} else {
$logged_as_member = FALSE;
$name = trim(REQ('name', 'POST'));
$mail = trim(REQ('mail', 'POST'));
}
$comment = trim(REQ('comments', 'POST'));
$refer = cn_htmlspecialchars(REQ('referer'));
$regex_site = '/(ftps?|n?ntp|pop3|https?):\\/\\/[^\\s]+/is';
// Can't add comment
if ($user && !test('Mac')) {
echo '<div class="cn_error_comment">' . i18n("You can't add comment") . '. <a href="' . $refer . '">Go back</a></div>';
return FALSE;
}
// ----------------------------------
if ($action == 'comment_process') {
cn_dsi_check();
list($comm_delete) = GET('comm_delete');
if (is_array($comm_delete)) {
foreach ($comm_delete as $cid) {
db_comm_delete($id, $cid);
}
}
// Redirect...
echo '<script type="text/javascript">window.location="' . addslashes(REQ('referer')) . '";</script>';
echo '<div><a href="' . $refer . '">click there</a> if automatic redirect not work</div>';
return FALSE;
}
// ----------------------------------
if (empty($comment)) {
echo '<div class="blocking_posting_comment">' . i18n('Sorry but the comment cannot be blank') . '. <a href="' . $refer . '">Go back</a></div>';
return FALSE;
function dashboard_script()
{
list($snippet, $text) = GET('snippet, text');
if ($snippet == '') {
$snippet = 'sandbox';
}
// Prevent subfoldering
$snippet = preg_replace('/[^a-z0-9\\-\\.]/i', '_', $snippet);
if (request_type('POST')) {
cn_dsi_check();
// Click select only
if (!REQ('select', 'POST')) {
if (REQ('delete', 'POST')) {
$_t = getoption('#snippets');
unset($_t[$snippet]);
setoption('#snippets', $_t);
$snippet = 'sandbox';
} else {
// Create new snippet
if (REQ('create', 'POST')) {
$snippet = REQ('create');
}
setoption('#snippets/' . $snippet, $text);
cn_throw_message('Changes saved');
}
} else {
cn_throw_message('Select snippet [' . cn_htmlspecialchars($snippet) . ']');
}
}
$list = getoption('#snippets');
if (empty($list)) {
$list['sandbox'] = '';
}
$opt_txt = getoption('#snippets/' . $snippet);
$params = array('list' => $list, 'text' => !empty($opt_txt) ? $opt_txt : '', 'can_delete' => $snippet !== 'sandbox' ? TRUE : FALSE, 'snippet' => $snippet, 'snippets' => getoption('#snippets'));
echoheader('-@dashboard/style.css', 'HTML Scripts');
echo exec_tpl('dashboard/script', $params);
echofooter();
}
function edit_news_delete()
{
cn_dsi_check();
if (!test('Nud')) {
msg_info("Unable to delete news: no permission");
}
$FlatDB = new FlatDB();
list($id, $source) = GET('id, source', 'GET');
$ida = db_index_load($source);
$nloc = db_get_nloc($id);
$db = db_news_load($nloc);
// ------
$FlatDB->cn_remove_categories($db[$id]['c'], $db[$id]['id']);
$FlatDB->cn_update_date(0, $db[$id]['id']);
$FlatDB->cn_user_sync($db[$id]['u'], 0, $db[$id]['id']);
$FlatDB->cn_remove_tags($db[$id]['tg'], $db[$id]['id']);
// ------
unset($db[$id]);
unset($ida[$id]);
// Remove from meta-index
$_ts_id = bt_get_id($id, 'nts_id');
bt_del_id($id, 'nts_id');
bt_del_id($_ts_id, 'nid_ts');
// Remove page alias
$_ts_pg = bt_get_id($id, 'ts_pg');
bt_del_id($id, 'ts_pg');
bt_del_id($_ts_pg, 'pg_ts');
// save block
db_save_news($db, $nloc);
db_index_save($ida, $source);
db_index_update_overall($source);
cn_relocation(cn_url_modify(array('reset'), 'mod=editnews', "source={$source}"));
$FlatDB->cache_clean();
}
function media_invoke()
{
$popup_form = '';
list($path, $opt) = GET('folder, opt', 'GETPOST');
list($do_action, $pending) = GET('do_action, pending', 'POST');
// Change default uploads dir
$udir = cn_path_construct(SERVDIR, 'uploads');
if (getoption('uploads_dir')) {
$udir = preparation_path(getoption('uploads_dir'));
}
$edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads';
$dfile = cn_path_construct($udir, $path);
// Remove root identifier
$path = preparation_path($path);
// Path detection
$path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path);
$root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR;
$just_uploaded = array();
// Get path struct
$pathes = spsep($path, DIRECTORY_SEPARATOR);
if (isset($pathes[0]) && $pathes[0] === '') {
unset($pathes[0]);
}
// Do upload files
if (request_type('POST')) {
cn_dsi_check();
// Allowed Exts.
