . '/index.php'); } if ($msg > 0) { $retval .= COM_showMessage($msg); } if (empty($from) && empty($fromemail)) { if (!COM_isAnonUser()) { $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']); $fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}"); } } $cc = $cc ? ' checked="checked"' : ''; $mail_template = COM_newTemplate($_CONF['path_layout'] . 'profiles'); $mail_template->set_file('form', 'contactauthorform.thtml'); $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17])); $mail_template->set_var('lang_title', $LANG08[31]); $mail_template->set_var('story_title', $story->displayElements('title')); $url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); $mail_template->set_var('story_url', $url); $link = COM_createLink($story->displayElements('title'), $url); $mail_template->set_var('story_link', $link); $mail_template->set_var('lang_fromname', $LANG08[20]); $mail_template->set_var('name', $from); $mail_template->set_var('lang_fromemailaddress', $LANG08[21]); $mail_template->set_var('email', $fromemail); $mail_template->set_var('lang_toname', $LANG08[18]); $mail_template->set_var('toname', $to); $mail_template->set_var('lang_toemailaddress', $LANG08[19]); $mail_template->set_var('toemail', $toemail); if (!$_CONF['mail_cc_enabled']) { $mail_template->set_var('cc_enabled', ' style="display: none"'); } else { $mail_template->set_var('cc', $cc); $mail_template->set_var('lang_cc', $LANG08[36]); $mail_template->set_var('lang_cc_description', $LANG08[37]); } $mail_template->set_var('lang_shortmessage', $LANG08[27]); $mail_template->set_var('shortmsg', htmlspecialchars($shortmsg)); $mail_template->set_var('lang_warning', $LANG08[22]); $mail_template->set_var('lang_sendmessage', $LANG08[16]); $mail_template->set_var('story_id', $sid); $mail_template->set_var('end_block', COM_endBlock()); PLG_templateSetVars('emailstory', $mail_template); $mail_template->parse('output', 'form'); $retval .= $mail_template->finish($mail_template->get_var('output')); return $retval; }
/** * Shows a profile for a user * This grabs the user profile for a given user and displays it * * @param int $uid User ID of profile to get * @param boolean $preview whether being called as preview from My Account * @param int $msg Message to display (if != 0) * @param string $plugin optional plugin name for message * @return string HTML for user profile page */ function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '') { global $_CONF, $_TABLES, $_USER, $_IMAGE_TYPE, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN, $LANG_ADMIN; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) { $retval .= SEC_loginRequiredForm(); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LOGIN[1])); return $retval; } $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$uid}"); $numRows = DB_numRows($result); if ($numRows == 0) { // no such user COM_handle404(); } $A = DB_fetchArray($result); if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) { COM_displayMessageAndAbort(30, '', 403, 'Forbidden'); } if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) { COM_handle404(); } $display_name = COM_getDisplayName($uid, $A['username'], $A['fullname']); $display_name = htmlspecialchars($display_name); if (!$preview) { if ($msg > 0) { $retval .= COM_showMessage($msg, $plugin); } } // format date/time to user preference $currentTime = COM_getUserDateTimeFormat($A['regdate']); $A['regdate'] = $currentTime[0]; $user_templates = COM_newTemplate($_CONF['path_layout'] . 'users'); $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml')); $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name)); $user_templates->set_var('end_block', COM_endBlock()); $user_templates->set_var('lang_username', $LANG04[2]); if ($_CONF['show_fullname'] == 1) { if (empty($A['fullname'])) { $userName = $A['username']; $fullName = ''; } else { $userName = $A['fullname']; $fullName = $A['username']; } } else { $userName = $A['username']; $fullName = $A['fullname']; } $userName = htmlspecialchars($userName); $fullName = htmlspecialchars($fullName); if ($A['status'] == USER_ACCOUNT_DISABLED) { $userName = sprintf('<s title="%s">%s</s>', $LANG28[42], $userName); if (!empty($fullName)) { $fullName = sprintf('<s title="%s">%s</s>', $LANG28[42], $fullName); } } $user_templates->set_var('username', $userName); $user_templates->set_var('user_fullname', $fullName); if ($preview) { $user_templates->set_var('edit_icon', ''); $user_templates->set_var('edit_link', ''); $user_templates->set_var('user_edit', ''); } elseif (!COM_isAnonUser() && $_USER['uid'] == $uid) { $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[48] . '" title="' . $LANG01[48] . '"' . XHTML . '>'; $edit_link_url = COM_createLink($edit_icon, $_CONF['site_url'] . '/usersettings.php'); $user_templates->set_var('edit_icon', $edit_icon); $user_templates->set_var('edit_link', $edit_link_url); $user_templates->set_var('user_edit', $edit_link_url); } elseif (SEC_hasRights('user.edit')) { $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>'; $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}"); $user_templates->set_var('edit_icon', $edit_icon); $user_templates->set_var('edit_link', $edit_link_url); $user_templates->set_var('user_edit', $edit_link_url); } if (isset($A['photo']) && empty($A['photo'])) { $A['photo'] = '(none)'; // user does not have a photo } $photo = USER_getPhoto($uid, $A['photo'], $A['email'], -1); $user_templates->set_var('user_photo', $photo); $user_templates->set_var('lang_membersince', $LANG04[67]); $user_templates->set_var('user_regdate', $A['regdate']); $user_templates->set_var('lang_email', $LANG04[5]); $user_templates->set_var('user_id', $uid); $user_templates->set_var('uid', $uid); if ($A['email'] != '') { $user_templates->set_var('lang_sendemail', $LANG04[81]); $user_templates->parse('email_option', 'email', true); } else { $user_templates->set_var('email_option', ''); } $user_templates->set_var('lang_homepage', $LANG04[6]); $user_templates->set_var('user_homepage', COM_killJS($A['homepage'])); $user_templates->set_var('lang_location', $LANG04[106]); $user_templates->set_var('user_location', strip_tags($A['location'])); $user_templates->set_var('lang_bio', $LANG04[7]); $user_templates->set_var('user_bio', COM_nl2br(stripslashes($A['about']))); $user_templates->set_var('lang_pgpkey', $LANG04[8]); $user_templates->set_var('user_pgp', COM_nl2br($A['pgpkey'])); $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name)); $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name)); $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name)); $user_templates->set_var('lang_title', $LANG09[16]); $user_templates->set_var('lang_date', $LANG09[17]); // for alternative layouts: use these as headlines instead of block titles $user_templates->set_var('headline_last10stories', $LANG04[82]); $user_templates->set_var('headline_last10comments', $LANG04[10]); $user_templates->set_var('headline_postingstats', $LANG04[83]); $tids = TOPIC_getList(0, true, false); $topics = "'" . implode("','", $tids) . "'"; // list of last 10 stories by this user if (count($tids) > 0) { $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND') . "\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1\n ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $numRows = DB_numRows($result); } else { $numRows = 0; } if ($numRows > 0) { for ($i = 0; $i < $numRows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('cssid', $i % 2 + 1); $user_templates->set_var('row_number', $i + 1 . '.'); $articleUrl = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $C['sid']); $user_templates->set_var('article_url', $articleUrl); $C['title'] = str_replace('$', '$', $C['title']); $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b'))); $storyTime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('story_date', $storyTime[0]); $user_templates->parse('story_row', 'strow', true); } } else { $story_row = $LANG01[37]; if ($_CONF['supported_version_theme'] == '1.8.1') { $story_row = '<tr><td>' . $story_row . '</td></tr>'; } $user_templates->set_var('story_row', $story_row); } // list of last 10 comments by this user $new_plugin_comments = PLG_getWhatsNewComment('', 10, $uid); if (!empty($new_plugin_comments)) { // Sort array by element lastdate newest to oldest foreach ($new_plugin_comments as $k => $v) { $b[$k] = strtolower($v['unixdate']); } arsort($b); foreach ($b as $key => $val) { $temp[] = $new_plugin_comments[$key]; } $new_plugin_comments = $temp; $i = 0; foreach ($new_plugin_comments as $C) { $i = $i + 1; $user_templates->set_var('cssid', $i % 2); $user_templates->set_var('row_number', $i . '.'); $C['title'] = str_replace('$', '$', $C['title']); $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid']; $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b'))); $commentTime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('comment_date', $commentTime[0]); $user_templates->parse('comment_row', 'row', true); if ($i == 10) { break; } } } else { $comment_row = $LANG01[29]; if ($_CONF['supported_version_theme'] == '1.8.1') { $comment_row = '<tr><td>' . $comment_row . '</td></tr>'; } $user_templates->set_var('comment_row', $comment_row); } // posting stats for this user $user_templates->set_var('lang_number_stories', $LANG04[84]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'); $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_stories', COM_numberFormat($N['count'])); $user_templates->set_var('lang_number_comments', $LANG04[85]); $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$uid})"; $result = DB_query($sql); $N = DB_fetchArray($result); $user_templates->set_var('number_comments', COM_numberFormat($N['count'])); $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name); // Call custom registration function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) { $user_templates->set_var('customfields', CUSTOM_userDisplay($uid)); } PLG_profileVariablesDisplay($uid, $user_templates); $user_templates->parse('output', 'profile'); $retval .= $user_templates->finish($user_templates->get_var('output')); $retval .= PLG_profileBlocksDisplay($uid); if (!$preview) { $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[1] . ' ' . $display_name)); } return $retval; }