$AE = spsep(getoption('allowed_extensions'));
// Generate thumbnail after upload
$thumbnail_with_upload = getoption('thumbnail_with_upload');
// UPLOAD FILES
if (REQ('upload', 'POST')) {
list($overwrite) = GET('overwrite');
$is_uploaded = FALSE;
// Try for fopen url upload
if ($upload_from_inet = REQ('upload_from_inet')) {
if (ini_get('allow_url_fopen')) {
// Get filename
$url_name = spsep($upload_from_inet, '/');
$url_name = $url_name[count($url_name) - 1];
$url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name);
$url_name = str_replace('%', '_', $url_name);
// resolve filename
$c_file = $dfile . $url_name;
// Overwrite [if can], or add file
if ($overwrite && file_exists($c_file) || !file_exists($c_file)) {
// Use context for disable error notices
if (function_exists('stream_context_create')) {
$context = stream_context_create(array('http' => array('ignore_errors' => true)));
$fw = fopen($upload_from_inet, 'rb', false, $context);
} else {
// Read file
$fw = fopen($upload_from_inet, 'rb');
}
// --------- (fetch content) ------
ob_start();
fpassthru($fw);
$file_image = ob_get_clean();
fclose($fw);
// ---------
// write2disk
if ($wf = fopen($c_file, 'w')) {
fwrite($wf, $file_image);
fclose($wf);
}
// check image
list($w, $h) = getimagesize($c_file);
if ($w && $h) {
cn_throw_message('File uploaded');
$max_width = getoption('max_thumbnail_width');
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
$is_uploaded = TRUE;
$just_uploaded[$url_name] = TRUE;
} else {
cn_throw_message("Wrong image file", 'e');
unlink($c_file);
}
} else {
cn_throw_message("Can't overwrite or save", 'e');
}
} else {
cn_throw_message('allow_url_fopen=0, check server configurations');
}
}
// Upload from local
foreach ($_FILES['upload_file']['name'] as $id => $name) {
if ($name) {
$ext = NULL;
if (preg_match('/\\.(\\w+)$/i', $name, $c)) {
$ext = strtolower($c[1]);
}
// Check allowed ext
if ($ext && in_array($ext, $AE)) {
// encode url
$name = str_replace('%2F', '/', urlencode($name));
// encoded? replace filename
if (strpos($name, '%') !== FALSE) {
$name = str_replace('%', '', strtolower($name));
}
// check file for exist
if (file_exists($c_file = $dfile . $name)) {
if ($overwrite) {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e');
continue;
}
}
// Upload file to server
if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) {
$just_uploaded[$name] = TRUE;
cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]');
$max_width = getoption('max_thumbnail_width');
list($w, $h) = getimagesize($c_file);
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e');
}
} else {
cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e');
}
} elseif (!$is_uploaded) {
cn_throw_message('No selected files for upload', 'e');
}
}
} elseif ($do_action || $pending) {
list($rm) = GET('rm', 'POST');
// action --> delete entries
if ($do_action == 'delete') {
if (empty($rm)) {
cn_throw_message('No files selected', 'w');
} else {
foreach ($rm as $file) {
if (file_exists($cfile = $dfile . $file)) {
if (is_dir($cfile)) {
rmdir($cfile);
} else {
//get thumbnail path
$path_parts = pathinfo($cfile);
$thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename'];
if (file_exists($thumbnail_path)) {
unlink($thumbnail_path);
}
unlink($cfile);
}
}
if (file_exists($cfile)) {
cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully');
}
}
}
} elseif ($do_action == 'create') {
$popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />';
} elseif ($pending == 'create') {
$new_dir_arr = GET('new_dir', 'POST');
$new_folder = array_pop($new_dir_arr);
$new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder);
if ($new_folder) {
$cfile = $dfile . $new_folder;
if (is_dir($cfile)) {
cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e');
} else {
mkdir($cfile);
if (!is_dir($cfile)) {
cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e');
} else {
cn_throw_message('Folder [' . $new_folder . '] created!');
}
}
} else {
cn_throw_message('Specify folder name', 'w');
}
$popup_form = '';
} elseif ($do_action == 'rename') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>';
$popup_form .= i18n('Tip: Write new file name') . '<br />';
$popup_form .= '<table>';
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> ';
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to rename', 'w');
}
} elseif ($pending == 'rename') {
// ...