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!SEC_hasRights('staticpages.edit')) { if (!empty($perms)) { $perms .= ' AND'; } $perms .= '(draft_flag = 0)'; } if (!empty($perms)) { $perms = ' AND ' . $perms; } $sql = array(); $sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms; $sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms; $sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); // WE ASSUME $output doesn't have any confidential fields if ($output['template_id'] != '') { $retval = ''; $mode = ''; $xmlObject = simplexml_load_string($output['sp_content']); // create array of XML data $tag = array(); foreach ($xmlObject->variable as $variable) { $key = $variable["name"] . ''; $value = $variable->data; $tag[$key] = $value; } // Loop through variables to replace any autotags first foreach ($tag as &$value) { $value = PLG_replaceTags($value); } $args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => ''); $svc_msg = array(); if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) { $retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']); $output['sp_content'] = $retval['sp_content']; } } } else { // an error occured (page not found, access denied, ...) /** * if the user has edit permissions and the page does not exist, * send them to the editor so they can create it "wiki style" */ $create_page = false; if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) { // check again without permissions if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) { $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21'; $output = COM_refresh($url); $create_page = true; } } if (!$create_page) { if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'"); } if ($failflg) { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output .= COM_siteFooter(true); } } else { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['deny_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); if ($mode !== 'autotag') { $output .= COM_siteFooter(true); } } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['created'])); $output['updated'] = date('c', strtotime($output['modified'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['page_title'] = $output['sp_page_title']; $output['category'] = array($output['sp_tid']); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output['owner_id']); $output['author_name'] = $owner_data['username']; $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' WHERE ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY modified DESC"; $sql = array(); $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count += 1; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['created'])); $output_item['updated'] = date('c', strtotime($output_item['modified'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['page_title'] = $output_item['sp_page_title']; $output_item['category'] = array($output_item['sp_tid']); $output_item['content'] = $output_item['sp_content']; $output_item['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output_item['owner_id']); $output_item['author_name'] = $owner_data['username']; } $output[] = $output_item; } } return PLG_RET_OK; }
/** * Display form to email a story to someone. * * @param string $sid ID of article to email * @return string HTML for email story form * */ function mailstoryform($sid, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG_LOGIN; $retval = ''; if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { $display = COM_siteHeader('menu', $LANG_LOGIN[1]); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND')); $A = DB_fetchArray($result); if ($A['count'] == 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } if ($msg > 0) { $retval .= COM_showMessage($msg, '', '', 0, 'info'); } if (empty($from) && empty($fromemail)) { if (!COM_isAnonUser()) { $from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']); $fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}"); } } $postmode = $_CONF['mailuser_postmode']; $mail_template = new Template($_CONF['path_layout'] . 