list($ids, $place) = GET('ids, place', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
if (in_array(md5($file), $safe_dir)) {
$filename = $place[$id];
if (strpos($filename, '\\') || strpos($filename, '/')) {
cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e');
continue;
}
$renameto = $root_dir . $filename;
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $renameto)) {
if (file_exists($thumb)) {
rename($thumb, $root_dir . '.thumb.' . $filename);
}
cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename)));
} else {
cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'move') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>';
$popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />';
$popup_form .= '<table>';
$folders = array();
$dirs = scan_dir($root_dir);
foreach ($dirs as $entry) {
if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) {
$folders[] = $entry;
}
}
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td>';
$cnt_folders = count($folders);
if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) {
$popup_form .= '<select name="place_folder_' . $id . '">';
foreach ($folders as $dirn) {
if ($dirn != $hfn) {
$popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>';
}
}
$popup_form .= '</select>';
}
if ($root_dir != $udir) {
$popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>';
} else {
$popup_form .= '<nobr> X Move up (You are in root folder)</nobr>';
}
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to move', 'w');
}
} elseif ($pending == 'move') {
// ...
list($ids, $moveup) = GET('ids, moveup', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
list($place_folder) = GET('place_folder_' . $id);
if (in_array(md5($file), $safe_dir)) {
$NF = '';
$foldername = preg_replace('/\\.\\//i', '', $place_folder);
// move this file up
if (isset($moveup[$id]) && count($pathes) > 0) {
$nwfolder = dirname($root_dir);
$foldername = 'up folder';
} else {
$nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername;
if ($rm[0]) {
$NF = $rm[0] . DIRECTORY_SEPARATOR;
}
}
$moveto = $nwfolder . DIRECTORY_SEPARATOR . $file;
//check for image thumbnail
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $moveto)) {
if (file_exists($thumb)) {
rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file);
}
cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername)));
} else {
cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'thumb') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Make thumbnails', $do_action);
} else {
cn_throw_message('Select files to make thumbnail', 'w');
}
} elseif ($pending == 'thumb') {
do_resize_image($root_dir);
} elseif ($do_action == 'resize') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Resize source image', $do_action);
} else {
cn_throw_message('Select files to resize', 'w');
}
} elseif ($pending == 'resize') {
do_resize_image($root_dir, false);
} elseif (!hook('media/post_action')) {
msg_info("Action error");
}
}
}
// Check dir exists
if (is_dir($root_dir)) {
$raw_files = scan_dir($root_dir);
} else {
cn_throw_message('Dir not exists', 'e');
$raw_files = array();
}
$dirs = $files = array();
foreach ($raw_files as $file) {
if (preg_match('/avatar_/', $file)) {
continue;
}
$file_location = "{$root_dir}/{$file}";
if (is_dir($file_location)) {
$dirs[] = array('url' => "{$path}/{$file}", 'name' => $file);
} elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) {
list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file);
$is_thumb = preg_match('/\\.thumb\\./', $file);
$files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1));
}
}
uasort($dirs, 'usort_by_name_asc');
uasort($files, 'usort_by_name_asc');
// Top level (dashboard)
cn_bc_add('Dashboard', cn_url_modify(array('reset')));
cn_bc_add('Media manager', cn_url_modify());
cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir);
if ($opt === 'inline') {
echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general'));
} else {
echoheader('-@media/style.css', 'Media manager');
echo exec_tpl('media/general');
echofooter();
}
}
function add_news_invoke()
{
$FlatDB = new FlatDB();
// loadall
list($article_type, $preview) = GET('postpone_draft, preview', 'GETPOST');
list($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year) = GET('from_date_hour, from_date_minutes, from_date_seconds, from_date_month, from_date_day, from_date_year', 'GETPOST');
list($title, $page, $category, $short_story, $full_story, $if_use_html, $vConcat, $vTags, $faddm) = GET('title, page, category, short_story, full_story, if_use_html, concat, tags, faddm', 'GETPOST');
$categories = cn_get_categories(false);
list($morefields) = cn_get_more_fields($faddm);
$is_active_html = test('Csr');
// Prepare data to add new item
if (request_type('POST')) {
cn_dsi_check();
if (!preg_match("~^[0-9]{1,}\$~", $from_date_hour) or !preg_match("~^[0-9]{1,}\$~", $from_date_minutes) or !preg_match("~^[0-9]{1,}\$~", $from_date_seconds)) {
cn_throw_message("You want to add article, but the hour format is invalid.", 'e');
}
// create publish time
$c_time = mktime($from_date_hour, $from_date_minutes, $from_date_seconds, $from_date_month, $from_date_day, $from_date_year);
// flat category to array
if ($category == '') {
$category = array();
} elseif (!is_array($category)) {
$category = array($category);
}
// article is draft?