'profiles'); $mail_template->set_file('form', 'contactauthorform.thtml'); if ($postmode == 'html') { $mail_template->set_var('show_htmleditor', true); } else { $mail_template->unset_var('show_htmleditor'); } $mail_template->set_var('lang_postmode', $LANG03[2]); $mail_template->set_var('postmode', $postmode); $mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17])); $mail_template->set_var('lang_fromname', $LANG08[20]); $mail_template->set_var('name', $from); $mail_template->set_var('lang_fromemailaddress', $LANG08[21]); $mail_template->set_var('email', $fromemail); $mail_template->set_var('lang_toname', $LANG08[18]); $mail_template->set_var('toname', $to); $mail_template->set_var('lang_toemailaddress', $LANG08[19]); $mail_template->set_var('toemail', $toemail); $mail_template->set_var('lang_shortmessage', $LANG08[27]); $mail_template->set_var('shortmsg', @htmlspecialchars($shortmsg, ENT_COMPAT, COM_getEncodingt())); $mail_template->set_var('lang_warning', $LANG08[22]); $mail_template->set_var('lang_sendmessage', $LANG08[16]); $mail_template->set_var('story_id', $sid); PLG_templateSetVars('emailstory', $mail_template); $mail_template->set_var('end_block', COM_endBlock()); $mail_template->parse('output', 'form'); $retval .= $mail_template->finish($mail_template->get_var('output')); return $retval; }
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!SEC_hasRights('staticpages.edit')) { if (!empty($perms)) { $perms .= ' AND'; } $perms .= '(draft_flag = 0)'; } if (!empty($perms)) { $perms = ' AND ' . $perms; } // Topic Permissions $topic_perms = COM_getTopicSQL('', 0, 'ta'); if ($topic_perms != "") { $topic_perms = " AND (" . $topic_perms . ""; if (COM_onFrontpage()) { $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))"; } else { // $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')"; $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))"; } } $topic_perms .= " GROUP BY sp_id"; $sql = array(); $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms; $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); $page = $output['sp_id']; // reset page id so case mimics id perfectly since this affects the cache file and canonical link // WE ASSUME $output doesn't have any confidential fields // Generate output now (omly if not grabing a template since template is combined with variables first and then generated) if (!isset($args['template'])) { $output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']); } } else { // an error occured (page not found, access denied, ...) /** * if the user has edit permissions and the page does not exist, * send them to the editor so they can create it "wiki style" */ $create_page = false; if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) { // check again without permissions if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) { $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21'; $output = COM_refresh($url); $create_page = true; } } if (!$create_page) { if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'"); } if ($failflg) { $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output = COM_createHTMLDocument($output, array('rightblock' => true)); } } else { if ($mode !== 'autotag') { COM_handle404(); } } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['created'])); $output['updated'] = date('c', strtotime($output['modified'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['page_title'] = $output['sp_page_title']; $output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output['owner_id']); $output['author_name'] = $owner_data['username']; $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' WHERE ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY modified DESC"; $sql = array(); $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count++; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['created'])); $output_item['updated'] = date('c', strtotime($output_item['modified'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['page_title'] = $output_item['sp_page_title']; //$output_item['category'] = array($output_item['sp_tid']); $output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page); //$output_item['content'] = $output_item['sp_content']; $output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']); $output_item['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output_item['owner_id']); $output_item['author_name'] = $owner_data['username']; } $output[] = $output_item; } } return PLG_RET_OK; }
function FF_bookmarks() { global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92; $retval = ''; $pageTitle = $LANG_GF01['BOOKMARKS']; if (COM_isAnonUser()) { $retval .= SEC_loginRequiredForm(); return array($pageTitle, $retval); } $T = new Template($_CONF['path'] . 'plugins/forum/templates/'); $T->set_file('list', 'lists.thtml'); USES_lib_admin(); $header_arr = array(array('text' => '#', 'field' => 'bookmark', 'sort' => false), array('text' => $LANG_GF01['FORUM'], 'field' => 'forum_name', 'sort' => true), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject', 'sort' => true), array('text' => $LANG_GF01['AUTHOR'], 'field' => 'name', 'sort' => true), array('text' => $LANG_GF01['REPLIES'], 'field' => 'replies', 'sort' => true), array('text' => $LANG_GF01['VIEWS'], 'field' => 'views', 'sort' => true), array('text' => $LANG_GF01['DATE'], 'field' => 'date', 'sort' => true, 'nowrap' => true)); if ($_FF_CONF['usermenu'] == 'navbar') { $T->set_var('navbar', FF_NavbarMenu($LANG_GF01['BOOKMARKS'])); } $T->set_var('block_start', COM_startBlock($LANG_GF01['BOOKMARKS'], '', COM_getBlockTemplate('_admin_block', 'header'))); $text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_url'] . '/forum/list.php?op=bookmarks', 'help_url' => ''); $defsort_arr = array('field' => 'date', 'direction' => 'DESC'); $sql = "SELECT * FROM {$_TABLES['ff_bookmarks']} AS bookmarks LEFT JOIN {$_TABLES['ff_topic']} AS topics ON bookmarks.topic_id=topics.id LEFT JOIN {$_TABLES['ff_forums']} AS forums ON topics.forum=forums.forum_id WHERE topics.id != '' AND bookmarks.uid=" . $_USER['uid']; $query_arr = array('table' => 'ff_bookmarks', 'sql' => $sql, 'query_fields' => array('topics.date', 'topics.subject', 'topics.comment', 'topics.name', 'topics.replies', 'topics.views', 'id', 'forum', 'forum_name'), 'default_filter' => ''); $T->set_var('list_data', ADMIN_list('bookmarks', '_ff_getListField_forum', $header_arr, $text_arr, $query_arr, $defsort_arr)); $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $T->parse('output', 'list'); $retval = $T->finish($T->get_var('output')); return array($pageTitle, $retval); }
} USES_forum_functions(); USES_forum_format(); require_once $_CONF['path_system'] . 'classes/timer.class.php'; $forum = isset($_REQUEST['forum']) ? COM_applyFilter($_REQUEST['forum'], true) : 0; $show = isset($_REQUEST['show']) ? COM_applyFilter($_REQUEST['show'], true) : 0; $page = isset($_REQUEST['page']) ? COM_applyFilter($_REQUEST['page'], true) : 0; $order = isset($_REQUEST['order']) ? COM_applyFilter($_REQUEST['order'], true) : 0; $sort = isset($_REQUEST['sort']) ? COM_applyFilter($_REQUEST['sort'], true) : 0; $cat_id = isset($_REQUEST['cat_id']) ? COM_applyFilter($_REQUEST['cat_id'], true) : 0; $forum_id = isset($_REQUEST['forum_id']) ? COM_applyFilter($_REQUEST['forum_id'], true) : 0; $op = isset($_REQUEST['op']) ? COM_applyFilter($_REQUEST['op']) : ''; //Check is anonymous users can access if ($_FF_CONF['registration_required'] && COM_isAnonUser()) { $display = COM_siteHeader(); $display .= SEC_loginRequiredForm(); $display .= COM_siteFooter(); echo $display; exit; } /* * Initialize vars */ $canPost = 0; $display = ''; $pageBody = ''; $todaysdate = date("l, F d, Y"); forum_chkUsercanAccess(); // Check to see if request to mark all topics read was requested if (!COM_isAnonUser() && $op == 'markallread') { $now = time();
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ /** * Login form * @package paypal */ /** * require core geeklog code */ require_once '../lib-common.php'; // take user back to the homepage if the plugin is not active if (!in_array('paypal', $_PLUGINS)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } /* Ensure sufficient privs to read this page */ paypal_access_check(); //Main $display = PAYPAL_siteHeader($_PAY_CONF['seo_shop_title']); if (SEC_hasRights('paypal.user', 'paypal.admin')) { $display .= paypal_user_menu(); } else { $display .= paypal_viewer_menu(); } if (!empty($_REQUEST['msg'])) { $display .= COM_showMessageText(stripslashes($_REQUEST['msg']), $LANG_PAYPAL_1['message']); } $display .= '<div id="login">' . SEC_loginRequiredForm() . '</div>'; $display .= PAYPAL_siteFooter(); COM_output($display);
/** * Shows an error message to anonymous users * * This is called when anonymous users attempt to access search * functionality that has been locked down by the glFusion admin. * * @author Tony Bibbs <tony AT geeklog DOT net> * @access private * @return string HTML output for error message * */ function _getAccessDeniedMessage() { return SEC_loginRequiredForm(); }
* @copyright Copyright (c) 2008 - 2010 Mark R. Evans mark AT glfusion DOT org * @package evlist * @version 1.3.0 * @license http://opensource.org/licenses/gpl-2.0.php * GNU Public License v2 or later * @filesource */ /** Import core glFusion libraries */ require_once '../lib-common.php'; if (!in_array('evlist', $_PLUGINS)) { COM_404(); } // allow_anon_view is set by functions.inc if global login_required is on if (COM_isAnonUser() && $_EV_CONF['allow_anon_view'] != '1') { $content = COM_siteHeader(); $content .= SEC_loginRequiredForm(); $content .= COM_siteFooter(); echo $content; exit; } USES_evlist_functions(); USES_evlist_views(); //var_dump($_GET);die; /* * MAIN */ COM_setArgNames(array('view', 'range', 'cat')); if (isset($_GET['view'])) { $view = COM_applyFilter($_GET['view']); } elseif (isset($_POST['view'])) { $view = COM_applyFilter($_POST['view']);