if ($article_type == 'draft') {
$draft = 1;
} else {
$draft = 0;
}
$if_use_html = $if_use_html ? TRUE : (getoption('use_wysiwyg') ? TRUE : FALSE);
// draft, if Behavior Draft is set
if (test('Bd')) {
$draft = 1;
}
// sanitize page name
$page = preg_replace('/[^a-z0-9_\\.]/i', '-', $page);
if (empty($page) && getoption('auto_news_alias')) {
$page = strtolower(preg_replace('/[^a-z0-9_\\.]/i', '-', cn_transliterate($title)));
}
// basic news
$member = member_get();
$entry = array();
$entry['id'] = $c_time;
$entry['t'] = cn_htmlclear($title);
$entry['u'] = $member['name'];
$entry['c'] = news_make_category($category);
$entry['s'] = cn_htmlclear($short_story);
$entry['f'] = cn_htmlclear($full_story);
$entry['ht'] = $if_use_html;
$entry['st'] = $draft ? 'd' : '';
$entry['co'] = array();
// 0 comments
$entry['cc'] = $vConcat ? TRUE : FALSE;
$entry['tg'] = strip_tags($vTags);
$entry['pg'] = $page;
// Check page alias for exists
if ($page && bt_get_id($page, 'pg_ts') && !$preview) {
cn_throw_message('Page alias already exists', 'e');
} else {
// Get latest id for news
$latest_id = intval(bt_get_id('latest_id', 'conf'));
$latest_id++;
bt_set_id($latest_id, $c_time, 'nid_ts');
bt_set_id($c_time, $latest_id, 'nts_id');
bt_set_id('latest_id', $latest_id, 'conf');
// apply more field
list($entry, $disallow_message) = cn_more_fields_apply($entry, $faddm);
// has message from function
if ($disallow_message) {
cn_throw_message($disallow_message, 'e');
}
}
// ----
if (!$preview) {
if (!getoption('disable_title') && empty($title)) {
cn_throw_message('The title cannot be blank', 'e');
}
if (getoption('news_title_max_long') && strlen($title) > getoption('news_title_max_long')) {
cn_throw_message('The title cannon be greater then ' . getoption('news_title_max_long') . ' charecters', 'e');
}
if (!getoption('disable_short') && empty($short_story)) {
cn_throw_message('The story cannot be blank', 'e');
}
// no errors in a[rticle] area
if (cn_get_message('e', 'c') == 0) {
// Add page alias
bt_set_id($page, $c_time, 'pg_ts');
bt_set_id($c_time, $page, 'ts_pg');
$sc = $draft ? 'draft' : '';
$es = db_news_load(db_get_nloc($entry['id']));
// make unique id
while (isset($es[$c_time])) {
$c_time++;
}
// override ts
$entry['id'] = $c_time;
// add default group permission
$member = member_get();
// add to database
$es[$c_time] = $entry;
// do save item
db_save_news($es, db_get_nloc($c_time));
// add news to index
db_index_add($c_time, $entry['c'], $member['id'], $sc);
// ------------------------
$FlatDB->cn_update_date($c_time, 0);
$FlatDB->cn_source_update($c_time, $draft ? 'D' : '');
$FlatDB->cn_add_categories($entry['c'], $c_time);
$FlatDB->cn_add_tags($entry['tg'], $c_time);
$FlatDB->cn_user_sync($entry['u'], $c_time);
// ------------------------
// increase user count written news
$cnt = intval($member['cnt']) + 1;
db_user_update($member['name'], "cnt={$cnt}");
// do update meta-index
db_index_update_overall($sc);
// Notify for unapproved
if (getoption('notify_unapproved') && test('Bd')) {
cn_send_mail(getoption('notify_email'), i18n('CuteNews unapproved article was added'), "CuteNews - Unapproved article was added CuUnArWaAd", cn_replace_text(cn_get_template('notify_unapproved', 'mail'), '%username%, %article_title%', $member['name'], $title));
}
$FlatDB->cache_clean();
// view in editor
cn_relocation(PHP_SELF . '?mod=editnews&action=editnews&id=' . $c_time . '&m=added');
}
} else {
//correct preview links
$preview_html = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'active'));
$preview_html_full = preg_replace('/href="(.*?)"/', 'href="#"', entry_make($entry, 'full'));
cn_assign('preview_html, preview_html_full, gstamp', $preview_html, $preview_html_full, $c_time);
}
}
if (empty($category)) {
$category = array();
}
// -----------------------------------------------------------------------------------------------------------------
cn_assign('categories, vCategory, vTitle, vShort, vFull, is_active_html, vUseHtml, vConcat, vTags, morefields,vPage', $categories, $category, $title, $short_story, $full_story, $is_active_html, $if_use_html, $vConcat, $vTags, $morefields, $page);
// ---
echoheader("addedit@addedit/main.css", i18n("Add News"));
echo exec_tpl('addedit/main');
echofooter();
}